法律人 LawPlayer logo

資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex

Regulation

Commission Delegated Regulation (EU) 2025/2180 of 12 September 2025 supplementing Regulation (EU) 2023/2631 of the European Parliament and of the Council with regard to regulatory technical standards specifying the conditions for the registration of external reviewers, the criteria for assessing the sound and prudent management of external reviewers, the appropriateness of the knowledge, experience and training of the external reviewers’ employees, and the conditions under which external reviewers can outsource their assessment activities

CELEX
Delegated Regulation (EU) 2025/2180
Date of document
Articles
11
Source
EUR-Lex
Article 1Criteria to determine sufficiently good repute of senior management and the members of the board of an applicant external reviewer

1.   For the purposes of Article 23(2), point (a)(i), of Regulation (EU) 2023/2631, the good repute of the senior management and the members of the board of an applicant external reviewer shall be considered sufficient where the prior activities, relative to the field of sound and prudent management, of those persons demonstrate that they are able to carry out their functions with honesty and integrity.

2.   For the purposes of paragraph 1, ESMA shall take into account the following information:

(a)

proof of the absence of criminal records relating to money laundering, terrorist financing, provision of financial services or data services, acts of fraud or embezzlement, notably through an official certificate, or, where such a certificate is not available in the relevant Member State, a self-declaration of good repute and the authorisation to ESMA to request such information from the relevant authorities on whether that member has been convicted of a criminal offence in connection with money laundering, terrorist financing, the provision of financial services or data services or in relation to acts of fraud or embezzlement;

(b)

a self-declaration from each of the members of the senior management and of the board of whether that member:

(i)

where proof of the absence of criminal records is not available, has been convicted of any criminal offence;

(ii)

has been subject to an adverse decision in any proceedings of a disciplinary nature in connection with the provision of financial or sustainability-related services brought by a regulatory authority or government body;

(iii)

has been subject to an adverse judicial finding in civil proceedings before a court in connection with the provision of financial or sustainability-related services, or for impropriety or fraud in the management of a legal entity;

(iv)

has been part of the senior management or the board of an undertaking which was subject to an adverse decision or penalty by a regulatory authority or whose registration or authorisation was withdrawn by a regulatory authority;

(v)

has been refused the right to carry out activities which require registration or authorisation by a regulatory authority;

(vi)

has been subject to a fitness and propriety assessment by a regulatory body that has resulted in a negative decision, or a positive assessment subject to specific conditions;

(vii)

has been part of the senior management or board of an undertaking which has gone into insolvency, liquidation or administration while the person was employed by the undertaking or within a year of the person ceasing to be employed by the undertaking;

(viii)

has been fined, suspended, disqualified, or been subject to any other sanction by a professional body related to financial or commercial activities;

(ix)

has been disqualified from acting as a director, disqualified from acting in any managerial capacity, dismissed from employment or other appointment in an undertaking as a consequence of misconduct or malpractice;

(x)

has or has had any relationships, positions or involvement that could, directly or indirectly, affect the interests of an external reviewer and the integrity of its assessment activities;

(c)

the applicant external reviewer shall ensure that only persons responsible for the application have access to the information referred to in paragraph 2, point (a).. That information shall be stored separately from other information regarding the senior management and the members of the board of an external reviewer. Access to that information shall be recorded. That information shall not be stored where it concerns candidate members of the senior management and the members of the board of an applicant external reviewer that have not been appointed;

(d)

ESMA shall ensure that only persons responsible for the assessment of the suitability of the senior management and the members of the board of an applicant external reviewer have access to the information referred to in paragraph 2, point (a). That information shall be stored separately from other information regarding the senior management and the members of the board of an external reviewer. Access to that information shall be recorded. That information shall not be stored where it concerns candidate members of the senior management and the members of the board of an applicant external reviewer that have not been appointed;

(e)

personal data relating to the good repute of senior management and members of the board of an external reviewer shall be kept by external reviewers and ESMA for as long as it is necessary for the assessment of the initial registration and the ongoing supervision, as applicable and no longer than five years after that member has ceased to perform its function or in the event of the withdrawal of the registration of the external reviewer concerned.

Article 2Criteria to determine sufficient skill, professional qualifications and relevant experience of senior management and the members of the board of the applicant external reviewer

1.   ESMA shall determine the skills, professional qualifications, and relevant experience of the senior management and members of the board of an applicant external reviewer to be sufficient as referred to in Article 23(2), points (a)(ii) to (a)(iv), of Regulation (EU) 2023/2631 where those skills, qualifications and that experience are appropriate to the nature and scale of the external reviews to be carried out by the applicant external reviewer and the tasks required of external reviewers pursuant to that Regulation.

2.   For the purposes of paragraph 1, ESMA shall take into account the following information:

(a)

an up-to-date curriculum vitae of each member of the senior management and the board of an external reviewer setting out detailed information relevant to the tasks required of external reviewers pursuant to Regulation (EU) 2023/2631, including:

(i)

details of education, including academic and professional certifications, and other relevant training;

(ii)

employment history, including the scope and duration of the functions performed, highlighting any activities relevant to the business of external reviewers;

(b)

the relevance of the knowledge attained through education and training to financial or sustainability-related services for the business of external reviewers;

(c)

the relevance of professional experience gained in activities related to the tasks to be performed by the external reviewer, such as quality assurance, quality control, the performance of pre-issuance, post-issuance and impact report reviews, and the provision of second-party alignment opinions or of financial services;

(d)

the collective and up-to-date skills, professional qualifications, and experience of the senior management and the members of the board relevant to the tasks required of external reviewers pursuant to Regulation (EU) 2023/2631 and related risks.

Article 3Criteria to determine the sufficient number of analysts, employees and other persons directly involved in assessment activities

1.   ESMA shall determine the number of analysts, employees and other persons directly involved in assessment activities of an external reviewer to be sufficient as referred to in Article 23(2), point (b), of Regulation (EU) 2023/2631 where the number is appropriate to the nature and scale of the external reviews to be carried out by the external reviewer and the tasks required of external reviewers pursuant to that Regulation.

2.   For the purposes of paragraph 1, ESMA shall take into account the following information:

(a)

the total number of analysts, employees and other persons directly involved in assessment activities, their seniority, their job descriptions, the permanent or temporary nature of their employment contracts, and the reasons why the external reviewer considers the numbers and roles to be appropriate;

(b)

the expected number and duration of external reviews to be provided in the next 24 months, and the reasons why the external reviewer considers that the number of employees and other persons directly involved in assessment activities is commensurate to the number and duration of future external reviews.

Article 4Criteria to determine the sufficient level of knowledge, experience and training of analysts, employees and other persons directly involved in assessment activities

1.   ESMA shall determine the knowledge, experience and training of the analysts, employees and other persons directly involved in assessment activities to be sufficient as referred to in Article 23(2), point (a), of Regulation (EU) 2023/2631, where the knowledge, experience and training are appropriate to the nature and scale of the external reviews to be carried out by the external reviewer and the tasks required of external reviewers pursuant to that Regulation.

2.   For the purposes of paragraph 1, ESMA shall take into account the following information:

(a)

the type of assessment activities that the persons directly involved in assessment activities are expected to provide in the next 24 months;

(b)

the employment history of the persons referred to in point (a), including the nature and length of services provided in previous posts and responsibilities held;

(c)

the experience of the persons referred to in point (a) that is related to quality assurance, quality control, the performance of pre-issuance, post-issuance and impact report reviews, and the provision of second-party alignment opinions or financial services;

(d)

the educational background of the persons referred to in point (a) and any relevant professional certifications or qualifications obtained;

(e)

other professional and academic achievements of the persons referred to in point (a) that are relevant for the nature of their functions;

(f)

the training and development plan for the persons referred to in point (a);

(g)

where applicable, the use of automation technology in the assessment activities.

3.   External reviewers shall ensure that they take into account the information referred to in paragraph 2 of this Article to determine the knowledge, experience and training of the analysts, employees and other persons whose services are placed at their disposal or under their control and who are directly involved in assessment activities to be sufficient as referred to in Article 28(1) of Regulation (EU) 2023/2631.

Article 5Criteria for assessing sound and prudent management by external reviewers

1.   When assessing their sound and prudent management, external reviewers shall ensure that the following criteria are fulfilled:

(a)

the corporate governance arrangements specify at least the organisation, scope, purpose, and functioning of the governance bodies of the external reviewer, including clear reporting lines, responsibilities of roles and communication channels;

(b)

there is an internal control framework;

(c)

the organisational arrangements ensure continuity and regularity in the performance of assessment activities, safeguarding of the confidentiality and security of records of the services provided, sound administrative and accounting procedures, and adequate information processing systems;

(d)

the anonymity of whistleblowers is safeguarded and reprisals are prohibited;

(e)

transactions with related parties, employee personal account dealing, outside business activities and the acceptance of gifts and hospitality are reviewed consistently;

(f)

the independence of the employees subject to variable compensation arrangements is ensured;

(g)

the board of the external reviewer adopts the policies and procedures in compliance with this Regulation.

2.   For the purposes of paragraph 1, point (b), external reviewers shall ensure that the internal control framework fulfils the following criteria:

(a)

the internal control mechanisms are adapted to the nature, scale and complexity of the external reviewer;

(b)

the persons responsible for internal controls are able to obtain the information necessary to perform their function and report their findings to the board of the external reviewer;

(c)

the internal control functions are independent and clearly segregated from the business lines performing the assessment activities.

3.   The external reviewer shall evaluate the criteria referred to in paragraphs 1 and 2 prior to providing external review activities and thereafter at least once every 24 months, or as soon as the external reviewer becomes aware of significant deviations from the criteria.

Article 6Criteria for assessing the management of conflicts of interest

1.   When assessing the management of conflicts of interest, external reviewers shall ensure that the following criteria are fulfilled:

(a)

there is a conflicts of interest policy;

(b)

there is an effective compliance process that is appropriate for monitoring the implementation of the conflicts of interest policy, including board oversight;

(c)

there are procedures for training and raising awareness of the content of the conflicts of interest policy to senior management, members of the board, analysts, employees, and any other natural person whose services are placed at the disposal or under the control of the external reviewer, including before those persons first take up their duties;

(d)

an inventory of actual or potential conflicts of interest relevant to the external reviewer is kept, including proposed mitigation measures;

(e)

risk management procedures and preventative and detective controls with respect to the identification, elimination, management, and disclosure of conflicts of interest are in place;

(f)

the conflicts of interest to be eliminated or managed and disclosed in a transparent manner are identified;

(g)

the independence of analysts, employees and other persons directly involved in assessment activities is ensured.

2.   The external reviewer shall evaluate the criteria referred to in paragraph 1 prior to providing external review activities and thereafter at least once every 24 months, or as soon as the external reviewer becomes aware of significant deviations concerning the management of conflicts of interests.

Article 7Criteria for assessing the ability and capacity of third-party service providers to perform assessment activities

1.   When assessing whether third-party service providers are able and have the capacity to perform assessment activities reliably and professionally, external reviewers shall ensure that the following criteria are fulfilled:

(a)

the third-party service provider has expertise in the subject matters of the outsourced activities;

(b)

the third-party service provider is available to provide the outsourced activities for the duration of the planned outsourcing;

(c)

the third-party service provider has in place an internal control framework to ensure the adequate performance of the outsourced activities.

2.   The assessment referred to in paragraph 1 shall take into account the following information in relation to the third-party service provider:

(a)

the business model, services offered, ownership, group structure and status as a regulated or supervised entity;

(b)

the qualifications of the staff involved in the outsourced assessment activities;

(c)

the policies and procedures in place for the performance of the outsourced activities, including the use of accurate and reliable information and data;

(d)

the controls and monitoring activities in place to ensure the effective application of the policies and procedures for the performance of the outsourced activities;

(e)

where applicable, the use of automation technology in the assessment activities;

(f)

legal and regulatory requirements applicable to the activities of the third-party service provider.

Article 8Criteria for ensuring that outsourcing assessment activities does not materially impair the quality of the internal control of the external reviewer

When ensuring that outsourcing of assessment activities does not materially impair the quality of their internal control, external reviewers shall ensure that the following criteria are fulfilled:

(a)

the expected number and type of assessment activities to be outsourced do not give rise to an over-reliance on the third-party service provider;

(b)

safeguards are in place to manage the risks involved in the outsourcing, including dependency risks for the provision of the outsourced assessment activities;

(c)

arrangements are in place for the continuity of service, including contingency plans and periodic testing of back-up facilities;

(d)

arrangements are in place for the security of data and systems, including any use of cloud technology;

(e)

safeguards are in place to ensure that the external reviewer is capable of monitoring and overseeing the outsourced assessment activities;

(f)

where the third-party service provider is contractually permitted to further outsource the performance of the assessment activities, those activities fulfil the criteria set out in points (a) to (e).

Article 9Criteria for ensuring that outsourcing assessment activities does not materially impair ESMA’s ability to supervise compliance of external reviewers

When ensuring that outsourcing does not materially impair ESMA’s ability to supervise external reviewers’ compliance with Regulation (EU) 2023/2631, external reviewers shall ensure that the following criteria are fulfilled:

(a)

an appropriate level of documentation and recordkeeping of all the names and positions of the persons responsible for approving and monitoring the outsourcing is maintained;

(b)

the third-party service provider is capable of providing the external reviewer with all the necessary information concerning outsourced assessment activities required by the external reviewer to demonstrate the external reviewer’s compliance with Regulation (EU) 2023/2631;

(c)

where assessment activities are outsourced to a third-country third-party service provider, the external reviewer and the third-party service provider have in place procedures ensuring the management of risks arising from the following:

(i)

diverging regulatory requirements or legal systems;

(ii)

absence or untimely execution of exit strategies in the event of service interruptions or failures;

(iii)

information and data security incidents;

(iv)

breach of confidential information;

(v)

lack of prompt access for ESMA and the external reviewer to the third-party records, including where those records are maintained in third-country jurisdictions.

Article 10Evaluation of criteria of outsourcing of assessment activities

External reviewers shall evaluate compliance with the criteria set out in this Regulation prior to the start of the outsourced assessment activity and thereafter, at least once every 24 months, or as soon as the external reviewer becomes aware of significant deviations in the ability of third-party service providers to perform the assessment activities reliably and professionally.

Article 11Entry into force

This Regulation shall enter into force and apply on the twentieth day following that of its publication in the Official Journal of the European Union .

11 articles

Cite this act

Commission Delegated Regulation (EU) 2025/2180 of 12 September 2025 supplementing Regulation (EU) 2023/2631 of the European Parliament and of the Council with regard to regulatory technical standards specifying the conditions for the registration of external reviewers, the criteria for assessing the sound and prudent management of external reviewers, the appropriateness of the knowledge, experience and training of the external reviewers’ employees, and the conditions under which external reviewers can outsource their assessment activities (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32025R2180

© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.

EU-EurLex-Reuse-2011-833

本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com