(1)

The information to be exchanged by competent authorities pursuant to Article 31(1) of Regulation (EU) 2020/1503 should allow those authorities to effectively carry out their investigation, supervision and enforcement activities under that Regulation. Consequently, it is necessary to specify the information that competent authorities are to exchange to be able to perform those tasks.

(2)

To ensure that competent authorities can effectively monitor crowdfunding service providers, competent authorities should exchange general background information and constituting documents, including national incorporation documents, or other documents that provide insight into the structure and operational activities of crowdfunding service providers. For the same reason, competent authorities should also exchange information about the authorisation process and the management bodies of crowdfunding service providers, including information on the suitability to manage a crowdfunding service provider and the reputation of the members of the management body, and information about shareholders, imposed penalties and administrative measures, enforcement actions and crowdfunding service providers’ relevant conduct and compliance history.

(3)

In order to discharge their supervisory duties in a comprehensive manner, competent authorities should also exchange relevant information on other natural or legal persons and crowdfunding related third parties that are of relevance for the provision of the services provided by the crowdfunding service providers, including information on third parties designated to perform operational functions in relation to the provision of crowdfunding services.

(4)

Exchange of information between competent authorities will be most useful in the circumstances where issues of regulatory concern may arise related to the entities subject to Regulation (EU) 2020/1503, including information about the initial application for authorisation of crowdfunding service providers, the on-going supervision of an entity’s compliance with that Regulation, and supervisory and enforcement actions which may impact the operations of an entity in another jurisdiction.

(5)

The exchange of information between competent authorities in relation to investigation, supervision and enforcement activities should be carried out in compliance with the right to protection of personal data of the persons concerned, as set out in Articles 7 and 8, respectively, of the Charter of Fundamental Rights of the European Union and must comply with Regulation (EU) 2016/679 of the European Parliament and of the Council (2).

(6)

This Regulation is based on the draft regulatory technical standards submitted to the Commission by the European Securities and Markets Authority (ESMA).

(7)

ESMA did not conduct open public consultations on the draft regulatory technical standards on which this Regulation is based, nor did it analyse the potential costs and benefits, as this would have been highly disproportionate in relation to the scope and impact of those standards, taking into account the fact that those standards principally concern competent authorities.

(8)

ESMA has requested the advice of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council (3).

(9)

The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (4) and delivered an opinion on 1 June 2022,