ANNEX I - GENERAL INSTRUCTIONS
Info
🔗 Back to Summary. 🇫🇷 French Version: 2024R2956_FR.I. Back to Summary of LVL1. Link to the PDF. Direct link to EUR-LEX.
PART 1
GENERAL INSTRUCTIONS
Financial entities while maintaining and updating the register of information at entity, sub-consolidated and consolidated level, shall fill-in the templates of the register of information with data using the formats set out in the instructions in Part 2.
Part 2 lays down instructions to be followed by financial entities to complete each column of each template. When completing the information of certain columns, financial entities shall refer to Annexes II, III and IV or other external sources. In such cases, the reference to the relevant Annexes or external sources is indicated in the instructions.
List of the templates
Template Code
Template Name
Short Description
B_01.01
Entity maintaining the register of information
This template identifies the entity maintaining and updating the register of information at entity, sub-consolidated and consolidated level, respectively.
B_01.02
List of entities within the scope of consolidation
This template identifies all the entities belonging to the group. Where the financial entity responsible for maintaining and updating the register of information does not belong to a group, only that financial entity shall be reported in this template.
B_01.03
List of branches
This template identifies the branches of the financial entities referred to in template B_01.02.
B_02.01
Contractual arrangements – general information
This template lists all contractual arrangements with direct ICT third-party service providers.
For each contractual arrangement with a direct ICT third-party service provider, the financial entity maintaining the register of information shall assign a unique ‘contractual arrangement reference number’ to identify unambiguously the contractual arrangement itself.
B_02.02
Contractual arrangements – specific information
This template provides details in relation to each contractual arrangement listed in template B_02.01 with regard to:
(a)
the ICT services included in the scope of the contractual arrangement;
(b)
the functions of the financial entities supported by those ICT services;
(c)
other important information in relation to the specific ICT services provided (e.g. notice period, law governing the arrangement, etc.).
B_02.03
List of intra-group contractual arrangements
This template identifies the links between intra-group contractual arrangements and contractual arrangements with ICT third-party service providers which are not part of the group using the contractual reference numbers when part of the ICT service supply chain.
B_03.01
Entities signing the contractual arrangements for receiving ICT service(s) or on behalf of the entities making use of the ICT service(s)
This template provides information on the entity signing the contractual arrangements with the direct ICT third-party service provider for the entity making use of the ICT services.
Where the register of information is maintained and updated at entity level, the entity signing the contractual arrangement and the entity making use of the ICT services is the financial entity maintaining and updating the register of information.
In the context of sub-consolidation and consolidation, the financial entity making use of the ICT services provided is not necessarily the entity signing the contractual arrangement with the ICT third-party service providers.
B_03.02
ICT third-party service providers signing the contractual arrangements for providing ICT service(s)
This template identifies all the ICT third-party service providers referred to in template B_05.01 signing the contractual arrangements referred to in template B_02.01 for providing the ICT services.
B_03.03
Entities signing the contractual arrangements for providing ICT service(s) to other entities within the scope of consolidation
This template identifies all the entities referred to in template B_01.02 signing the contractual arrangements referred to in template B_02.01 for providing the ICT services to other entities in the consolidation.
B_04.01
Entities making use of the ICT services
This template identifies all entities making uses of the ICT services provided by ICT third-party service providers and registered in the register of information.
The entities making use of the ICT services shall be either the financial entities in scope, or the ICT intra-group service providers.
Where the register of information is maintained and updated at entity level, the entity signing the contractual arrangement and the entity making use of the ICT services are the financial entity maintaining the register.
B_05.01
ICT third-party service providers
This template lists and provides general information to identify:
(a)
the direct ICT third-party service providers;
(b)
the ICT intra-group service providers;
(c)
all subcontractors included in template B_05.02 on ICT service supply chain;
(d)
the ultimate parent undertaking of the ICT third-party service providers listed in points (a), (b) and (c).
B_05.02
ICT service supply chain
This template identifies and links the ICT third-party service providers that are part of the same ICT service supply chain.
Financial entities shall identify and rank the ICT third-party service providers for each ICT service included in each contractual arrangement.
Example:
a financial entity has a contractual arrangement with an ICT third-party service provider (‘ICT third-party service provider X’) to receive 2 specific ICT services (‘ICT service A’ and ‘ICT service B’) and the service provider makes use of a subcontractor (‘ICT third-party service provider Y’) to provide one of those services (‘ICT service B’).
—
In relation to ICT service A, the ICT service supply chain is composed of one ICT third-party service provider, ICT third-party service provider X, which will be ranked as number 1 in the template. ICT third-party service provider X is the direct ICT third-party service provider.
—
In relation to ICT service B, the ICT service supply chain is composed of two ICT third-party service providers:
(a)
ICT third-party service provider X, which will be ranked number 1 in the template. ICT third-party service provider X is the direct ICT third-party service provider.
(b)
ICT third-party service provider Y, which will be ranked number 2 in the template. ICT third-party service provider Y is a subcontractor.
All ICT third-party service providers belonging to the same ICT service supply chain share the same ‘contractual arrangement reference number’ as referred to in template B_02.01 and the same type of ICT services
B_06.01
Functions identification
This template identifies and provides information on the functions of the financial entity making use of the ICT services.
In the information to be provided in this template, financial entities shall include a unique identifier, the ‘function identifier’ for each combination of a financial entity’s LEI, licenced activity and function.
Example:
a financial entity (LEI: 21USLEIC20231109J3Z8) which operates under two licensed activities (‘activity A’ and ‘activity B’) will be given two unique ‘function identifiers’ for the same function X (e.g. sales) performed for activity A and activity B, respectively. The function identifier will be:
F1 for the combination of “21USLEIC20231109J3Z8”“Activity A” and ‘Function X”
F2 for the combination of “21USLEIC20231109J3Z8”“Activity B” and ‘Function X”
B_07.01
Assessments of the ICT services
This template captures information in relation to the risk assessment of the ICT services (e.g. substitutability, date of last audit, etc.) when those ICT services are supporting a critical or important function or material part thereof.
B_99.01
Definitions from entities making use of the ICT Services
This template captures entity-internal explanations, meanings, and definitions of the closed set of indicators used by the financial entity in the register of information.
Example
: In template B_07.01 the financial entity shall provide an indication of the impact of discontinuation of the ICT services by using a closed set of options (low, medium, high). In template B_99.01 the financial entity shall specify the meaning of those options.
PART 2
TEMPLATE-SPECIFIC INSTRUCTIONS
Instructions to complete template B_01.01 — Financial entity maintaining the register of information
Identify the financial entity maintaining and updating the register of information.
Column Code
Column Name
Type
Fill-in Instruction
Fill-in Option
B_01.01.0010
LEI of the financial entity maintaining the register of information
Alphanumerical
Identify the financial entity maintaining and updating the register of information using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standard
Mandatory
B_01.01.0020
Name of the financial entity
Alphanumerical
Legal name of the financial entity maintaining and updating the register of information
Mandatory
B_01.01.0030
Country of the financial entity
Country
Identify the ISO 3166–1 alpha–2 code of the country where the license or the registration of the entity reported in the register of information has been issued.
Mandatory
B_01.01.0040
Type of financial entity
Closed set of options
Identify the type of financial entity using one of the options in the following closed list:
1.
credit institutions;
2.
payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366 of the European Parliament and of the Council
;
3.
account information service providers;
4.
electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/EC of the European Parliament and of the Council
;
5.
investment firms;
6.
crypto-asset service providers authorised under Regulation (EU) 2023/1114 of the European Parliament and of the Council
7.
issuers of asset-referenced tokens authorised under Regulation (EU) 2023/1114;
8.
central securities depositories;
9.
central counterparties;
10.
trading venues;
11.
trade repositories;
12.
managers of alternative investment funds;
13.
management companies;
14.
data reporting service providers;
15.
insurance and reinsurance undertakings;
16.
insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries;
17.
institutions for occupational retirement provision;
18.
credit rating agencies;
19.
administrators of critical benchmarks;
20.
crowdfunding service providers;
21.
securitisation repositories.
22.
other financial entity;
Where the register of information is maintained at the group level by the parent undertaking, which is not itself subject to the obligation to maintain such register, i.e. it does not fall under the definition of financial entities set out in Article 2 of the Regulation (EU) 2022/2554 (e.g., financial holding company, mixed financial holding company or mixed-activity holding company) ‘Other financial entity’ option shall be chosen.
Mandatory
B_01.01.0050
Competent authority
Alphanumerical
Identify the competent authority referred to in 2022 to which the register of information is reported.
Mandatory in case of reporting
B_01.01.0060
Date of the reporting
Date
Identify the date using ISO 8601 (yyyy–mm–dd) code of the date of reporting
Mandatory in case of reporting
Instructions to complete template B_01.02 —List of financial entities within the scope of the register of information
Where the register of information is maintained and updated at sub-consolidated and consolidated level, this template identifies all the financial entities belonging to the sub-group and group. Where the financial entity responsible for maintaining and updating the register of information does not belong to a group, only that financial entity shall be reported in this template and the entry of this template shall be the same as template B_01.01.
Where an entity is acting on behalf of a financial entity for all the activities of the financial entity (including the ICT services), the direct ICT third-party service providers to that entity should be recorded in the relevant templates of the register of information of the financial entity. In such case, that entity is only registered as an entity maintaining the register and shall not be reported in this template.
Column Code
Column Name
Type
Fill-in Instruction
Fill-in Option
B_01.02.0010
LEI of the financial entity
Alphanumerical
Identify the financial entity reported in the register of information using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standard
Mandatory
B_01.02.0020
Name of the financial entity
Alphanumerical
Legal name of the financial entity reported in the register of information
Mandatory
B_01.02.0030
Country of the financial entity
Country
Identify the ISO 3166–1 alpha–2 code of the country where the license or the registration of the financial entity reported in the register of information has been issued.
Mandatory
B_01.02.0040
Type of financial entity
Closed set of options
Identify the type of financial entity using one of the options in the following closed list:
1.
credit institutions;
2.
payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366;
3.
account information service providers;
4.
electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/EC;
5.
investment firms;
6.
crypto-asset service providers authorised under Regulation (EU) 2023/1114;
7.
issuers of asset-referenced tokens authorised under Regulation (EU) 2023/1114;
8.
central securities depositories;
9.
central counterparties;
10.
trading venues;
11.
trade repositories;
12.
managers of alternative investment funds;
13.
management companies;
14.
data reporting service providers;
15.
insurance and reinsurance undertakings;
16.
insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries;
17.
institutions for occupational retirement provision;
18.
credit rating agencies;
19.
administrators of critical benchmarks;
20.
crowdfunding service providers;
21.
securitisation repositories;
22.
other financial entity;
23.
non-financial entity: ICT intra-group service provider;
24.
non-financial entity: other.
Mandatory
B_01.02.0050
Hierarchy of the financial entity within the group (where applicable)
Closed set of options
Determine the hierarchy of the financial entity in the consolidation using one of the options in the following closed list:
1.
The financial entity is the ultimate parent undertaking in the consolidation;
2.
The financial entity is the parent undertaking of a sub-consolidated part in the consolidation;
3.
The financial entity is a subsidiary in the consolidation and is not a parent undertaking of a sub-consolidated part;
4.
The financial entity is not part of a group;
5.
The financial entity is a service provider to which the financial entity (or the third-party service provider acting on its behalf) is outsourcing all its operational activities.
Where an entity fulfils more than one options from the closed list above, the higher-level option applicable to this entity shall be selected.
Mandatory
B_01.02.0060
LEI of the direct parent undertaking of the financial entity
Alphanumerical
Identify the direct parent undertaking of the financial entity reported in the register of information using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standard
Mandatory
B_01.02.0070
Date of last update
Date
Identify the date using ISO 8601 (yyyy–mm–dd) code of the date of the last update or modification made in the register of information in relation to the financial entity.
Mandatory
B_01.02.0080
Date of integration in the register of information
Date
Identify the date using ISO 8601 (yyyy–mm–dd) code of the date of integration of the financial entity into the register of information
Mandatory
B_01.02.0090
Date of deletion in the register of information
Date
Identify the date using ISO 8601 (yyyy–mm–dd) code of the date of deletion of the financial entity from the register of information.
Where the financial entity has not been deleted, ‘9999-12-31’ shall be reported.
Mandatory
B_01.02.0100
Currency
Currency
Identify the ISO 4217 alphabetic code of the currency used for the preparation of the financial entity’s financial statements.
The currency reported shall be the same currency used by the financial entity for the preparation of the financial statements at entity, sub-consolidated or consolidated level, as applicable.
Mandatory only if B_01.02.0110 is reported
B_01.02.0110
Value of total assets of the financial entity
Monetary
Monetary value of total assets of the financial entity as reported in the financial entity’s annual financial statement of the year before the date of the last update of the register of information. Monetary value shall be reported in units.
Refer to Annex IV for the filling in this column.
Mandatory if the entity is a financial entity
Instructions to complete template B_01.03 — List of branches
Where a financial entity has branches located outside its home country, identify those branches through this template.
Column Code
Column Name
Type
Fill-in Instruction
Fill-in Option
B_01.03.0010
Identification code of the branch
Alphanumerical
Identify a branch of a financial entity located outside its home country using a unique code for each branch. One of the options in the following closed list shall be used:
(a)
LEI of the branch if unique for this branch and different from B_01.03.0020;
(b)
other identification code used by the financial entity to identify the branch (where the LEI of the branch is equivalent to the one in template B_01.03.0020 or equivalent to the LEI of another branch).
Mandatory
B_01.03.0020
LEI of the financial entity head office of the branch
Alphanumerical
As reported in B_01.02.0010
Identify the financial entity head office of the branch, using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standard
Mandatory
B_01.03.0030
Name of the branch
Alphanumerical
Identify the name of the branch
Mandatory
B_01.03.0040
Country of the branch
Country
Identify the ISO 3166–1 alpha–2 code of the country where the branch is located.
Mandatory
Instructions to complete template B_02.01 — Contractual arrangements – General information
Financial entities shall designate a ‘contractual arrangement reference number’ for each contractual arrangement in the register of information. Where the external ICT third-party service provider is making use of subcontractors, financial entities shall not include in the register of information a ‘contractual arrangement reference number’ for arrangements between the external ICT third-party service providers and their subcontractors. In case of an ICT intra-group service provider, financial entities shall include the ‘contractual arrangement reference number’ between this ICT intra-group service provider and its ICT third-party service providers in this template and shall populate the template B_02.03 (List of intra-group contractual arrangements) accordingly.
The ‘contractual arrangement reference number’ shall refer to the following type of contractual arrangements:
(a)
any kind of standalone arrangements;
(b)
any kind of ‘overarching or framework arrangements’, including master and framework arrangements;
(c)
any kind of ‘subsequent or associated arrangements’, including implementing arrangements, subservice arrangements, order forms.
The contract reference number does not refer to any kind of service level agreement subordinated to any of the types of contractual arrangements referred to in points (a), (b) and (c) above.
Column Code
Column Name
Type
Fill -in Instruction
Fill-in Option
B_02.01.0010
Contractual arrangement reference number
Alphanumerical
Identify the contractual arrangement between the financial entity or, in case of a group, the group subsidiary and the direct ICT third-party service provider.
The contractual arrangement reference number is the internal reference number of the contractual arrangement assigned by the financial entity.
The contractual arrangement reference number shall be unique and consistent over time at entity, sub-consolidated and consolidated level, where applicable.
The contractual arrangement reference number shall be used consistently across all templates of the register of information when referring to the same contractual arrangement.
For the case where an entity is acting on behalf of a financial entity for all the activities of the financial entity including the ICT services (refer to recital 7) the contractual arrangement reference number can be the contractual arrangement between the entity and its direct ICT third-party service provider.
Mandatory
B_02.01.0020
Type of contractual arrangement
Closed set of options
Identify the type of contractual arrangement by using one of the options in the following closed list:
1.
standalone arrangement;
2.
overarching / master contractual arrangement;
3.
subsequent or associated arrangement.
Mandatory
B_02.01.0030
Overarching contractual arrangement reference number
Alphanumerical
Not applicable if the contractual arrangement is the ‘overarching contractual arrangement’ or a ‘standalone arrangement’. In the other cases, report the contractual arrangement reference number of the overarching arrangement, which shall be equal to the value as reported in column B_02.01.0010 when reporting the overarching contractual arrangement.
Mandatory
B_02.01.0040
Currency of the amount reported in B_02.01.0050
Currency
Identify the ISO 4217 alphabetic code of the currency used to express the amount in B_02.01.0050.
Mandatory
B_02.01.0050
Annual expense or estimated cost of the contractual arrangement for the past year
Monetary
Annual expenses or estimated costs (or intragroup transfer) of the ICT services contractual arrangement for the past year. Monetary value shall be reported in units.
The annual expense or estimated cost shall be expressed in the currency reported in B_01.02.0040.
In case of an overarching arrangement with subsequent or associated arrangements, the sum of the annual expenses or estimated costs reported for the overarching arrangement and the subsequent or associated arrangements shall be equal to the total expenses or estimated costs for the overall contractual arrangement. There shall be no repetition or duplication of annual expenses or estimated costs. The following cases should be reflected:
(a)
where the annual expenses or estimate costs are not determined at the level of the overarching arrangement (i.e. they are 0), the annual expenses or estimated costs shall be reported at the level of each subsequent or associated arrangements.
(b)
where the annual expenses or estimated costs cannot be reported for each of the subsequent or associated arrangements, the total annual expenses or estimated costs shall be reported at the level of the overarching arrangement.
(c)
where there are annual expenses or estimated costs related to each level of the arrangement, i.e. overarching and subsequent or associated, and that information is available, the annual expenses or estimated costs shall be reported without duplication at each level of the contractual arrangement.
Mandatory
Instructions to complete template B_02.02 — Contractual arrangements – Specific information
Financial entities shall fill in this template with the maximum level of granularity possible. Where the contractual arrangement includes multiple ICT services supporting multiple functions, financial entities shall use as many rows as the elements in the template by combining the ICT services covered in the contractual arrangement and the financial entity’s functions.
Column Code
Column Name
Type
Fill-in Instruction
Fill-in Option
B_02.02.0010
Contractual arrangement reference number
Alphanumerical
As reported in B_02.01.0010
Mandatory
B_02.02.0020
LEI of the financial entity making use of the ICT service(s)
Alphanumerical
As reported in B_04.01.0020
Identify the financial entity making use of the ICT service(s) using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standard
Mandatory
B_02.02.0030
Identification code of the ICT third-party service provider
Alphanumerical
As reported in B_05.01.0010
Code to identify the ICT third-party service provider as reported in B_05.01.0010 for that provider.
Mandatory
B_02.02.0040
Type of code to identify the ICT third-party service provider
Pattern
As reported in B_05.01.0020
Type of code to identify the ICT third-party service provider in B_02.02.0030 as reported in B_05.01.0020 for that provider.
Mandatory
B_02.02.0050
Function identifier
Pattern
As defined by the financial entity in B_06.01.0010
Mandatory
B_02.02.0060
Type of ICT services
Closed set of options
One of the types of ICT services referred to in Annex III
Mandatory
B_02.02.0070
Start date of the contractual arrangement
Date
Identify the date of entry into force of the contractual arrangement as stipulated in the contractual arrangement using the ISO 8601 (yyyy–mm–dd) code
Mandatory
B_02.02.0080
End date of the contractual arrangement
Date
Identify the end date as stipulated in the contractual arrangement using the ISO 8601 (yyyy–mm–dd) code. Where the contractual arrangement is indefinite, it shall be filled in with ‘9999-12-31’. Where the contractual arrangement has been terminated on a date different than the end date, this shall be filled in with the termination date.
Where the contractual arrangement foresees a renewal, this shall be filled in with the date of the contract renewal as stipulated in the contractual arrangement.
Mandatory
B_02.02.0090
Reason of the termination or ending of the contractual arrangement
Closed set of options
Where the contractual arrangement has been terminated or ended, identify the reason of the termination or ending of the contractual arrangements using one of the options in the following closed list:
1.
Termination not for cause: The contractual arrangement has expired/ended and has not been renewed by any of the parties;
2.
Termination for cause: The contractual arrangement has been terminated, the ICT third-party service provider being in a breach of applicable law, regulations or contractual provisions;
3.
Termination for cause: The contractual arrangement has been terminated, due to the fact that impediments of the ICT third-party service provider capable of altering the supported function have been identified;
4.
Termination for cause: The contractual arrangement has been terminated due to weaknesses of the ICT third-party service provider regarding the management and security of sensitive data or information of any of the counterparties;
5.
Termination following a request by a competent authority: The contractual arrangement has been terminated following a request by a competent Authority.
6.
Other: The contractual arrangement has been terminated by any of the parties for any other reason than the reasons referred to in points 1 to 5.
Mandatory if the contractual arrangement is terminated
B_02.02.0100
Notice period for the financial entity making use of the ICT service(s)
Natural number
Identify the notice period for terminating the contractual arrangement by the financial entity in a business-as-usual case. The notice period shall be expressed as number of calendar days from the counterparty’s receipt of the request to terminate the ICT service.
Mandatory if the ICT service is supporting a critical or important function
B_02.02.0110
Notice period for the ICT third-party service provider
Natural number
Identify the notice period for terminating the contractual arrangement by the direct ICT third-party service provider in a business-as-usual case. The notice period shall be expressed as number of calendar days from the counterparty’s receipt of the request to terminate the ICT service.
Mandatory if the ICT service is supporting a critical or important function
B_02.02.0120
Country of the governing law of the contractual arrangement
Country
Identify the country of the governing law of the contractual arrangement using the ISO 3166–1 alpha–2 code.
Mandatory if the ICT service is supporting a critical or important function
B_02.02.0130
Country of provision of the ICT services
Country
Identify the country from where the ICT services are provided using the ISO 3166–1 alpha–2 code.
Mandatory if the ICT service is supporting a critical or important function
B_02.02.0140
Storage of data
[Yes/No]
Is the ICT service related to (or does it foresee) storage of data (even temporarily)?
One of the options provided in the following closed list:
1.
Yes;
2.
No.
Mandatory if the ICT service is supporting a critical or important function
B_02.02.0150
Location of the data at rest (storage)
Country
Identify the country of location of the data at rest (storage) using the ISO 3166–1 alpha–2 code.
If there are several countries of location, additional row(s) shall be used for each country.
Mandatory if ’Yes’ is reported in B_02.02.0140
B_02.02.0160
Location of management of the data (processing)
Country
Identify the country of location of the management of the data (processing) using the ISO 3166–1 alpha–2 code.
If there are several countries of location, additional row(s) shall be used for each country.
Mandatory if the ICT service is based on or foresees data processing
B_02.02.0170
Sensitiveness of the data stored by the ICT third-party service provider
Closed set of options
Identify the level of sensitiveness of the data stored or processed by the ICT third-party service provider using one of the options provided in the following closed list:
1.
Low
2.
Medium;
3.
High.
The most sensitive data take precedence: e.g. if both ‘Medium’ and ‘High’ apply, then ‘High’ shall be selected.
Mandatory if the ICT third-party service provider stores data and if the ICT service is supporting a critical or important function or material part thereof
B_02.02.0180
Level of reliance on the ICT service supporting the critical or important function.
Closed set of options
One of the options in the following closed list shall be used:
1.
Not significant;
2.
Low reliance: in case of disruption of the services, the supported functions would not be significantly impacted (no interruption, no important damage) or disruption can be resolved quickly and with minimal impact on the functions supported;
3.
Material reliance: in case of disruption of the services, the supported functions would be significantly impacted if the disruption lasts more than a few minutes/few hours, and the disruption may cause damages, but is still manageable;
4.
Full reliance: in case of disruption of the services, the supported functions would be immediately and severely interrupted/damaged, for a long period.
Mandatory if the ICT service is supporting a critical or important function or material part thereof
Instructions to complete template B_02.03 — List of intra-group contractual arrangements
Template B_02.03 identifies contractual arrangements from the same ICT service supply chain using the intra-group contractual reference numbers in cases where the ICT service supply chain contains ICT intra-group service providers, i.e. where at least one of the ICT third-party service providers in the ICT service supply chain is an entity belonging to the same group of the entity making use of the ICT services.
Column Code
Column Name
Type
Fill-in Instruction
Fill-in Option
B_02.03.0010
Contractual arrangement reference number
Alphanumerical
Reference number of the contractual arrangement between the entity making use of the ICT service(s) provided and the ICT intra-group service provider.
The contractual arrangement reference number shall be unique and consistent over time and across all the group.
Mandatory
B_02.03.0020
Contractual arrangement linked to the contractual arrangement referred in B_02.03.0010
Alphanumerical
Contractual arrangement reference number of the contractual arrangement between the ICT intra-group service provider of the contractual arrangement in B_02.03.0010 and its direct ICT third-party service provider.
Mandatory
Instructions to complete template B_03.01 — Entities signing the contractual arrangements for receiving ICT service(s) on behalf of the financial entities making use of the ICT service(s)
Identify all the financial entities referred to in template B_01.02 signing the contractual arrangements referred to in template B_02.01 for receiving the ICT services. Where the register of information is maintained and updated at entity level the financial entity signing the contractual arrangements is the financial entity maintaining and updating the register of information itself.
The entities signing the contractual arrangement is not necessarily a financial entity nor the financial entity making use of the ICT services provided by the ICT third-party service provider.
For example, the entity signing the contractual arrangement referred to in the second subparagraph can be an ICT intra-group service provider, a financial or non-financial entity belonging to the same group of the financial entities making use of the ICT services provided by the ICT third-party service provider.
Column Code
Column Name
Type
Fill-in Instruction
Fill-in Option
B_03.01.0010
Contractual arrangement reference number
Alphanumerical
As reported in B_02.02.0010
Identify the contractual arrangement reference number signed by the undertaking
Mandatory
B_03.01.0020
LEI of the entity signing the contractual arrangement
Alphanumerical
Identify the undertaking signing the contractual arrangement using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standard or the EUID.
Mandatory
Instructions to complete template B_03.02 — ICT third-party service providers signing the contractual arrangements for providing ICT service(s)
Identify all the ICT third-party service providers referred to in template B_05.01 signing the contractual arrangements referred to in template B_02.01 for providing the ICT services.
Column Code
Column Name
Type
Fill-in Instruction
Fill-in Option
B_03.02.0010
Contractual arrangement reference number
Alphanumerical
As reported in B_02.02.0010
Identify the contractual arrangement reference number signed by the ICT third-party service provider
Mandatory
B_03.02.0020
Identification code of ICT third-party service provider
Alphanumerical
As reported in B_05.01.0010
Code to identify the ICT third-party service provider as reported in B_05.01.0020 for that provider.
Mandatory
B_03.02.0030
Type of code to identify the ICT third-party service provider
Pattern
As reported in B_05.01.0020
Type of code to identify the ICT third-party service provider in B_03.02.0020 as reported in B_05.01.0020 for that provider.
Mandatory
Instructions to complete template B_03.03 — Financial entities signing the contractual arrangements for providing ICT service(s) to other financial entities in the consolidation.
Identify all financial entities referred to in template B_01.02 that have signed contractual arrangements as referred to in template B_02.01 for providing ICT services to other entities in the consolidation referred to in template B_01.02.
Column Code
Column Name
Type
Fill-in Instruction
Fill-in Option
B_03.03.0010
Contractual arrangement reference number
Alphanumerical
As reported in B_02.02.0010
Identify the reference number of the contractual arrangement signed by the entity for providing ICT service(s)
Mandatory
B_03.03.0020
LEI of the financial entity providing ICT services
Alphanumerical
As reported in B_01.02.0010
Identify the entity providing ICT services using LEI, 20-character, alpha-numeric code based on the ISO 17442 standard.
Mandatory
Instructions to complete template B_04.01 —Financial entities making use of the ICT services
All financial entities referred to in template B_01.02 and branches of financial entities referred to in template B_01.03 that are making use of the ICT services provided by an ICT third-party provider shall be reported in this template.
Column Code
Column Name
Type
Fill-in Instruction
Fill-in Option
B_04.01.0010
Contractual arrangement reference number
Alphanumerical
As reported in B_02.01.0010
Identify the reference number of the contractual arrangement in relation to the financial entity making use of the ICT services provided
Mandatory
B_04.01.0020
LEI of the financial entity making use of the ICT service(s)
Alphanumerical
Identify the financial entity making use of the ICT service(s) using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standard
Mandatory
B_04.01.0030
Nature of the financial entity making use of the ICT service(s)
Closed set of options
One of the options in the following closed list shall be used:
1.
The financial entity making use of the ICT service(s) is a branch of a financial entity
2.
The financial entity making use of the ICT service(s) is not a branch
Mandatory
B_04.01.0040
Identification code of the branch
Alphanumerical
Identification code of the branch as reported in B_01.03.0010
Mandatory if the financial entity making use of the ICT service(s) is a branch of a financial entity (B_04.01.0030)
Instructions to complete template B_05.01 — ICT third-party service provider
Financial entities shall identify all the relevant ICT third-party service providers, including:
(a)
all the direct ICT third-party service providers;
(b)
all ICT intra-group service provider;
(c)
all subcontractors that are identified in template B_05.02 on the ICT service supply chain;
(d)
all ultimate parent undertakings of the ICT third-party service providers referred to in points (a), (b) and (c) above.
Column Code
Column Name
Type
Fill-in Instruction
Fill-in Option
B_05.01.0010
Identification code of ICT third-party service provider
Alphanumerical
Code to identify the ICT third-party service provider.
Where LEI is used, it shall be provided as a 20-character, alpha-numeric code based on the ISO 17442 standard.
Where EUID is used, it shall be provided as specified in Article 9 of the Commission Implementing Regulation (EU) 2021/1042.
Mandatory
B_05.01.0020
Type of code to identify the ICT third-party service provider
Pattern
Type of code to identify the ICT third-party service provider reported in B_05.01.0010
1.
‘LEI’ for LEI
2.
‘EUID’ for EUID
3.
‘Country Code’+Underscore+’Type of Code’ for non LEI and non EUID code
Country Code: Identify the ISO 3166–1 alpha–2 code of the country of issuance of the other code to identify the ICT third-party service provider
Type of Code:
1.
CRN for Corporate registration number
2.
VAT for VAT number
3.
PNR for Passport Number
4.
NIN for National Identity Number
Only LEI or EUID shall be used for legal persons, as identified in B_05.01.0070, whereas alternative code may be used only for an individual acting in a business capacity.
Only LEI shall be used for legal persons that are not established in the Union.
Mandatory
B_05.01.0030
Additional identification code of ICT third-party service provider
Alphanumerical
Additional code to identify the ICT third-party service provider, where available.
Optional
B_05.01.0040
Type of additional identification code to identify the ICT third-party service provider
Pattern
The type of additional code to identify the ICT third-party service provider reported in B_05.01.0030:
1.
‘LEI’ for LEI
2.
‘EUID’ for EUID
3.
CRN for Corporate registration number
4.
VAT for VAT number
5.
PNR for Passport Number
6.
NIN for National Identity Number
LEI or EUID shall be used for legal persons, as identified in B_05.01.0070, whereas alternative code may be used only for an individual acting in a business capacity.
Only LEI shall be used for legal persons that are not established in the Union.
Mandatory, if B_05.01.0030 is reported
B_05.01.0050
Legal name of the ICT third-party service provider
Alphanumerical
Legal name of the ICT third-party service provider as registered in business register in Latin, Cyrillic or Greek alphabets.
Mandatory
B_05.01.0060
Name of the ICT third-party service provider in Latin alphabet
Alphanumerical
Name of the ICT third-party service provider in Latin alphabet.
Where the name of the ICT third-party service provider reported in B_05.01.0050 is in Latin alphabet, it shall be repeated also in this data field.
Mandatory
B_05.01.0070
Type of person of the ICT third-party service provider
Closed set of options
One of the options in the following closed list shall be used:
1.
Legal person, excluding individuals acting in business capacity
2.
Individual acting in a business capacity
Mandatory
B_05.01.0080
Country of the ICT third-party service provider’s headquarters
Country
Identify the ISO 3166–1 alpha–2 code of the country in which the global operating headquarters of ICT third-party service provider are located (usually, this country is the country of tax residence).
Mandatory
B_05.01.0090
Currency of the amount reported in B_05.01.0070
Currency
Identify the ISO 4217 alphabetic code of the currency used to express the amount in B_05.01.0100.
The currency reported shall be the same currency used by the financial entity for the preparation of the financial statements at entity, sub-consolidated or consolidated level, as applicable.
Mandatory if B_05.01.0100 is reported
B_05.01.0100
Total annual expense or estimated cost of the ICT third-party service provider
Monetary
Annual expense or estimated cost for using the ICT services provided by the ICT third-party service provider to the entities making use of the ICT services. Monetary value shall be reported in units.
Mandatory if the ICT third-party service provider is a direct ICT third-party service provider
B_05.01.0110
Identification code of the ICT third-party service provider’s ultimate parent undertaking
Alphanumerical
Code to identify the ICT third-party service provider’s ultimate parent undertaking.
The code used to identify ultimate parent undertaking in this field shall match the identification code provided in B_05.01.0010 for that ultimate parent undertaking.
Where the ICT third-party service provider is not part of a group, the identification code used to identify that ICT third-party service provider in B_05.01.0010 shall be repeated also in this data field.
Mandatory if the ICT third-party service provider is not the ultimate parent undertaking
B_05.01.0120
Type of code to identify the ICT third-party service provider’s ultimate parent undertaking
Pattern
Type of code to identify the ICT third-party service provider’s ultimate parent undertaking in B_05.01.0110.
The type of the code used to identify ultimate parent undertaking in this field shall match the identification code provided in B_05.01.0020 for that ultimate parent undertaking.
Where the ICT third-party service provider is not part of a group, the type of the identification code used to identify that ICT third-party service provider in B_05.01.0020 shall be repeated also in this data field.
Mandatory if the ICT third-party service provider is not the ultimate parent undertaking
Instructions to complete template B_05.02 — ICT service supply chains
This template identifies and links the ICT third-party service providers that are part of the same ICT service supply chain together.
The ICT service supply chain shall include, where applicable:
(a)
all direct ICT third-party service providers;
(b)
all ICT intragroup service providers;
(c)
for the ICT services supporting a critical or important function or material part thereof, all subcontractors that effectively underpin the provision of those ICT services (i.e. all the subcontractors providing ICT services whose disruption would impair the security or the continuity of the service provision);
(d)
where an ICT intragroup service provider uses subcontractors to provide their ICT services to the financial entity, at least the first extra-group subcontractor even if the ICT services provided do not support a critical or important function or material parts thereof.
All ICT third-party service providers belonging to the same ICT service supply chain share:
(a)
the same ‘contractual arrangement reference number’ as referred to in template B_02.01;
(b)
the same ‘type of ICT services’ as referred to in Annex III;
Each ICT third-party service provider that belongs to the same ICT service supply chain is assigned with a ‘rank’ (template B_05.02.0050) to identify its position within the ICT service supply chain. Where multiple ICT third-party service providers have the same position within the same ICT service supply chain, those providers shall be assigned with the same ‘rank’. In accordance with Article 2, the direct ICT third-party service providers are therefore at rank 1. If the rank is higher than 1, the ICT third-party service providers are subcontractors.
To link the ICT third-party service providers that belong to the same ICT service supply chain together, for each ICT subcontractor (i.e. where the ‘rank’ is higher than 1) financial entities shall identify the ICT third-party service provider that receives its subcontracted services. The identification of the ICT third-party service provider that receives the subcontracted services shall be carried out by using the columns B_05.02.0060 and B_05.02.0070.
For each ICT service supply chain (i.e., a combination of a “contractual arrangement reference number” and a “type of ICT services”, where there are multiple ICT third-party service providers receiving the subcontracted services, all of those service providers shall be reported in separate rows in the template. The same logic applies at each rank of the ICT service supply chain.
Column Code
Column Name
Type
Fill-in Instruction
Fill-in Option
B_05.02.0010
Contractual arrangement reference number
Alphanumerical
As reported in B_02.01.0010
Mandatory
B_05.02.0020
Type of ICT services
Closed set of options
One of the types of ICT services referred to in Annex III
Mandatory
B_05.02.0030
Identification code of the ICT third-party service provider
Alphanumerical
As reported in B_05.01.0010 for that ICT third-party service provider.
Examples:
—
The identification code of the direct ICT third-party service provider providing ICT service to the financial entity making use of it;
—
The identification code of the subcontractor at rank 2 providing service to the direct ICT third-party service provider.
Mandatory
B_05.02.0040
Type of code to identify the ICT third-party service provider
Pattern
As reported in B_05.01.0020 for that ICT third-party service provider.
Mandatory
B_05.02.0050
Rank
Natural number
Where the ICT third-party service provider is signing the contractual arrangement with the financial entity, it is considered as a direct ICT third-party service provider and the ‘rank’ to be reported shall be 1;
Where the ICT third-party service provider is signing the contract with the direct ICT third-party service provider, it is considered as a subcontractor and the ‘rank’ to be reported shall be 2;
The same logic apply to all the following subcontractors by incrementing the ‘rank’.
Where multiple ICT third-party service providers have the same ‘rank’ in the ICT service supply chain, financial entities shall report the same ‘rank’ for all those ICT third-party service providers.
Mandatory
B_05.02.0060
Identification code of the recipient of sub-contracted ICT services
Alphanumerical
To be left blank if the ICT third-party service provider (template B_05.02.0030) is a direct ICT third-party service provider i.e. at ‘rank’ r = 1 (template B_05.02.0050);
Where the ICT third-party service provider is at ‘rank’ r = n where n>1, indicate the ‘Identification code of the recipient of the sub-contracted services’ at ‘rank’ r=n-1 that subcontracted the ICT service (even partially) to the ICT third-party service provider at ‘rank’ r=n.
Examples:
—
The identification code of the direct ICT third-party service provider receiving the service from the subcontractor at rank 2;
—
The identification code of the subcontractor at rank 2 receiving the service from the subcontractor at rank 3.
The code used to identify the recipient of sub-contracted ICT services shall match the identification code provided in B_05.01.0010 for that provider.
Mandatory Not applicable for rank 1
B_05.02.0070
Type of code to identify the recipient of sub-contracted ICT services
Pattern
To be left blank where the ICT third-party service provider template B_05.02.0030) is at rank r = 1 (template B_05.02.0050);
Where the ICT third-party service provider is at ‘rank’ r = n where n>1, indicate the ‘Type of code to identify the recipient of the sub-contracted service’ at ‘rank’ r=n-1 that subcontracted the ICT service (even partially) to the ICT third-party service provider at ‘rank’ r=n.
1.
‘LEI’ for LEI
2.
‘EUID’ for EUID
3.
CRN for Corporate registration number
4.
VAT for VAT number
5.
PNR for Passport Number
6.
NIN for National Identity Number
The type of code used to identify the recipient of sub-contracted ICT services shall match the identification code provided in B_05.01.0020 for that provider.
Mandatory Not applicable for rank 1
Instructions to complete template B_06.01 — Functions identification
Financial entities shall identify and provide information on all functions of the financial entity according to the financial entity’s internal organisation supported by an ICT service provided by ICT third-party service providers.
Each combination of the following items shall have a unique function identifier assigned:
(a)
‘LEI of the financial entity making use of the ICT service(s)’ column B_06.01.0040;
(b)
‘Licenced activity’ column B_06.01.0020;
(c)
‘Function name’ column B_06.01.0030.
Financial entities shall use as many rows as the elements in the template by combining the two items above to fill-in this template.
Column Code
Column Name
Type
Instruction
Fill-in Option
B_06.01.0010
Function Identifier
Pattern
The function identifier shall be composed by the letter F (capital letter) followed by a natural number (e.g. “F1” for the 1
st
function identifier and “
Fn
” for the n
th
function identifier with “n” being a natural number).
Each combination between ‘LEI of the financial entity making use of the ICT service(s)’ (B_06.01.0040), ‘Function name’ (B_06.01.0030) and ‘Licenced activity’ (B_06.01.0020) shall have a unique function identifier.
Example:
a financial entity which operates under two licensed activities (‘activity A’ and ‘activity B’) will be given two unique ‘function identifiers’ for the same function X (e.g. Sales) performed for activity A and activity B.
Mandatory
B_06.01.0020
Licenced activity
Closed set of options
One of the licenced activities referred to in the underlying legal acts listed in Annex II for the different types of financial entities.
Where the function is not linked to a registered or licenced activity, ‘support functions’ shall be reported.
Mandatory
B_06.01.0030
Function name
Alphanumerical
Function name according to the financial entity’s internal organisation.
Mandatory
B_06.01.0040
LEI of the financial entity
Alphanumerical
As reported in B_04.01.0020
Identify the financial entity using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standard
Mandatory
B_06.01.0060
Criticality or importance assessment
Closed set of options
Use this column to indicate whether the function is critical or important according to the financial entity’s assessment. One of the options in the following closed list shall be used:
1.
Yes;
2.
No;
3.
Assessment not performed.
Mandatory
B_06.01.0070
Reasons for criticality or importance
Alphanumerical
Brief explanation on the reasons for classifying the function as critical or important (300 characters maximum)
Optional
B_06.01.0080
Date of the last assessment of criticality or importance
Date
Identify the date using ISO 8601 (yyyy–mm–dd) code of the date of the last assessment of criticality or importance in case the function is supported by ICT services provided by ICT third-party service providers.
Where the assessment of the function’s criticality or importance is not performed, it shall be filled in with ‘9999-12-31’
Mandatory
B_06.01.0090
Recovery time objective of the function
Natural number
In number of hours. Where the recovery time objective is less than 1 hour, ‘1’ shall be reported. Where the recovery time objective of the function is not defined, ‘0’ shall be reported.
Mandatory
B_06.01.0100
Recovery point objective of the function
Natural number
In number of hours. Where the recovery point objective is less than 1 hour, ‘1’ shall be reported. Where the recovery point objective of the function is not defined, ‘0’ shall be reported.
Mandatory
B_06.01.0110
Impact of discontinuing the function
Closed set of options
Use this column to indicate the impact of discontinuing the function according to the financial entity’s assessment. One of the options in the following closed list shall be used:
1.
Low
2.
Medium;
3.
High;
4.
Assessment not performed.
Mandatory
Instructions to complete template B_07.01 — Assessment of the ICT services
When supporting a critical or important function or material parts thereof, this template enables further assessments of the ICT services provided by ICT third-party service providers, including the first extra-group subcontractor in the ICT service supply chain when the prior ICT third-party service providers are intra-group, to the financial entity.
Column Code
Column Name
Type
Fill-in Instruction
Fill-in Option
B_07.01.0010
Contractual arrangement reference number
Alphanumerical
As reported in B_02.01.0010
Mandatory
B_07.01.0020
Identification code of the ICT third-party service provider
Alphanumerical
As reported in B_05.01.0010
Mandatory
B_07.01.0030
Type of code to identify the ICT third-party service provider
Pattern
As reported in B_05.01.0020
Mandatory
B_07.01.0040
Type of ICT services
Closed set of options
One of the types of ICT services referred to in Annex III
Mandatory
B_07.01.0050
Substitutability of the ICT third-party service provider
Closed set of options
Use this column to provide the results of the financial entity’s assessment in relation to the degree of substitutability of the ICT third-party service provider to perform the specific ICT services supporting a critical or important function.
One of the options in the following closed list shall be used:
1.
Not substitutable;
2.
Highly complex substitutability;
3.
Medium complexity in terms of substitutability;
4.
Easily substitutable.
Mandatory
B_07.01.0060
Reason where the ICT third-party service provider is considered not substitutable or difficult to be substitutable
Closed set of options
One of the options in the following closed list shall be used:
1.
The lack of real alternatives, even partial, due to the limited number of ICT third-party service providers active on a specific market, or the market share of the relevant ICT third-party service provider, or the technical complexity or sophistication involved, including in relation to any proprietary technology, or the specific features of the ICT third-party service provider’s organisation or activity;
2.
Difficulties in relation to a partial or full migration of the relevant data and workloads from the relevant ICT third- party service provider to another ICT third-party service provider or by reintegrating them in the financial entity’s operations, due either to significant financial costs, time or other resources that the migration process may entail, or to an increased ICT risk or other operational risks to which the financial entity might be exposed;
3.
Both reasons referred to in points 1 and 2.
Mandatory in case “not substitutable” or “highly complex substitutability” is selected in B_07.01.0041
B_07.01.0070
Date of the last audit on the ICT third-party service provider
Date
Use this column to provide the date of the last audit on the specific ICT services provided by the ICT third-party service provider.
This column relates to audits conducted by any of the following:
(a)
the internal audit department or any other additional qualified personnel of the financial entity;
(b)
a joint team together with other clients of the same ICT third-party service provider (‘pooled audit’);
(c)
a third party appointed by the supervised entity to audit the service provider.
This column does not relate to the reception or reference date of third-party certifications or internal audit reports of the ICT third-party service provider, the annual monitoring date of the arrangement by the financial entity or the date of review of the risk assessment performed by the financial entity.
This column shall be used to report all types of audits performed by any of the subjects referred to in points (a), (b) and (c) concerning fully or partially the ICT services provided by the ICT third-party service provider.
To report the date, the ISO 8601 (yyyy–mm–dd) code shall be used.
Where no audit has been performed, it shall be filled in with ‘9999-12-31’.
Mandatory
B_07.01.0080
Existence of an exit plan
[Yes/No]
Use this column to report the existence of an exit plan from the ICT third-party service provider in relation to the specific ICT service provided.
One of the options in the following closed list shall be used:
1.
Yes;
2.
No.
Mandatory
B_07.01.0090
Possibility of reintegration of the contracted ICT service
Closed set of options
One of the options in the following closed list shall be used:
1.
Easy;
2.
Difficult;
3.
Highly complex.
Use this column where the ICT service is provided by an ICT third-party service provider that is not an ICT intra-group service provider
Mandatory
B_07.01.0100
Impact of discontinuing the ICT services
Closed set of options
Use this column to provide the impact for the financial entity of discontinuing the ICT services provided by the ICT third-party service provider according to the financial entity’s assessment.
One of the options in the following closed list shall be used:
1.
Low
2.
Medium;
3.
High;
4.
Assessment not performed.
Mandatory
B_07.01.0110
Are there alternative ICT third-party service providers identified?
Closed set of options
One of the options in the following closed list shall be used:
1.
Yes;
2.
No;
7.
Assessment not performed.
For each ICT third-party service provider supporting a critical or important function, the assessment to identify an alternative service provider shall be performed.
Mandatory
B_07.01.0120
Identification of alternative ICT TPP
Alphanumerical
If ‘Yes’ is reported in
B_07.01.0110,
additional information may be provided in this column
Optional
Instructions to complete template B_99.01 — Terminology used by financial entities using the ICT services
Financial entities shall provide entity-internal explanations, meanings, and definitions of the closed set of indicators and options used by them in the register of information.
B_99.01.C0010
B_99.01.C0020
B_99.01.C0030
B_99.01.C0040
Column Code
Column Name
Option
Description/Internal definition of the option
B_99.01.R0010
B_02.01.0020
Type of contractual arrangement
1.
Standalone arrangement
B_99.01.R0020
2.
Overarching arrangement
B_99.01.R0030
3.
Subsequent or associated arrangement
B_99.01.R0040
B_02.02.0170
Sensitiveness of the data stored by the ICT third-party service provider
1.
Low
B_99.01.R0050
2.
Medium
B_99.01.R0060
3.
High
B_99.01.R0070
B_06.01.0110
Impact of discontinuing the function
1.
Low
B_99.01.R0080
2.
Medium
B_99.01.R0090
3.
High
B_99.01.R0100
B_07.01.0050
Substitutability of the ICT third-party service provider
1.
Not substitutable
B_99.01.R0110
2.
Highly complex substitutability
B_99.01.R0120
3.
Medium complexity in terms of substitutability
B_99.01.R0130
4.
Easily substitutable
B_99.01.R0140
B_07.01.0090
Possibility of reintegration of the contracted ICT service
1.
Easy
B_99.01.R0150
2.
Difficult
B_99.01.R0160
3.
Highly complex
B_99.01.R0170
B_07.01.0100
Impact of discontinuing the ICT services
1.
Low
B_99.01.R0180
2.
Medium
B_99.01.R0190
3.
High
Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC ELI:
http://data.europa.eu/eli/dir/2015/2366/oj
).
Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC ELI:
http://data.europa.eu/eli/dir/2009/110/oj
).
Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 ELI:
http://data.europa.eu/eli/reg/2023/1114/oj
| Template Code | Template Name | Short Description |
|---|---|---|
| B_01.01 | Entity maintaining the register of information | This template identifies the entity maintaining and updating the register of information at entity, sub-consolidated and consolidated level, respectively. |
| B_01.02 | List of entities within the scope of consolidation | This template identifies all the entities belonging to the group. Where the financial entity responsible for maintaining and updating the register of information does not belong to a group, only that financial entity shall be reported in this template. |
| B_01.03 | List of branches | This template identifies the branches of the financial entities referred to in template B_01.02. |
| B_02.01 | Contractual arrangements – general information | This template lists all contractual arrangements with direct ICT third-party service providers.For each contractual arrangement with a direct ICT third-party service provider, the financial entity maintaining the register of information shall assign a unique ‘contractual arrangement reference number’ to identify unambiguously the contractual arrangement itself. |
| B_02.02 | Contractual arrangements – specific information | This template provides details in relation to each contractual arrangement listed in template B_02.01 with regard to:(a)the ICT services included in the scope of the contractual arrangement;(b)the functions of the financial entities supported by those ICT services;(c)other important information in relation to the specific ICT services provided (e.g. notice period, law governing the arrangement, etc.). |
| (a) | the ICT services included in the scope of the contractual arrangement; | |
| (b) | the functions of the financial entities supported by those ICT services; | |
| (c) | other important information in relation to the specific ICT services provided (e.g. notice period, law governing the arrangement, etc.). | |
| B_02.03 | List of intra-group contractual arrangements | This template identifies the links between intra-group contractual arrangements and contractual arrangements with ICT third-party service providers which are not part of the group using the contractual reference numbers when part of the ICT service supply chain. |
| B_03.01 | Entities signing the contractual arrangements for receiving ICT service(s) or on behalf of the entities making use of the ICT service(s) | This template provides information on the entity signing the contractual arrangements with the direct ICT third-party service provider for the entity making use of the ICT services.Where the register of information is maintained and updated at entity level, the entity signing the contractual arrangement and the entity making use of the ICT services is the financial entity maintaining and updating the register of information.In the context of sub-consolidation and consolidation, the financial entity making use of the ICT services provided is not necessarily the entity signing the contractual arrangement with the ICT third-party service providers. |
| B_03.02 | ICT third-party service providers signing the contractual arrangements for providing ICT service(s) | This template identifies all the ICT third-party service providers referred to in template B_05.01 signing the contractual arrangements referred to in template B_02.01 for providing the ICT services. |
| B_03.03 | Entities signing the contractual arrangements for providing ICT service(s) to other entities within the scope of consolidation | This template identifies all the entities referred to in template B_01.02 signing the contractual arrangements referred to in template B_02.01 for providing the ICT services to other entities in the consolidation. |
| B_04.01 | Entities making use of the ICT services | This template identifies all entities making uses of the ICT services provided by ICT third-party service providers and registered in the register of information.The entities making use of the ICT services shall be either the financial entities in scope, or the ICT intra-group service providers.Where the register of information is maintained and updated at entity level, the entity signing the contractual arrangement and the entity making use of the ICT services are the financial entity maintaining the register. |
| B_05.01 | ICT third-party service providers | This template lists and provides general information to identify:(a)the direct ICT third-party service providers;(b)the ICT intra-group service providers;(c)all subcontractors included in template B_05.02 on ICT service supply chain;(d)the ultimate parent undertaking of the ICT third-party service providers listed in points (a), (b) and (c). |
| (a) | the direct ICT third-party service providers; | |
| (b) | the ICT intra-group service providers; | |
| (c) | all subcontractors included in template B_05.02 on ICT service supply chain; | |
| (d) | the ultimate parent undertaking of the ICT third-party service providers listed in points (a), (b) and (c). | |
| B_05.02 | ICT service supply chain | This template identifies and links the ICT third-party service providers that are part of the same ICT service supply chain.Financial entities shall identify and rank the ICT third-party service providers for each ICT service included in each contractual arrangement.Example:a financial entity has a contractual arrangement with an ICT third-party service provider (‘ICT third-party service provider X’) to receive 2 specific ICT services (‘ICT service A’ and ‘ICT service B’) and the service provider makes use of a subcontractor (‘ICT third-party service provider Y’) to provide one of those services (‘ICT service B’).—In relation to ICT service A, the ICT service supply chain is composed of one ICT third-party service provider, ICT third-party service provider X, which will be ranked as number 1 in the template. ICT third-party service provider X is the direct ICT third-party service provider.—In relation to ICT service B, the ICT service supply chain is composed of two ICT third-party service providers:(a)ICT third-party service provider X, which will be ranked number 1 in the template. ICT third-party service provider X is the direct ICT third-party service provider.(b)ICT third-party service provider Y, which will be ranked number 2 in the template. ICT third-party service provider Y is a subcontractor.All ICT third-party service providers belonging to the same ICT service supply chain share the same ‘contractual arrangement reference number’ as referred to in template B_02.01 and the same type of ICT services |
| — | In relation to ICT service A, the ICT service supply chain is composed of one ICT third-party service provider, ICT third-party service provider X, which will be ranked as number 1 in the template. ICT third-party service provider X is the direct ICT third-party service provider. | |
| — | In relation to ICT service B, the ICT service supply chain is composed of two ICT third-party service providers:(a)ICT third-party service provider X, which will be ranked number 1 in the template. ICT third-party service provider X is the direct ICT third-party service provider.(b)ICT third-party service provider Y, which will be ranked number 2 in the template. ICT third-party service provider Y is a subcontractor.All ICT third-party service providers belonging to the same ICT service supply chain share the same ‘contractual arrangement reference number’ as referred to in template B_02.01 and the same type of ICT services | (a) |
| (a) | ICT third-party service provider X, which will be ranked number 1 in the template. ICT third-party service provider X is the direct ICT third-party service provider. | |
| (b) | ICT third-party service provider Y, which will be ranked number 2 in the template. ICT third-party service provider Y is a subcontractor. | |
| B_06.01 | Functions identification | This template identifies and provides information on the functions of the financial entity making use of the ICT services.In the information to be provided in this template, financial entities shall include a unique identifier, the ‘function identifier’ for each combination of a financial entity’s LEI, licenced activity and function.Example:a financial entity (LEI: 21USLEIC20231109J3Z8) which operates under two licensed activities (‘activity A’ and ‘activity B’) will be given two unique ‘function identifiers’ for the same function X (e.g. sales) performed for activity A and activity B, respectively. The function identifier will be:F1 for the combination of “21USLEIC20231109J3Z8”“Activity A” and ‘Function X”F2 for the combination of “21USLEIC20231109J3Z8”“Activity B” and ‘Function X” |
| F1 for the combination of “21USLEIC20231109J3Z8”“Activity A” and ‘Function X” | ||
| F2 for the combination of “21USLEIC20231109J3Z8”“Activity B” and ‘Function X” | ||
| B_07.01 | Assessments of the ICT services | This template captures information in relation to the risk assessment of the ICT services (e.g. substitutability, date of last audit, etc.) when those ICT services are supporting a critical or important function or material part thereof. |
| B_99.01 | Definitions from entities making use of the ICT Services | This template captures entity-internal explanations, meanings, and definitions of the closed set of indicators used by the financial entity in the register of information.Example: In template B_07.01 the financial entity shall provide an indication of the impact of discontinuation of the ICT services by using a closed set of options (low, medium, high). In template B_99.01 the financial entity shall specify the meaning of those options. |
Table 2 in anx_I
| (a) | the ICT services included in the scope of the contractual arrangement; |
|---|
Table 3 in anx_I
| (b) | the functions of the financial entities supported by those ICT services; |
|---|
Table 4 in anx_I
| (c) | other important information in relation to the specific ICT services provided (e.g. notice period, law governing the arrangement, etc.). |
|---|
Table 5 in anx_I
| (a) | the direct ICT third-party service providers; |
|---|
Table 6 in anx_I
| (b) | the ICT intra-group service providers; |
|---|
Table 7 in anx_I
| (c) | all subcontractors included in template B_05.02 on ICT service supply chain; |
|---|
Table 8 in anx_I
| (d) | the ultimate parent undertaking of the ICT third-party service providers listed in points (a), (b) and (c). |
|---|
Table 9 in anx_I
| — | In relation to ICT service A, the ICT service supply chain is composed of one ICT third-party service provider, ICT third-party service provider X, which will be ranked as number 1 in the template. ICT third-party service provider X is the direct ICT third-party service provider. |
|---|
Table 10 in anx_I
| — | In relation to ICT service B, the ICT service supply chain is composed of two ICT third-party service providers:(a)ICT third-party service provider X, which will be ranked number 1 in the template. ICT third-party service provider X is the direct ICT third-party service provider.(b)ICT third-party service provider Y, which will be ranked number 2 in the template. ICT third-party service provider Y is a subcontractor.All ICT third-party service providers belonging to the same ICT service supply chain share the same ‘contractual arrangement reference number’ as referred to in template B_02.01 and the same type of ICT services | (a) | ICT third-party service provider X, which will be ranked number 1 in the template. ICT third-party service provider X is the direct ICT third-party service provider. | (b) | ICT third-party service provider Y, which will be ranked number 2 in the template. ICT third-party service provider Y is a subcontractor. |
|---|---|---|---|---|---|
| (a) | ICT third-party service provider X, which will be ranked number 1 in the template. ICT third-party service provider X is the direct ICT third-party service provider. | ||||
| (b) | ICT third-party service provider Y, which will be ranked number 2 in the template. ICT third-party service provider Y is a subcontractor. |
Table 11 in anx_I
| (a) | ICT third-party service provider X, which will be ranked number 1 in the template. ICT third-party service provider X is the direct ICT third-party service provider. |
|---|
Table 12 in anx_I
| (b) | ICT third-party service provider Y, which will be ranked number 2 in the template. ICT third-party service provider Y is a subcontractor. |
|---|
Table 13 in anx_I
| F1 for the combination of “21USLEIC20231109J3Z8”“Activity A” and ‘Function X” |
|---|
Table 14 in anx_I
| F2 for the combination of “21USLEIC20231109J3Z8”“Activity B” and ‘Function X” |
|---|
Table 15 in anx_I
| Column Code | Column Name | Type | Fill-in Instruction | Fill-in Option |
|---|---|---|---|---|
| B_01.01.0010 | LEI of the financial entity maintaining the register of information | Alphanumerical | Identify the financial entity maintaining and updating the register of information using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standard | Mandatory |
| B_01.01.0020 | Name of the financial entity | Alphanumerical | Legal name of the financial entity maintaining and updating the register of information | Mandatory |
| B_01.01.0030 | Country of the financial entity | Country | Identify the ISO 3166–1 alpha–2 code of the country where the license or the registration of the entity reported in the register of information has been issued. | Mandatory |
| B_01.01.0040 | Type of financial entity | Closed set of options | Identify the type of financial entity using one of the options in the following closed list:1.credit institutions;2.payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366 of the European Parliament and of the Council(1);3.account information service providers;4.electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/EC of the European Parliament and of the Council(2);5.investment firms;6.crypto-asset service providers authorised under Regulation (EU) 2023/1114 of the European Parliament and of the Council(3)7.issuers of asset-referenced tokens authorised under Regulation (EU) 2023/1114;8.central securities depositories;9.central counterparties;10.trading venues;11.trade repositories;12.managers of alternative investment funds;13.management companies;14.data reporting service providers;15.insurance and reinsurance undertakings;16.insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries;17.institutions for occupational retirement provision;18.credit rating agencies;19.administrators of critical benchmarks;20.crowdfunding service providers;21.securitisation repositories.22.other financial entity;Where the register of information is maintained at the group level by the parent undertaking, which is not itself subject to the obligation to maintain such register, i.e. it does not fall under the definition of financial entities set out in Article 2 of the Regulation (EU) 2022/2554 (e.g., financial holding company, mixed financial holding company or mixed-activity holding company) ‘Other financial entity’ option shall be chosen. | 1. |
| 1. | credit institutions; | |||
| 2. | payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366 of the European Parliament and of the Council(1); | |||
| 3. | account information service providers; | |||
| 4. | electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/EC of the European Parliament and of the Council(2); | |||
| 5. | investment firms; | |||
| 6. | crypto-asset service providers authorised under Regulation (EU) 2023/1114 of the European Parliament and of the Council(3) | |||
| 7. | issuers of asset-referenced tokens authorised under Regulation (EU) 2023/1114; | |||
| 8. | central securities depositories; | |||
| 9. | central counterparties; | |||
| 10. | trading venues; | |||
| 11. | trade repositories; | |||
| 12. | managers of alternative investment funds; | |||
| 13. | management companies; | |||
| 14. | data reporting service providers; | |||
| 15. | insurance and reinsurance undertakings; | |||
| 16. | insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries; | |||
| 17. | institutions for occupational retirement provision; | |||
| 18. | credit rating agencies; | |||
| 19. | administrators of critical benchmarks; | |||
| 20. | crowdfunding service providers; | |||
| 21. | securitisation repositories. | |||
| 22. | other financial entity; | |||
| B_01.01.0050 | Competent authority | Alphanumerical | Identify the competent authority referred to in Article 46 of Regulation (EU) 2022/2554 to which the register of information is reported. | Mandatory in case of reporting |
| B_01.01.0060 | Date of the reporting | Date | Identify the date using ISO 8601 (yyyy–mm–dd) code of the date of reporting | Mandatory in case of reporting |
Table 16 in anx_I
| 1. | credit institutions; |
|---|
Table 17 in anx_I
| 2. | payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366 of the European Parliament and of the Council(1); |
|---|
Table 18 in anx_I
| 3. | account information service providers; |
|---|
Table 19 in anx_I
| 4. | electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/EC of the European Parliament and of the Council(2); |
|---|
Table 20 in anx_I
| 5. | investment firms; |
|---|
Table 21 in anx_I
| 6. | crypto-asset service providers authorised under Regulation (EU) 2023/1114 of the European Parliament and of the Council(3) |
|---|
Table 22 in anx_I
| 7. | issuers of asset-referenced tokens authorised under Regulation (EU) 2023/1114; |
|---|
Table 23 in anx_I
| 8. | central securities depositories; |
|---|
Table 24 in anx_I
| 9. | central counterparties; |
|---|
Table 25 in anx_I
| 10. | trading venues; |
|---|
Table 26 in anx_I
| 11. | trade repositories; |
|---|
Table 27 in anx_I
| 12. | managers of alternative investment funds; |
|---|
Table 28 in anx_I
| 13. | management companies; |
|---|
Table 29 in anx_I
| 14. | data reporting service providers; |
|---|
Table 30 in anx_I
| 15. | insurance and reinsurance undertakings; |
|---|
Table 31 in anx_I
| 16. | insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries; |
|---|
Table 32 in anx_I
| 17. | institutions for occupational retirement provision; |
|---|
Table 33 in anx_I
| 18. | credit rating agencies; |
|---|
Table 34 in anx_I
| 19. | administrators of critical benchmarks; |
|---|
Table 35 in anx_I
| 20. | crowdfunding service providers; |
|---|
Table 36 in anx_I
| 21. | securitisation repositories. |
|---|
Table 37 in anx_I
| 22. | other financial entity; |
|---|
Table 38 in anx_I
| Column Code | Column Name | Type | Fill-in Instruction | Fill-in Option |
|---|---|---|---|---|
| B_01.02.0010 | LEI of the financial entity | Alphanumerical | Identify the financial entity reported in the register of information using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standard | Mandatory |
| B_01.02.0020 | Name of the financial entity | Alphanumerical | Legal name of the financial entity reported in the register of information | Mandatory |
| B_01.02.0030 | Country of the financial entity | Country | Identify the ISO 3166–1 alpha–2 code of the country where the license or the registration of the financial entity reported in the register of information has been issued. | Mandatory |
| B_01.02.0040 | Type of financial entity | Closed set of options | Identify the type of financial entity using one of the options in the following closed list:1.credit institutions;2.payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366;3.account information service providers;4.electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/EC;5.investment firms;6.crypto-asset service providers authorised under Regulation (EU) 2023/1114;7.issuers of asset-referenced tokens authorised under Regulation (EU) 2023/1114;8.central securities depositories;9.central counterparties;10.trading venues;11.trade repositories;12.managers of alternative investment funds;13.management companies;14.data reporting service providers;15.insurance and reinsurance undertakings;16.insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries;17.institutions for occupational retirement provision;18.credit rating agencies;19.administrators of critical benchmarks;20.crowdfunding service providers;21.securitisation repositories;22.other financial entity;23.non-financial entity: ICT intra-group service provider;24.non-financial entity: other. | 1. |
| 1. | credit institutions; | |||
| 2. | payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366; | |||
| 3. | account information service providers; | |||
| 4. | electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/EC; | |||
| 5. | investment firms; | |||
| 6. | crypto-asset service providers authorised under Regulation (EU) 2023/1114; | |||
| 7. | issuers of asset-referenced tokens authorised under Regulation (EU) 2023/1114; | |||
| 8. | central securities depositories; | |||
| 9. | central counterparties; | |||
| 10. | trading venues; | |||
| 11. | trade repositories; | |||
| 12. | managers of alternative investment funds; | |||
| 13. | management companies; | |||
| 14. | data reporting service providers; | |||
| 15. | insurance and reinsurance undertakings; | |||
| 16. | insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries; | |||
| 17. | institutions for occupational retirement provision; | |||
| 18. | credit rating agencies; | |||
| 19. | administrators of critical benchmarks; | |||
| 20. | crowdfunding service providers; | |||
| 21. | securitisation repositories; | |||
| 22. | other financial entity; | |||
| 23. | non-financial entity: ICT intra-group service provider; | |||
| 24. | non-financial entity: other. | |||
| B_01.02.0050 | Hierarchy of the financial entity within the group (where applicable) | Closed set of options | Determine the hierarchy of the financial entity in the consolidation using one of the options in the following closed list:1.The financial entity is the ultimate parent undertaking in the consolidation;2.The financial entity is the parent undertaking of a sub-consolidated part in the consolidation;3.The financial entity is a subsidiary in the consolidation and is not a parent undertaking of a sub-consolidated part;4.The financial entity is not part of a group;5.The financial entity is a service provider to which the financial entity (or the third-party service provider acting on its behalf) is outsourcing all its operational activities.Where an entity fulfils more than one options from the closed list above, the higher-level option applicable to this entity shall be selected. | 1. |
| 1. | The financial entity is the ultimate parent undertaking in the consolidation; | |||
| 2. | The financial entity is the parent undertaking of a sub-consolidated part in the consolidation; | |||
| 3. | The financial entity is a subsidiary in the consolidation and is not a parent undertaking of a sub-consolidated part; | |||
| 4. | The financial entity is not part of a group; | |||
| 5. | The financial entity is a service provider to which the financial entity (or the third-party service provider acting on its behalf) is outsourcing all its operational activities. | |||
| B_01.02.0060 | LEI of the direct parent undertaking of the financial entity | Alphanumerical | Identify the direct parent undertaking of the financial entity reported in the register of information using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standard | Mandatory |
| B_01.02.0070 | Date of last update | Date | Identify the date using ISO 8601 (yyyy–mm–dd) code of the date of the last update or modification made in the register of information in relation to the financial entity. | Mandatory |
| B_01.02.0080 | Date of integration in the register of information | Date | Identify the date using ISO 8601 (yyyy–mm–dd) code of the date of integration of the financial entity into the register of information | Mandatory |
| B_01.02.0090 | Date of deletion in the register of information | Date | Identify the date using ISO 8601 (yyyy–mm–dd) code of the date of deletion of the financial entity from the register of information.Where the financial entity has not been deleted, ‘9999-12-31’ shall be reported. | Mandatory |
| B_01.02.0100 | Currency | Currency | Identify the ISO 4217 alphabetic code of the currency used for the preparation of the financial entity’s financial statements.The currency reported shall be the same currency used by the financial entity for the preparation of the financial statements at entity, sub-consolidated or consolidated level, as applicable. | Mandatory only if B_01.02.0110 is reported |
| B_01.02.0110 | Value of total assets of the financial entity | Monetary | Monetary value of total assets of the financial entity as reported in the financial entity’s annual financial statement of the year before the date of the last update of the register of information. Monetary value shall be reported in units.Refer to Annex IV for the filling in this column. | Mandatory if the entity is a financial entity |
Table 39 in anx_I
| 1. | credit institutions; |
|---|
Table 40 in anx_I
| 2. | payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366; |
|---|
Table 41 in anx_I
| 3. | account information service providers; |
|---|
Table 42 in anx_I
| 4. | electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/EC; |
|---|
Table 43 in anx_I
| 5. | investment firms; |
|---|
Table 44 in anx_I
| 6. | crypto-asset service providers authorised under Regulation (EU) 2023/1114; |
|---|
Table 45 in anx_I
| 7. | issuers of asset-referenced tokens authorised under Regulation (EU) 2023/1114; |
|---|
Table 46 in anx_I
| 8. | central securities depositories; |
|---|
Table 47 in anx_I
| 9. | central counterparties; |
|---|
Table 48 in anx_I
| 10. | trading venues; |
|---|
Table 49 in anx_I
| 11. | trade repositories; |
|---|
Table 50 in anx_I
| 12. | managers of alternative investment funds; |
|---|
Table 51 in anx_I
| 13. | management companies; |
|---|
Table 52 in anx_I
| 14. | data reporting service providers; |
|---|
Table 53 in anx_I
| 15. | insurance and reinsurance undertakings; |
|---|
Table 54 in anx_I
| 16. | insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries; |
|---|
Table 55 in anx_I
| 17. | institutions for occupational retirement provision; |
|---|
Table 56 in anx_I
| 18. | credit rating agencies; |
|---|
Table 57 in anx_I
| 19. | administrators of critical benchmarks; |
|---|
Table 58 in anx_I
| 20. | crowdfunding service providers; |
|---|
Table 59 in anx_I
| 21. | securitisation repositories; |
|---|
Table 60 in anx_I
| 22. | other financial entity; |
|---|
Table 61 in anx_I
| 23. | non-financial entity: ICT intra-group service provider; |
|---|
Table 62 in anx_I
| 24. | non-financial entity: other. |
|---|
Table 63 in anx_I
| 1. | The financial entity is the ultimate parent undertaking in the consolidation; |
|---|
Table 64 in anx_I
| 2. | The financial entity is the parent undertaking of a sub-consolidated part in the consolidation; |
|---|
Table 65 in anx_I
| 3. | The financial entity is a subsidiary in the consolidation and is not a parent undertaking of a sub-consolidated part; |
|---|
Table 66 in anx_I
| 4. | The financial entity is not part of a group; |
|---|
Table 67 in anx_I
| 5. | The financial entity is a service provider to which the financial entity (or the third-party service provider acting on its behalf) is outsourcing all its operational activities. |
|---|
Table 68 in anx_I
| Column Code | Column Name | Type | Fill-in Instruction | Fill-in Option |
|---|---|---|---|---|
| B_01.03.0010 | Identification code of the branch | Alphanumerical | Identify a branch of a financial entity located outside its home country using a unique code for each branch. One of the options in the following closed list shall be used:(a)LEI of the branch if unique for this branch and different from B_01.03.0020;(b)other identification code used by the financial entity to identify the branch (where the LEI of the branch is equivalent to the one in template B_01.03.0020 or equivalent to the LEI of another branch). | (a) |
| (a) | LEI of the branch if unique for this branch and different from B_01.03.0020; | |||
| (b) | other identification code used by the financial entity to identify the branch (where the LEI of the branch is equivalent to the one in template B_01.03.0020 or equivalent to the LEI of another branch). | |||
| B_01.03.0020 | LEI of the financial entity head office of the branch | Alphanumerical | As reported in B_01.02.0010Identify the financial entity head office of the branch, using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standard | Mandatory |
| B_01.03.0030 | Name of the branch | Alphanumerical | Identify the name of the branch | Mandatory |
| B_01.03.0040 | Country of the branch | Country | Identify the ISO 3166–1 alpha–2 code of the country where the branch is located. | Mandatory |
Table 69 in anx_I
| (a) | LEI of the branch if unique for this branch and different from B_01.03.0020; |
|---|
Table 70 in anx_I
| (b) | other identification code used by the financial entity to identify the branch (where the LEI of the branch is equivalent to the one in template B_01.03.0020 or equivalent to the LEI of another branch). |
|---|
Table 71 in anx_I
| (a) | any kind of standalone arrangements; |
|---|
Table 72 in anx_I
| (b) | any kind of ‘overarching or framework arrangements’, including master and framework arrangements; |
|---|
Table 73 in anx_I
| (c) | any kind of ‘subsequent or associated arrangements’, including implementing arrangements, subservice arrangements, order forms. |
|---|
Table 74 in anx_I
| Column Code | Column Name | Type | Fill -in Instruction | Fill-in Option |
|---|---|---|---|---|
| B_02.01.0010 | Contractual arrangement reference number | Alphanumerical | Identify the contractual arrangement between the financial entity or, in case of a group, the group subsidiary and the direct ICT third-party service provider.The contractual arrangement reference number is the internal reference number of the contractual arrangement assigned by the financial entity.The contractual arrangement reference number shall be unique and consistent over time at entity, sub-consolidated and consolidated level, where applicable.The contractual arrangement reference number shall be used consistently across all templates of the register of information when referring to the same contractual arrangement.For the case where an entity is acting on behalf of a financial entity for all the activities of the financial entity including the ICT services (refer to recital 7) the contractual arrangement reference number can be the contractual arrangement between the entity and its direct ICT third-party service provider. | Mandatory |
| B_02.01.0020 | Type of contractual arrangement | Closed set of options | Identify the type of contractual arrangement by using one of the options in the following closed list:1.standalone arrangement;2.overarching / master contractual arrangement;3.subsequent or associated arrangement. | 1. |
| 1. | standalone arrangement; | |||
| 2. | overarching / master contractual arrangement; | |||
| 3. | subsequent or associated arrangement. | |||
| B_02.01.0030 | Overarching contractual arrangement reference number | Alphanumerical | Not applicable if the contractual arrangement is the ‘overarching contractual arrangement’ or a ‘standalone arrangement’. In the other cases, report the contractual arrangement reference number of the overarching arrangement, which shall be equal to the value as reported in column B_02.01.0010 when reporting the overarching contractual arrangement. | Mandatory |
| B_02.01.0040 | Currency of the amount reported in B_02.01.0050 | Currency | Identify the ISO 4217 alphabetic code of the currency used to express the amount in B_02.01.0050. | Mandatory |
| B_02.01.0050 | Annual expense or estimated cost of the contractual arrangement for the past year | Monetary | Annual expenses or estimated costs (or intragroup transfer) of the ICT services contractual arrangement for the past year. Monetary value shall be reported in units.The annual expense or estimated cost shall be expressed in the currency reported in B_01.02.0040.In case of an overarching arrangement with subsequent or associated arrangements, the sum of the annual expenses or estimated costs reported for the overarching arrangement and the subsequent or associated arrangements shall be equal to the total expenses or estimated costs for the overall contractual arrangement. There shall be no repetition or duplication of annual expenses or estimated costs. The following cases should be reflected:(a)where the annual expenses or estimate costs are not determined at the level of the overarching arrangement (i.e. they are 0), the annual expenses or estimated costs shall be reported at the level of each subsequent or associated arrangements.(b)where the annual expenses or estimated costs cannot be reported for each of the subsequent or associated arrangements, the total annual expenses or estimated costs shall be reported at the level of the overarching arrangement.(c)where there are annual expenses or estimated costs related to each level of the arrangement, i.e. overarching and subsequent or associated, and that information is available, the annual expenses or estimated costs shall be reported without duplication at each level of the contractual arrangement. | (a) |
| (a) | where the annual expenses or estimate costs are not determined at the level of the overarching arrangement (i.e. they are 0), the annual expenses or estimated costs shall be reported at the level of each subsequent or associated arrangements. | |||
| (b) | where the annual expenses or estimated costs cannot be reported for each of the subsequent or associated arrangements, the total annual expenses or estimated costs shall be reported at the level of the overarching arrangement. | |||
| (c) | where there are annual expenses or estimated costs related to each level of the arrangement, i.e. overarching and subsequent or associated, and that information is available, the annual expenses or estimated costs shall be reported without duplication at each level of the contractual arrangement. |
Table 75 in anx_I
| 1. | standalone arrangement; |
|---|
Table 76 in anx_I
| 2. | overarching / master contractual arrangement; |
|---|
Table 77 in anx_I
| 3. | subsequent or associated arrangement. |
|---|
Table 78 in anx_I
| (a) | where the annual expenses or estimate costs are not determined at the level of the overarching arrangement (i.e. they are 0), the annual expenses or estimated costs shall be reported at the level of each subsequent or associated arrangements. |
|---|
Table 79 in anx_I
| (b) | where the annual expenses or estimated costs cannot be reported for each of the subsequent or associated arrangements, the total annual expenses or estimated costs shall be reported at the level of the overarching arrangement. |
|---|
Table 80 in anx_I
| (c) | where there are annual expenses or estimated costs related to each level of the arrangement, i.e. overarching and subsequent or associated, and that information is available, the annual expenses or estimated costs shall be reported without duplication at each level of the contractual arrangement. |
|---|
Table 81 in anx_I
| Column Code | Column Name | Type | Fill-in Instruction | Fill-in Option |
|---|---|---|---|---|
| B_02.02.0010 | Contractual arrangement reference number | Alphanumerical | As reported in B_02.01.0010 | Mandatory |
| B_02.02.0020 | LEI of the financial entity making use of the ICT service(s) | Alphanumerical | As reported in B_04.01.0020Identify the financial entity making use of the ICT service(s) using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standard | Mandatory |
| B_02.02.0030 | Identification code of the ICT third-party service provider | Alphanumerical | As reported in B_05.01.0010Code to identify the ICT third-party service provider as reported in B_05.01.0010 for that provider. | Mandatory |
| B_02.02.0040 | Type of code to identify the ICT third-party service provider | Pattern | As reported in B_05.01.0020Type of code to identify the ICT third-party service provider in B_02.02.0030 as reported in B_05.01.0020 for that provider. | Mandatory |
| B_02.02.0050 | Function identifier | Pattern | As defined by the financial entity in B_06.01.0010 | Mandatory |
| B_02.02.0060 | Type of ICT services | Closed set of options | One of the types of ICT services referred to in Annex III | Mandatory |
| B_02.02.0070 | Start date of the contractual arrangement | Date | Identify the date of entry into force of the contractual arrangement as stipulated in the contractual arrangement using the ISO 8601 (yyyy–mm–dd) code | Mandatory |
| B_02.02.0080 | End date of the contractual arrangement | Date | Identify the end date as stipulated in the contractual arrangement using the ISO 8601 (yyyy–mm–dd) code. Where the contractual arrangement is indefinite, it shall be filled in with ‘9999-12-31’. Where the contractual arrangement has been terminated on a date different than the end date, this shall be filled in with the termination date.Where the contractual arrangement foresees a renewal, this shall be filled in with the date of the contract renewal as stipulated in the contractual arrangement. | Mandatory |
| B_02.02.0090 | Reason of the termination or ending of the contractual arrangement | Closed set of options | Where the contractual arrangement has been terminated or ended, identify the reason of the termination or ending of the contractual arrangements using one of the options in the following closed list:1.Termination not for cause: The contractual arrangement has expired/ended and has not been renewed by any of the parties;2.Termination for cause: The contractual arrangement has been terminated, the ICT third-party service provider being in a breach of applicable law, regulations or contractual provisions;3.Termination for cause: The contractual arrangement has been terminated, due to the fact that impediments of the ICT third-party service provider capable of altering the supported function have been identified;4.Termination for cause: The contractual arrangement has been terminated due to weaknesses of the ICT third-party service provider regarding the management and security of sensitive data or information of any of the counterparties;5.Termination following a request by a competent authority: The contractual arrangement has been terminated following a request by a competent Authority.6.Other: The contractual arrangement has been terminated by any of the parties for any other reason than the reasons referred to in points 1 to 5. | 1. |
| 1. | Termination not for cause: The contractual arrangement has expired/ended and has not been renewed by any of the parties; | |||
| 2. | Termination for cause: The contractual arrangement has been terminated, the ICT third-party service provider being in a breach of applicable law, regulations or contractual provisions; | |||
| 3. | Termination for cause: The contractual arrangement has been terminated, due to the fact that impediments of the ICT third-party service provider capable of altering the supported function have been identified; | |||
| 4. | Termination for cause: The contractual arrangement has been terminated due to weaknesses of the ICT third-party service provider regarding the management and security of sensitive data or information of any of the counterparties; | |||
| 5. | Termination following a request by a competent authority: The contractual arrangement has been terminated following a request by a competent Authority. | |||
| 6. | Other: The contractual arrangement has been terminated by any of the parties for any other reason than the reasons referred to in points 1 to 5. | |||
| B_02.02.0100 | Notice period for the financial entity making use of the ICT service(s) | Natural number | Identify the notice period for terminating the contractual arrangement by the financial entity in a business-as-usual case. The notice period shall be expressed as number of calendar days from the counterparty’s receipt of the request to terminate the ICT service. | Mandatory if the ICT service is supporting a critical or important function |
| B_02.02.0110 | Notice period for the ICT third-party service provider | Natural number | Identify the notice period for terminating the contractual arrangement by the direct ICT third-party service provider in a business-as-usual case. The notice period shall be expressed as number of calendar days from the counterparty’s receipt of the request to terminate the ICT service. | Mandatory if the ICT service is supporting a critical or important function |
| B_02.02.0120 | Country of the governing law of the contractual arrangement | Country | Identify the country of the governing law of the contractual arrangement using the ISO 3166–1 alpha–2 code. | Mandatory if the ICT service is supporting a critical or important function |
| B_02.02.0130 | Country of provision of the ICT services | Country | Identify the country from where the ICT services are provided using the ISO 3166–1 alpha–2 code. | Mandatory if the ICT service is supporting a critical or important function |
| B_02.02.0140 | Storage of data | [Yes/No] | Is the ICT service related to (or does it foresee) storage of data (even temporarily)?One of the options provided in the following closed list:1.Yes;2.No. | 1. |
| 1. | Yes; | |||
| 2. | No. | |||
| B_02.02.0150 | Location of the data at rest (storage) | Country | Identify the country of location of the data at rest (storage) using the ISO 3166–1 alpha–2 code.If there are several countries of location, additional row(s) shall be used for each country. | Mandatory if ’Yes’ is reported in B_02.02.0140 |
| B_02.02.0160 | Location of management of the data (processing) | Country | Identify the country of location of the management of the data (processing) using the ISO 3166–1 alpha–2 code.If there are several countries of location, additional row(s) shall be used for each country. | Mandatory if the ICT service is based on or foresees data processing |
| B_02.02.0170 | Sensitiveness of the data stored by the ICT third-party service provider | Closed set of options | Identify the level of sensitiveness of the data stored or processed by the ICT third-party service provider using one of the options provided in the following closed list:1.Low2.Medium;3.High.The most sensitive data take precedence: e.g. if both ‘Medium’ and ‘High’ apply, then ‘High’ shall be selected. | 1. |
| 1. | Low | |||
| 2. | Medium; | |||
| 3. | High. | |||
| B_02.02.0180 | Level of reliance on the ICT service supporting the critical or important function. | Closed set of options | One of the options in the following closed list shall be used:1.Not significant;2.Low reliance: in case of disruption of the services, the supported functions would not be significantly impacted (no interruption, no important damage) or disruption can be resolved quickly and with minimal impact on the functions supported;3.Material reliance: in case of disruption of the services, the supported functions would be significantly impacted if the disruption lasts more than a few minutes/few hours, and the disruption may cause damages, but is still manageable;4.Full reliance: in case of disruption of the services, the supported functions would be immediately and severely interrupted/damaged, for a long period. | 1. |
| 1. | Not significant; | |||
| 2. | Low reliance: in case of disruption of the services, the supported functions would not be significantly impacted (no interruption, no important damage) or disruption can be resolved quickly and with minimal impact on the functions supported; | |||
| 3. | Material reliance: in case of disruption of the services, the supported functions would be significantly impacted if the disruption lasts more than a few minutes/few hours, and the disruption may cause damages, but is still manageable; | |||
| 4. | Full reliance: in case of disruption of the services, the supported functions would be immediately and severely interrupted/damaged, for a long period. |
Table 82 in anx_I
| 1. | Termination not for cause: The contractual arrangement has expired/ended and has not been renewed by any of the parties; |
|---|
Table 83 in anx_I
| 2. | Termination for cause: The contractual arrangement has been terminated, the ICT third-party service provider being in a breach of applicable law, regulations or contractual provisions; |
|---|
Table 84 in anx_I
| 3. | Termination for cause: The contractual arrangement has been terminated, due to the fact that impediments of the ICT third-party service provider capable of altering the supported function have been identified; |
|---|
Table 85 in anx_I
| 4. | Termination for cause: The contractual arrangement has been terminated due to weaknesses of the ICT third-party service provider regarding the management and security of sensitive data or information of any of the counterparties; |
|---|
Table 86 in anx_I
| 5. | Termination following a request by a competent authority: The contractual arrangement has been terminated following a request by a competent Authority. |
|---|
Table 87 in anx_I
| 6. | Other: The contractual arrangement has been terminated by any of the parties for any other reason than the reasons referred to in points 1 to 5. |
|---|
Table 88 in anx_I
| 1. | Yes; |
|---|
Table 89 in anx_I
| 2. | No. |
|---|
Table 90 in anx_I
| 1. | Low |
|---|
Table 91 in anx_I
| 2. | Medium; |
|---|
Table 92 in anx_I
| 3. | High. |
|---|
Table 93 in anx_I
| 1. | Not significant; |
|---|
Table 94 in anx_I
| 2. | Low reliance: in case of disruption of the services, the supported functions would not be significantly impacted (no interruption, no important damage) or disruption can be resolved quickly and with minimal impact on the functions supported; |
|---|
Table 95 in anx_I
| 3. | Material reliance: in case of disruption of the services, the supported functions would be significantly impacted if the disruption lasts more than a few minutes/few hours, and the disruption may cause damages, but is still manageable; |
|---|
Table 96 in anx_I
| 4. | Full reliance: in case of disruption of the services, the supported functions would be immediately and severely interrupted/damaged, for a long period. |
|---|
Table 97 in anx_I
| Column Code | Column Name | Type | Fill-in Instruction | Fill-in Option |
|---|---|---|---|---|
| B_02.03.0010 | Contractual arrangement reference number | Alphanumerical | Reference number of the contractual arrangement between the entity making use of the ICT service(s) provided and the ICT intra-group service provider.The contractual arrangement reference number shall be unique and consistent over time and across all the group. | Mandatory |
| B_02.03.0020 | Contractual arrangement linked to the contractual arrangement referred in B_02.03.0010 | Alphanumerical | Contractual arrangement reference number of the contractual arrangement between the ICT intra-group service provider of the contractual arrangement in B_02.03.0010 and its direct ICT third-party service provider. | Mandatory |
Table 98 in anx_I
| Column Code | Column Name | Type | Fill-in Instruction | Fill-in Option |
|---|---|---|---|---|
| B_03.01.0010 | Contractual arrangement reference number | Alphanumerical | As reported in B_02.02.0010Identify the contractual arrangement reference number signed by the undertaking | Mandatory |
| B_03.01.0020 | LEI of the entity signing the contractual arrangement | Alphanumerical | Identify the undertaking signing the contractual arrangement using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standard or the EUID. | Mandatory |
Table 99 in anx_I
| Column Code | Column Name | Type | Fill-in Instruction | Fill-in Option |
|---|---|---|---|---|
| B_03.02.0010 | Contractual arrangement reference number | Alphanumerical | As reported in B_02.02.0010Identify the contractual arrangement reference number signed by the ICT third-party service provider | Mandatory |
| B_03.02.0020 | Identification code of ICT third-party service provider | Alphanumerical | As reported in B_05.01.0010Code to identify the ICT third-party service provider as reported in B_05.01.0020 for that provider. | Mandatory |
| B_03.02.0030 | Type of code to identify the ICT third-party service provider | Pattern | As reported in B_05.01.0020Type of code to identify the ICT third-party service provider in B_03.02.0020 as reported in B_05.01.0020 for that provider. | Mandatory |
Table 100 in anx_I
| Column Code | Column Name | Type | Fill-in Instruction | Fill-in Option |
|---|---|---|---|---|
| B_03.03.0010 | Contractual arrangement reference number | Alphanumerical | As reported in B_02.02.0010Identify the reference number of the contractual arrangement signed by the entity for providing ICT service(s) | Mandatory |
| B_03.03.0020 | LEI of the financial entity providing ICT services | Alphanumerical | As reported in B_01.02.0010Identify the entity providing ICT services using LEI, 20-character, alpha-numeric code based on the ISO 17442 standard. | Mandatory |
Table 101 in anx_I
| Column Code | Column Name | Type | Fill-in Instruction | Fill-in Option |
|---|---|---|---|---|
| B_04.01.0010 | Contractual arrangement reference number | Alphanumerical | As reported in B_02.01.0010Identify the reference number of the contractual arrangement in relation to the financial entity making use of the ICT services provided | Mandatory |
| B_04.01.0020 | LEI of the financial entity making use of the ICT service(s) | Alphanumerical | Identify the financial entity making use of the ICT service(s) using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standard | Mandatory |
| B_04.01.0030 | Nature of the financial entity making use of the ICT service(s) | Closed set of options | One of the options in the following closed list shall be used:1.The financial entity making use of the ICT service(s) is a branch of a financial entity2.The financial entity making use of the ICT service(s) is not a branch | 1. |
| 1. | The financial entity making use of the ICT service(s) is a branch of a financial entity | |||
| 2. | The financial entity making use of the ICT service(s) is not a branch | |||
| B_04.01.0040 | Identification code of the branch | Alphanumerical | Identification code of the branch as reported in B_01.03.0010 | Mandatory if the financial entity making use of the ICT service(s) is a branch of a financial entity (B_04.01.0030) |
Table 102 in anx_I
| 1. | The financial entity making use of the ICT service(s) is a branch of a financial entity |
|---|
Table 103 in anx_I
| 2. | The financial entity making use of the ICT service(s) is not a branch |
|---|
Table 104 in anx_I
| (a) | all the direct ICT third-party service providers; |
|---|
Table 105 in anx_I
| (b) | all ICT intra-group service provider; |
|---|
Table 106 in anx_I
| (c) | all subcontractors that are identified in template B_05.02 on the ICT service supply chain; |
|---|
Table 107 in anx_I
| (d) | all ultimate parent undertakings of the ICT third-party service providers referred to in points (a), (b) and (c) above.Column CodeColumn NameTypeFill-in InstructionFill-in OptionB_05.01.0010Identification code of ICT third-party service providerAlphanumericalCode to identify the ICT third-party service provider.Where LEI is used, it shall be provided as a 20-character, alpha-numeric code based on the ISO 17442 standard.Where EUID is used, it shall be provided as specified in Article 9 of the Commission Implementing Regulation (EU) 2021/1042.MandatoryB_05.01.0020Type of code to identify the ICT third-party service providerPatternType of code to identify the ICT third-party service provider reported in B_05.01.00101.‘LEI’ for LEI2.‘EUID’ for EUID3.‘Country Code’+Underscore+’Type of Code’ for non LEI and non EUID codeCountry Code: Identify the ISO 3166–1 alpha–2 code of the country of issuance of the other code to identify the ICT third-party service providerType of Code:1.CRN for Corporate registration number2.VAT for VAT number3.PNR for Passport Number4.NIN for National Identity NumberOnly LEI or EUID shall be used for legal persons, as identified in B_05.01.0070, whereas alternative code may be used only for an individual acting in a business capacity.Only LEI shall be used for legal persons that are not established in the Union.MandatoryB_05.01.0030Additional identification code of ICT third-party service providerAlphanumericalAdditional code to identify the ICT third-party service provider, where available.OptionalB_05.01.0040Type of additional identification code to identify the ICT third-party service providerPatternThe type of additional code to identify the ICT third-party service provider reported in B_05.01.0030:1.‘LEI’ for LEI2.‘EUID’ for EUID3.CRN for Corporate registration number4.VAT for VAT number5.PNR for Passport Number6.NIN for National Identity NumberLEI or EUID shall be used for legal persons, as identified in B_05.01.0070, whereas alternative code may be used only for an individual acting in a business capacity.Only LEI shall be used for legal persons that are not established in the Union.Mandatory, if B_05.01.0030 is reportedB_05.01.0050Legal name of the ICT third-party service providerAlphanumericalLegal name of the ICT third-party service provider as registered in business register in Latin, Cyrillic or Greek alphabets.MandatoryB_05.01.0060Name of the ICT third-party service provider in Latin alphabetAlphanumericalName of the ICT third-party service provider in Latin alphabet.Where the name of the ICT third-party service provider reported in B_05.01.0050 is in Latin alphabet, it shall be repeated also in this data field.MandatoryB_05.01.0070Type of person of the ICT third-party service providerClosed set of optionsOne of the options in the following closed list shall be used:1.Legal person, excluding individuals acting in business capacity2.Individual acting in a business capacityMandatoryB_05.01.0080Country of the ICT third-party service provider’s headquartersCountryIdentify the ISO 3166–1 alpha–2 code of the country in which the global operating headquarters of ICT third-party service provider are located (usually, this country is the country of tax residence).MandatoryB_05.01.0090Currency of the amount reported in B_05.01.0070CurrencyIdentify the ISO 4217 alphabetic code of the currency used to express the amount in B_05.01.0100.The currency reported shall be the same currency used by the financial entity for the preparation of the financial statements at entity, sub-consolidated or consolidated level, as applicable.Mandatory if B_05.01.0100 is reportedB_05.01.0100Total annual expense or estimated cost of the ICT third-party service providerMonetaryAnnual expense or estimated cost for using the ICT services provided by the ICT third-party service provider to the entities making use of the ICT services. Monetary value shall be reported in units.Mandatory if the ICT third-party service provider is a direct ICT third-party service providerB_05.01.0110Identification code of the ICT third-party service provider’s ultimate parent undertakingAlphanumericalCode to identify the ICT third-party service provider’s ultimate parent undertaking.The code used to identify ultimate parent undertaking in this field shall match the identification code provided in B_05.01.0010 for that ultimate parent undertaking.Where the ICT third-party service provider is not part of a group, the identification code used to identify that ICT third-party service provider in B_05.01.0010 shall be repeated also in this data field.Mandatory if the ICT third-party service provider is not the ultimate parent undertakingB_05.01.0120Type of code to identify the ICT third-party service provider’s ultimate parent undertakingPatternType of code to identify the ICT third-party service provider’s ultimate parent undertaking in B_05.01.0110.The type of the code used to identify ultimate parent undertaking in this field shall match the identification code provided in B_05.01.0020 for that ultimate parent undertaking.Where the ICT third-party service provider is not part of a group, the type of the identification code used to identify that ICT third-party service provider in B_05.01.0020 shall be repeated also in this data field.Mandatory if the ICT third-party service provider is not the ultimate parent undertaking | Column Code | Column Name | Type | Fill-in Instruction | Fill-in Option | B_05.01.0010 | Identification code of ICT third-party service provider | Alphanumerical | Code to identify the ICT third-party service provider.Where LEI is used, it shall be provided as a 20-character, alpha-numeric code based on the ISO 17442 standard.Where EUID is used, it shall be provided as specified in Article 9 of the Commission Implementing Regulation (EU) 2021/1042. | Mandatory | B_05.01.0020 | Type of code to identify the ICT third-party service provider | Pattern | Type of code to identify the ICT third-party service provider reported in B_05.01.00101.‘LEI’ for LEI2.‘EUID’ for EUID3.‘Country Code’+Underscore+’Type of Code’ for non LEI and non EUID codeCountry Code: Identify the ISO 3166–1 alpha–2 code of the country of issuance of the other code to identify the ICT third-party service providerType of Code:1.CRN for Corporate registration number2.VAT for VAT number3.PNR for Passport Number4.NIN for National Identity NumberOnly LEI or EUID shall be used for legal persons, as identified in B_05.01.0070, whereas alternative code may be used only for an individual acting in a business capacity.Only LEI shall be used for legal persons that are not established in the Union. | 1. | ‘LEI’ for LEI | 2. | ‘EUID’ for EUID | 3. | ‘Country Code’+Underscore+’Type of Code’ for non LEI and non EUID code | 1. | CRN for Corporate registration number | 2. | VAT for VAT number | 3. | PNR for Passport Number | 4. | NIN for National Identity Number | Mandatory | B_05.01.0030 | Additional identification code of ICT third-party service provider | Alphanumerical | Additional code to identify the ICT third-party service provider, where available. | Optional | B_05.01.0040 | Type of additional identification code to identify the ICT third-party service provider | Pattern | The type of additional code to identify the ICT third-party service provider reported in B_05.01.0030:1.‘LEI’ for LEI2.‘EUID’ for EUID3.CRN for Corporate registration number4.VAT for VAT number5.PNR for Passport Number6.NIN for National Identity NumberLEI or EUID shall be used for legal persons, as identified in B_05.01.0070, whereas alternative code may be used only for an individual acting in a business capacity.Only LEI shall be used for legal persons that are not established in the Union. | 1. | ‘LEI’ for LEI | 2. | ‘EUID’ for EUID | 3. | CRN for Corporate registration number | 4. | VAT for VAT number | 5. | PNR for Passport Number | 6. | NIN for National Identity Number | Mandatory, if B_05.01.0030 is reported | B_05.01.0050 | Legal name of the ICT third-party service provider | Alphanumerical | Legal name of the ICT third-party service provider as registered in business register in Latin, Cyrillic or Greek alphabets. | Mandatory | B_05.01.0060 | Name of the ICT third-party service provider in Latin alphabet | Alphanumerical | Name of the ICT third-party service provider in Latin alphabet.Where the name of the ICT third-party service provider reported in B_05.01.0050 is in Latin alphabet, it shall be repeated also in this data field. | Mandatory | B_05.01.0070 | Type of person of the ICT third-party service provider | Closed set of options | One of the options in the following closed list shall be used:1.Legal person, excluding individuals acting in business capacity2.Individual acting in a business capacity | 1. | Legal person, excluding individuals acting in business capacity | 2. | Individual acting in a business capacity | Mandatory | B_05.01.0080 | Country of the ICT third-party service provider’s headquarters | Country | Identify the ISO 3166–1 alpha–2 code of the country in which the global operating headquarters of ICT third-party service provider are located (usually, this country is the country of tax residence). | Mandatory | B_05.01.0090 | Currency of the amount reported in B_05.01.0070 | Currency | Identify the ISO 4217 alphabetic code of the currency used to express the amount in B_05.01.0100.The currency reported shall be the same currency used by the financial entity for the preparation of the financial statements at entity, sub-consolidated or consolidated level, as applicable. | Mandatory if B_05.01.0100 is reported | B_05.01.0100 | Total annual expense or estimated cost of the ICT third-party service provider | Monetary | Annual expense or estimated cost for using the ICT services provided by the ICT third-party service provider to the entities making use of the ICT services. Monetary value shall be reported in units. | Mandatory if the ICT third-party service provider is a direct ICT third-party service provider | B_05.01.0110 | Identification code of the ICT third-party service provider’s ultimate parent undertaking | Alphanumerical | Code to identify the ICT third-party service provider’s ultimate parent undertaking.The code used to identify ultimate parent undertaking in this field shall match the identification code provided in B_05.01.0010 for that ultimate parent undertaking.Where the ICT third-party service provider is not part of a group, the identification code used to identify that ICT third-party service provider in B_05.01.0010 shall be repeated also in this data field. | Mandatory if the ICT third-party service provider is not the ultimate parent undertaking | B_05.01.0120 | Type of code to identify the ICT third-party service provider’s ultimate parent undertaking | Pattern | Type of code to identify the ICT third-party service provider’s ultimate parent undertaking in B_05.01.0110.The type of the code used to identify ultimate parent undertaking in this field shall match the identification code provided in B_05.01.0020 for that ultimate parent undertaking.Where the ICT third-party service provider is not part of a group, the type of the identification code used to identify that ICT third-party service provider in B_05.01.0020 shall be repeated also in this data field. | Mandatory if the ICT third-party service provider is not the ultimate parent undertaking |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Column Code | Column Name | Type | Fill-in Instruction | Fill-in Option | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| B_05.01.0010 | Identification code of ICT third-party service provider | Alphanumerical | Code to identify the ICT third-party service provider.Where LEI is used, it shall be provided as a 20-character, alpha-numeric code based on the ISO 17442 standard.Where EUID is used, it shall be provided as specified in Article 9 of the Commission Implementing Regulation (EU) 2021/1042. | Mandatory | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| B_05.01.0020 | Type of code to identify the ICT third-party service provider | Pattern | Type of code to identify the ICT third-party service provider reported in B_05.01.00101.‘LEI’ for LEI2.‘EUID’ for EUID3.‘Country Code’+Underscore+’Type of Code’ for non LEI and non EUID codeCountry Code: Identify the ISO 3166–1 alpha–2 code of the country of issuance of the other code to identify the ICT third-party service providerType of Code:1.CRN for Corporate registration number2.VAT for VAT number3.PNR for Passport Number4.NIN for National Identity NumberOnly LEI or EUID shall be used for legal persons, as identified in B_05.01.0070, whereas alternative code may be used only for an individual acting in a business capacity.Only LEI shall be used for legal persons that are not established in the Union. | 1. | ‘LEI’ for LEI | 2. | ‘EUID’ for EUID | 3. | ‘Country Code’+Underscore+’Type of Code’ for non LEI and non EUID code | 1. | CRN for Corporate registration number | 2. | VAT for VAT number | 3. | PNR for Passport Number | 4. | NIN for National Identity Number | Mandatory | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 1. | ‘LEI’ for LEI | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 2. | ‘EUID’ for EUID | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 3. | ‘Country Code’+Underscore+’Type of Code’ for non LEI and non EUID code | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 1. | CRN for Corporate registration number | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 2. | VAT for VAT number | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 3. | PNR for Passport Number | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 4. | NIN for National Identity Number | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| B_05.01.0030 | Additional identification code of ICT third-party service provider | Alphanumerical | Additional code to identify the ICT third-party service provider, where available. | Optional | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| B_05.01.0040 | Type of additional identification code to identify the ICT third-party service provider | Pattern | The type of additional code to identify the ICT third-party service provider reported in B_05.01.0030:1.‘LEI’ for LEI2.‘EUID’ for EUID3.CRN for Corporate registration number4.VAT for VAT number5.PNR for Passport Number6.NIN for National Identity NumberLEI or EUID shall be used for legal persons, as identified in B_05.01.0070, whereas alternative code may be used only for an individual acting in a business capacity.Only LEI shall be used for legal persons that are not established in the Union. | 1. | ‘LEI’ for LEI | 2. | ‘EUID’ for EUID | 3. | CRN for Corporate registration number | 4. | VAT for VAT number | 5. | PNR for Passport Number | 6. | NIN for National Identity Number | Mandatory, if B_05.01.0030 is reported | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 1. | ‘LEI’ for LEI | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 2. | ‘EUID’ for EUID | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 3. | CRN for Corporate registration number | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 4. | VAT for VAT number | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 5. | PNR for Passport Number | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 6. | NIN for National Identity Number | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| B_05.01.0050 | Legal name of the ICT third-party service provider | Alphanumerical | Legal name of the ICT third-party service provider as registered in business register in Latin, Cyrillic or Greek alphabets. | Mandatory | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| B_05.01.0060 | Name of the ICT third-party service provider in Latin alphabet | Alphanumerical | Name of the ICT third-party service provider in Latin alphabet.Where the name of the ICT third-party service provider reported in B_05.01.0050 is in Latin alphabet, it shall be repeated also in this data field. | Mandatory | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| B_05.01.0070 | Type of person of the ICT third-party service provider | Closed set of options | One of the options in the following closed list shall be used:1.Legal person, excluding individuals acting in business capacity2.Individual acting in a business capacity | 1. | Legal person, excluding individuals acting in business capacity | 2. | Individual acting in a business capacity | Mandatory | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 1. | Legal person, excluding individuals acting in business capacity | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 2. | Individual acting in a business capacity | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| B_05.01.0080 | Country of the ICT third-party service provider’s headquarters | Country | Identify the ISO 3166–1 alpha–2 code of the country in which the global operating headquarters of ICT third-party service provider are located (usually, this country is the country of tax residence). | Mandatory | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| B_05.01.0090 | Currency of the amount reported in B_05.01.0070 | Currency | Identify the ISO 4217 alphabetic code of the currency used to express the amount in B_05.01.0100.The currency reported shall be the same currency used by the financial entity for the preparation of the financial statements at entity, sub-consolidated or consolidated level, as applicable. | Mandatory if B_05.01.0100 is reported | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| B_05.01.0100 | Total annual expense or estimated cost of the ICT third-party service provider | Monetary | Annual expense or estimated cost for using the ICT services provided by the ICT third-party service provider to the entities making use of the ICT services. Monetary value shall be reported in units. | Mandatory if the ICT third-party service provider is a direct ICT third-party service provider | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| B_05.01.0110 | Identification code of the ICT third-party service provider’s ultimate parent undertaking | Alphanumerical | Code to identify the ICT third-party service provider’s ultimate parent undertaking.The code used to identify ultimate parent undertaking in this field shall match the identification code provided in B_05.01.0010 for that ultimate parent undertaking.Where the ICT third-party service provider is not part of a group, the identification code used to identify that ICT third-party service provider in B_05.01.0010 shall be repeated also in this data field. | Mandatory if the ICT third-party service provider is not the ultimate parent undertaking | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| B_05.01.0120 | Type of code to identify the ICT third-party service provider’s ultimate parent undertaking | Pattern | Type of code to identify the ICT third-party service provider’s ultimate parent undertaking in B_05.01.0110.The type of the code used to identify ultimate parent undertaking in this field shall match the identification code provided in B_05.01.0020 for that ultimate parent undertaking.Where the ICT third-party service provider is not part of a group, the type of the identification code used to identify that ICT third-party service provider in B_05.01.0020 shall be repeated also in this data field. | Mandatory if the ICT third-party service provider is not the ultimate parent undertaking |
Table 108 in anx_I
| Column Code | Column Name | Type | Fill-in Instruction | Fill-in Option |
|---|---|---|---|---|
| B_05.01.0010 | Identification code of ICT third-party service provider | Alphanumerical | Code to identify the ICT third-party service provider.Where LEI is used, it shall be provided as a 20-character, alpha-numeric code based on the ISO 17442 standard.Where EUID is used, it shall be provided as specified in Article 9 of the Commission Implementing Regulation (EU) 2021/1042. | Mandatory |
| B_05.01.0020 | Type of code to identify the ICT third-party service provider | Pattern | Type of code to identify the ICT third-party service provider reported in B_05.01.00101.‘LEI’ for LEI2.‘EUID’ for EUID3.‘Country Code’+Underscore+’Type of Code’ for non LEI and non EUID codeCountry Code: Identify the ISO 3166–1 alpha–2 code of the country of issuance of the other code to identify the ICT third-party service providerType of Code:1.CRN for Corporate registration number2.VAT for VAT number3.PNR for Passport Number4.NIN for National Identity NumberOnly LEI or EUID shall be used for legal persons, as identified in B_05.01.0070, whereas alternative code may be used only for an individual acting in a business capacity.Only LEI shall be used for legal persons that are not established in the Union. | 1. |
| 1. | ‘LEI’ for LEI | |||
| 2. | ‘EUID’ for EUID | |||
| 3. | ‘Country Code’+Underscore+’Type of Code’ for non LEI and non EUID code | |||
| 1. | CRN for Corporate registration number | |||
| 2. | VAT for VAT number | |||
| 3. | PNR for Passport Number | |||
| 4. | NIN for National Identity Number | |||
| B_05.01.0030 | Additional identification code of ICT third-party service provider | Alphanumerical | Additional code to identify the ICT third-party service provider, where available. | Optional |
| B_05.01.0040 | Type of additional identification code to identify the ICT third-party service provider | Pattern | The type of additional code to identify the ICT third-party service provider reported in B_05.01.0030:1.‘LEI’ for LEI2.‘EUID’ for EUID3.CRN for Corporate registration number4.VAT for VAT number5.PNR for Passport Number6.NIN for National Identity NumberLEI or EUID shall be used for legal persons, as identified in B_05.01.0070, whereas alternative code may be used only for an individual acting in a business capacity.Only LEI shall be used for legal persons that are not established in the Union. | 1. |
| 1. | ‘LEI’ for LEI | |||
| 2. | ‘EUID’ for EUID | |||
| 3. | CRN for Corporate registration number | |||
| 4. | VAT for VAT number | |||
| 5. | PNR for Passport Number | |||
| 6. | NIN for National Identity Number | |||
| B_05.01.0050 | Legal name of the ICT third-party service provider | Alphanumerical | Legal name of the ICT third-party service provider as registered in business register in Latin, Cyrillic or Greek alphabets. | Mandatory |
| B_05.01.0060 | Name of the ICT third-party service provider in Latin alphabet | Alphanumerical | Name of the ICT third-party service provider in Latin alphabet.Where the name of the ICT third-party service provider reported in B_05.01.0050 is in Latin alphabet, it shall be repeated also in this data field. | Mandatory |
| B_05.01.0070 | Type of person of the ICT third-party service provider | Closed set of options | One of the options in the following closed list shall be used:1.Legal person, excluding individuals acting in business capacity2.Individual acting in a business capacity | 1. |
| 1. | Legal person, excluding individuals acting in business capacity | |||
| 2. | Individual acting in a business capacity | |||
| B_05.01.0080 | Country of the ICT third-party service provider’s headquarters | Country | Identify the ISO 3166–1 alpha–2 code of the country in which the global operating headquarters of ICT third-party service provider are located (usually, this country is the country of tax residence). | Mandatory |
| B_05.01.0090 | Currency of the amount reported in B_05.01.0070 | Currency | Identify the ISO 4217 alphabetic code of the currency used to express the amount in B_05.01.0100.The currency reported shall be the same currency used by the financial entity for the preparation of the financial statements at entity, sub-consolidated or consolidated level, as applicable. | Mandatory if B_05.01.0100 is reported |
| B_05.01.0100 | Total annual expense or estimated cost of the ICT third-party service provider | Monetary | Annual expense or estimated cost for using the ICT services provided by the ICT third-party service provider to the entities making use of the ICT services. Monetary value shall be reported in units. | Mandatory if the ICT third-party service provider is a direct ICT third-party service provider |
| B_05.01.0110 | Identification code of the ICT third-party service provider’s ultimate parent undertaking | Alphanumerical | Code to identify the ICT third-party service provider’s ultimate parent undertaking.The code used to identify ultimate parent undertaking in this field shall match the identification code provided in B_05.01.0010 for that ultimate parent undertaking.Where the ICT third-party service provider is not part of a group, the identification code used to identify that ICT third-party service provider in B_05.01.0010 shall be repeated also in this data field. | Mandatory if the ICT third-party service provider is not the ultimate parent undertaking |
| B_05.01.0120 | Type of code to identify the ICT third-party service provider’s ultimate parent undertaking | Pattern | Type of code to identify the ICT third-party service provider’s ultimate parent undertaking in B_05.01.0110.The type of the code used to identify ultimate parent undertaking in this field shall match the identification code provided in B_05.01.0020 for that ultimate parent undertaking.Where the ICT third-party service provider is not part of a group, the type of the identification code used to identify that ICT third-party service provider in B_05.01.0020 shall be repeated also in this data field. | Mandatory if the ICT third-party service provider is not the ultimate parent undertaking |
Table 109 in anx_I
| 1. | ‘LEI’ for LEI |
|---|
Table 110 in anx_I
| 2. | ‘EUID’ for EUID |
|---|
Table 111 in anx_I
| 3. | ‘Country Code’+Underscore+’Type of Code’ for non LEI and non EUID code |
|---|
Table 112 in anx_I
| 1. | CRN for Corporate registration number |
|---|
Table 113 in anx_I
| 2. | VAT for VAT number |
|---|
Table 114 in anx_I
| 3. | PNR for Passport Number |
|---|
Table 115 in anx_I
| 4. | NIN for National Identity Number |
|---|
Table 116 in anx_I
| 1. | ‘LEI’ for LEI |
|---|
Table 117 in anx_I
| 2. | ‘EUID’ for EUID |
|---|
Table 118 in anx_I
| 3. | CRN for Corporate registration number |
|---|
Table 119 in anx_I
| 4. | VAT for VAT number |
|---|
Table 120 in anx_I
| 5. | PNR for Passport Number |
|---|
Table 121 in anx_I
| 6. | NIN for National Identity Number |
|---|
Table 122 in anx_I
| 1. | Legal person, excluding individuals acting in business capacity |
|---|
Table 123 in anx_I
| 2. | Individual acting in a business capacity |
|---|
Table 124 in anx_I
| (a) | all direct ICT third-party service providers; |
|---|
Table 125 in anx_I
| (b) | all ICT intragroup service providers; |
|---|
Table 126 in anx_I
| (c) | for the ICT services supporting a critical or important function or material part thereof, all subcontractors that effectively underpin the provision of those ICT services (i.e. all the subcontractors providing ICT services whose disruption would impair the security or the continuity of the service provision); |
|---|
Table 127 in anx_I
| (d) | where an ICT intragroup service provider uses subcontractors to provide their ICT services to the financial entity, at least the first extra-group subcontractor even if the ICT services provided do not support a critical or important function or material parts thereof. |
|---|
Table 128 in anx_I
| (a) | the same ‘contractual arrangement reference number’ as referred to in template B_02.01; |
|---|
Table 129 in anx_I
| (b) | the same ‘type of ICT services’ as referred to in Annex III; |
|---|
Table 130 in anx_I
| Column Code | Column Name | Type | Fill-in Instruction | Fill-in Option |
|---|---|---|---|---|
| B_05.02.0010 | Contractual arrangement reference number | Alphanumerical | As reported in B_02.01.0010 | Mandatory |
| B_05.02.0020 | Type of ICT services | Closed set of options | One of the types of ICT services referred to in Annex III | Mandatory |
| B_05.02.0030 | Identification code of the ICT third-party service provider | Alphanumerical | As reported in B_05.01.0010 for that ICT third-party service provider.Examples:—The identification code of the direct ICT third-party service provider providing ICT service to the financial entity making use of it;—The identification code of the subcontractor at rank 2 providing service to the direct ICT third-party service provider. | — |
| — | The identification code of the direct ICT third-party service provider providing ICT service to the financial entity making use of it; | |||
| — | The identification code of the subcontractor at rank 2 providing service to the direct ICT third-party service provider. | |||
| B_05.02.0040 | Type of code to identify the ICT third-party service provider | Pattern | As reported in B_05.01.0020 for that ICT third-party service provider. | Mandatory |
| B_05.02.0050 | Rank | Natural number | Where the ICT third-party service provider is signing the contractual arrangement with the financial entity, it is considered as a direct ICT third-party service provider and the ‘rank’ to be reported shall be 1;Where the ICT third-party service provider is signing the contract with the direct ICT third-party service provider, it is considered as a subcontractor and the ‘rank’ to be reported shall be 2;The same logic apply to all the following subcontractors by incrementing the ‘rank’.Where multiple ICT third-party service providers have the same ‘rank’ in the ICT service supply chain, financial entities shall report the same ‘rank’ for all those ICT third-party service providers. | Mandatory |
| B_05.02.0060 | Identification code of the recipient of sub-contracted ICT services | Alphanumerical | To be left blank if the ICT third-party service provider (template B_05.02.0030) is a direct ICT third-party service provider i.e. at ‘rank’ r = 1 (template B_05.02.0050);Where the ICT third-party service provider is at ‘rank’ r = n where n>1, indicate the ‘Identification code of the recipient of the sub-contracted services’ at ‘rank’ r=n-1 that subcontracted the ICT service (even partially) to the ICT third-party service provider at ‘rank’ r=n.Examples:—The identification code of the direct ICT third-party service provider receiving the service from the subcontractor at rank 2;—The identification code of the subcontractor at rank 2 receiving the service from the subcontractor at rank 3.The code used to identify the recipient of sub-contracted ICT services shall match the identification code provided in B_05.01.0010 for that provider. | — |
| — | The identification code of the direct ICT third-party service provider receiving the service from the subcontractor at rank 2; | |||
| — | The identification code of the subcontractor at rank 2 receiving the service from the subcontractor at rank 3. | |||
| B_05.02.0070 | Type of code to identify the recipient of sub-contracted ICT services | Pattern | To be left blank where the ICT third-party service provider template B_05.02.0030) is at rank r = 1 (template B_05.02.0050);Where the ICT third-party service provider is at ‘rank’ r = n where n>1, indicate the ‘Type of code to identify the recipient of the sub-contracted service’ at ‘rank’ r=n-1 that subcontracted the ICT service (even partially) to the ICT third-party service provider at ‘rank’ r=n.1.‘LEI’ for LEI2.‘EUID’ for EUID3.CRN for Corporate registration number4.VAT for VAT number5.PNR for Passport Number6.NIN for National Identity NumberThe type of code used to identify the recipient of sub-contracted ICT services shall match the identification code provided in B_05.01.0020 for that provider. | 1. |
| 1. | ‘LEI’ for LEI | |||
| 2. | ‘EUID’ for EUID | |||
| 3. | CRN for Corporate registration number | |||
| 4. | VAT for VAT number | |||
| 5. | PNR for Passport Number | |||
| 6. | NIN for National Identity Number |
Table 131 in anx_I
| — | The identification code of the direct ICT third-party service provider providing ICT service to the financial entity making use of it; |
|---|
Table 132 in anx_I
| — | The identification code of the subcontractor at rank 2 providing service to the direct ICT third-party service provider. |
|---|
Table 133 in anx_I
| — | The identification code of the direct ICT third-party service provider receiving the service from the subcontractor at rank 2; |
|---|
Table 134 in anx_I
| — | The identification code of the subcontractor at rank 2 receiving the service from the subcontractor at rank 3. |
|---|
Table 135 in anx_I
| 1. | ‘LEI’ for LEI |
|---|
Table 136 in anx_I
| 2. | ‘EUID’ for EUID |
|---|
Table 137 in anx_I
| 3. | CRN for Corporate registration number |
|---|
Table 138 in anx_I
| 4. | VAT for VAT number |
|---|
Table 139 in anx_I
| 5. | PNR for Passport Number |
|---|
Table 140 in anx_I
| 6. | NIN for National Identity Number |
|---|
Table 141 in anx_I
| (a) | ‘LEI of the financial entity making use of the ICT service(s)’ column B_06.01.0040; |
|---|
Table 142 in anx_I
| (b) | ‘Licenced activity’ column B_06.01.0020; |
|---|
Table 143 in anx_I
| (c) | ‘Function name’ column B_06.01.0030. |
|---|
Table 144 in anx_I
| Column Code | Column Name | Type | Instruction | Fill-in Option |
|---|---|---|---|---|
| B_06.01.0010 | Function Identifier | Pattern | The function identifier shall be composed by the letter F (capital letter) followed by a natural number (e.g. “F1” for the 1stfunction identifier and “Fn” for the nthfunction identifier with “n” being a natural number).Each combination between ‘LEI of the financial entity making use of the ICT service(s)’ (B_06.01.0040), ‘Function name’ (B_06.01.0030) and ‘Licenced activity’ (B_06.01.0020) shall have a unique function identifier.Example:a financial entity which operates under two licensed activities (‘activity A’ and ‘activity B’) will be given two unique ‘function identifiers’ for the same function X (e.g. Sales) performed for activity A and activity B. | Mandatory |
| B_06.01.0020 | Licenced activity | Closed set of options | One of the licenced activities referred to in the underlying legal acts listed in Annex II for the different types of financial entities.Where the function is not linked to a registered or licenced activity, ‘support functions’ shall be reported. | Mandatory |
| B_06.01.0030 | Function name | Alphanumerical | Function name according to the financial entity’s internal organisation. | Mandatory |
| B_06.01.0040 | LEI of the financial entity | Alphanumerical | As reported in B_04.01.0020Identify the financial entity using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standard | Mandatory |
| B_06.01.0060 | Criticality or importance assessment | Closed set of options | Use this column to indicate whether the function is critical or important according to the financial entity’s assessment. One of the options in the following closed list shall be used:1.Yes;2.No;3.Assessment not performed. | 1. |
| 1. | Yes; | |||
| 2. | No; | |||
| 3. | Assessment not performed. | |||
| B_06.01.0070 | Reasons for criticality or importance | Alphanumerical | Brief explanation on the reasons for classifying the function as critical or important (300 characters maximum) | Optional |
| B_06.01.0080 | Date of the last assessment of criticality or importance | Date | Identify the date using ISO 8601 (yyyy–mm–dd) code of the date of the last assessment of criticality or importance in case the function is supported by ICT services provided by ICT third-party service providers.Where the assessment of the function’s criticality or importance is not performed, it shall be filled in with ‘9999-12-31’ | Mandatory |
| B_06.01.0090 | Recovery time objective of the function | Natural number | In number of hours. Where the recovery time objective is less than 1 hour, ‘1’ shall be reported. Where the recovery time objective of the function is not defined, ‘0’ shall be reported. | Mandatory |
| B_06.01.0100 | Recovery point objective of the function | Natural number | In number of hours. Where the recovery point objective is less than 1 hour, ‘1’ shall be reported. Where the recovery point objective of the function is not defined, ‘0’ shall be reported. | Mandatory |
| B_06.01.0110 | Impact of discontinuing the function | Closed set of options | Use this column to indicate the impact of discontinuing the function according to the financial entity’s assessment. One of the options in the following closed list shall be used:1.Low2.Medium;3.High;4.Assessment not performed. | 1. |
| 1. | Low | |||
| 2. | Medium; | |||
| 3. | High; | |||
| 4. | Assessment not performed. |
Table 145 in anx_I
| 1. | Yes; |
|---|
Table 146 in anx_I
| 2. | No; |
|---|
Table 147 in anx_I
| 3. | Assessment not performed. |
|---|
Table 148 in anx_I
| 1. | Low |
|---|
Table 149 in anx_I
| 2. | Medium; |
|---|
Table 150 in anx_I
| 3. | High; |
|---|
Table 151 in anx_I
| 4. | Assessment not performed. |
|---|
Table 152 in anx_I
| Column Code | Column Name | Type | Fill-in Instruction | Fill-in Option |
|---|---|---|---|---|
| B_07.01.0010 | Contractual arrangement reference number | Alphanumerical | As reported in B_02.01.0010 | Mandatory |
| B_07.01.0020 | Identification code of the ICT third-party service provider | Alphanumerical | As reported in B_05.01.0010 | Mandatory |
| B_07.01.0030 | Type of code to identify the ICT third-party service provider | Pattern | As reported in B_05.01.0020 | Mandatory |
| B_07.01.0040 | Type of ICT services | Closed set of options | One of the types of ICT services referred to in Annex III | Mandatory |
| B_07.01.0050 | Substitutability of the ICT third-party service provider | Closed set of options | Use this column to provide the results of the financial entity’s assessment in relation to the degree of substitutability of the ICT third-party service provider to perform the specific ICT services supporting a critical or important function.One of the options in the following closed list shall be used:1.Not substitutable;2.Highly complex substitutability;3.Medium complexity in terms of substitutability;4.Easily substitutable. | 1. |
| 1. | Not substitutable; | |||
| 2. | Highly complex substitutability; | |||
| 3. | Medium complexity in terms of substitutability; | |||
| 4. | Easily substitutable. | |||
| B_07.01.0060 | Reason where the ICT third-party service provider is considered not substitutable or difficult to be substitutable | Closed set of options | One of the options in the following closed list shall be used:1.The lack of real alternatives, even partial, due to the limited number of ICT third-party service providers active on a specific market, or the market share of the relevant ICT third-party service provider, or the technical complexity or sophistication involved, including in relation to any proprietary technology, or the specific features of the ICT third-party service provider’s organisation or activity;2.Difficulties in relation to a partial or full migration of the relevant data and workloads from the relevant ICT third- party service provider to another ICT third-party service provider or by reintegrating them in the financial entity’s operations, due either to significant financial costs, time or other resources that the migration process may entail, or to an increased ICT risk or other operational risks to which the financial entity might be exposed;3.Both reasons referred to in points 1 and 2. | 1. |
| 1. | The lack of real alternatives, even partial, due to the limited number of ICT third-party service providers active on a specific market, or the market share of the relevant ICT third-party service provider, or the technical complexity or sophistication involved, including in relation to any proprietary technology, or the specific features of the ICT third-party service provider’s organisation or activity; | |||
| 2. | Difficulties in relation to a partial or full migration of the relevant data and workloads from the relevant ICT third- party service provider to another ICT third-party service provider or by reintegrating them in the financial entity’s operations, due either to significant financial costs, time or other resources that the migration process may entail, or to an increased ICT risk or other operational risks to which the financial entity might be exposed; | |||
| 3. | Both reasons referred to in points 1 and 2. | |||
| B_07.01.0070 | Date of the last audit on the ICT third-party service provider | Date | Use this column to provide the date of the last audit on the specific ICT services provided by the ICT third-party service provider.This column relates to audits conducted by any of the following:(a)the internal audit department or any other additional qualified personnel of the financial entity;(b)a joint team together with other clients of the same ICT third-party service provider (‘pooled audit’);(c)a third party appointed by the supervised entity to audit the service provider.This column does not relate to the reception or reference date of third-party certifications or internal audit reports of the ICT third-party service provider, the annual monitoring date of the arrangement by the financial entity or the date of review of the risk assessment performed by the financial entity.This column shall be used to report all types of audits performed by any of the subjects referred to in points (a), (b) and (c) concerning fully or partially the ICT services provided by the ICT third-party service provider.To report the date, the ISO 8601 (yyyy–mm–dd) code shall be used.Where no audit has been performed, it shall be filled in with ‘9999-12-31’. | (a) |
| (a) | the internal audit department or any other additional qualified personnel of the financial entity; | |||
| (b) | a joint team together with other clients of the same ICT third-party service provider (‘pooled audit’); | |||
| (c) | a third party appointed by the supervised entity to audit the service provider. | |||
| B_07.01.0080 | Existence of an exit plan | [Yes/No] | Use this column to report the existence of an exit plan from the ICT third-party service provider in relation to the specific ICT service provided.One of the options in the following closed list shall be used:1.Yes;2.No. | 1. |
| 1. | Yes; | |||
| 2. | No. | |||
| B_07.01.0090 | Possibility of reintegration of the contracted ICT service | Closed set of options | One of the options in the following closed list shall be used:1.Easy;2.Difficult;3.Highly complex.Use this column where the ICT service is provided by an ICT third-party service provider that is not an ICT intra-group service provider | 1. |
| 1. | Easy; | |||
| 2. | Difficult; | |||
| 3. | Highly complex. | |||
| B_07.01.0100 | Impact of discontinuing the ICT services | Closed set of options | Use this column to provide the impact for the financial entity of discontinuing the ICT services provided by the ICT third-party service provider according to the financial entity’s assessment.One of the options in the following closed list shall be used:1.Low2.Medium;3.High;4.Assessment not performed. | 1. |
| 1. | Low | |||
| 2. | Medium; | |||
| 3. | High; | |||
| 4. | Assessment not performed. | |||
| B_07.01.0110 | Are there alternative ICT third-party service providers identified? | Closed set of options | One of the options in the following closed list shall be used:1.Yes;2.No;7.Assessment not performed.For each ICT third-party service provider supporting a critical or important function, the assessment to identify an alternative service provider shall be performed. | 1. |
| 1. | Yes; | |||
| 2. | No; | |||
| 7. | Assessment not performed. | |||
| B_07.01.0120 | Identification of alternative ICT TPP | Alphanumerical | If ‘Yes’ is reported inB_07.01.0110,additional information may be provided in this column | Optional |
Table 153 in anx_I
| 1. | Not substitutable; |
|---|
Table 154 in anx_I
| 2. | Highly complex substitutability; |
|---|
Table 155 in anx_I
| 3. | Medium complexity in terms of substitutability; |
|---|
Table 156 in anx_I
| 4. | Easily substitutable. |
|---|
Table 157 in anx_I
| 1. | The lack of real alternatives, even partial, due to the limited number of ICT third-party service providers active on a specific market, or the market share of the relevant ICT third-party service provider, or the technical complexity or sophistication involved, including in relation to any proprietary technology, or the specific features of the ICT third-party service provider’s organisation or activity; |
|---|
Table 158 in anx_I
| 2. | Difficulties in relation to a partial or full migration of the relevant data and workloads from the relevant ICT third- party service provider to another ICT third-party service provider or by reintegrating them in the financial entity’s operations, due either to significant financial costs, time or other resources that the migration process may entail, or to an increased ICT risk or other operational risks to which the financial entity might be exposed; |
|---|
Table 159 in anx_I
| 3. | Both reasons referred to in points 1 and 2. |
|---|
Table 160 in anx_I
| (a) | the internal audit department or any other additional qualified personnel of the financial entity; |
|---|
Table 161 in anx_I
| (b) | a joint team together with other clients of the same ICT third-party service provider (‘pooled audit’); |
|---|
Table 162 in anx_I
| (c) | a third party appointed by the supervised entity to audit the service provider. |
|---|
Table 163 in anx_I
| 1. | Yes; |
|---|
Table 164 in anx_I
| 2. | No. |
|---|
Table 165 in anx_I
| 1. | Easy; |
|---|
Table 166 in anx_I
| 2. | Difficult; |
|---|
Table 167 in anx_I
| 3. | Highly complex. |
|---|
Table 168 in anx_I
| 1. | Low |
|---|
Table 169 in anx_I
| 2. | Medium; |
|---|
Table 170 in anx_I
| 3. | High; |
|---|
Table 171 in anx_I
| 4. | Assessment not performed. |
|---|
Table 172 in anx_I
| 1. | Yes; |
|---|
Table 173 in anx_I
| 2. | No; |
|---|
Table 174 in anx_I
| 7. | Assessment not performed. |
|---|
Table 175 in anx_I
| B_99.01.C0010 | B_99.01.C0020 | B_99.01.C0030 | B_99.01.C0040 | |
|---|---|---|---|---|
| Column Code | Column Name | Option | Description/Internal definition of the option | |
| B_99.01.R0010 | B_02.01.0020 | Type of contractual arrangement | 1.Standalone arrangement | 1. |
| 1. | Standalone arrangement | |||
| B_99.01.R0020 | 2.Overarching arrangement | 2. | Overarching arrangement | |
| 2. | Overarching arrangement | |||
| B_99.01.R0030 | 3.Subsequent or associated arrangement | 3. | Subsequent or associated arrangement | |
| 3. | Subsequent or associated arrangement | |||
| B_99.01.R0040 | B_02.02.0170 | Sensitiveness of the data stored by the ICT third-party service provider | 1.Low | 1. |
| 1. | Low | |||
| B_99.01.R0050 | 2.Medium | 2. | Medium | |
| 2. | Medium | |||
| B_99.01.R0060 | 3.High | 3. | High | |
| 3. | High | |||
| B_99.01.R0070 | B_06.01.0110 | Impact of discontinuing the function | 1.Low | 1. |
| 1. | Low | |||
| B_99.01.R0080 | 2.Medium | 2. | Medium | |
| 2. | Medium | |||
| B_99.01.R0090 | 3.High | 3. | High | |
| 3. | High | |||
| B_99.01.R0100 | B_07.01.0050 | Substitutability of the ICT third-party service provider | 1.Not substitutable | 1. |
| 1. | Not substitutable | |||
| B_99.01.R0110 | 2.Highly complex substitutability | 2. | Highly complex substitutability | |
| 2. | Highly complex substitutability | |||
| B_99.01.R0120 | 3.Medium complexity in terms of substitutability | 3. | Medium complexity in terms of substitutability | |
| 3. | Medium complexity in terms of substitutability | |||
| B_99.01.R0130 | 4.Easily substitutable | 4. | Easily substitutable | |
| 4. | Easily substitutable | |||
| B_99.01.R0140 | B_07.01.0090 | Possibility of reintegration of the contracted ICT service | 1.Easy | 1. |
| 1. | Easy | |||
| B_99.01.R0150 | 2.Difficult | 2. | Difficult | |
| 2. | Difficult | |||
| B_99.01.R0160 | 3.Highly complex | 3. | Highly complex | |
| 3. | Highly complex | |||
| B_99.01.R0170 | B_07.01.0100 | Impact of discontinuing the ICT services | 1.Low | 1. |
| 1. | Low | |||
| B_99.01.R0180 | 2.Medium | 2. | Medium | |
| 2. | Medium | |||
| B_99.01.R0190 | 3.High | 3. | High | |
| 3. | High |
Table 176 in anx_I
| 1. | Standalone arrangement |
|---|
Table 177 in anx_I
| 2. | Overarching arrangement |
|---|
Table 178 in anx_I
| 3. | Subsequent or associated arrangement |
|---|
Table 179 in anx_I
| 1. | Low |
|---|
Table 180 in anx_I
| 2. | Medium |
|---|
Table 181 in anx_I
| 3. | High |
|---|
Table 182 in anx_I
| 1. | Low |
|---|
Table 183 in anx_I
| 2. | Medium |
|---|
Table 184 in anx_I
| 3. | High |
|---|
Table 185 in anx_I
| 1. | Not substitutable |
|---|
Table 186 in anx_I
| 2. | Highly complex substitutability |
|---|
Table 187 in anx_I
| 3. | Medium complexity in terms of substitutability |
|---|
Table 188 in anx_I
| 4. | Easily substitutable |
|---|
Table 189 in anx_I
| 1. | Easy |
|---|
Table 190 in anx_I
| 2. | Difficult |
|---|
Table 191 in anx_I
| 3. | Highly complex |
|---|
Table 192 in anx_I
| 1. | Low |
|---|
Table 193 in anx_I
| 2. | Medium |
|---|
Table 194 in anx_I
| 3. | High |
|---|
Table 1 in anx_II
| Type of entity | List of activities and services |
|---|---|
| (a)credit institutions | (a) |
| (a) | credit institutions |
| (b)payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366 | (b) |
| (b) | payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366 |
| (c)account information service providers | (c) |
| (c) | account information service providers |
| (d)electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/EC | (d) |
| (d) | electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/EC |
| (e)investment firms | (e) |
| (e) | investment firms |
| (f)crypto-asset service providers authorised under Regulation (EU) 2023/1114 | (f) |
| (f) | crypto-asset service providers authorised under Regulation (EU) 2023/1114 |
| (g)issuers of asset-referenced tokens authorised under Regulation (EU) 2023/1114 | (g) |
| (g) | issuers of asset-referenced tokens authorised under Regulation (EU) 2023/1114 |
| (h)central securities depositories | (h) |
| (h) | central securities depositories |
| (i)central counterparties | (i) |
| (i) | central counterparties |
| (j)trading venues | (j) |
| (j) | trading venues |
| (k)trade repositories | (k) |
| (k) | trade repositories |
| (l)managers of alternative investment funds | (l) |
| (l) | managers of alternative investment funds |
| (m)management companies | (m) |
| (m) | management companies |
| (n)data reporting service providers | (n) |
| (n) | data reporting service providers |
| (o)insurance and reinsurance undertakings | (o) |
| (o) | insurance and reinsurance undertakings |
| (p)insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries | (p) |
| (p) | insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries |
| (q)institutions for occupational retirement provision | (q) |
| (q) | institutions for occupational retirement provision |
| (r)credit rating agencies | (r) |
| (r) | credit rating agencies |
| (s)administrators of critical benchmarks | (s) |
| (s) | administrators of critical benchmarks |
| (t)crowdfunding service providers | (t) |
| (t) | crowdfunding service providers |
| (u)securitisation repositories | (u) |
| (u) | securitisation repositories |
| Non-financial entity: ICT intra-group service provider | Not applicable |
| Non-financial entity: Other intra-group entity | Not applicable |
| Non-financial entity: ICT third-party service provider | Not applicable |
Table 2 in anx_II
| (a) | credit institutions |
|---|
Table 3 in anx_II
| (b) | payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366 |
|---|
Table 4 in anx_II
| (c) | account information service providers |
|---|
Table 5 in anx_II
| (d) | electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/EC |
|---|
Table 6 in anx_II
| (e) | investment firms |
|---|
Table 7 in anx_II
| (f) | crypto-asset service providers authorised under Regulation (EU) 2023/1114 |
|---|
Table 8 in anx_II
| (g) | issuers of asset-referenced tokens authorised under Regulation (EU) 2023/1114 |
|---|
Table 9 in anx_II
| (h) | central securities depositories |
|---|
Table 10 in anx_II
| (i) | central counterparties |
|---|
Table 11 in anx_II
| (j) | trading venues |
|---|
Table 12 in anx_II
| (k) | trade repositories |
|---|
Table 13 in anx_II
| (l) | managers of alternative investment funds |
|---|
Table 14 in anx_II
| (m) | management companies |
|---|
Table 15 in anx_II
| (n) | data reporting service providers |
|---|
Table 16 in anx_II
| (o) | insurance and reinsurance undertakings |
|---|
Table 17 in anx_II
| (p) | insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries |
|---|
Table 18 in anx_II
| (q) | institutions for occupational retirement provision |
|---|
Table 19 in anx_II
| (r) | credit rating agencies |
|---|
Table 20 in anx_II
| (s) | administrators of critical benchmarks |
|---|
Table 21 in anx_II
| (t) | crowdfunding service providers |
|---|
Table 22 in anx_II
| (u) | securitisation repositories |
|---|
Table 1 in anx_III
| Identifier | Type of ICT services | Description |
|---|---|---|
| S01 | 1.ICT project management | 1. |
| 1. | ICT project management | |
| S02 | 2.ICT Development | 2. |
| 2. | ICT Development | |
| S03 | 3.ICT help desk and first level support | 3. |
| 3. | ICT help desk and first level support | |
| S04 | 4.ICT security management services | 4. |
| 4. | ICT security management services | |
| S05 | 5.Provision of data | 5. |
| 5. | Provision of data | |
| S06 | 6.Data analysis | 6. |
| 6. | Data analysis | |
| S07 | 7.ICT, facilities and hosting services (excluding Cloud services) | 7. |
| 7. | ICT, facilities and hosting services (excluding Cloud services) | |
| S08 | 8.Computation | 8. |
| 8. | Computation | |
| S09 | 9.Non-Cloud Data storage | 9. |
| 9. | Non-Cloud Data storage | |
| S10 | 10.Telecom carrier | 10. |
| 10. | Telecom carrier | |
| S11 | 11.Network infrastructure | 11. |
| 11. | Network infrastructure | |
| S12 | 12.Hardware and physical devices | 12. |
| 12. | Hardware and physical devices | |
| S13 | 13.Software licencing (excluding SaaS) | 13. |
| 13. | Software licencing (excluding SaaS) | |
| S14 | 14.ICT operation management (including maintenance) | 14. |
| 14. | ICT operation management (including maintenance) | |
| S15 | 15.ICT Consulting | 15. |
| 15. | ICT Consulting | |
| S16 | 16.ICT Risk management | 16. |
| 16. | ICT Risk management | |
| S17 | 17.Cloud services: IaaS | 17. |
| 17. | Cloud services: IaaS | |
| S18 | 18.Cloud services: PaaS | 18. |
| 18. | Cloud services: PaaS | |
| S19 | 19.Cloud services: SaaS | 19. |
| 19. | Cloud services: SaaS |
Table 2 in anx_III
| 1. | ICT project management |
|---|
Table 3 in anx_III
| 2. | ICT Development |
|---|
Table 4 in anx_III
| 3. | ICT help desk and first level support |
|---|
Table 5 in anx_III
| 4. | ICT security management services |
|---|
Table 6 in anx_III
| 5. | Provision of data |
|---|
Table 7 in anx_III
| 6. | Data analysis |
|---|
Table 8 in anx_III
| 7. | ICT, facilities and hosting services (excluding Cloud services) |
|---|
Table 9 in anx_III
| 8. | Computation |
|---|
Table 10 in anx_III
| 9. | Non-Cloud Data storage |
|---|
Table 11 in anx_III
| 10. | Telecom carrier |
|---|
Table 12 in anx_III
| 11. | Network infrastructure |
|---|
Table 13 in anx_III
| 12. | Hardware and physical devices |
|---|
Table 14 in anx_III
| 13. | Software licencing (excluding SaaS) |
|---|
Table 15 in anx_III
| 14. | ICT operation management (including maintenance) |
|---|
Table 16 in anx_III
| 15. | ICT Consulting |
|---|
Table 17 in anx_III
| 16. | ICT Risk management |
|---|
Table 18 in anx_III
| 17. | Cloud services: IaaS |
|---|
Table 19 in anx_III
| 18. | Cloud services: PaaS |
|---|
Table 20 in anx_III
| 19. | Cloud services: SaaS |
|---|
Table 1 in anx_IV
| Type of entity | Instruction to report value of total assets in column B_01.02.0110 |
|---|---|
| (a)credit institutions | (a) |
| (a) | credit institutions |
| (b)payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366 | (b) |
| (b) | payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366 |
| (c)account information service providers | (c) |
| (c) | account information service providers |
| (d)electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/EC | (d) |
| (d) | electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/EC |
| (e)investment firms | (e) |
| (e) | investment firms |
| (f)crypto-asset service providers authorised under Regulation (EU) 2023/1114 | (f) |
| (f) | crypto-asset service providers authorised under Regulation (EU) 2023/1114 |
| (g)issuers of asset-referenced tokens authorised under Regulation (EU) 2023/1114 | (g) |
| (g) | issuers of asset-referenced tokens authorised under Regulation (EU) 2023/1114 |
| (h)central securities depositories | (h) |
| (h) | central securities depositories |
| (i)central counterparties | (i) |
| (i) | central counterparties |
| (j)trading venues | (j) |
| (j) | trading venues |
| (k)trade repositories | (k) |
| (k) | trade repositories |
| (l)managers of alternative investment funds | (l) |
| (l) | managers of alternative investment funds |
| (m)management companies | (m) |
| (m) | management companies |
| (n)data reporting service providers | (n) |
| (n) | data reporting service providers |
| (o)insurance and reinsurance undertakings | (o) |
| (o) | insurance and reinsurance undertakings |
| (p)insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries | (p) |
| (p) | insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries |
| (q)institutions for occupational retirement provision | (q) |
| (q) | institutions for occupational retirement provision |
| (r)credit rating agencies | (r) |
| (r) | credit rating agencies |
| (s)administrators of critical benchmarks | (s) |
| (s) | administrators of critical benchmarks |
| (t)crowdfunding service providers | (t) |
| (t) | crowdfunding service providers |
| (u)securitisation repositories | (u) |
| (u) | securitisation repositories |
| Non-financial entity: ICT intra-group service provider | Not applicable |
| Non-financial entity: Other intra-group entity | Not applicable |
| Non-financial entity: ICT third-party service provider | Not applicable |
Table 2 in anx_IV
| (a) | credit institutions |
|---|
Table 3 in anx_IV
| (b) | payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366 |
|---|
Table 4 in anx_IV
| (c) | account information service providers |
|---|
Table 5 in anx_IV
| (d) | electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/EC |
|---|
Table 6 in anx_IV
| (e) | investment firms |
|---|
Table 7 in anx_IV
| (f) | crypto-asset service providers authorised under Regulation (EU) 2023/1114 |
|---|
Table 8 in anx_IV
| (g) | issuers of asset-referenced tokens authorised under Regulation (EU) 2023/1114 |
|---|
Table 9 in anx_IV
| (h) | central securities depositories |
|---|
Table 10 in anx_IV
| (i) | central counterparties |
|---|
Table 11 in anx_IV
| (j) | trading venues |
|---|
Table 12 in anx_IV
| (k) | trade repositories |
|---|
Table 13 in anx_IV
| (l) | managers of alternative investment funds |
|---|
Table 14 in anx_IV
| (m) | management companies |
|---|
Table 15 in anx_IV
| (n) | data reporting service providers |
|---|
Table 16 in anx_IV
| (o) | insurance and reinsurance undertakings |
|---|
Table 17 in anx_IV
| (p) | insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries |
|---|
Table 18 in anx_IV
| (q) | institutions for occupational retirement provision |
|---|
Table 19 in anx_IV
| (r) | credit rating agencies |
|---|
Table 20 in anx_IV
| (s) | administrators of critical benchmarks |
|---|
Table 21 in anx_IV
| (t) | crowdfunding service providers |
|---|
Table 22 in anx_IV
| (u) | securitisation repositories |
|---|