Article 36
Supervisory review and evaluation
1.
Competent authorities shall review, to the extent relevant and necessary, taking into account the investment firm’s size, risk profile and business model, the arrangements, strategies, processes and mechanisms implemented by investment firms to comply with this Directive and with Regulation (EU) 2019/2033 and evaluate the following as appropriate and relevant, so as to ensure a sound management and coverage of their risks:
(a)
the risks referred to in Article 29;
(b)
the geographical location of an investment firm’s exposures;
(c)
the business model of the investment firm;
(d)
the assessment of systemic risk, taking into account the identification and measurement of systemic risk under Article 23 of Regulation (EU) No 1093/2010 or recommendations of the ESRB;
(e)
the risks posed to the security of investment firms’ network and information systems to ensure confidentiality, integrity and availability of their processes, data and assets;
(f)
the exposure of investment firms to the interest rate risk arising from non‐trading book activities;
(g)
governance arrangements of investment firms and the ability of members of the management body to perform their duties.
For the purposes of this paragraph, competent authorities shall duly take into account whether investment firms hold a professional indemnity insurance.
2.
Member States shall ensure that competent authorities establish the frequency and intensity of the review and evaluation referred to in paragraph 1, having regard to the size, nature, scale and complexity of the activities of the investment firms concerned and, where relevant, their systemic importance, and taking into account the principle of proportionality.
Competent authorities shall decide on a case‐by‐case basis whether and in which form the review and evaluation is to be carried out with regard to investment firms that meet the conditions for qualifying as small and non‐interconnected investment firms set out in Article 12(1) of Regulation (EU) 2019/2033, only where they deem it to be necessary due to the size, nature, scale and complexity of the activities of those investment firms.
For the purposes of the first subparagraph, national law governing segregation applicable to client money held shall be considered.
3.
When conducting the review and evaluation referred to in point (g) of paragraph 1, competent authorities shall have access to agendas, minutes and supporting documents for meetings of the management body and its committees, and the results of the internal or external evaluation of the performance of the management body.
4.
The Commission is empowered to adopt delegated acts in accordance with Article 58 to supplement this Directive to ensure that the arrangements, strategies, processes and mechanisms of investment firms ensure a sound management and coverage of their risks. The Commission shall thereby take into account developments in financial markets, and in particular the emergence of new financial products, developments in accounting standards and developments that facilitate the convergence of supervisory practices.