ROZHODNUTÍ EVROPSKÉ XXXXXXXXX XXXXX (XX) 2021/1758
xx xxx 21.&xxxx;xxxx 2021,
kterým xx xxxx xxxxxxxxxx XXX/2007/7 o podmínkách TARGET2-ECB (XXX/2021/43)
XXXXXXX XXXX XXXXXXXX XXXXXXXXX XXXXX,
x&xxxx;xxxxxxx xx Xxxxxxx x&xxxx;xxxxxxxxx Xxxxxxxx xxxx, x&xxxx;xxxxxxx na xxxxx a čtvrtou xxxxxxx xx.&xxxx;127 xxxx.&xxxx;2 této xxxxxxx,
x&xxxx;xxxxxxx xx xxxxxx Xxxxxxxxxx xxxxxxx xxxxxxxxxxx xxxx x&xxxx;Xxxxxxxx xxxxxxxxx xxxxx, x&xxxx;xxxxxxx xx xxxxxx&xxxx;11.6 x&xxxx;xxxxxx 17, 22 a 23 xxxxxx xxxxxxx,
xxxxxxxx k těmto důvodům:
|
(1) |
Rada xxxxxxxxx změnila (1) xxx 20.&xxxx;xxxxxxxx 2021 xxxxxx xxxxxx Xxxxxxxx centrální xxxxx XXX/2012/27&xxxx;(2) s cílem: x) xxxxxxxx, xx xxxxxxxx TIPS XXX xxxxx x&xxxx;XXXXXX2 připojeni xxxxxxxxxxxxxxx xxxxxxxxxx xxxxxxx xxxxx xxxxxxxxxxxxxx Xxxxxxxxxxx (Xxxxxxxxxx Xxxxxx Market Xxxxxxxxxxxxxx Xxxxxxx) od xxxxxxxxx 2021 x&xxxx;xxxxxxxx X2X DCA xxxxx x&xxxx;XXXXXX2 xxxxxxxxxxxxxxx tohoto xxxxxxx xxxxxxxxx xx xxxxxx 2022; b) xxxxxxxx x&xxxx;xxxxxxxx pravidla xxxxxxxx xx xxxxxxxxxx xxxxxxxxx na xxxxxxxxxx xxxxxxxxx bodu TARGET2, xxx xx xxxxxxxxx, xx xx xxxxxx XXXXXX2 xxxx dále xxxxxxx xxx, xxx xxx schopen xxxxx xxxxxxx x&xxxx;xxxxxxx xxxxxxxxxxxx xxxxxxxxxxx; c) xxxxxx xxxxxxxxx, xxx majitelé xxxx PM, xxxxxx xxxxxxx účastníci x&xxxx;xxxxxxxxxxxxx xxxxxxxx xxxx XXX, xxxxx xxxxxxxxxxx k uplatňování xxxxxxx XXX Inst xxxxxxxx xxxxxx x&xxxx;xxxxxxxxxx xxxxxxx xxx okamžité xxxxxxxxxxxxx xxxxxxx XXXX, xxxx x&xxxx;xxxxxxx trvale xxxxxxxxxxx xx platformě XXXX xxxxxxxxxxxxxxx TIPS XXX, tak aby xx xxxxxxxxx xxxxxxxxxx xxxxxxxxxx xxxxxx x&xxxx;xxxx Xxxx; d) zavést xxxxxxxxxxxxxxx, xxxxx xxx x&xxxx;xxxxxxx xxxxxxx xxxxxxxx x&xxxx;xxxx xxxxxxxxx x&xxxx;XXXXXX2 xx odpovídající nástupnické xxxx x&xxxx;xxxxxxxx xxxxxxx XXXXXX, aby byla xxxxxxxxx xxxxxx jistota, x&xxxx;x) vyjasnit x&xxxx;xxxxxxxxxxxx xxxxxxx další xxxxxxx xxxxxxxx xxxxx XXX/2012/27. |
|
(2) |
Xxxxxxx xxxx xxxxxxxxxx xxxxxxx xxxxxxxxxxx X2-X2X, bude x&xxxx;xxxxx xxxxxx xxxxxxx xxxxxx xxxxxxxx xxxxxxxx xxxxxxxxxxxxxxx, pokud xxx x&xxxx;xxxxxxx xxxxxxx xxxxxxxx x&xxxx;xxxx xxxxxxxxx x&xxxx;XXXXXX2-XXX xx xxxxxxxxxxxx xxxxxxxxxxx xxxx. |
|
(3) |
Xxxxx xxxxxxxx zásad XXX/2012/27, xxxxx xxxx xxxx xx podmínky XXXXXX2-XXX, je xxxxx xxxxxxxxx x&xxxx;xxxxxxxxxx Xxxxxxxx xxxxxxxxx xxxxx XXX/2007/7&xxxx;(3). |
|
(4) |
Xxxxxxxxxx XXX/2007/7 xx xxxxx xxxxx xxxxxxxxxxxxx způsobem xxxxxx, |
XXXXXXX XXXX ROZHODNUTÍ:
Xxxxxx&xxxx;1
Xxxxx
Xxxxxxx X, XX x&xxxx;XXX xxxxxxxxxx XXX/2007/7 xx xxxx v souladu x&xxxx;xxxxxxxxx xxxxxx xxxxxxxxxx.
Xxxxxx&xxxx;2
Xxxxxxxxx ustanovení
Toto xxxxxxxxxx xxxxxxxx x&xxxx;xxxxxxxx pátým xxxx po xxxxxxxxxx x&xxxx;Xxxxxxx xxxxxxxx Evropské xxxx.
Xxxxxxx xx xxx xxx 21.&xxxx;xxxxxxxxx 2021, x&xxxx;xxxxxxxx xxxx.&xxxx;1 písm. x) x&xxxx;xxxxxxxx 7 x&xxxx;9 xxxxxxx II xxxxxx xxxxxxxxxx, xxxxx xx xxxxxxx ode xxx 13.&xxxx;xxxxxx 2022.
Xx Xxxxxxxxxx nad Xxxxxxx dne 21. září 2021.
Xxxxxxxxxxx ECB
Christine XXXXXXX
(1)&xxxx;&xxxx;Xxxxxx xxxxxx Evropské xxxxxxxxx xxxxx (XX) 2021/1759 xx xxx 20.&xxxx;xxxxxxxx 2021, kterými xx xxxx obecné xxxxxx XXX/2012/27 x&xxxx;xxxxxxxxxxxxxx xxxxxxxxx xxxxxxxxxxxxxxx systému xxxxxxxxx xxxxxx x&xxxx;xxxxxxx čase (XXXXXX2) (ECB/2021/30) [(xxx xxxxxx 45 x&xxxx;xxxxx xxxxx Xxxxxxxx xxxxxxxx).
(2)&xxxx;&xxxx;Xxxxxx xxxxxx Xxxxxxxx xxxxxxxxx xxxxx ECB/2012/27 ze xxx 5.&xxxx;xxxxxxxx 2012 x&xxxx;xxxxxxxxxxxxxx expresním xxxxxxxxxxxxxxx xxxxxxx xxxxxxxxx xxxxxx x&xxxx;xxxxxxx xxxx (XXXXXX2) (Xx. xxxx. X&xxxx;30, 30.1.2013, s. 1).
(3)&xxxx;&xxxx;Xxxxxxxxxx Xxxxxxxx xxxxxxxxx xxxxx XXX/2007/7 ze xxx 24.&xxxx;xxxxxxxx 2007 o podmínkách XXXXXX2-XXX (Xx. xxxx. X&xxxx;237, 8.9.2007, s. 71).
XXXXXXX X
Xxxxxxx X&xxxx;xxxxxxxxxx XXX/2007/7 xx mění xxxxx:
|
1. |
Xxxxxx&xxxx;1 xx xxxx xxxxx:
|
|
2. |
X&xxxx;xxxxxx&xxxx;2 xxxxxx odstavci se xxxxxxxx xxxx text, xxxxx zní:
|
|
3. |
Článek 3 se xxxx xxxxx:
|
|
4. |
Xxxxxx&xxxx;5 se xxxxxxxxx xxxxx: „Xxxxxxx&xxxx;5 Xxxxxx xxxxxxxxxxxx XX account xxxxxxx in XXXXXX2-XXX xxx xxxxxx xxxxxxxxxxxx xxx xxxxx xxxxxx xxxx xxx requirements xxx xxx xx Xxxxxxx&xxxx;8(1) and (2). Xxxx xxxxx xxxx xx xxxxx xxx PM xxxxxxx xxxx xxx XXX. XX xxxxxxx xxxxxxx xxxx xxxx xxxxxxx xx the XXX Xxxx xxxxxx xx xxxxxxx the XXXX Xxxxxxx Xxxxxx Xxxxxxxx Xxxxxxxxx Xxxxxxxxx xxxxx xx xxx xxxxx xxxxxx xxxxxxxxx xx xxx TIPS Xxxxxxxx at all xxxxx, xxxxxx xx x&xxxx;XXXX DCA xxxxxx xx as a reachable xxxxx xxx x&xxxx;XXXX XXX xxxxxx.“; |
|
5. |
Xxxxxx&xxxx;22 xx xxxxxxxxx xxxxx: „Xxxxxxx&xxxx;22 Xxxxxxxx Requirements xxx Xxxxxxx Xxxxxxxxxx 1.&xxxx;&xxxx;&xxxx;Xxxxxxxxxxxx xxxxx xxxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx to xxxxxxx their systems xxxx xxxxxxxxxxxx access xxx use. Participants xxxxx xx xxxxxxxxxxx xxxxxxxxxxx xxx xxx xxxxxxxx xxxxxxxxxx of xxx xxxxxxxxxxxxxxx, xxxxxxxxx xxx xxxxxxxxxxxx xx xxxxx xxxxxxx. 2.&xxxx;&xxxx;&xxxx;Xxxxxxxxxxxx shall xxxxxx xxx XXX xx any xxxxxxxx-xxxxxxx xxxxxxxxx in xxxxx xxxxxxxxx xxxxxxxxxxxxxx xxx, xxxxx xxxxxxxxxxx, xxxxxxxx-xxxxxxx xxxxxxxxx xxxx occur xx the xxxxxxxxx xxxxxxxxxxxxxx of xxx xxxxx xxxxx xxxxxxxxx. Xxx XXX xxx xxxxxxx further xxxxxxxxxxx xxxxx xxx xxxxxxxx xxx, xx xxxxxxxxx, xxxxxxx that the xxxxxxxxxxx xxxx xxxxxxxxxxx xxxxxxxx xx xxxxxxx x&xxxx;xxxxxxxxxx xx xxxx xx xxxxx. 3.&xxxx;&xxxx;&xxxx;Xxx XXX xxx xxxxxx xxxxxxxxxx xxxxxxxx xxxxxxxxxxxx, xx xxxxxxxxxx xxxx xxxxxx xx xxxxxxxxxxxxx xx xxx prevention xx xxxxx, on xxx xxxxxxxxxxxx and/or xx xxxxxxxxxxxx xxxx xxx xxxxxxxxxx critical xx xxx XXX. 4.&xxxx;&xxxx;&xxxx;Xxxxxxxxxxxx shall xxxxxxx xxx ECB xxxx: (x) xxxxxxxxx xxxxxx to xxxxx xxxxxxxxxxx xx adherence xx their xxxxxx xxxxxxx service xxxxxxxx’x xxxxxxxx xxxxxxxx xxxxxxxxxxxx, xxx (xx) xx xx xxxxxx xxxxx xxx XXXXXX2 xxxx-xxxxxxxxxxxxx xxxxxxxxx as published xx xxx ECB’s xxxxxxx xx English. 4a. The XXX xxxxx xxxxxx xxx xxxxxxxxxxx’x xxxx-xxxxxxxxxxxxx xxxxxxxxx(x) xx xxx xxxxxxxxxxxx level xx xxxxxxxxxx with each xx the requirements xxx xxx xx xxx XXXXXX2 xxxx-xxxxxxxxxxxxx xxxxxxxxxxxx. Xxxxx xxxxxxxxxxxx xxx xxxxxx in Xxxxxxxx VII, xxxxx xx xxxxxxxx xx xxx other Appendices xxxxxx xx Article 2(1), xxxxx xxxx xx xxxxxxxx xxxx xx xxxxx Conditions. 4b. The xxxxxxxxxxx’x xxxxx xx compliance xxxx xxx xxxxxxxxxxxx xx xxx XXXXXX2 xxxx-xxxxxxxxxxxxx shall xx xxxxxxxxxxx xx xxxxxxx, xx xxxxxxxxxx xxxxx xx xxxxxxxx: ‘full xxxxxxxxxx’; ‘xxxxx xxx-xxxxxxxxxx’; xx ‘major xxx-xxxxxxxxxx’. Xxx xxxxxxxxx xxxxxxxx xxxxx: full xxxxxxxxxx xx xxxxxxx xxxxx xxxxxxxxxxxx satisfy 100% xx xxx requirements; xxxxx non-compliance xx xxxxx a participant xxxxxxxxx xxxx than 100% xxx xx least 66% of xxx xxxxxxxxxxxx xxx major xxx-xxxxxxxxxx xxxxx a participant xxxxxxxxx xxxx than 66% xx xxx xxxxxxxxxxxx. If x&xxxx;xxxxxxxxxxx xxxxxxxxxxxx xxxx x&xxxx;xxxxxxxx xxxxxxxxxxx is xxx xxxxxxxxxx xx xx, xx xxxxx be xxxxxxxxxx xx compliant xxxx xxx xxxxxxxxxx xxxxxxxxxxx for xxx xxxxxxxx xx the xxxxxxxxxxxxxx. X&xxxx;xxxxxxxxxxx xxxxx xxxxx xx xxxxx ‘xxxx xxxxxxxxxx’ xxxxx xxxxxx xx xxxxxx xxxx demonstrating xxx xx xxxxxxx xx xxxxx xxxx xxxxxxxxxx. Xxx ECB xxxxx xxxxxx xxx xxxxxxxx xxxxxxxxxxx xxxxxxxxxxx of xxx xxxxxx xx xxxx xxxxxxxxxxx’x compliance. 4c. If xxx xxxxxxxxxxx xxxxxxx xx xxxxx xxxxxxxxx xxxxxx xx xxx xxxxxxxxxxx xx adherence xx xxxxx xxxxxx XXXx endpoint xxxxxxxx xxxxxxxxxxxx or xxxx xxx xxxxxxx xxx XXXXXX2 xxxx-xxxxxxxxxxxxx the xxxxxxxxxxx’x level xx xxxxxxxxxx xxxxx be xxxxxxxxxxx as ‘xxxxx xxx-xxxxxxxxxx’. 4x.&xxxx;&xxxx;&xxxx;Xxx ECB xxxxx xxxxxxxx xxxxxxxxxx xx xxxxxxxxxxxx xx xx xxxxxx xxxxx. 4x.&xxxx;&xxxx;&xxxx;Xxx XXX xxx xxxxxx xxx xxxxxxxxx xxxxxxxx xx xxxxxxx xx participants xxxxx level of xxxxxxxxxx xxx xxxxxxxx xx minor xx xxxxx xxx-xxxxxxxxxx, in xxxxxxxxxx order xx xxxxxxxx:
|
|
6. |
X&xxxx;xxxxxx&xxxx;33 xx xxxxxxxx 1 nahrazuje tímto: „1. Participants xxxxx be xxxxxx xx xx xxxxx xx, xxxxx xxxxxx xxxx, and shall xx able to xxxxxxxxxxx xxxx xxxxxxxxxx xx xxx xxxxxxxx xxxxxxxxx authorities with xxx xxxxxxxxxxx on xxxx xxxxxxxx to xxxxxxxxxxx xx xxxx xxxxxxxxxx. Xxxx shall xx deemed xx xx xxxxx xx, xxx xxxxx xxxxxx xxxx xxx xxxxxxxxxxx xx xxxx xxxxxxxx xx xxxxxxxxxxx xx xxxxxxxxxx xx xxxxx xxxxxxxxxx and the xxxxxxxxx xx terrorism, xxxxxxxxxxxxx-xxxxxxxxx nuclear xxxxxxxxxx xxx xxx xxxxxxxxxxx xx nuclear xxxxxxx xxxxxxxx xxxxxxx, xx xxxxxxxxxx in terms xx xxxxxxxxxxxx xxxxxxxxxxx xxxxxxxx xxxxxxxxxx xxx xxxxxxxx xxxxxxx xx xxxxxxxx on their XX xxxxxxxx. Xxxxxxxxxxxx xxxxx xxxxxx that xxxx xxx xxxxxxxx xxxxx xxx TARGET2 xxxxxxx xxxxxxx xxxxxxxx’x xxxx retrieval policy xxxxx xx xxxxxxxx xxxx the xxxxxxxxxxx xxxxxxxxxxxx xxxx xxx XXXXXX2 network xxxxxxx xxxxxxxx.“; |
|
7. |
Xxxxxx xx nový xxxxxx&xxxx;39x, který xxx: „Xxxxxxx&xxxx;39x Xxxxxxxxxxxx xxxxxxxxxx 1.&xxxx;&xxxx;&xxxx;Xxxx xxx XXXXXX xxxxxx xx xxxxxxxxxxx xxx XXXXXX2 has xxxxxx xxxxxxxxx, PM xxxxxxx xxxxxxxx xxxxx xx transferred xx xxx xxxxxxx xxxxxx’x xxxxxxxxxxxxx xxxxxxxxx xxxxxxxx xx the XXXXXX xxxxxx. 2.&xxxx;&xxxx;&xxxx;Xxx xxxxxxxxxxx xxxx XX xxxxxxx holders, xxxxxxxx Xxxxxxxxxxxx and xxxxxxxxxxx BIC xxxxxxx xxxxxxxx to xxx XXX Xxxx scheme xx xxxxxxxxx in xxx XXXX Xxxxxxxx xxxxxxxx xx Xxxxxxx&xxxx;5 xxxxx xxxxx xx xx 25 February 2022.“; |
|
8. |
X&xxxx;xxxxxxx I se x&xxxx;xxxx.&xxxx;8 xxxxxxx. 4 xxxxxxxxx xxxxxxx x) xxxxx:
|
|
9. |
X&xxxx;xxxxxxx XX xx x&xxxx;xxxxxxxx 6 xxxxxxxxx xxxxxxx x) xxxxx:
|
|
10. |
Xxxxxxxx xx xxxx xxxxxxx XXX, xxxxx xxx: „Xxxxxxxx XXX Xxxxxxxxxxxx xxxxxxxxx xxxxxxxxxxx xxxxxxxx management xxx xxxxxxxx continuity xxxxxxxxxx Xxxxxxxxxxx xxxxxxxx xxxxxxxxxx Xxxxx xxxxxxxxxxxx are applicable xx xxxx participant, xxxxxx xxx xxxxxxxxxxx xxxxxxxxxxxx xxxx a specific xxxxxxxxxxx xx xxx xxxxxxxxxx xx xx. Xx establishing the xxxxx xx xxxxxxxxxxx xx xxx requirements xxxxxx xxx xxxxxxxxxxxxxx, xxx xxxxxxxxxxx xxxxxx xxxxxxxx xxx xxxxxxxx xxxx are part xx xxx Xxxxxxx Xxxxxxxxxxx Xxxxx (XXX). Xxxxxxxxxxxx, xxx XXX xxxxxx xx x&xxxx;Xxxxx xx Xxxxx (XxX), x.x. x&xxxx;xxxxxx involved xx xxx creation xx xxxxxxxxxxxx (e.g. xxxxxxxxxxxx, xxxxx-xxxxxx xxx xxxx-xxxxxx xxxxxxxxxxxx, xxxxxxxxxx), xxx xxxx at xxx xxxxxx responsible xx send the xxxxxxx xx SWIFT (x.x. XXXXX XXX Xxx) xx Internet (xxxx xxx xxxxxx xxxxxxxxxx xx Internet-based Xxxxxx). Xxxxxxxxxxx 1.1: Xxxxxxxxxxx xxxxxxxx policy The xxxxxxxxxx xxxxx xxx x&xxxx;xxxxx xxxxxx xxxxxxxxx xx xxxx xxxx business xxxxxxxxxx xxx xxxxxxxxxxx xxxxxxx xxx xxx xxxxxxxxxx to information xxxxxxxx through xxx xxxxxxxx, approval xxx xxxxxxxxxxx of xx xxxxxxxxxxx security policy xxxxxx xx xxxxxxxx xxxxxxxxxxx xxxxxxxx and xxxxx xxxxxxxxxx across xxx xxxxxxxxxxxx xx xxxxx xx identification, xxxxxxxxxx xxx treatment xx information security xxx cyber resilience xxxxx. Xxx xxxxxx xxxxxx xxxxxxx xx xxxxx the xxxxxxxxx xxxxxxxx: xxxxxxxxxx, scope (xxxxxxxxx xxxxxxx xxxx xx xxxxxxxxxxxx, human xxxxxxxxx, xxxxx management xxx.), xxxxxxxxxx xxx xxxxxxxxxx of responsibilities. Requirement 1.2: Xxxxxxxx organisation An xxxxxxxxxxx security xxxxxxxxx xxxxx be established xx xxxxxxxxx xxx xxxxxxxxxxx xxxxxxxx policy xxxxxx xxx xxxxxxxxxxxx. Xxx xxxxxxxxxx xxxxx xxxxxxxxxx xxx review xxx xxxxxxxxxxxxx xx xxx xxxxxxxxxxx xxxxxxxx xxxxxxxxx to ensure xxx xxxxxxxxxxxxxx xx xxx xxxxxxxxxxx xxxxxxxx xxxxxx (xx per Xxxxxxxxxxx 1.1) across xxx xxxxxxxxxxxx, xxxxxxxxx xxx xxxxxxxxxx of xxxxxxxxxx resources and xxxxxxxxxx xx xxxxxxxx xxxxxxxxxxxxxxxx xxx xxxx xxxxxxx. Xxxxxxxxxxx 1.3: Xxxxxxxx xxxxxxx Xxx xxxxxxxx of xxx organisation’s xxxxxxxxxxx xxx xxxxxxxxxxx xxxxxxxxxx xxxxxxxxxx should xxx xx xxxxxxx by xxx xxxxxxxxxxxx of, xxx/xx xxx dependence xx, xx xxxxxxxx xxxxx/xxxxxxx xx xxxxxxxx/xxxxxxxx xxxxxxxx by xxxx. Xxx xxxxxx to xxx xxxxxxxxxxxx’x information xxxxxxxxxx xxxxxxxxxx by xxxxxxxx parties shall xx xxxxxxxxxx. Xxxx xxxxxxxx parties xx xxxxxxxx/xxxxxxxx xx xxxxxxxx xxxxxxx xxx xxxxxxxx xx xxxxxx xxx xxxxxxxxxxxx’x xxxxxxxxxxx xxxxxxxxxx xxxxxxxxxx, x&xxxx;xxxx xxxxxxxxxx xxxxx xx xxxxxxx xxx xx xxxxxxxxx xxx security xxxxxxxxxxxx xxx xxxxxxx xxxxxxxxxxxx. Xxxxxxxx shall xx xxxxxx xxx xxxxxxx xx xx agreement xxxx xxxx relevant xxxxxxxx xxxxx. Xxxxxxxxxxx 1.4: Xxxxx xxxxxxxxxx Xxx xxxxxxxxxxx xxxxxx, xxx business xxxxxxxxx xxx xxx xxxxxxxxxx information systems, xxxx xx xxxxxxxxx xxxxxxx, xxxxxxxxxxxxxxx, business xxxxxxxxxxxx, xxx-xxx-xxxxx xxxxxxxx, xxxxxxxx xxx xxxx-xxxxxxxxx xxxxxxxxxxxx, xx the xxxxx xx xxx Xxxxxxx Transaction Xxxxx xxxxx be xxxxxxxxx xxx xxx xxxx x&xxxx;xxxxxxxxx xxxxx. Xxx xxxxxxxxxxxxxx xxx the xxxxxxxxxxx xxx the xxxxxxxxx xx xxxxxxxxxxx xxxxxxxx in xxx xxxxxxxx processes and xxx related IT xxxxxxxxxx to xxxxxxxxx xxx xxxxxxxxxxx xxxxxx xxxxx xx xxxxxxxx. Xxxx: xxx xxxxx xxx delegate the xxxxxxxxxxxxxx xx specific xxxxxxxx xx xxxxxxxxxxx, xxx remains xxxxxxxxxxx xxx xxx xxxxxx xxxxxxxxxx xx the xxxxxx. Xxxxxxxxxxx 1.5: Information xxxxxx xxxxxxxxxxxxxx Xxxxxxxxxxx xxxxxx xxxxx xx xxxxxxxxxx xx terms xx xxxxx criticality to xxx smooth xxxxxxxx xx xxx xxxxxxx xx xxx xxxxxxxxxxx. Xxx classification shall xxxxxxxx xxx need, xxxxxxxxxx xxx degree xx xxxxxxxxxx xxxxxxxx xxxx xxxxxxxx xxx xxxxxxxxxxx asset xx xxx relevant xxxxxxxx xxxxxxxxx and xxxxx xxxx take xxxx xxxxxxxxxxxxx xxx xxxxxxxxxx XX components. Xx xxxxxxxxxxx xxxxx xxxxxxxxxxxxxx xxxxxx xxxxxxxx xx xxx management xxxxx xx xxxx to xxxxxx xx xxxxxxxxxxx xxx of xxxxxxxxxx xxxxxxxx throughout xxx xxxxxxxxxxx xxxxx xxxxxxxxx (xxxxxxxxx xxxxxxx xxx xxxxxxxxxxx of xxxxxxxxxxx xxxxxx) and to xxxxxxxxxxx xxx xxxx xxx specific xxxxxxxx xxxxxxxx. Xxxxxxxxxxx 1.6: Human xxxxxxxxx xxxxxxxx Xxxxxxxx xxxxxxxxxxxxxxxx xxxxx xx xxxxxxxxx xxxxx xx employment xx xxxxxxxx job xxxxxxxxxxxx xxx xx xxxxx xxx conditions xx employment. All xxxxxxxxxx for employment, xxxxxxxxxxx xxx third xxxxx users shall xx adequately xxxxxxxx, xxxxxxxxxx for sensitive xxxx. Xxxxxxxxx, xxxxxxxxxxx xxx xxxxx party xxxxx xx information xxxxxxxxxx xxxxxxxxxx xxxxx xxxx xx agreement xx xxxxx security xxxxx xxx xxxxxxxxxxxxxxxx. Xx adequate xxxxx xx xxxxxxxxx shall xx ensured among xxx xxxxxxxxx, xxxxxxxxxxx xxx third xxxxx xxxxx, xxx xxxxxxxxx xxx xxxxxxxx in xxxxxxxx xxxxxxxxxx xxx xxx correct xxx xx xxxxxxxxxxx xxxxxxxxxx xxxxxxxxxx xxxxx xx xxxxxxxx xx xxxx xx xxxxxxxx possible xxxxxxxx xxxxx. X&xxxx;xxxxxx xxxxxxxxxxxx process xxx xxxxxxxx xxxxxxxx breaches xxxxx be xxxxxxxxxxx xxx xxxxxxxxx. Xxxxxxxxxxxxxxxx xxxxx xx xx xxxxx to xxxxxx xxxx xx employee’s, xxxxxxxxxx’x xx xxxxx xxxxx user’s exit xxxx xx xxxxxxxx xxxxxx xxx organisation xx xxxxxxx, xxx xxxx xxx xxxxxx xx xxx xxxxxxxxx xxx the removal xx xxx xxxxxx xxxxxx are completed. Requirement 1.7: Physical and xxxxxxxxxxxxx xxxxxxxx Xxxxxxxx or xxxxxxxxx xxxxxxxxxxx xxxxxxxxxx xxxxxxxxxx xxxxx xx xxxxxx in xxxxxx xxxxx, protected by xxxxxxx xxxxxxxx xxxxxxxxxx, xxxx xxxxxxxxxxx xxxxxxxx xxxxxxxx xxx xxxxx xxxxxxxx. Xxxx xxxxx xx xxxxxxxxxx xxxxxxxxx xxxx xxxxxxxxxxxx access, xxxxxx xxx xxxxxxxxxxxx. Xxxxxx xxxxx xx xxxxxxx xxxx xx xxxxxxxxxxx who xxxx xxxxxx the xxxxx xx Requirement 1.6. Xxxxxxxxxx and standards xxxxx xx xxxxxxxxxxx xx xxxxxxx xxxxxxxx xxxxx xxxxxxxxxx information xxxxxx xxxx in xxxxxxx. Xxxxxxxxx xxxxx xx xxxxxxxxx xxxx xxxxxxxx xxx xxxxxxxxxxxxx xxxxxxx. Xxxxxxxxxx xx xxxxxxxxx (xxxxxxxxx equipment xxxx xxx-xxxx) and xxxxxxx xxx removal xx xxxxxxxx xx necessary xx xxxxxx xxx xxxx xx xxxxxxxxxxxx xxxxxx to information xxx xx guard xxxxxxx loss xx xxxxxx xx equipment xx xxxxxxxxxxx. Special xxxxxxxx may xx xxxxxxxx to xxxxxxx xxxxxxx xxxxxxxx xxxxxxx xxx to safeguard xxxxxxxxxx xxxxxxxxxx xxxx xx xxx xxxxxxxxxx xxxxxx and cabling xxxxxxxxxxxxxx. Xxxxxxxxxxx 1.8: Operations xxxxxxxxxx Xxxxxxxxxxxxxxxx and xxxxxxxxxx xxxxx be xxxxxxxxxxx xxx xxx xxxxxxxxxx xxx operation of xxxxxxxxxxx processing xxxxxxxxxx xxxxxxxx xxx xxx xxxxxxxxxx xxxxxxx xx xxx Xxxxxxx Xxxxxxxxxxx Xxxxx xxx-xx-xxx. Xx xxxxxxx xxxxxxxxx procedures, xxxxxxxxx xxxxxxxxx administration xx XX xxxxxxx, xxxxxxxxxxx xx xxxxxx xxxxx xx xxxxxxxxxxx, xxxxx xxxxxxxxxxx, xx reduce xxx xxxx xx xxxxxxxxx xx xxxxxxxxxx xxxxxx misuse. Where xxxxxxxxxxx of xxxxxx xxxxxx xx xxxxxxxxxxx xxx xx documented xxxxxxxxx xxxxxxx, xxxxxxxxxxxx xxxxxxxx xxxxx be xxxxxxxxxxx xxxxxxxxx x&xxxx;xxxxxx xxxx xxxxxxxx. Xxxxxxxx xxxxx xx xxxxxxxxxxx xx prevent and xxxxxx xxx xxxxxxxxxxxx xx malicious xxxx xxx systems in xxx Payment Xxxxxxxxxxx Xxxxx. Controls xxxxx xx xxxx xxxxxxxxxxx (xxxxxxxxx xxxx xxxxxxxxx) xx prevent, xxxxxx xxx xxxxxx malicious xxxx. Xxxxxx code xxxxx xx used xxxx xxxx xxxxxxx xxxxxxx (x.x. xxxxxx Xxxxxxxxx XXX xxxxxxxxxx xxx Xxxx Applets). Xxx configuration xx xxx xxxxxxx (x.x. xxx use of xxxxxxxxxx xxx xxxxxxx) xxxxx be strictly xxxxxxxxxx. Xxxx xxxxxx xxx xxxxxxxx policies xxxxx xx xxxxxxxxxxx xx xxx management; those xxxxxxxx xxxxxxxx xxxxx xxxxxxx a plan xx xxx restoration xxxxxxx xxxxx xx xxxxxx xx regular intervals xx xxxxx annually. Systems xxxx are xxxxxxxx xxx the xxxxxxxx xx xxxxxxxx shall xx xxxxxxxxx and xxxxxx xxxxxxxx to xxxxxxxxxxx security shall xx recorded. Operator xxxx shall xx xxxx xx ensure xxxx xxxxxxxxxxx xxxxxx xxxxxxxx xxx xxxxxxxxxx. Xxxxxxxx xxxx xxxxx xx xxxxxxxxx xxxxxxxx xx x&xxxx;xxxxxx xxxxx, xxxxx on the xxxxxxxxxxx of xxx xxxxxxxxxx. Xxxxxx xxxxxxxxxx xxxxx xx xxxx xx xxxxx xxx xxxxxxxxxxxxx of xxxxxxxx xxxxx are identified xx xxxxxxxx xxx xxx xxxxxxxx xx xxxxxxxx xxx xx xxxxxx conformity xx xx xxxxxx xxxxxx xxxxx. Xxxxxxxxx xx xxxxxxxxxxx xxxxxxx xxxxxxxxxxxxx xxxxx xx xxxxx xx x&xxxx;xxxxxx xxxxxxxx xxxxxx, xxxxxxx xxx xx xxxx with xxxxxxxx xxxxxxxxxx among xxx xxxxxxxx xxxxxxx xxx xxxxx xx xxxxxxxxx xxxx xxx xxxxxxxx xxxxxxxxxxx. Xxxxx party xxxxxxxx components xxxxxxxx xx xxx exchange xx xxxxxxxxxxx xxxx XXXXXX2 (xxxx xxxxxxxx xxxxxxxx from x&xxxx;Xxxxxxx Xxxxxx xx xxxxxxxx 2 xx the xxxxx section xx xxx TARGET2 xxxx-xxxxxxxxxxxxx xxxxxxxxxxx xxxxxxxx) xxxx xx used xxxxx x&xxxx;xxxxxx xxxxxxxxx xxxx xxx xxxxx party. Requirement 1.9: Access xxxxxxx Xxxxxx xx information xxxxxx xxxxx xx justified xx xxx xxxxx xx business xxxxxxxxxxxx (xxxx-xx-xxxx&xxxx;(1)) xxx xxxxxxxxx xx xxx established xxxxxxxxx xx xxxxxxxxx xxxxxxxx (xxxxxxxxx xxx xxxxxxxxxxx xxxxxxxx policy). Xxxxx access xxxxxxx xxxxx shall xx xxxxxxx xxxxx xx xxx xxxxxxxxx of xxxxx xxxxxxxxx&xxxx;(2) xx xxxxxxx closely the xxxxx of xxx xxxxxxxxxxxxx business and XX processes. Where xxxxxxxx (x.x. for xxxxxx management) xxxxxxx xxxxxx xxxxxxx xxxxxx xx xxxxxxxxxx with xxxxxxxx access xxxxxxx xxxxxx there xxx xxxxxxxx compensatory controls xx xxxxx (e.g. xxxxxxxxxx, xxxxxxxx xxxx xxxxxxxxxxxxx). Xxxxxx xxx xxxxxxxxxx xxxxxxxxxx xxxxx be xx place to xxxxxxx the allocation xx access xxxxxx xx information xxxxxxx xxx services that xxxx xxxxxx the xxxxx of xxx Xxxxxxx Xxxxxxxxxxx Chain. Xxx xxxxxxxxxx shall xxxxx xxx stages xx xxx xxxxxxxxx xx xxxx xxxxxx, xxxx xxx xxxxxxx xxxxxxxxxxxx xx xxx xxxxx xx xxx xxxxx xxxxxxxxxxxxxx of xxxxx xxxx xx xxxxxx require xxxxxx. Xxxxxxx xxxxxxxxx xxxxx be xxxxx, xxxxx xxxxxxxxxxx, xx xxx xxxxxxxxxx xx xxxxxx xxxxxx xx xxxx criticality xxxx xxx abuse xx xxxxx xxxxxx xxxxxx could xxxx xx x&xxxx;xxxxxx adverse xxxxxx xx xxx xxxxxxxxxx xx xxx xxxxxxxxxxx (x.x. access xxxxxx allowing xxxxxx xxxxxxxxxxxxxx, xxxxxxxx xx xxxxxx xxxxxxxx, direct xxxxxx to xxxxxxxx xxxx). Xxxxxxxxxxx controls xxxxx xx xxx xx xxxxx to xxxxxxxx, xxxxxxxxxxxx and xxxxxxxxx xxxxx xx xxxxxxxx xxxxxx xx xxx xxxxxxxxxxxx’x xxxxxxx, x.x. xxx xxxxx xxx xxxxxx xxxxxx to xxxxxxx in xxx Xxxxxxx Transaction Xxxxx. Xxxxxxxx xxxxxxxx xxxxx xxx be shared xx xxxxx xx xxxxxx xxxxxxxxxxxxxx. Xxx passwords, xxxxx shall xx xxxxxxxxxxx and xxxxxxxx xx xxxxxxxx xxxxxxxx xx ensure that xxxxxxxxx xxxxxx xx xxxxxx xxxxxxx, x.x. xxxxxxxxxx rules and xxxxxxx-xxxx validity. A safe xxxxxxxx xxxxxxxx xxx/xx xxxxx xxxxxxxx shall xx xxxxxxxxxxx. X&xxxx;xxxxxx shall xx xxxxxxxxx and xxxxxxxxxxx on the xxx of cryptographic xxxxxxxx xx xxxxxxx xxx xxxxxxxxxxxxxxx, xxxxxxxxxxxx xxx xxxxxxxxx xx xxxxxxxxxxx. X&xxxx;xxx management xxxxxx xxxxx be xxxxxxxxxxx xx xxxxxxx xxx xxx xx xxxxxxxxxxxxx xxxxxxxx. Xxxxx xxxxx xx xxxxxx xxx xxxxxxx xxxxxxxxxxxx information xx xxxxxx xx xx xxxxx (x.x. x&xxxx;xxxxx screen, x&xxxx;xxxxx xxxx policy) to xxxxxx xxx risk xx unauthorised xxxxxx. Xxxx xxxxxxx remotely, xxx xxxxx of xxxxxxx xx xx xxxxxxxxxxx xxxxxxxxxxx xxxxx xx xxxxxxxxxx xxx xxxxxxxxxxx xxxxxxxxx xxx organisational xxxxxxxx xxxxx xx xxxxxxx. Xxxxxxxxxxx 1.10: Xxxxxxxxxxx xxxxxxx acquisition, development xxx maintenance Security requirements xxxxx be identified xxx xxxxxx prior xx xxx xxxxxxxxxxx xxx/xx xxxxxxxxxxxxxx xx xxxxxxxxxxx xxxxxxx. Xxxxxxxxxxx xxxxxxxx xxxxx be xxxxx xxxx xxxxxxxxxxxx, xxxxxxxxx xxxx-xxxxxxxxx applications, xx xxxxxx xxxxxxx xxxxxxxxxx. Xxxxx xxxxxxxx xxxxx xxxxxxx the xxxxxxxxxx xx input xxxx, xxxxxxxx xxxxxxxxxx xxx xxxxxx xxxx. Xxxxxxxxxx xxxxxxxx may be xxxxxxxx for systems xxxx xxxxxxx, or xxxx an impact xx, sensitive, xxxxxxxx xx xxxxxxxx xxxxxxxxxxx. Xxxx xxxxxxxx xxxxx xx xxxxxxxxxx on xxx basis of xxxxxxxx xxxxxxxxxxxx xxx xxxx assessment xxxxxxxxx xx xxx xxxxxxxxxxx xxxxxxxx (x.x. xxxxxxxxxxx xxxxxxxx xxxxxx, xxxxxxxxxxxxx xxxxxxx xxxxxx). Xxx xxxxxxxxxxx xxxxxxxxxxxx xx xxx xxxxxxx xxxxx be xxxxxxxxxxx, documented xxx xxxxxx xxxxx xx xxxxx xxxxxxxxxx xxx xxx. Xx xxxxxxx xxxxxxx security, xxxxxxxxxxx xxxxxxxx, xxxxxxxxx xxxxxxxxxxxx xxx xxxxxx management, xxxxxx xx implemented xxxxx xx xxx xxxxxxxxxxx of xxxx xxxxx xxx xxx xxxxx xx xxxx xx xxx network xxxxx xx the xxxxxxxxxxxx. Xxxxx shall xx xxxxxxxx xxxxxxxx xx protect sensitive xxxxxxxxxxx xxxxxxx xxxx xxxxxx networks. Access to xxxxxx files xxx xxxxxxx source xxxx xxxxx xx xxxxxxxxxx xxx IT xxxxxxxx xxx support activities xxxxxxxxx in x&xxxx;xxxxxx xxxxxx. Xxxx xxxxx xx xxxxx xx xxxxx xxxxxxxx of xxxxxxxxx xxxx xx xxxx xxxxxxxxxxxx. Xxxxxxx xxx support xxxxxxxxxxxx xxxxx be strictly xxxxxxxxxx. Xxxxxxxxxx xx xxxxxxx xx xxxxxxxxxx xxxxx xx xxxxxxxx xxxxxxxxxx. X&xxxx;xxxx assessment xx the xxxxx xxxxxxx xx xx xxxxxxxx xx production xxxxx be xxxxxxxxx. Xxxxxxx xxxxxxxx testing xxxxxxxxxx xx xxxxxxx xx xxxxxxxxxx shall xxxx xx xxxxxxxxx according xx x&xxxx;xxxxxxxxxx xxxx xxxxx xx the xxxxxxx xx x&xxxx;xxxx xxxxxxxxxx, xxx security xxxxxxx xxxxx include, xx xxxxx, vulnerability xxxxxxxxxxx. Xxx of xxx xxxxxxxxxxxx highlighted xxxxxx xxx security xxxxxxx xxxxxxxxxx xxxxx xx assessed and xxxxxx plans to xxxxx xxx xxxxxxxxxx xxx xxxxx xx xxxxxxxx xxx followed xx xx x&xxxx;xxxxxx xxxxxxx. Xxxxxxxxxxx 1.11: Xxxxxxxxxxx xxxxxxxx xx xxxxxxxx&xxxx;(3) xxxxxxxxxxxxx Xx xxxxxx xxxxxxxxxx xx xxx xxxxxxxxxxx’x xxxxxxxx information xxxxxxx xxxx are xxxxxxxxxx xx xxxxxxxxx, information xxxxxxxx requirements for xxxxxxxxxx the risks xxxxxxxxxx with supplier’s xxxxxx xxxxx xx xxxxxxxxxx and formally xxxxxx xxxx with xxx xxxxxxxx. Xxxxxxxxxxx 1.12: Xxxxxxxxxx xx information xxxxxxxx xxxxxxxxx xxx xxxxxxxxxxxx Xx xxxxxx x&xxxx;xxxxxxxxxx xxx xxxxxxxxx approach xx the management xx xxxxxxxxxxx xxxxxxxx xxxxxxxxx, including xxxxxxxxxxxxx xx security events xxx weaknesses, xxxxx, xxxxxxxxxxxxxxxx xxx xxxxxxxxxx, xx xxxxxxxx xxx xxxxxxxxx xxxxx, shall xx xxxxxxxxxxx and xxxxxx to ensure x&xxxx;xxxxx, xxxxxxxxx and xxxxxxx and xxxxxx xxxxxxx xxxx information xxxxxxxx xxxxxxxxx xxxxxxxxx xxxxxxxxx related xx x&xxxx;xxxxx-xxxxxxx cause (x.x. x&xxxx;xxxxx pursued xx xx xxxxxxxx xxxxxxxx xx xx an xxxxxxx). Personnel involved xx these xxxxxxxxxx xxxxx be adequately xxxxxxx. Xxxxxxxxxxx 1.13: Xxxxxxxxx xxxxxxxxxx xxxxxx X&xxxx;xxxxxxxxxxx’x internal xxxxxxxxxxx systems (x.x. xxxx xxxxxx xxxxxxx, xxxxxxxx xxxxxxxx xxx xxxxxxxx xxxxxxx xxxxxxxxxxxx) xxxxx xx regularly xxxxxxxx for compliance xxxx xxx xxxxxxxxxxxx’x xxxxxxxxxxx framework xx xxxxxxxx (x.x. xxxxxxxxxxx xxxxxxxx policy, cryptographic xxxxxxx xxxxxx). Xxxxxxxxxxx 1.14: Xxxxxxxxxxxxxx Xxxxx xxxxxxx xxxxxxxx xxxxx comply xxxx xxx the xxxxxxxx xxxxxxxx xxxx are xxx xxx xxxxxxxx xxxxxxxx xxx xxxxxxx (x.x. xxxxxxxxx, xxxxxxx). Xxxxxxxx xxxxxxxx xx xxxxxxxxxxx xxxx xxxxxxx: xxxxxxxxx xx the xxxxxxxxxx xxx the xxxxxxx operating xxxxxx, xxxxxxx patching, xxxxxx xxxxxxxxxx xx xxxxxxxxx xxxxxxxxxxxx (x.x. xxxxxxxxxx xxx xxxxxxxxxxx). Centralised xxxxxxxxxx, xxxxxxx xxx xxxxxxxxxx xx xxxx xx xxxxxxxx of xxxxxx xxxxxx, xx xxxxxxxxxx xxx high xxxxxxxxxx xxxxxxxx, shall xx implemented based xx x&xxxx;xxxx xxxxxxxxxx. Xxxxx virtual xxxxxxxx xxxxxxx by xxx xxxx hypervisor xxxxx xxxx x&xxxx;xxxxxxx xxxx xxxxxxx. Xxxxxxxxxxx 1.15: Xxxxx xxxxxxxxx Xxx xxxxx of xxxxxx and/or xxxxxx xxxxx solutions in xxx Payment Xxxxxxxxxxx Xxxxx must be xxxxx xx a formal xxxx assessment, xxxxxx xxxx xxxxxxx xxx xxxxxxxxx xxxxxxxx xxx xxx xxxxxxxxxxx xxxxxxx xxxxxxx xx xxx xxxxx solution. If xxxxxx xxxxx xxxxxxxxx xxx xxxx, xx is xxxxxxxxxx that the xxxxxxxxxxx level of xxx xxxxxxx xxxxxx xx xxx xxxxxxx xxx xx xxx xxxxxxxxx xxxxxxx. Xxx xx-xxxxxxxx xxxxxxxxxx of xxx xxxxxx solutions xxxx xx segregated xxxx the xxxxx xx-xxxxxxxx systems. Business xxxxxxxxxx xxxxxxxxxx (applicable xxxx xx xxxxxxxx xxxxxxxxxxxx) Xxx xxxxxxxxx requirements (2.1 xx 2.6) relate xx xxxxxxxx xxxxxxxxxx xxxxxxxxxx. Xxxx TARGET2 xxxxxxxxxxx xxxxxxxxxx xx xxx Eurosystem as xxxxx xxxxxxxx xxx xxx smooth xxxxxxxxxxx xx the XXXXXX2 xxxxxx shall have x&xxxx;xxxxxxxx xxxxxxxxxx strategy xx place comprising xxx xxxxxxxxx xxxxxxxx.
|
(1)&xxxx;&xxxx;Xxx xxxx-xx-xxxx xxxxxxxxx xxxxxx xx xxx xxxxxxxxxxxxxx xx xxx set xx information that xx xxxxxxxxxx xxxxx xxxxxx to in xxxxx xx xxxxx xxx her/his xxxxxx.
(2)&xxxx;&xxxx;Xxx xxxxxxxxx of least xxxxxxxxx xxxxxx xx xxxxxxxxx x&xxxx;xxxxxxx’x access xxxxxxx xx an XX xxxxxx xx xxxxx xx match xxx xxxxxxxxxxxxx xxxxxxxx xxxx.
(3)&xxxx;&xxxx;X&xxxx;xxxxxxxx xx the xxxxxxx xx xxxx xxxxxxxx should xx xxxxxxxxxx xx xxx xxxxx xxxxx (and xxx personnel) xxxxx xx xxxxx xxxxxxxx (xxxxxxxxx), with xxx xxxxxxxxxxx, xx provide x&xxxx;xxxxxxx xxx xxxxx xxx xxxxxxx xxxxxxxxx xxx third xxxxx (xxx xxx xxxxxxxxx) xx granted xxxxxx, xxxxxx remotely xx xx-xxxx, xx information xxx/xx xxxxxxxxxxx xxxxxxx xxx/xx xxxxxxxxxxx processing xxxxxxxxxx xx xxx xxxxxxxxxxx xx scope xx xxxxxxxxxx xx xxx scope covered xxxxx xxx xxxxxxxx xx the XXXXXX2 xxxx-xxxxxxxxxxxxx.
XXXXXXX XX
Xxxxxxx XX xxxxxxxxxx ECB/2007/7 se xxxx xxxxx:
|
1. |
Xxxxxx&xxxx;1 se xxxx xxxxx:
|
|
2. |
V čl. 4 odst. 2 xx písmeno xx) xxxxxxxxx tímto:
|
|
3. |
X&xxxx;xx.&xxxx;4 xxxx.&xxxx;2 se xxxxxx xxxx xxxxxxx xx), které xxx:
|
|
4. |
V článku 4 xx xxxxxxxx 3 xxxxxxxxx xxxxx: „3.&xxxx;&xxxx;&xxxx;XXXXXX2 xxxxxxxx xxxx-xxxx xxxxx settlement xxx xxxxxxxx xx xxxx, xxxx xxxxxxxxxx xx xxxxxxx bank xxxxx xxxxxx XX xxxxxxxx, X2X XXXx xxx XXXX XXXx. XXXXXX2 xx established xxx functions xx xxx xxxxx xx xxx SSP xxxxxxx xxxxx xxxxxxx xxxxxx xxx submitted and xxxxxxxxx xxx xxxxxxx xxxxx payments are xxxxxxxxxx xxxxxxxx xx xxx same technical xxxxxx. Xx xxx xx the technical xxxxxxxxx xx xxx X2X DCAs xx xxxxxxxxx, TARGET2 xx xxxxxxxxxxx established and xxxxxxxxx xx xxx xxxxx xx xxx X2X Xxxxxxxx. Xx xxx xx the xxxxxxxxx xxxxxxxxx of xxx XXXX DCAs xxx TIPS AS xxxxxxxxx accounts is xxxxxxxxx, XXXXXX2 xx xxxxxxxxxxx xxxxxxxxxxx xxx xxxxxxxxx on xxx xxxxx xx xxx XXXX Platform. Xxx XXX xx the xxxxxxxx of services xxxxx xxxxx Xxxxxxxxxx. Xxxx and xxxxxxxxx xx the SSP-providing XXXx xxx xxx 4XXx xxxxx xx xxxxxxxxxx xxxx xxx xxxxxxxxx of xxx XXX, xxx which xx xxxxx xxxxxx xxxxxxxxx xx accordance xxxx Xxxxxxx&xxxx;21 xx xxxx Annex. Xxxxxxxxxxxxx xxxxxxxx to these Xxxxxxxxxx shall xxx xxxxxx x&xxxx;xxxxxxxxxxx relationship xxxxxxx T2S DCA xxxxxxx xxx xxx XXX-xxxxxxxxx XXXx xx xxx 4XXx xxxx xxx xx xxx xxxxxx acts xx xxxx capacity. Xxxxxxxxxxxx, xxxxxxxx or information xxxxx a T2S DCA xxxxxx receives xxxx, xx sends xx, xxx XXX xx X2X Xxxxxxxx in xxxxxxxx xx xxx xxxxxxxx xxxxxxxx xxxxx xxxxx Xxxxxxxxxx are xxxxxx xx xx xxxxxxxx xxxx, xx xxxx to, xxx XXX.“; |
|
5. |
X&xxxx;xxxxxx&xxxx;8 xx xxxxxxxx 3 nahrazuje tímto: „3. Where xxx XXX has xxxxxxx a request xx x&xxxx;X2X XXX holder xxxxxxxx xx xxxxxxxxx 1, xxxx T2S XXX xxxxxx xx xxxxxx xx xxxx xxxxx the xxxxxxxxxxxxx XXX(x) x&xxxx;xxxxxxx xx xxxxx xxx X2X XXX with xxx xxxxxxx xxxxxxxx xx xxxxxxxxxx transactions xxxxxxxx xx those xxxxxxxxxx xxxxxxxx.“; |
|
6. |
X&xxxx;xxxxxx&xxxx;28 xx odstavec 1 xxxxxxxxx xxxxx: „1.&xxxx;&xxxx;&xxxx;X2X XXX xxxxxxx xxxxx xx xxxxxx to xx aware xx, xxxxx xxxxxx xxxx, xxx xxxxx xx xxxx xx xxxxxxxxxxx xxxx xxxxxxxxxx xx xxx xxxxxxxx xxxxxxxxx xxxxxxxxxxx xxxx xxx xxxxxxxxxxx xx them xxxxxxxx to legislation xx xxxx xxxxxxxxxx. Xxxx shall be xxxxxx xx xx xxxxx xx, and xxxxx comply with xxx xxxxxxxxxxx xx xxxx xxxxxxxx xx xxxxxxxxxxx xx xxxxxxxxxx xx xxxxx xxxxxxxxxx xxx xxx xxxxxxxxx xx xxxxxxxxx, xxxxxxxxxxxxx-xxxxxxxxx xxxxxxx activities xxx xxx xxxxxxxxxxx of xxxxxxx xxxxxxx xxxxxxxx xxxxxxx, xx xxxxxxxxxx xx terms of xxxxxxxxxxxx xxxxxxxxxxx xxxxxxxx xxxxxxxxxx xxx payments xxxxxxx xx xxxxxxxx xx xxxxx X2X XXXx. Prior xx xxxxxxxx xxxx xxx xxxxxxxxxxx relationship xxxx xxx X2X xxxxxxx xxxxxxx xxxxxxxx, X2X XXX holders shall xxxxxx xxxx xxxx xxx informed about xxx xxxx xxxxxxxxx xxxxxx.“; |
|
7. |
Xxxxxx&xxxx;30 se nahrazuje xxxxx: „Xxxxxxx&xxxx;30 Xxxxxxxxxxx xxxxxxxxxxxx xxxx xx NSP 1. T2S DCA xxxxxxx xxxxx either:
2.&xxxx;&xxxx;&xxxx;Xxx xxxxx xxxxxxxxxxxx between x&xxxx;X2X XXX xxxxxx xxx the NSP xxxxx xx xxxxxxxxxxx xxxxxxxx xx the xxxxx xxx xxxxxxxxxx xx the xxxxxxxx xxxxxxxx concluded xxxx xx XXX xx xxxxxxxx xx in xxxxxxxxx 1(x). 3.&xxxx;&xxxx;&xxxx;Xxx xxxxxxxx xx be xxxxxxxx xx the NSP xxxxx xxx form xxxx of xxx xxxxxxxx to be xxxxxxxxx xx the XXX xx respect xx XXXXXX2. 4.&xxxx;&xxxx;&xxxx;Xxx XXX xxxxx xxx xx xxxxxx xxx any xxxx, errors or xxxxxxxxx xx xxx XXX (xxxxxxxxx its xxxxxxxxx, staff and xxxxxxxxxxxxxx), xx xxx xxx xxxx, xxxxxx xx xxxxxxxxx xx xxxxx xxxxxxx xxxxxxxx xx xxxxxxxxxxxx xx xxxx access to xxx XXX’x network.“; |
|
8. |
Vkládá xx xxxx xxxxxx&xxxx;34x, xxxxx xxx: „Xxxxxxx&xxxx;34x Xxxxxxxxxxxx xxxxxxxxxx Xxxx xxx TARGET xxxxxx xx xxxxxxxxxxx xxx XXXXXX2 has xxxxxx xxxxxxxxx, X2X DCA xxxxxxx shall xxxxxx X2X DCA holders xx xxx XXXXXX xxxxxx.“; |
|
9. |
Xxxxxx xx xxxxx „X2X network xxxxxxx xxxxxxxx“ (x&xxxx;xxxxxxxxx nebo xxxxxxx čísle) x&xxxx;xx.&xxxx;6 xxxx.&xxxx;1 xxxx. x) xxxx i), čl. 9 xxxx.&xxxx;5, xx.&xxxx;10 odst. 6, xx.&xxxx;14 odst. 1 písm. x), xx.&xxxx;22 xxxx.&xxxx;1, xx.&xxxx;22 odst. 2, čl. 22 xxxx.&xxxx;3, čl. 27 xxxx.&xxxx;5, xx.&xxxx;28 xxxx.&xxxx;1, xx.&xxxx;29 xxxx.&xxxx;1 xxxxxxx XX x&xxxx;x&xxxx;xxxxxxxx 1 xxxxxxx X&xxxx;xx xxxxxxxxx xxxxxxx „XXX“; |
|
10. |
X&xxxx;xxxxxxx I se x&xxxx;xxxx.&xxxx;8 xxxxxxx. 4 xxxxxxxxx xxxxxxx b) xxxxx:
|
PŘÍLOHA XXX
Xxxxxxx XXX xxxxxxxxxx XXX/2007/7 se xxxx takto:
|
1. |
Odkazy xx xxxxx „TIPS network xxxxxxx xxxxxxxx“ (x&xxxx;xxxxxxxxx xxxx množném xxxxx) x&xxxx;xxxx příloze se xxxxxxxxx xxxxxxx „XXX“; |
|
2. |
Xxxxxx&xxxx;1 xx mění xxxxx:
|
|
3. |
X&xxxx;xx.&xxxx;3 xxxx.&xxxx;1 xx xxxxxxx xxxxx xx „Appendix X: XXXX xxxxxxxxxxxx xxxxxxxxx requirements“; |
|
4. |
Článek 4 se xxxx xxxxx:
|
|
5. |
X&xxxx;xx.&xxxx;6 xxxx.&xxxx;1 xxxx. x) xx xxx x) nahrazuje xxxxx:
|
|
6. |
Xxxxxx&xxxx;9 se xxxxxxxxx xxxxx: „Xxxxxxx&xxxx;9 Xxxxxxxxxxx relationship xxxx xx XXX 1.&xxxx;&xxxx;&xxxx;Xxxxxxxxxxxx xxxxx xxxxxx:
2.&xxxx;&xxxx;&xxxx;Xxx legal xxxxxxxxxxxx xxxxxxx a participant xxx the NSP xxxxx xx xxxxxxxxxxx xxxxxxxx xx xxx xxxxx xxx xxxxxxxxxx xx their separate xxxxxxxx as xxxxxxxx xx xx xxxxxxxxx 1(x). 3.&xxxx;&xxxx;&xxxx;Xxx xxxxxxxx xx xx provided by xxx NSP xxxxx xxx form xxxx xx xxx xxxxxxxx xx be xxxxxxxxx xx xxx XXX xx xxxxxxx of XXXXXX2. 4.&xxxx;&xxxx;&xxxx;Xxx XXX shall xxx be xxxxxx xxx any xxxx, xxxxxx or xxxxxxxxx xx xxx XXX (xxxxxxxxx xxx xxxxxxxxx, xxxxx xxx subcontractors), xx xxx xxx xxxx, errors xx xxxxxxxxx by third xxxxxxx selected by xxxxxxxxxxxx xx gain xxxxxx to xxx XXX’x network.“; |
|
7. |
Článek 10 xx xxxxxxx; |
|
8. |
Xxxxxx xx nový xxxxxx&xxxx;11x, který zní: „Article 11a MPL xxxxxxxxxx 1.&xxxx;&xxxx;&xxxx;Xxx central XXX xxxxxxxxxx xxxxxxxx the xxxxx – XXXX xxxxxxx table xxx xxx xxxxxxxx xx xxx XXX xxxxxxx. 2.&xxxx;&xxxx;&xxxx;Xxxx xxxxx xxx xx xxxxxx xx only xxx IBAN. Xx XXXX xxx xx xxxxxx to one xx xxxxxxxx xxxxxxx. 3.&xxxx;&xxxx;&xxxx;Xxxxxxx&xxxx;29 xxxxx xxxxx to xxx data contained xx xxx MPL xxxxxxxxxx.“; |
|
9. |
X&xxxx;xxxxxx&xxxx;12 xx zrušuje xxxxxxxx 9; |
|
10. |
Xxxxxx&xxxx;16 xx xxxxxxxxx xxxxx: „Xxxxxxx&xxxx;16 Xxxxx of xxxxxxx xxxxxx in XXXX XXX Xxx xxxxxxxxx xxx xxxxxxxxxx xx xxxxxxx orders for xxx xxxxxxxx of xxx XXXX xxxxxxx:
|
|
11. |
X&xxxx;xxxxxx&xxxx;18 xx xxxxxxxx 6 xxxxxxxxx xxxxx: „6.&xxxx;&xxxx;&xxxx;Xxxxx x&xxxx;XXXX XXX xx XX xxxxxxxxx xxxxxxxx xxxxx, x&xxxx;XXXX XXX to XXXX XX technical account xxxxxxxxx xxxxxxxx xxxxx xx a TIPS XX xxxxxxxxx account xx XXXX XXX liquidity xxxxxxxx order xxx xxxx xxxxxxxx xx xxxxxxxx xx in Xxxxxxx&xxxx;17, the XXXXXX2-XXX xxxxx check xxxxxxx xxxxxxxxxx xxxxx are xxxxxxxxx on xxx xxxxx'x xxxxxxx. If xxxxxxxxxx xxxxx are xxx xxxxxxxxx the xxxxxxxxx transfer xxxxx xxxxx xx rejected. Xx xxxxxxxxxx xxxxx xxx xxxxxxxxx xxx xxxxxxxxx transfer xxxxx xxxxx xx xxxxxxx xxxxxxxxxxx.“; |
|
12. |
X&xxxx;xx.&xxxx;20 xxxx.&xxxx;1 xx xxxxxxx b) nahrazuje xxxxx:
|
|
13. |
X&xxxx;xxxxxx&xxxx;30 xx xxxxxxxx 1 xxxxxxxxx tímto: „1. TIPS XXX holders shall xx xxxxxx xx xx aware xx, xxxxx xxxxxx xxxx xxx xxxxx xx xxxx xx demonstrate xxxx xxxxxxxxxx xx xxx xxxxxxxx xxxxxxxxx xxxxxxxxxxx xxxx all xxxxxxxxxxx xx xxxx xxxxxxxx xx legislation xx data protection. Xxxx xxxxx be xxxxxx xx xx xxxxx xx, xxx xxxxx comply xxxx xxx xxxxxxxxxxx xx xxxx xxxxxxxx xx xxxxxxxxxxx xx xxxxxxxxxx xx xxxxx laundering xxx the xxxxxxxxx xx xxxxxxxxx, proliferation-sensitive xxxxxxx xxxxxxxxxx xxx xxx xxxxxxxxxxx xx xxxxxxx xxxxxxx xxxxxxxx xxxxxxx, xx particular xx terms of xxxxxxxxxxxx xxxxxxxxxxx xxxxxxxx xxxxxxxxxx xxx payments xxxxxxx or xxxxxxxx xx xxxxx XXXX XXXx. XXXX XXX xxxxxxx xxxxxx that xxxx are xxxxxxxx xxxxx xxxxx xxxxxx XXX'x xxxx xxxxxxxxx xxxxxx prior xx xxxxxxxx xxxx x&xxxx;xxxxxxxxxxx xxxxxxxxxxxx xxxx that XXX.“; |
|
14. |
Xxxxxx xx xxxx xxxxxx&xxxx;35x, xxxxx xxx: „Xxxxxxx&xxxx;35x Xxxxxxxxxxxx xxxxxxxxx Xxxx the XXXXXX xxxxxx xx operational xxx the TARGET2 xxx ceased xxxxxxxxx, XXXX DCA xxxxxxx xxxxx become XXXX XXX xxxxxxx in xxx XXXXXX xxxxxx.“; |
|
15. |
X&xxxx;xxxxxxx X&xxxx;xx xxxxxxx x&xxxx;xxxxxxxx 2 xxxxxxxxx xxxxx:
|
|
16. |
X&xxxx;xxxxxxx X&xxxx;xx v odst. 6 xxxxxxx. 1 nahrazuje xxxxxxx x) tímto:
|
|
17. |
X&xxxx;xxxxxxx XX se xxxxxxx xxxxxxxx 2; |
|
18. |
Xxxxxxx V se xxxxxxx. |