ieta comments on eu proposals for enhancing registry security

8/7/2019 IETA Comments on EU Proposals for Enhancing Registry Security

1/13

IETA - Climate Challenges, Market Solutions

100 King Street West, Suite5700, Toronto, OntarioM5X 1C7, Canada

Tel. +1 (416) 913 0135

Boite 27Rue de la Loi 235Brussels, 1040, BelgiumTel: +32 (0)22 30 11 60Reg. 0889.072.702

24, Rue Merle dAubignGeneva, 1207, SwitzerlandTel: +41 (22) 737 0500

1730 Rhode Island Ave., NW,Suite 802, Washington, DC20036 USA

Tel: +1 (202) 629-5980

IETA1

position paper on registry security as response to

EU stakeholder meeting on 15 March 2011 on registry security

31 March 2011

Key messages

1. Immediate measures required to restore market confidence:

a. minimum safety standards on all registries by mid-April

b. publish a central list of stolen allowances after carefully assessing risks and

benefits until a freezing mechanism can be implemented within the CITL

c. fast notice procedures for companies affected by a theftd. detailed Know-Your-Customer checks on existing/new accounts within 60 days

e. annual security audit for registries or face liability for thefts

f. work out compensation schemes for victims

g. work on harmonizing legal status of allowances and clarifying title of transfer

2. Support introduction of a safe compliance account and concept of differentiated

accounts granting flexibility in implementation of transfer limits, delays and restricting

accounts for transfers (masterdata concept), accompanied by a monitoring mechanism.

3. Support introduction of at least 4 (operating) hour delay mechanism for transactions on

all accounts in all registries in combination with out-of-band notification. This delay

should not apply for automated transfers within an exchange settlement infrastructure,

allocation and surrender, and in very specific circumstances. The need for a delivery

delay must be reviewed upon introduction of the Union Registry.

4. Does not support anonymized transactions unless the legal status of an allegedly stolen

emission allowance is clarified EU-wide, and a notification process, a freezing

mechanism and compensation procedures for victims of the theft are in place. Non-

disclosure would also prevent market participants from doing compulsory reporting.

5. Consider that certain aspects related to registry security such as who is entitled to

participate in this market should be part of the review of market oversight rules.

6. Build up of user forum working towards implementation of safe and functional EU ETS

infrastructure. Representation should be self selected by various relevant business

groupings.

1IETA is the leading voice of the international business community on the subject of emissions trading with over 160

1

member companies from across the carbon cycle. IETA supports efforts to address the pressing environmental

challenge of climate change, and is dedicated to the establishment of environmentally effective market-based

emissions trading systems that generate reductions at least cost to the community. For more information:

www.ieta.org


2/13

2

Urgent measures

Following the stakeholder meeting on registry security on 15 March, IETA thanks the

Commission for the opportunity to provide comments on the revision of the registry regulation.

Measures proposed at the ECCP stakeholder meeting on 15th March mainly targeted security

improvements on the functioning of the Union registry, to be implemented in 2012. While these

are welcome, IETA is also concerned that more immediate steps are needed to help the market

return to a more normal situation and to restore confidence that the problems which have

paralysed the spot market are being appropriately addressed. This means first and foremost,

enhancing security levels across all registries and to get them operate at the commercial

standards that would adequately protect the value at stake:2

Minimum safety standards on all registries: introduce double authorization, two-factor

identification and a 4-hour minimum delay for transactions on all registries combined with

out-of-band notification and subject to exemptions outlined in section III , and open the

remaining registries at the latest by mid-April. IT security measures are established in e-

banking and solutions can be relatively easily understood and built by IT service providers

(or bought off-the-shelf). There is no reason why such measures should not be

communicated to account holders, as far as they concern the user interface.

Transparency: If a careful evaluation of risks/benefits concludes positively, provide a

regularly updated central list of allegedly stolen allowances on the CITL, with appropriate

disclaimers. At the same time, work should advance on a process to automatically freezestolen allowances at registry level upon submission of an emergency notification protocol at

the level of the CITL, together with compensation measures

Fast notice: Establish emergency notification protocols allowing companies to notify a theft

instantly by submitting an online form to national authorities and registry operators

available from the CITL. Introduce a telephone hotline operating during trading hours for all

registries and at EU level. Publish registry trading hours with details of national holidays.

Clean up and monitor: Require registries to run detailed Know-Your Customer (KYC) checks

on all existing and new registry accounts within 60 days and copy the Danish Registry

example of asking for motivations for holding accounts and involve anti-crime authorities in

the process. Clarify practical implementation difficulties (tipping off) in registry regulation

for how national registries can deny or suspend accounts3 to those that do not pass the KYC

process. KYC processes should be designed as per Anti Money Laundering standards.

2That will entail significant ramping up of resources in certain registries and as part of this dearly needed effort could

imply a review of registries fees arrangements towards adequate but moderate levels. See annex 1 for the current

fee structure on EU ETS registries.3

An appeal route is however required, in particular if new processes are implemented which restrict access to certain

accounts. The appeal mechanism foreseen in the registry regulation will need to deal with such cases.


3/13

3

Clarify and take responsibilities: There should be a clear obligation on registries to undergo

annual audits to certify the appropriateness of security levels and the way KYC checking isorganized and implemented. The Commission should mandate an independent auditor to

review all the annual registry audits and publish a public report. Where a registry has not

performed appropriate KYC checks and/or security requirements are not met, the registry

subject to the theft and the registry receiving the fraudulent transaction must be held liable

for the consequences of any unlawful transfers (where the end user has taken necessary

precautions). Companies also have a duty to enhance internal security procedures, regularly

check their accounts, have traders trained in doing KYC checks on counterparties and

regularly change passwords. But not all the risk can be borne by companies. Registry

operators should issue best practice guidance to account holders.

Compensate: A mechanism must be devised to compensate the victim of a theft andprovide the current holders of allegedly stolen allowances bought in good faith with

tradable replacements. Political leadership is required as industry installations have no

choice but to participate in the EU ETS and there are victims that bought allegedly stolen

allowances in good faith. Member States, alongside the Commission, are individually and

collectively responsible for the good operation of national registries and must assume that

duty. IETA in this paper proposes that Member States set up a mutual pool of allowances to

compensate affected parties. Victims of a theft could either receive financial

recompensation or a virtual entry of compliance; whereas legitimate holders could swap

affected allowances against entitlement notes to clean phase III allowances.

Claims: If the market was to return back to normal, the legal character of an EUA cannot

remain further unaddressed. Achieving consistency across Member States is vital for the

future of this market and must be addressed in parallel before the end of phase 2. IETA also

proposes to discuss the introduction in the registry regulation of unified title transfer rules

specifically for EUA trading. Such rules might facilitate taking ownership and trading of

carbon allowances in good faith (see section IV.1). This remains an issue of vital importance

for the future of this market and must be addressed in parallel, through issuance of an EU

decision before the end of phase 2. Given the intricacies, IETA calls upon the Commission to

immediately investigate these possibilities and discuss with lawyers from different

jurisdictions to pool views about what can be done to improve matters.

Many of these points could not be addressed in full length during the stakeholder meeting. IETA

therefore repeats its suggestion that, following this first very successful exchange of views, theCommission in conjunction with main European business and trade associations should set up a

permanent user forum on registry questions. Such fora exist at national level but not in all

Member States. The exchange of information and consultation of market participants should

not be kept to national fora only. This EU ETS forum would consist of a group of experts

including business representatives, Commission and Member States officials that would work on

enhancing user features in the registries and would allow market testing for any new concepts

before putting them to use. This forum could also provide support in training national registry

operators in better monitoring and flagging unusual transactions. Minutes of forum meetings

should be published along the lines for minutes of the Climate Change Committee meetings.


4/13

4

Comments on Commission Proposals

I. Introductory comments

The theft of allowances has deeply affected confidence and liquidity in the EU ETS, undermining

market functioning not only in the spot market but also in derivatives markets. One can already

observe that companies that provide liquidity, but that are market participants for financial

rather than for compliance purposes, are having second thoughts about their involvement in

this type of activity. Such involvement has been a crucial factor supporting the successful

development of the ETS and is dearly needed as the market enters its third trading phase and

their withdrawal could come at a significant cost to the remainder of the market.

This is why IETA is supporting measures in this paper which might have not received approvalacross the membership just a couple of months ago, as they change the fundamental nature of

this market and add regulatory layers that might not have been necessary if security was

maintained at adequate levels across all registries. IETA will monitor the situation and upon

implementation of the Union registry reassess the conditions needed to ensure a good market

functioning.

IETA considers that the Commission and the Member States as the owners of the ETS must

ensure the full security for an industry operators assets and provide compensation for losses

incurred as a consequence of an insecure operating system, given due diligence on the side of

the affected operator. In the same way, if a party can demonstrate it was in compliance with

reasonable and proportionate KYC requirements and due diligence checks and, through no faultof its own, now holds potentially stolen allowances, there needs to be a swift remedy to the

situation including compensatory measures. An option for setting up compensation schemes is

further elaborated in this paper (see section IV.3).

IETA would like to emphasize that no single measure is sufficient by itself and the

effectiveness of individual measures will depend on how they interact with other measures.

Thus the following comments cannot be seen in isolation, as they are intrinsically linked. For

instance, the publication of a central list of allegedly stolen allowances also requires

establishing a process on how to reliably but efficiently update such a list, a registry telephone

hotline, details on opening hours, and procedures for reporting a theft.

Moreover, it is important to consider that certain aspects related to registry security such as

who is entitled to participate in this market should be part of the forthcoming review of market

oversight rules for the EU ETS. This is meant to encompass both the auctioning and trade of

emission allowances.

II. Differentiation of account categories

The objectives of introducing the differentiation of accounts are to:


5/13

5

1. Make it more difficult to steal allowances if and when security has been breached

allowing accounts to be accessed fraudulently.2. Make it more difficult to quickly transfer/launder the stolen allowances.

Addressing both of these objectives is important.

Do you support the introduction of differentiated account categories?

IETA supports the introduction of differentiated account categories or security tiers, based on

certain conditions, as set out below. IETA believes it is very important that in creating such

categories, we do not inadvertently restrict access by any party with a legitimate interest in

trading allowances.

An important complementary measure to account differentiation that may be considered is to

require registry operators to establish an automated monitoring system of all transactions. By

applying certain non-disclosed criteria (e.g. unusual trading pattern in terms of volumes and

frequency, unusual recipient accounts, (financial) size of the companies etc.), this would allow

registries to investigate specific suspicious trades that might indicate unauthorised access to an

account or fraudulent trading activity.

To further reinforce the barriers to entry by fraudsters, separate out of band confirmation

system (such as SMS/ TAN message or e-token confirmation) for transfer proposals must be set-

up for all accounts. Processing transfers via two independent communications systems adds a

significant entry-barrier for cyber fraudsters as they would need to gain physical access to the

separate confirmation system i.e. the mobile phones or e-tokens of account operators.

How many different account categories should be created and under what conditions

should more flexible account categories be allowed?

Two main account categories may be created:

- A standard compliance account enabling only transfers for allocation and surrender and

between entities of the same group and giving maximum security to account holders.

- A flexible account with individual options of limitations and conditions on transfers and

volumes and some horizontal restrictions including:

o The Masterdata concept, i.e.the use of individual pre-approved list of accounts

to which transfers are authorized,is a very effective way to keep fraudsters outand should be applied to all accounts. Establishing new relationships takes

days/weeks of internal documentation and hence setting-up new correspond-

dent accounts under Masterdata will not unduly lengthen trading processes.4

o appropriate & uniform transaction delays.

4However, a process needs to be set up allowing prompt removal of accounts should information be received which

might indicate a change in status of a previously approved account, for example on the basis of SMS/TAN or e-

token confirmation and 2-persons authorization. Adding accounts should only be possible by written procedure and

co-signed by the two authorized representatives, followed by request for confirmation by registry authorities.


6/13

6

To be eligible to a flexible account, a participant must demonstrate that it meets the predefined

set of criteria of a standardised, unified KYC process through a Commission accredited auditorresembling the Anti Money-Laundering recommendations published by almost all national

financial regulators (see annex 2 for some non exhaustive examples for KYC processes). The

assessment against such criteria could for instance include some form of credit point system.

This combined with other measures should sufficiently mitigate the risk that holders of flexible

accountsmay be involved in criminal activity. This mechanism would also require an appropriate

body to undertake the assessment or oversee assessments performed by specialised service

providers.

III. Delivery delay mechanism

Do you support the introduction of such a delivery delay mechanism?

What is the appropriate delay that should be considered?

In terms of principles, where delivery delay is set, this should not affect compliance postings

(e.g. surrender and allocation of allowances). Moreover, there is no point in implementing a

delay as a stand-alone measure. It must come with (a) provision of information on the

transaction to the account holder via sms; (b) possibility for account holder to undo the

transaction before it is completed. We would like to see on the CITL an updated list of operating

hours of all registries and the hotline numbers to call in case of an emergency.

Members have different views on the appropriate length but, as an emergency measure,a 4

hour delay during operating hours5could be sufficient, introduced right now in all registries

until establishment of the Union Registry, and then be reassessed. Longer delays would require

expensive changes to trading systems. While the transfer entering or exiting the exchange

settlement infrastructure would be subject to a delay (either handled by a general clearing

member (GCM), CCP or an exchange), no delay shall apply within it (illustration below):

Party A DELAY Exchange Infrastructure* DELAY Party B*(exchanges, CCP or any allowance account under the supervision of the CCP or the exchange)

But a delay mechanism only works if a company is also able to interfere and stop a transfer.

For this, each registry will need to provide a telephone hotline during operation hours. This does

not relieve registries of the obligation to introduce appropriate security levels both at registry

and company level and in particular, automatic and immediate notification of the accountholder via SMS that a transaction command has been made on their account.

The feasibility of non-delayed deliveries shall also be maintained for specific circumstances.

For instance,even though this is not the most common market practice, active market

participants need to stay able to adjust immediately their balance, for instance on exchange-set

5Need for careful definition (does this relate to CET/GMT, and how deal with different national bank holidays).


7/13

7

and market-customary expiry dates of forward contracts6. A balance needs to be maintained

between preventing abuse of such opt-out and ensuring good market functioning.

IV. Display of serial numbers

Do you support the discontinuation of displaying serial numbers in the single registry?

IETA does not support hiding of serial numbers, unless this would be combined with:

- legal clarification of status and transfer of title for EUAs with a view to allow for a bona

fide purchase of EUAs;

- freezing mechanism in CITL that would stop any transfer of allegedly stolen EUAs;

- compensation procedures for victims of the theft.

These three points are further elaborated below.

IV. 1 Issue of legal status

On the one side, we have seen that the display of serial numbers can lead to market

fragmentation when stolen allowances are put into circulation, e.g. while the theft has only

affected a very small number of allowances, this has fragmented the market as

(a) their status is not clarified and unwitting recipients of allegedly stolen allowances run the risk

of suffering loss or, at worst, criminal liability arising from merely participating in the EU ETS as

some jurisdictions require disclosure of any potential trading irregularities.;

(b) there are moral and reputational aspects to using someone elses stolen goods.

Yet the key problem in the proposed anonymization of serial numbers resides in the uncertain

legal situation regarding ownership of allegedly stolen allowances. For instance under English

law, unless a product is a negotiated instrument, it is irrelevant whether you have transacted in

good faith: if the allowance is stolen, then you have no good title. As a result, in this

jurisdiction, hiding serial numbers may well be counterproductive: not only dont you have good

title, but you cannot do anything to prevent delivery of allowances that are known to be under

investigation. In other words, the law does not protect you and you cannot protect yourself.

Based on above consideration, market participants require identification of allegedly stolen

EUAs to allow for appropriate risk management:

- hiding serial numbers is not helping to restore confidence that allegedly stolen EUAs arenot on ones account;

- enshrining the compliance usability of allegedly stolen EUAs does not alleviate the

financial or criminal liability of holding allegedly stolen EUAs;

- non-disclosure would also prevent market participants from doing due diligence

reporting on suspicious activity.

6Instant deliveries are also needed for reconciliation in cases the counterparty has not delivered, but onwards

delivery is due, one must purchase instantly replacement units to deliver on a supply contract. Otherwise there is a

high risk that this liability triggers down the supply chain and affects market liquidity.


8/13

8

At the same time, it may be easier to pursue the asset rather than the thief. Thieves are hard totrack down: while complicit accounts were opened to facilitate the laundering of proceeds, the

account holders disappeared. Yet the stolen allowances are visible throughout the laundering

chain. In previous fraud cases, companies that published stolen allowances had a much better

chance of recovering parts of the losses and gained much higher publicity, thereby accelerating

the judiciary procedures. If serial numbers are kept anonymous there should be clear timelines

for judiciary procedures in cases of theft, and obligatory instant sharing of the information with

policy and legal authorities across the EU through notification of Europol.

IV. 2 Freezing mechanism

The introduction of a CITL check that would allow the freezing and recovery of allegedly stolen

allowances could prevent paralysis of the entire market (with or without visibility of serial

numbers). This mechanism could be activated on the basis of a request backed by a national

police report detailing the good grounds for belief that allowances had been stolen, see box 1

below. The CITL should automatically check EUAs proposed for transfer versus the current, CITL

administered, list of allegedly stolen allowances. However, there is also aneed to ensure that

those that bought these EUAs in good faith are not disadvantaged but have speedy access to

redress.

Box 1. Activation process freezing mechanism

1. A fraud victim would notify national registry operators of the loss through an emergency

notification protocol7 within 8-12 (operating/business) hours of the loss. In conjunction with

an instant sms notification system for accounting holders following execution of transaction

commands this, or a similar time delay, should be considered sufficient;

2. Registry operators to report serial numbers to CITL as stolen;

3. CITL to immediately block these from further transfers and inform all other national

registries by circulating the emergency notification protocol subject to a confidentiality

agreement about the identity of the (alleged) victim;

4. Effective blockage to take place within hours, not days;

5. Immediate information to the account holder who has allegedly stolen EUAs on its account

and request to provide evidence for due diligence process in acquiring allowances.

6. Fraud victim to provide within 5 working days a police report as sufficient evidence that it

has officially declared being the victim of theft.7. Fraud victim to take full responsibility for false/ erroneous claim of stolen EUA (limited to

market price at time of call for blockage, no consequential losses). The CITL to publish all

successful applications to freeze allowances.

8.

7The Commission and Member States need to develop a consistent set of emergency notification protocols and

enhance intervention capacity to prevent transfer of allowances in case emergency notifications are filed. These

would enable: (a) victims of an alleged incident of theft to immediately alert relevant EU ETS authorities; and (b)

those authorities to in turn notify market participants and the national registry administrators.


9/13

9

IV.3 Compensation

There are different options to ensure that compensation is addressing both the victim of the

theft and the last legitimate holder of the frozen allegedly stolen allowance. The proposal of a

mutual pool is just one of many options which might merit further exploring.

A mutual pool could be set up by the regulator through pooling national allocation of emission

allowances (Member States and Commission).

The mutual pool could

Pay the account from which they were stolen if it is determined that the account holder

had no fault, and showed no negligence or if the victim is a compliant entity, provide

entitlement to virtual compliance entry; Pay the current holder if it is determined that they purchased in good faith or allow for a

swap of affected allowances against entitlement notes to clean phase III allowances;

Hold the registry liable if the illegal transfer took place as a result of insufficient registry

security measures;

Pursue those that illegally transferred the units.

V. Disclosure of allegedly stolen allowances

- Should the disclosure of the serial numbers of allegedly stolen allowances be permitted or

should such disclosure be ruled out?

IETA has identified risks and benefits to the disclosure of allegedly stolen allowances:

Benefits

The list is needed for good internal risk management. In the current situation of multiple lists

published by different market players, judiciary authorities might consider that anyone ought to

know and refrain from trading the allowances appearing on publicly accessible lists, but there is

no single central access point and the lists are clearly incomplete as one registry has not

published serial numbers. With a single centrally available list at hand, companies could isolate

allowances on separate account and trade remaining units of the block. This would tackle

liability issue and minimize revenue risks. Companies could build a reference to the list into

delivery contracts and accept to make good if such an allowance should be delivered. A

reference list would also enhance confidence in the filtering by exchanges. Several incompletelists are now circulating and used by market participants. Hence, a central would enhance

confidence and market liquidity.

Risks

A centrally published list creates problems for the good functioning of the market, leading to an

effective halt of transactions as liability risks are perceived to sharply increase. It does not help

to know the serial numbers of allegedly stolen allowances as companies cannot react to this

information. Companies can return stolen allowances to sender, but only under tedious

procedures: they must open a new account to isolate the units if these are part of a block.


10/13

10

Publication would undermine trust in the market and give a sense of false security. Finally, the

Commission has clarified in its Q&A that any allowance is good for compliance, publication ofsuch a list would go against this principle. But as outlined above, in some jurisdictions the

surrender of allegedly stolen allowances for compliance purposes carries legal risks.

IETA therefore invites the Commission and Member States to carefully assess both risks and

benefits to the publication of a centralized list. If a central list is published, this should be for a

limited time of for instance 6 months and/or until any new system (including freezing

mechanism, monitoring measures and compensatory procedures) are established.

- If it was allowed, who should be entitled to disclose serial numbers?

National registries should be required:

- as soon as reported to any national registry operator, to notify a theft and the

serial numbers to all market participants. Through rss feed or equivalent

systems (+ dedicated newswires?) plus by e-mail to account holders in EU

national registries (automated cascading between the initial national registry

and the other EU registries).

- to publish a list of allegedly stolen allowances and to update this list on a daily

basis.

The CITL website should include notice of a fresh theft as soon as an alert is sent by a national

registry operator to be refreshed every day at noon.

This is also in line with good practices for market-relevant information, which should be made

available in a centralized and transparent manner and in a comprehensive format accessible toall market participants to avoid market distortions.

- Under which conditions should serial numbers be disclosed?

The list could contain a disclaimer that notifies users that the list is neither to pre-judge ongoing

criminal investigations assessing if the allowances listed have actually been stolen, nor is the list

guaranteed to be exhaustive. The criteria used for adding EUAs to this list should be clearly set

out and could require submission of a police report.

- Who should assume the legal responsibility for the correctness of the information

The fraud victim is to take full responsibility for false/ erroneous claim of stolen EUA (limited to

market price at time of call for blockage, with no consequential losses) or if they do not producethe required national police report within 48 hours. Registries will have the legal responsibility if

they fail to inform the CITL of a newly reported theft within 1 hour. The CITL will be responsible

for updating its central list within 1 hour of being informed by a registry operator.

Such a central list will make it more difficult for fraudsters to monetize allowances. In the

absence of such steps, market participants will be exposed to significant and continuing

uncertainty when acquiring EUAs on the spot and forward/futures markets.


11/13

11

ANNEX 1 Fee structure in EU registries

Source: CITL website and information provided by IETA membersOHA = operator holding accounts, PHA = personal holding accounts

Registry Fee info

Austria ?

Belgium PHA : 497euro/acc/y

Bulgaria ?

Cyprus ?

Cyprus CPO ?

Czech Republic ?

Denmark 600DKK per year and for opening, 0,26DKK per allocated allowanceEstonia no fee for account opening

EC ?

Finland 75euro/account period, 100-5200euro/acc/year

France

OHA: opening 500euro, 300euro/acc/y, 0.0095 euro/EUA allocated;

PHA: opening 1500 euro; 2500 euro/acc/y

Germany ?

Greece ?

Hungary 35000ft/ev

Ireland ?

Italy no fees, but intention informally communicated to introduce some feesLatvia ?

Liechtenstein ?

Lithuania ?

Luxembourg ?

Malta ?

Malta CPO ?

Netherlands ?

Norway ?

Poland ?

Portugal Opening and maintenance of personal holding accounts: 125 euros, opening andmaintenance of operator holding accounts: 800 euros

Romania ?

Slovakia ?

Slovenia ?

Spain 100 euros - 0,0045 euros by assigned rights up to 12000 euros

Sweden ?

United Kingdom PHA: opening 190, 55 for new users


12/13

12

ANNEX 2

FATF recommendations on customer due diligence and record-keeping:

http://www.fatf-

gafi.org/document/28/0,3746,en_32250379_32236920_33658140_1_1_1_1,00.html

Recommendations 5, 6, 7, 8, 9, 10, 11, 12

Counterparty approval (Know-Your-Customer procedures) in a non-MiFID regulated entity

EXAMPLE 1

The process identifies and assesses the risks associated with a counterparty. The counterparty is

then assigned a risk rating (Low, Medium or High). The process is based on a Balance of Risk.

Each counterparty is assessed on the following basis:

Risk Assessment Areas Risk Assessment Parameters

1) Country of incorporation and/or trading EU / EEA / FATF / Corruption Rating

2) Counterparty Legal Form Individual, Company, Govt Dept, Charity

3) Counterparty ownership investor or state owned, private or listed

4) Counterparty organisation/control Level of complexity and appropriateness

5) Regulated and Market Status Regulated / Market Exchange member

6) Proposed contract type Physical/financial, standard/bespoke

7) Expected pattern/regularity of trading Ongoing / regular / irregular / one-off

8) Fit of proposed contract with

counterpartys business

core product / by product / no obvious link

The matrix is not definitive, there are certain special risk indicators that also need to be

considered:

Entry on International Sanction List

Significant Legal or Regulatory Action

Crime/Corruption Concerns especially VAT Fraud Higher Risk Countries Countries with known corruption problems

Bearer Shares - Unclear ownership/control

Etc.

High Risk counterparties are only approved in exceptional cases (unavoidable counterparty) and

subject to regular review and involvement of: Trading Desk, Credit, Regulation and Settlement.

Contracts may include additional risk mitigation clauses that allow: suspension of trading or

termination of contract. Additional trading limits and/or guidance may be put in place.


13/13

13

EXAMPLE 2:

Request to provide:

Certificate of Incorporation or equivalent

Memorandum and Articles of Association or equivalent

Full style of the Company with contact details (name, function, address, phone, fax, email,

etc.) and bank account details

Confirmation of VAT registration

List of ultimate shareholders/beneficiaries

At least one (prefer two) Bank references from a reputable First Class Bank/Financial

Institution acceptable to the company

At least one (prefer two) trade references from established market participants

Last audited financial statements

In addition to that the identity of primary and secondary account holders should be established

(unless this is already undertaken for the opening of an account with the registry, required as of

1 January 2012 in the currently applicable registry regulation).

ieta comments on eu proposals for enhancing registry security

Documents