ESMA_QA_865

Status: ✅ Answer Published

---

Regulatory Context

Level 1 Regulation: Regulation 648/2012 - OTC derivatives, central counterparties and trade repositories (EMIR) - CCPs Level 2 Regulation COMMISSION DELEGATED REGULATION (EU) No 153/2013 Regulatory technical standards on requirements for central counterparties

Topic: EU-CCPs

Subject Matter: Outsourcing (old CCP question 10 dated 4/06/2013)

---

Question

Submission Date: 27-04-2023

According to Article 11(1) of Commission Delegated Regulation (EU) No 153/2013 ‘a CCP shall establish and maintain an internal audit function which is separate and independent from the other functions and activities …’. Is it allowed by the CCP to outsource an internal audit function according to Article 35 of EMIR?

---

ESMA Answer

Answer Date: 04-06-2013

A CCP might outsource its internal audit function where the requirements of Article 35 of EMIR are met. Internal Audit should be considered a “major activity linked to risk management” in the language of EMIR Article 35(1), so outsourcing this would require the specific approval of the competent authority. In addition, EMIR establishes a number of specific requirements for the internal audit function which would need to be met under any outsourcing arrangement. In particular, Article 7(6) of Regulation (EU) No. 153/2013, requires that a CCP have clear and direct reporting lines between the internal audit function and the board and senior management of the CCP. Article 11(3) of Regulation (EU) No. 153/2013 also requires a CCP’s internal audit function have the necessary access to information in order to review all of the CCP’s activities and operations, processes and systems, including outsourced activities. Both of these requirements would need to be carefully considered and respected where a CCP sought to outsource its internal

---

This document was automatically extracted from the ESMA EMIR Q&A database.