Article 5 | Delegated Regulation 2025/2180

Updated 03/01/2026

Metadata

Coming into force on 19/01/2026

Initial Legal Act

Amendments

Article 5 - Delegated Regulation 2025/2180

Article 5

Criteria for assessing sound and prudent management by external reviewers

1. When assessing their sound and prudent management, external reviewers shall ensure that the following criteria are fulfilled:

(a)	the corporate governance arrangements specify at least the organisation, scope, purpose, and functioning of the governance bodies of the external reviewer, including clear reporting lines, responsibilities of roles and communication channels;

(b)	there is an internal control framework;

(c)	the organisational arrangements ensure continuity and regularity in the performance of assessment activities, safeguarding of the confidentiality and security of records of the services provided, sound administrative and accounting procedures, and adequate information processing systems;

(d)	the anonymity of whistleblowers is safeguarded and reprisals are prohibited;

(e)	transactions with related parties, employee personal account dealing, outside business activities and the acceptance of gifts and hospitality are reviewed consistently;

(f)	the independence of the employees subject to variable compensation arrangements is ensured;

(g)	the board of the external reviewer adopts the policies and procedures in compliance with this Regulation.

2. For the purposes of paragraph 1, point (b), external reviewers shall ensure that the internal control framework fulfils the following criteria:

(a)	the internal control mechanisms are adapted to the nature, scale and complexity of the external reviewer;

(b)	the persons responsible for internal controls are able to obtain the information necessary to perform their function and report their findings to the board of the external reviewer;

(c)	the internal control functions are independent and clearly segregated from the business lines performing the assessment activities.

3. The external reviewer shall evaluate the criteria referred to in paragraphs 1 and 2 prior to providing external review activities and thereafter at least once every 24 months, or as soon as the external reviewer becomes aware of significant deviations from the criteria.

Recitals Article 1 - Criteria to determine sufficiently good repute of senior management and the members of the board of an applicant external reviewer Article 2 - Criteria to determine sufficient skill, professional qualifications and relevant experience of senior management and the members of the board of the applicant external reviewer Article 3 - Criteria to determine the sufficient number of analysts, employees and other persons directly involved in assessment activities Article 4 - Criteria to determine the sufficient level of knowledge, experience and training of analysts, employees and other persons directly involved in assessment activities Article 5 - Criteria for assessing sound and prudent management by external reviewers Article 6 - Criteria for assessing the management of conflicts of interest Article 7 - Criteria for assessing the ability and capacity of third-party service providers to perform assessment activities Article 8 - Criteria for ensuring that outsourcing assessment activities does not materially impair the quality of the internal control of the external reviewer Article 9 - Criteria for ensuring that outsourcing assessment activities does not materially impair ESMA’s ability to supervise compliance of external reviewers Article 10 - Evaluation of criteria of outsourcing of assessment activities Article 11 - Entry into force

Metadata

Related documents

Article 5 - Delegated Regulation 2025/2180

Table of contents