1.   A CSD shall put in place a policy in relation to conflicts of interest arising or affecting the CSD or its activities, including with respect to outsourcing arrangements.

2.   Where a CSD is part of a group of undertakings, its organisational administrative arrangements shall take into account any circumstances, of which the CSD is or should be aware, which may give rise to a conflict of interest arising as a result of the structure and business activities of other undertakings of the same group.

3.   Where a CSD shares the functions of chief risk officer, chief compliance officer, chief technology officer, or internal audit with other entities of the group, the governance arrangements shall ensure that related conflicts of interest at group level are appropriately managed.

4.   The organisational and administrative arrangements referred to in Article 26(3) of Regulation (EU) No 909/2014 shall include a description of the circumstances which may give rise to a conflict of interest entailing a material risk of damage to the interests of one or more users of the CSD, or their clients, as well as the procedures to be followed and the measures to be adopted in order to manage those conflicts of interest.

5.   The description of circumstances referred to in paragraph 4 shall take into account whether a member of the management body, senior management or staff of the CSD, or any person directly or indirectly linked to those individuals or to the CSD:

(a)	has a personal interest in the use of the services, materials and equipment of the CSD for the purposes of another commercial activity;

(b)	holds a personal or financial interest in another entity that enters into contracts with the CSD;

(c)	holds a participation or a personal interest in another entity that provides services used by the CSD, including any entity to which the CSD outsources services or activities;

(d)	has a personal interest in an entity that uses the service of the CSD;

(e)	is related to any legal or natural person that has influence on the operations of any entity that provides the services used by the CSD or uses the services provided by the CSD;

(f)	is member of the management body or any other bodies or committees of any entity that provides the services which are used by the CSD or uses the services provided for the CSD.

For the purposes of this paragraph, a direct or indirect link to a natural person shall comprise the spouse or legal partner, family members in direct ascending or descending line up to the second degree and their spouses or legal partners, the siblings and their spouse or legal partners, and any person having the same domicile or habitual residence as the employees, managers or members of the management body.

6.   A CSD shall take all reasonable steps to prevent any misuse of the information held in its systems and shall prevent the use of that information for other business activities. A natural person who has access to information recorded in a CSD or a legal person that belongs to the same group as the CSD shall not use information recorded in that CSD for any commercial purposes without prior written consent of the person to whom the information refers.