EUR-Lex Access to European Union law
This document is an excerpt from the EUR-Lex website
Document 52023PC0593
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) No 1092/2010, (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010 and (EU) 2021/523 as regards certain reporting requirements in the fields of financial services and investment support
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) No 1092/2010, (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010 and (EU) 2021/523 as regards certain reporting requirements in the fields of financial services and investment support
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) No 1092/2010, (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010 and (EU) 2021/523 as regards certain reporting requirements in the fields of financial services and investment support
COM/2023/593 final
EUROPEAN COMMISSION
Brussels, 17.10.2023
COM(2023) 593 final
2023/0363(COD)
Proposal for a
REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
amending Regulations (EU) No 1092/2010, (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010 and (EU) 2021/523 as regards certain reporting requirements in the fields of financial services and investment support
(Text with EEA relevance)
EXPLANATORY MEMORANDUM
1.CONTEXT OF THE PROPOSAL
•Reasons for and objectives of the proposal
In its Communication Long-term competitiveness of the EU: looking beyond 2030 1 , the Commission has stressed the importance of a regulatory system that ensures that objectives are reached at minimum cost. It is therefore giving a renewed impetus to rationalising and simplifying reporting requirements, with the ultimate aim to reduce such burdens without undermining the related policy objectives.
Reporting requirements play a key role in ensuring correct enforcement and proper monitoring of legislation. Generally, their costs are largely offset by the benefits they bring, in particular in monitoring and ensuring compliance with key policy measures. However, reporting requirements can also impose disproportionate burdens on stakeholders, particularly affecting small and medium-sized enterprises and micro-companies. Their cumulation over time can result in duplication or obsolete reporting obligations, inefficient frequency and timing, or inadequate methods of collection.
Streamlining reporting obligations and reducing administrative burdens is therefore a priority. In this context, the present proposal aims to help rationalise reporting requirements in headline ambition “An economy that works for people”, in two policy areas.
Firstly, in the area of the internal market and specifically the financial services sector, the proposal will facilitate the exchange of information between authorities overseeing the financial sector and the consolidation of reporting currently performed under various requirements. The reporting requirements concern financial institutions and other financial market participants.
Improved data sharing between authorities is one of the objectives of the Strategy on supervisory data in EU financial services 2 . This strategy aims at modernising EU supervisory reporting and at putting in place a system that delivers accurate, consistent, and timely data to supervisory authorities at EU and national level, while minimising the aggregate reporting burden for all relevant parties. The proposal for the exchange of information between authorities overseeing the financial sector aims to avoid duplicative reporting requests where multiple authorities have the power to collect certain data from financial institutions or other market participants (whether the authorities already collect it or not) but lack the explicit legal basis to share it among themselves. The proposal is complemented by a mandate for the authorities to regularly review and remove reporting requirements that have become redundant or obsolete for instance due to enhanced information exchange. This will avoid that businesses have to report the same information twice. It also aims to facilitate access to clean or processed versions of such data (as opposed to all authorities having to clean and process the data separately) 3 .
In addition, to ensure that the utility of the information reported by companies is maximised, the proposal will also increase the ability of the Commission to obtain data to prepare policies and carry out impact assessments and evaluations. This will support evidence-informed policymaking in accordance with the Commission’s better regulation agenda, while avoiding the costs (both for the Commission and the entities providing the information) that would otherwise be incurred in collecting the information through other means. The access would be limited to data that does not make possible the identification of individual entities.
To further improve the utility of the reported data, the proposal also aims to support the use of information for the purpose of research and innovation in financial services, by allowing, under strict conditions, the sharing of information held by authorities with financial institutions, researchers, and other entities with a legitimate interest. In so doing, this proposal complements Regulation (EU) 2022/868 (Data Governance Act) by creating a sector-specific provision in EU law that permits the reuse of data collected by authorities for research and innovation activities. The proposal will permit authorities to share relevant information obtained as part of their duties, subject to the safeguards on personal data, intellectual property rights and business confidentiality.
Secondly, in the policy areas of competitiveness, growth, employment, innovation, social resilience, cohesion and strategic investments, the proposal aims to rationalise the requirements for reporting on implementation of the InvestEU Programme, as provided for in Article 28(4) of Regulation (EU) 2021/523 (the InvestEU Regulation). The requirements cover the following sectors: access to finance for SMEs and investment support to companies in sustainable infrastructure, research, innovation and digitisation, and social investment and skills.
The reporting requirements under the InvestEU Regulation concern implementing partners, financial intermediaries, SMEs and other companies. The proposal changes the reporting frequency from biannual to annual, which reduces the workload and administrative burden across all InvestEU windows (i.e. Sustainable infrastructure, SMEs, Research, innovation and digitisation, social investment and skills), with negligible implications on implementation of the programme.
•Consistency with existing policy provisions in the policy area
The proposal is part of a first package of measures to streamline and rationalise reporting requirements. This is one step in a process looking comprehensively at existing reporting requirements, with a view to assess their continued relevance and to make them more efficient. It builds on existing rules that already provide for information exchange between authorities in a given sector of financial services, by strengthening the legal basis for data sharing between authorities, including across sectors.
As regards the proposed measures on data sharing in the financial sector, these will deliver efficiencies without affecting the achievement of objectives in this policy area. This is because the proposal will not reduce the availability and quality of information to public authorities overseeing the financial sector in their pursuit of maintaining financial stability, market integrity and protection of investors and consumers of financial services. Rather, the measures will enable a more efficient collection and processing of the information.
The proposal also aims to make it easier for financial institutions and other entities with a legitimate interest to access information obtained by authorities for research and innovation activities. This is consistent with the objectives set out in the Digital Finance Strategy for the EU 4 to support the digital transformation of the financial sector. It is also consistent with the Data Governance Act, which facilitates the voluntary sharing of data protected under EU and national law and held by public sector bodies in Member States. The proposal permits authorities to share information obtained as part of their duties subject to the safeguards on personal data, intellectual property rights and business confidentiality.
As regards the InvestEU Programme, the move from biannual to annual reporting does not impact the added value and overall content of the reporting; this is provided by the implementing partners for all InvestEU financing and investment operations on a cumulative basis. Therefore, the proposed simplification will have no impact on the achievement of the Programme’s policy objectives. Monitoring the achievement of the Programme’s objectives at the level of key performance and monitoring indicators already takes place on an annual basis. In addition, the contractual set-up with implementing partners requires policy dialogues between the Commission and implementing partners to exchange regularly on implementation. During the year, it also provides for a light progress reporting on InvestEU supported operations, which will be continued for monitoring purposes. The proposed amendment will harmonise the reporting requirements included in the InvestEU Regulation in line with the requirements of Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council 5 (the ‘Financial Regulation’). The simplification fully respects accountability to EU citizens in the sense that the Commission, in line with Article 28(3) of the InvestEU Regulation, will continue reporting annually to the European Parliament and to the Council on the InvestEU Programme, in particular in the form of the reports provided for under Articles 41(5) and 250 of the Financial Regulation.
•Consistency with other Union policies
Under the regulatory fitness and performance (REFIT) programme, the Commission ensures that its legislation is fit for purpose, targeted to the needs of stakeholders and minimises burdens while achieving its objectives. This proposal is therefore part of the REFIT programme, as it reduces the complexity of reporting burdens arising from the EU legal environment.
While certain reporting requirements are essential, they need to be as efficient as possible, avoiding overlaps, removing unnecessary burdens, and using as much as possible digital and interoperable solutions.
The proposal rationalises reporting requirements, thus making the achievement of the legislation’s objectives more efficient and less burdensome.
The proposed measures concerning the financial sector aim to facilitate the sharing of data between authorities and to avoid duplicative and redundant reporting requests to financial institutions and other reporting entities, with related cost savings. They also aim to increase the usefulness of the information, enabling its wider uses under strict conditions, while limiting additional costs on companies and authorities.
The proposal to reduce the frequency of reporting on implementation of the InvestEU Programme will make achieving the legislation’s objectives more efficient and less burdensome for InvestEU implementing partners and, consequently, for the micro-enterprises, SMEs and other companies, and financial intermediaries who have to provide data to the implementing partners for reporting purposes.
2.LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY
•Legal basis
The proposal amends existing regulations. Hence, the legal basis for the proposal is the same as the legal basis of the amended Regulations, namely Article 114 TFEU for the measures in the area of financial services and Articles 173 and 175(3) TFEU for the InvestEU measure.
•Subsidiarity (for non-exclusive competence)
The reporting requirements concerned are imposed by EU law. Their rationalisation is therefore best done at EU level to ensure legal certainty and consistency of reporting. This will ensure a level playing field for companies and authorities across the EU, which will be benefiting from the rationalisation of reporting requirements arising from this proposal.
•Proportionality
The rationalisation of reporting requirements simplifies the legal framework by introducing minimum changes to existing requirements that do not affect the substance of the wider policy objective. The proposal is therefore limited to those changes that are necessary to ensure reporting that is more efficient without changing any of the substantial elements of the legislation concerned.
•Choice of the instrument
The proposal covers legislation with a compatible legal basis. The targeted amendments only concern reporting requirements and are suitable therefore to be included in a single proposal.
3.RESULTS OF EX POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS
•Ex post evaluations/fitness checks of existing legislation
Regarding the measures to facilitate data sharing between authorities, in 2019 the Commission published a comprehensive fitness check of EU supervisory reporting requirements in the financial sector 6 . This identified data sharing as one of the areas for improvement. As a result, in its 2021 strategy on supervisory data in EU financial services, the Commission undertook to propose removing any undue legal obstacles to data sharing between authorities. This is to reduce the burden on reporting companies by avoiding duplicative data requests. This includes measures to facilitate data sharing in sectoral legislation, which are complemented by the measures spanning the wider financial sector in this proposal.
•Stakeholder consultations
From June to September 2022, in the context of implementing the strategy on supervisory data in EU financial services, the Commission conducted a targeted consultation of authorities overseeing the EU financial system in order to identify barriers to data sharing among them. Of the 58 respondents, almost 70% reported facing legal obstacles to data sharing when requesting data from other authorities, and 40% did so when wanting to provide such data to other authorities. As regards the sharing of data for research and innovation activities, 43% of authorities replied that they currently share data for this purpose, with 36% responding that they encountered obstacles in doing so, including the lack of a legal basis.
The results of the consultation were presented and further analysed in a workshop, held on 16 February 2023, with more than 130 representatives of the said authorities. 7 There was wide support for more sharing of data between authorities in the banking, insurance and financial markets sectors, and also across the sectors, to improve the use of collected data and to reduce redundant reporting. At the workshop, authorities generally took the view that strengthening and clarifying the legal basis for data sharing in EU legislation is important. They considered that both targeted changes in sectoral legislation and horizontal enabling provisions would be needed to deliver a comprehensive, systematic and future-proof outcome.
The Commission also presented possible elements of the proposal to the Expert Group on Banking, Payments and Insurance (Open Finance) on 30 March 2023. While the detailed provisions were not discussed, experts expressed support for improved data sharing at the general level, while clearly defining the scope of authorities and not interfering with the existing divisions of competences.
Regarding the InvestEU Programme, the proposal to reduce the reporting frequency has taken into account the feedback from implementing partners and their intermediaries, who consider that the reporting requirements are cumbersome.
•Collection and use of expertise
The proposal has been identified following a process of internal scrutiny of existing reporting obligations and is based on experience in implementing the related legislation. Since this is a step in the process of continuous assessment of reporting requirements arising from EU legislation, the scrutiny of such burdens and of their impact on stakeholders will continue.
•Impact assessment
The proposal concerns limited and targeted changes of legislation in view of rationalising reporting requirements. The main measures are based on experience in implementing legislation. As the proposed targeted changes ensure a more efficient and effective implementation of existing policies and there is a lack of different relevant policy options, an impact assessment is not necessary.
•Regulatory fitness and simplification
This is a REFIT proposal, aiming to simplify legislation and cut burdens for stakeholders.
The provisions on the exchange of information between authorities in the financial sector represent a first step towards a system where entities report data only once, and where the data is shared and reused as needed by the various authorities overseeing the financial system in the EU. The provisions will therefore help avoid duplicative reporting by entities, and promote cooperation between authorities, thereby reducing costs.
The proposed provisions do not impose data sharing between authorities. Sharing the data would remain subject to a voluntary request but would become easier to implement. Therefore, while the provisions are expected to contribute to reducing administrative burden for reporting entities and authorities, their exact impact cannot be estimated prospectively. This is also due to the future-proof nature of this policy that will allow authorities to use the enabling provisions to change and adapt data sharing arrangements to respond to their constantly evolving information needs.
Implementing the strategy on supervisory data in EU financial services, including the proposal as part of it, will enable a more effective and efficient use of modern technologies, because it will improve the clarity and consistency of supervisory reporting requirements and increase data standardisation. The use of such solutions will facilitate data sharing and more generally further reduce the administrative burden for companies. It will also increase the accuracy and timeliness of the data received by authorities and improve their capacity to analyse it.
Access to more complete and accurate information will improve the ability of the Commission to estimate the impacts of its proposals, and to monitor them over time, which is a prerequisite for keeping costs at a minimum.
Creating a specific provision in EU financial services law that permits the reuse of data collected by authorities for research and innovation activities will enhance the utility of the reported data for financial institutions, researchers, and other entities with a legitimate interest. In so doing, it can simply provide access to such information held by authorities and enable more opportunities to test products and business models.
Reducing the frequency of reporting on implementation of the InvestEU Programme will decrease the reporting burden for implementing partners and the financial intermediaries, SMEs and other companies affected by the requirements.
•Fundamental rights
The fundamental rights of data protection, privacy and property (concerning proprietary rights in certain data, which is commercially confidential or protected by intellectual property rights) are respected. The sharing of data obtained by authorities is subject to safeguards on personal data, intellectual property rights and business confidentiality, also in accordance with Articles 7, 8, 17 and 38 of the Charter of Fundamental Rights of the European Union.
4.BUDGETARY IMPLICATIONS
There are no budgetary implications. The provisions do not require the sharing of data between authorities overseeing the financial sector. Such sharing only follows the voluntary request from one authority to another, and there is a possibility to make arrangements to share costs and benefits between the sharing and requesting authorities. For the requesting authority, there are cost savings that come from otherwise having to obtain the information through other routes that would also impose costs on those having to provide this information. The provision on the sharing of data held by one authority with financial institutions, researchers, and other entities with a legitimate interest is voluntary and does not impose new costs or any administrative burden.
5.OTHER ELEMENTS
•Implementation plans and monitoring, evaluation and reporting arrangements
N/A.
•Detailed explanation of the specific provisions of the proposal
The proposed amendments to Regulation (EU) 1092/2010, Regulation (EU) 1093/2010, Regulation (EU) 1094/2010 and Regulation (EU) 1095/2010 set out how authorities overseeing the EU financial sector may share with each other information that they have obtained in carrying out their duties. The objective is to avoid duplicative requests to financial institutions and other reporting entities when two or more authorities have the right to collect the same information. Such sharing should respect all applicable data protection, intellectual property and professional secrecy standards. It should not in any way restrict sharing that is already happening between authorities but rather offer an additional channel for sharing. The proposed amendments also aim at ensuring that the Commission has access to information for evidence-based law-making; for such purposes, the Commission does not need to be able to identify individual entities. Since the same type of information could be useful, for the performance of their tasks, also more broadly to authorities overseeing the financial sector, the proposed amendments introduce the same possibility for them to obtain it. The proposed amendments also enable innovation by allowing competent authorities, at their own initiative, to share information they obtain from EU or national reporting obligations with financial institutions, researchers, and other entities with a legitimate interest, provided that specific conditions are met to safeguard this data.
The proposed amendments mandate authorities to systematically scan existing reporting requirements and remove redundant and obsolete ones, reduce reporting costs and consider reusing existing reporting before introducing new requirements.
The proposed amendment to paragraph 4 of Article 28 of Regulation (EU) 2021/523 reduces from biannual to annual the frequency of reporting by implementing partners on implementation of the InvestEU Programme.
2023/0363 (COD)
Proposal for a
REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
amending Regulations (EU) No 1092/2010, (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010 and (EU) 2021/523 as regards certain reporting requirements in the fields of financial services and investment support
(Text with EEA relevance)
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114, Article 173 and Article 175, third paragraph, thereof,
Having regard to the proposal from the European Commission,
After transmission of the draft legislative act to the national parliaments,
Having regard to the opinion of the European Economic and Social Committee 8 ,
Having regard to the opinion of the Committee of the Regions 9 ,
Acting in accordance with the ordinary legislative procedure,
Whereas:
(1)Reporting requirements play a key role in ensuring proper monitoring and correct enforcement of legislation. However, it is important to streamline those requirements, in order to ensure that they fulfil their intended purpose and to limit the administrative burden.
(2)Streamlining reporting obligations and reducing administrative burdens is therefore a priority, including as regards reporting requirements in the financial sector and as regards the frequency of reporting related to the InvestEU Programme established under Regulation (EU) 2021/523 of the European Parliament and of the Council 10 .
(3)Regulations (EU) No 1092/2010 11 , (EU) No 1093/2010 12 , (EU) No 1094/2010 13 , (EU) No 1095/2010 14 of the European Parliament and of the Council and Regulation (EU) 2021/523 contain a number of reporting requirements which should be simplified, in line with the Commission’s Communication on ‘Long-term competitiveness of the EU: looking beyond 2030’ 15 .
(4)Financial institutions and other entities active on financial markets are required to report a wide range of information to enable Union and national authorities overseeing the financial system to monitor risks, ensure financial stability and market integrity, and protect investors and consumers of financial services in the Union. The European Supervisory Authorities should regularly review the reporting requirements and propose, where appropriate, to streamline and remove redundant or obsolete requirements. They should coordinate this work via the Joint Committee of the European Supervisory Authorities. Facilitating the sharing and reuse of the information collected by authorities, while safeguarding data protection, professional secrecy and intellectual property, should reduce the burden on reporting entities and on authorities by avoiding duplicative requests, in line with the Strategy on supervisory data in EU financial services. Information sharing should also contribute to better coordination of supervisory activities and supervisory convergence.
(5)To that end, where two authorities are entitled to collect certain information from financial institutions or other reporting entities, they should be able to collect it only once and share it with each other, as opposed to both collecting the same information, including where those authorities are entitled to collect the information from different reporting entities or authorities. With the same objective of improving efficiency in the collection, processing and use of information, authorities that enhance information by cleaning or enriching it should also be able to share such enhanced information.
(6)Such sharing of information should be complementary to the existing possibilities of information exchange provided for in Union law, and should not in any case restrict those existing possibilities.
(7)The Commission requires accurate and comprehensive information to develop policies, evaluate existing legislation and assess the impact of potential legislative and non-legislative initiatives, including during negotiations of legislative proposals. The sharing by authorities with the Commission of information that financial institutions or other entities have reported to those authorities pursuant to their obligations under Union law, should help in providing an evidence-based foundation for the formulation and evaluation of Union policies. For that purpose, such information should be in a form that does not allow the identification of individual entities and does not contain personal data. Authorities may also benefit from anonymised data and therefore should also share such information among themselves where necessary for the fulfilment of their tasks.
(8)Innovation cycles in the financial sector are accelerating, becoming more open and increasingly collaborative. To that end, authorities should be able to share information with financial institutions, researchers, and other entities for the purposes of research and innovation beyond the initial purpose for which the information was collected. The sharing of such information held by authorities should enhance its utility by expanding the information available for financial sector research and provide more opportunities to test products and business models as well as greater collaboration between various financial market participants, including fintech, start-ups and incumbent financial institutions. The re-use of data shared by competent authority is governed by the general framework for the re-use of data set out in Chapter II of Regulation (EU) 2022/868 of the European Parliament and of the Council 16 . However, considering the sensitive nature of the data received for supervision purposes by the authorities in the financial sector, specific mandatory conditions should be introduced for the re-use of this data, including the anonymisation of personal and non-personal data which would not allow the identification of individual financial institutions and the protection of confidential information.
(9)The change of frequency of the reporting on the InvestEU Programme by implementing partners from biannual to annual should reduce the workload of the implementing partners, the financial intermediaries, SMEs and other companies without changing any of the substantive elements of Regulation (EU) 2021/523.
(10)Regulations (EU) No 1092/2010, (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010, and (EU) 2021/523 should therefore be amended accordingly,
HAVE ADOPTED THIS REGULATION:
Article 1
Amendments to Regulation (EU) No 1092/2010
Regulation (EU) No 1092/2010 is amended as follows:
1.in Article 8, paragraph 3 is replaced by the following:
‘3. Without prejudice to Articles 15 and 16 and the application of criminal law, no confidential information received by the persons referred to in paragraph 1 whilst performing their duties shall be divulged to any person or authority whatsoever, except in summary or aggregate form, such that individual financial institutions cannot be identified.’;
2.in Article 15, the following paragraphs are added:
‘8. The ESRB shall share, on a case-by-case or regular basis, information it obtained from another authority referred to in paragraph 2 or another member authority of the ESFS in carrying out its duties, when requested by another of those authorities, or another competent authority as defined in Article 4, point (2), of Regulation (EU) No 1093/2010, in Article 4, point (2), of Regulation (EU) No 1094/2010, or in Article 4, point (3) of Regulation (EU) No 1095/2010, or the authorities defined in Article 2, point (1), of Directive (EU) …/… of the European Parliament and of the Council 17 , provided that the requesting authority has the power to obtain that same information from financial institutions or other competent authorities pursuant to Union law.
9. The request for exchange of information pursuant to paragraph 8 shall duly indicate the legal basis under Union law allowing the requesting authority to obtain the information from financial institutions or another authority referred to in that paragraph. The requesting authority and the ESRB shall be subject to the obligations of professional secrecy and data protection provisions laid down in Article 8 and in sectoral legislation applicable to the sharing of data between the financial institution or another authority referred to in paragraph 8 and the requesting authority, as well as to the sharing of data between another authority referred to in that paragraph and the ESRB. The ESRB shall inform each relevant authority about such exchange of information without undue delay.
10. Paragraphs 8 and 9 shall also apply to information that the ESRB has received from another authority referred to in paragraph 8 and upon which the ESRB has subsequently performed quality checks or which the ESRB has otherwise processed.
11. For sharing information as referred to in paragraphs 8, 9 and 10, the authorities referred to in paragraph 8 may enter into memoranda of understanding to specify the modalities of the exchange of information. They may also specify arrangements for the sharing of resources for the collection and processing of such shared data.
12. Paragraphs 8, 9 and 10 shall be without prejudice to the protection of intellectual property rights and shall not prevent or restrict the exchange of information between the authorities referred to in paragraph 8 in accordance with provisions in other Union legislation. Where paragraph 8, 9 or 10 conflicts with provisions in other Union legislation that regulate the exchange of information between the authorities referred to in paragraph 8, the provisions in such other Union legislation shall prevail.
13. Without prejudice to other obligations laid down in Union law for sharing information, the ESRB shall, upon justified request and on a case-by-case basis, share with the Commission or one of the authorities referred to in paragraph 8 information that other authorities have reported to it pursuant to their obligations under Union law. The ESRB shall transmit that information in a form that does not allow the identification of individual entities and does not contain personal data.
14. The ESRB may grant access to information obtained when carrying out its duties for re-use by financial institutions, researchers and other entities with a legitimate interest in such information for research and innovation purposes, provided that the ESRB has ensured that all of the following has been complied with:
(a) the information has been anonymised, in such a manner that the data subject or the financial institution is not or no longer identifiable;
(b) the information has been modified, aggregated or treated by any other method of disclosure control to protect confidential information, including trade secrets or content covered by intellectual property rights.
Information received from another authority shall only be shared with the agreement of the authority that initially obtained the information.’
Article 2
Amendments to Regulation (EU) No 1093/2010
Regulation (EU) No 1093/2010 is amended as follows:
1.in Article 29(1), point (d) is replaced by the following:
‘(d) reviewing the application of the relevant regulatory and implementing technical standards adopted by the Commission, and of the guidelines and recommendations issued by the Authority and proposing amendments where appropriate, including to remove redundant or obsolete reporting requirements and minimise costs;’;
2.in Article 30(3), the following point (e) is added:
‘(e) the effectiveness of national reporting requirements and the degree of convergence of such requirements with the ones set out in Union law.’;
3.in Article 35, paragraph 4 is replaced by the following:
‘4. Before requesting information in accordance with this Article and in order to avoid the duplication of reporting obligations, the Authority shall take account of information collected by other authorities referred to in Article 35a(1) and any relevant existing statistics produced and disseminated by the European Statistical System and the European System of Central Banks.’;
4.the following Article 35a is inserted:
‘Article 35a
Information exchange between authorities and with other entities
1. The Authority and the competent authorities shall share with other authorities, on a case-by-case or regular basis, information they obtained from financial institutions or other competent authorities in carrying out their duties, when requested by the other European Supervisory Authorities, the ESRB or competent authorities as defined in Article 4, point (2), of this Regulation, in Article 4, point (2), of Regulation (EU) No 1094/2010 or in Article 4, point (3) of Regulation (EU) No 1095/2010, or the authorities defined in Article 2, point (1), of Directive (EU) …/… of the European Parliament and of the Council 18 , provided that the authority requesting that information is, pursuant to Union law, entitled to obtain that same information from financial institutions or other competent authorities. For the purposes of this Article, ‘financial institution’ means a ‘financial institution’ as defined in Article 2, point (a), of Regulation (EU) No 1092/2010.
2. The request for exchange of information shall duly indicate the legal basis under Union law allowing the requesting authority to obtain the information from financial institutions or other competent authorities. The requesting authority and the sharing authority shall be subject to the obligations of professional secrecy and data protection laid down in Articles 70 and 71 and in sectoral legislation applicable to the sharing of data between the financial institution and the requesting authority as well as to the sharing of data between the financial institution and the sharing authority. The sharing authority shall inform each relevant financial institution or other competent authority about such exchange of information without undue delay.
3. Paragraphs 1 and 2 shall also apply to information that the sharing authority has received from a financial institution or another authority referred to in paragraph 1 and upon which the sharing authority has subsequently performed quality checks or which the sharing authority has otherwise processed.
4. For sharing information as referred to in paragraphs 1, 2 and 3, the authorities referred to in paragraph 1 may enter into memoranda of understanding to specify the modalities of the exchange of information. They may also specify arrangements for the sharing of resources for the collection and processing of such shared data.
5. Paragraphs 1 to 4 shall be without prejudice to the protection of intellectual property rights and shall not prevent or restrict the exchange of information between the authorities referred to in paragraph 1 in accordance with provisions in other Union legislation. Where the provisions in this Article conflict with provisions in other Union legislation that regulate the exchange of information between the authorities referred to in paragraph 1, the provisions in such other Union legislation shall prevail.
6. Without prejudice to other obligations laid down in Union law for sharing information, the Authority and the competent authorities shall, upon justified request, share on a case-by-case basis, with the Commission or one of the authorities referred to in paragraph 1, information that financial institutions have reported to them pursuant to their duties under Union law. The Authority and the competent authorities shall transmit that information in a form that does not allow the identification of individual entities and does not contain personal data.
7. The Authority and the competent authorities may grant access to information obtained when carrying out their duties for re-use by financial institutions, researchers and other entities with a legitimate interest in such information for research and innovation purposes, provided that the Authority has ensured that all of the following has been complied with:
(a) the information has been anonymised, in such a manner that the data subject or the financial institution is not or no longer identifiable;
(b) the information has been modified, aggregated or treated by any other method of disclosure control to protect confidential information, including trade secrets or content covered by intellectual property rights.
Information received from another authority shall only be shared with the agreement of the authority that initially obtained the information.’;
5.in Article 54(2), the following indent is added:
‘ — reporting requirements and the collection of information from financial institutions.’;
6.In Article 70, paragraph 3 is replaced by the following:
‘3. Paragraphs 1 and 2 shall not prevent the Authority from exchanging information with competent authorities, other ESAs, the ESRB and the authorities defined in Article 2, point (1), of Directive (EU) …/… 19 – in accordance with this Regulation and with other Union legislation applicable to financial institutions.’.
Article 3
Amendments to Regulation (EU) No 1094/2010
Regulation (EU) No 1094/2010 is amended as follows:
1.in Article 29(1), point (d) is replaced by the following:
‘(d) reviewing the application of the relevant regulatory and implementing technical standards adopted by the Commission, and of the guidelines and recommendations issued by the Authority and proposing amendments where appropriate, including to remove redundant or obsolete reporting requirements and minimise costs;’;
2.in Article 30(3), the following point (e) is added:
‘(e) the effectiveness of national reporting requirements and the degree of convergence of such requirements with the ones set out in Union law.’;
3.in Article 35, paragraph 4 is replaced by the following:
‘4. Before requesting information in accordance with this Article and in order to avoid the duplication of reporting obligations, the Authority shall take account of information collected by other authorities referred to in Article 35a(1) and any relevant existing statistics produced and disseminated by the European Statistical System and the European System of Central Banks.’;
4.the following Article 35a is inserted:
‘Article 35a
Information exchange between authorities and with other entities
1. The Authority and the competent authorities shall share with other authorities, on a case-by-case or regular basis, information they obtained from financial institutions or other competent authorities in carrying out their duties, when requested by the other European Supervisory Authorities, the ESRB or competent authorities as defined in Article 4, point (2) of this Regulation, in Article 4, point (2), of Regulation (EU) No 1093/2010 or in Article 4, point (3), of Regulation (EU) No 1095/2010, or the authorities defined in Article 2, point (1), of Directive (EU) …/… of the European Parliament and of the Council 20 , provided that the authority requesting the information is, pursuant to Union law, entitled to obtain that same information from financial institutions or other competent authorities. For the purposes of this Article, ‘financial institution’ means a ‘financial institution’ as defined in Article 2, point (a), of Regulation (EU) No 1092/2010.
2. The request for exchange of information shall duly indicate the legal basis under Union law allowing the requesting authority to obtain the information from financial institutions or other competent authorities. The requesting authority and the sharing authority shall be subject to the obligations of professional secrecy and data protection laid down in Articles 70 and 71 and in sectoral legislation applicable to the sharing of data between the financial institution and the requesting authority as well as to the sharing of data between the financial institution and the sharing authority. The sharing authority shall inform each relevant financial institution or other competent authority about such exchange of information without undue delay.
3. Paragraphs 1 and 2 shall also apply to information that the sharing authority has received from a financial institution or another authority referred to in paragraph 1 and upon which the sharing authority has subsequently performed quality checks or which the sharing authority has otherwise processed.
4. For sharing information as referred to paragraphs 1, 2 and 3, the authorities referred to in paragraph 1 may enter into memoranda of understanding to specify the modalities of the exchange of information. They may also specify arrangements for the sharing of resources for the collection and processing of such shared data.
5. Paragraphs 1 to 4 shall be without prejudice to the protection of intellectual property rights and shall not prevent or restrict the exchange of information between the authorities referred to in paragraph 1 in accordance with provisions in other Union legislation. Where the provisions in this Article conflict with provisions in other Union legislation that regulate the exchange of information between the authorities referred to in paragraph 1, the provisions in such other Union legislation shall prevail.
6. Without prejudice to other obligations laid down in Union law for sharing information, the Authority and the competent authorities shall, upon justified request, share on a case-by-case basis with the Commission or one of the authorities referred to in paragraph 1, information that financial institutions have reported to them pursuant to their duties under Union law. The Authority and the competent authorities shall transmit that information in a form that does not allow the identification of individual entities and does not contain personal data.
7. The Authority and the competent authorities may grant access to information obtained when carrying out their duties for re-use by financial institutions, researchers and other entities with a legitimate interest in such information for research and innovation purposes, provided that the Authority has ensured that all of the following has been complied with:
(a) the information has been anonymised, in such a manner that the data subject or the financial institution is not or no longer identifiable;
(b) the information has been modified, aggregated or treated by any other method of disclosure control to protect confidential information, including trade secrets or content covered by intellectual property rights.
Information received from another authority shall only be shared with the agreement of the authority that initially obtained the information. ’;
5.in Article 54(2), the following indent is added:
‘ — reporting requirements and the collection of information from financial institutions.’;
6.in Article 70, paragraph 3 is replaced by the following:
‘3. Paragraphs 1 and 2 shall not prevent the Authority from exchanging information with competent authorities, other ESAs, the ESRB and the authorities defined in Article 2, point (1), of Directive (EU) …/… 21 in accordance with this Regulation and with other Union legislation applicable to financial institutions.’.
Article 4
Amendments to Regulation (EU) No 1095/2010
Regulation (EU) No 1095/2010 is amended as follows:
1.in Article 29(1), point (d) is replaced by the following:
‘(d) reviewing the application of the relevant regulatory and implementing technical standards adopted by the Commission, and of the guidelines and recommendations issued by the Authority and proposing amendments where appropriate, including to remove redundant or obsolete reporting requirements and minimise costs;’;
2.in Article 30(3), the following point (e) is added:
‘(e) the effectiveness of national reporting requirements and the degree of convergence of such requirements with the ones set out in Union law.’;
3.in Article 35, paragraph 4 is replaced by the following:
‘4. Before requesting information in accordance with this Article and in order to avoid the duplication of reporting obligations, the Authority shall take account of information collected by other authorities referred to in Article 35a(1) and any relevant existing statistics produced and disseminated by the European Statistical System and the European System of Central Banks.’;
4.the following Article 35a is inserted:
‘Article 35a
Information exchange between authorities and with other entities
1. The Authority and the competent authorities shall share with other authorities, on a case-by-case or regular basis, information they obtained from financial institutions or other competent authorities in carrying out their duties, when requested by the other European Supervisory Authorities, the ESRB or competent authorities as defined in Article 4, point (3) of this Regulation, in Article 4, point (2), of Regulation (EU) No 1093/2010 or in Article 4, point (2), of Regulation (EU) No 1094/2010, or the authorities defined in Article 2, point (1), of Directive (EU) …/… of the European Parliament and of the Council 22 , provided that the authority requesting that information is, pursuant to Union law, entitled to obtain that same information from financial institutions or other competent authorities. For the purposes of this Article, ‘financial institution’ means a ‘financial institution’ as defined in Article 2, point (a), of Regulation (EU) No 1092/2010.
2. The request for exchange of information shall duly indicate the legal basis under Union law allowing the requesting authority to obtain the information from financial institutions or other competent authorities. The requesting authority and the sharing authority shall be subject to the obligations of professional secrecy and data protection laid down in Articles 70 and 71 and in sectoral legislation applicable to the sharing of data between the financial institution and the requesting authority as well as to the sharing of data between the financial institution and the sharing authority. The sharing authority shall inform each relevant financial institution or other competent authority about such exchange of information without undue delay.
3. Paragraphs 1 and 2 shall also apply to information that the sharing authority has received from a financial institution or another authority referred to in paragraph 1 and upon which the sharing authority has subsequently performed quality checks or which the sharing authority has otherwise processed.
4. For sharing information as referred to in paragraphs 1, 2 and 3, the authorities referred to in paragraph 1 may enter into memoranda of understanding to specify the modalities of the exchange of information. They may also specify arrangements for the sharing of resources for the collection and processing of such shared data.
5. Paragraphs 1 to 4 shall be without prejudice to the protection of intellectual property rights and shall not prevent or restrict the exchange of information between the authorities referred to in paragraph 1 in accordance with provisions in other Union legislation. Where the provisions in this Article conflict with provisions in other Union legislation that regulate the exchange of information between the authorities referred to in paragraph 1, the provisions in such other Union legislation shall prevail.
6. Without prejudice to other obligations laid down in Union law for sharing information, the Authority and the competent authorities shall, upon justified request, share on a case-by-case basis with the Commission or one of the authorities referred to in paragraph 1, information that financial institutions have reported to them pursuant to their duties under Union law. The Authority and the competent authorities shall transmit that information in a form that does not allow the identification of individual entities and does not contain personal data.
7. The Authority and the competent authorities may grant access to information obtained when carrying out their duties for re-use by financial institutions, researchers and other entities with a legitimate interest in such information for research and innovation purposes, provided that the Authority has ensured that all of the following has been complied with:
(a) the information has been anonymised, in such a manner that the data subject or the financial institution is not or no longer identifiable;
(b) the information has been modified, aggregated or treated by any other method of disclosure control to protect confidential information, including trade secrets or content covered by intellectual property rights.
Information received from another authority shall only be shared with the agreement of the authority that initially obtained the information.’;
5.in Article 54(2), the following indent is added:
‘ — reporting requirements and the collection of information from financial market participants.’;
6.in Article 70, paragraph 3 is replaced by the following:
‘3. Paragraphs 1 and 2 shall not prevent the Authority from exchanging information with competent authorities, other ESAs, the ESRB and the authorities defined in Article 2, point (1), of Directive (EU) …/… 23 in accordance with this Regulation and with other Union legislation applicable to financial market participants.’
Article 5
Amendments to Regulation (EU) 2021/523
In Article 28 of Regulation (EU) No 2021/523, paragraph 4 is replaced by the following:
‘4. Once a year, each implementing partner shall submit a report to the Commission on the financing and investment operations covered by this Regulation, broken down by EU compartment and Member State compartment, as appropriate. Each implementing partner shall also submit information on the Member State compartment to the Member State whose compartment it implements. The report shall include an assessment of compliance with the requirements on the use of the EU guarantee and with the key performance indicators laid down in Annex III to this Regulation. The report shall also include operational, statistical, financial and accounting data on each financing or investment operation and an estimation of expected cash flows, at the level of compartment, policy window and the InvestEU Fund. The report from the EIB Group and, where appropriate, from other implementing partners, shall also include information on barriers to investment encountered when carrying out financing and investment operations covered by this Regulation. The reports shall contain the information the implementing partners have to provide under point (a) of Article 155(1) of the Financial Regulation.’
Article 6
Entry into force
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels,
For the European Parliament For the Council
The President The President
