Article 1
Adequate systems and effective control
1. The adequate systems and effective controls referred to in Article 14(1) of Regulation (EU) 2016/1011 shall be:
|
(a) |
appropriate for and proportionate to the nature, complexity and risk of manipulation of the benchmark concerned; |
|
(b) |
regularly, and at least annually, reviewed, and updated when necessary to ensure that those systems and controls continue to comply with point (a); |
|
(c) |
be documented in writing in a clear and comprehensible manner, including any changes to or updates of those systems and controls. |
For the purposes of point (a) of the first subparagraph, an administrator shall, on a regular basis and at least annually, assess the risk of manipulation of the benchmark provided, taking into account the following elements:
|
(a) |
the envisaged operations required to provide the benchmark; |
|
(b) |
the potential origin, nature, peculiarity and severity of the manipulation risk; |
|
(c) |
the measures envisaged to address the risk of manipulation, including safeguards, security measures and internal procedures. |
2. The adequate systems and effective controls referred to in Article 14(1) of Regulation (EU) 2016/1011 shall include, to the level appropriate to the nature, complexity and risk of manipulation of the benchmark provided, all of the following elements:
|
(a) |
software capable of deferred automated reading, replaying and analysis of input data; |
|
(b) |
human analysis in the detection and identification of behaviour that may involve manipulation or attempted manipulation of a benchmark. |
3. An administrator shall, upon request by the competent authority, provide the competent authority with the information referred to in paragraph 1, first subparagraph, points (a), (b) and (c), and substantiate the appropriateness of the level of automation and human analysis chosen, as referred to in paragraph 2.