Trade repository fined for EMIR data breaches
ESMA has fined the trade repository DTCC Derivatives Repository Plc (DTCC) a total of €408,000 for seven infringements of EMIR.
The European Securities and Markets Authority (ESMA), the EU's securities markets regulator, has fined the trade repository DTCC Derivatives Repository Plc (DTCC) a total of €408,000 for seven infringements of the European Market Infrastructure Regulation (EMIR) committed between 2014 and 2018 regarding data confidentiality, data integrity, and direct and immediate access to data. ESMA's announcement is available here.
ESMA's full decision (available here) details that, among other things, clients of DTCC were granted access to view other clients' confidential trade information and that asset managers that only manage a portion of a fund had been granted access to view all positions within that fund.
In relation to asset managers, the issue arose out of a functionality in DTCC where asset managers could request to have access to all the data of funds exclusively managed by them (Exclusive Access Rights). Where the relevant manager selected a checkbox stating that the reporting relationship was 'exclusive', access was set up as if the asset manager and the funds were established within the same corporate family of entities. In some cases, Exclusive Access Rights meant that managers who only managed a portion of a fund were given access to view all positions within the fund (including those of other managers).
According to the decision, between the start of the reporting obligation under EMIR and the disabling of the relevant functionality on 1 October 2018, there were 35 instances in which a total of 32 asset managers were incorrectly granted Exclusive Access Rights over fund reports into DTCC.
While DTCC has stated that it has addressed the issues identified in ESMA's findings (see Reuters' reporting here), the decision underlines the importance of market participants considering the nature of their reporting arrangements (and the potential access of third parties to confidential trade data reported on behalf of clients), and due diligence on the trade repositories that their trades are reported to (whether completing this themselves or receiving adequate assurances of such from third parties who report on their behalf).
.jpeg?crop=300,495&format=webply&auto=webp)
_(1)_11zon.jpg?crop=300,495&format=webply&auto=webp)
_11zon.jpg?crop=300,495&format=webply&auto=webp)
