XXXXXXXXXX EVROPSKÉ XXXXXXXXX XXXXX (XX) 2021/1758
xx xxx 21. září 2021,
xxxxxx xx mění xxxxxxxxxx XXX/2007/7 x&xxxx;xxxxxxxxxx XXXXXX2-XXX (XXX/2021/43)
XXXXXXX RADA EVROPSKÉ XXXXXXXXX XXXXX,
x&xxxx;xxxxxxx xx Xxxxxxx o fungování Evropské xxxx, x&xxxx;xxxxxxx xx xxxxx a čtvrtou odrážku xx.&xxxx;127 odst. 2 xxxx xxxxxxx,
x&xxxx;xxxxxxx xx xxxxxx Xxxxxxxxxx xxxxxxx xxxxxxxxxxx xxxx x&xxxx;Xxxxxxxx xxxxxxxxx xxxxx, a zejména xx xxxxxx&xxxx;11.6 x&xxxx;xxxxxx 17, 22 x&xxxx;23 tohoto xxxxxxx,
xxxxxxxx k těmto důvodům:
(1) |
Rada xxxxxxxxx xxxxxxx&xxxx;(1) xxx 20.&xxxx;xxxxxxxx 2021 obecné xxxxxx Evropské centrální xxxxx XXX/2012/27&xxxx;(2) s cílem: x) xxxxxxxx, xx xxxxxxxx TIPS XXX xxxxx x&xxxx;XXXXXX2 xxxxxxxxx xxxxxxxxxxxxxxx xxxxxxxxxx xxxxxxx xxxxx infrastruktury Xxxxxxxxxxx (Xxxxxxxxxx Xxxxxx Market Xxxxxxxxxxxxxx Gateway) xx xxxxxxxxx 2021 a majitelé X2X DCA xxxxx x&xxxx;XXXXXX2 xxxxxxxxxxxxxxx tohoto xxxxxxx připojeni xx xxxxxx 2022; x) xxxxxxxx x&xxxx;xxxxxxxx xxxxxxxx xxxxxxxx se dodržování xxxxxxxxx xx xxxxxxxxxx xxxxxxxxx xxxx TARGET2, xxx xx zajistilo, xx se xxxxxx XXXXXX2 bude xxxx xxxxxxx tak, aby xxx schopen xxxxx xxxxxxx x&xxxx;xxxxxxx kybernetické xxxxxxxxxxx; x) xxxxxx xxxxxxxxx, xxx xxxxxxxx xxxx PM, jejich xxxxxxx xxxxxxxxx x&xxxx;xxxxxxxxxxxxx xxxxxxxx xxxx XXX, xxxxx xxxxxxxxxxx x&xxxx;xxxxxxxxxxx xxxxxxx SCT Inst xxxxxxxx dohody o dodržování xxxxxxx xxx okamžité xxxxxxxxxxxxx xxxxxxx SEPA, xxxx x&xxxx;xxxxxxx trvale xxxxxxxxxxx xx xxxxxxxxx XXXX xxxxxxxxxxxxxxx TIPS XXX, xxx xxx xx xxxxxxxxx xxxxxxxxxx xxxxxxxxxx xxxxxx v celé Xxxx; d) zavést xxxxxxxxxxxxxxx, xxxxx xxx x&xxxx;xxxxxxx převodu zůstatků x&xxxx;xxxx účastníků v TARGET2 xx odpovídající xxxxxxxxxxx xxxx x&xxxx;xxxxxxxx systému XXXXXX, aby xxxx xxxxxxxxx xxxxxx xxxxxxx, x&xxxx;x) vyjasnit a aktualizovat xxxxxxx další xxxxxxx xxxxxxxx zásad XXX/2012/27. |
(2) |
Xxxxxxx xxxx zprovozněn projekt xxxxxxxxxxx T2-T2S, bude x&xxxx;xxxxx xxxxxx xxxxxxx xxxxxx nezbytné xxxxxxxx xxxxxxxxxxxxxxx, xxxxx xxx x&xxxx;xxxxxxx xxxxxxx xxxxxxxx x&xxxx;xxxx účastníků x&xxxx;XXXXXX2-XXX xx xxxxxxxxxxxx xxxxxxxxxxx xxxx. |
(3) |
Xxxxx xxxxxxxx xxxxx XXX/2012/27, které xxxx xxxx na xxxxxxxx XXXXXX2-XXX, xx třeba xxxxxxxxx x&xxxx;xxxxxxxxxx Xxxxxxxx xxxxxxxxx xxxxx ECB/2007/7 (3). |
(4) |
Rozhodnutí XXX/2007/7 xx xxxxx xxxxx odpovídajícím způsobem xxxxxx, |
XXXXXXX TOTO XXXXXXXXXX:
Xxxxxx&xxxx;1
Xxxxx
Xxxxxxx X, II x&xxxx;XXX rozhodnutí XXX/2007/7 xx xxxx x&xxxx;xxxxxxx x&xxxx;xxxxxxxxx tohoto xxxxxxxxxx.
Článek 2
Závěrečná xxxxxxxxxx
Xxxx xxxxxxxxxx xxxxxxxx x&xxxx;xxxxxxxx xxxxx xxxx xx xxxxxxxxxx x&xxxx;Xxxxxxx věstníku Evropské xxxx.
Xxxxxxx se ode xxx 21.&xxxx;xxxxxxxxx 2021, x&xxxx;xxxxxxxx xxxx.&xxxx;1 písm. x) x&xxxx;xxxxxxxx 7 x&xxxx;9 přílohy XX xxxxxx xxxxxxxxxx, které xx xxxxxxx xxx xxx 13.&xxxx;xxxxxx 2022.
Xx Xxxxxxxxxx nad Xxxxxxx xxx 21. září 2021.
Xxxxxxxxxxx XXX
Xxxxxxxxx LAGARDE
(1) Obecné xxxxxx Evropské centrální xxxxx (XX) 2021/1759 xx xxx 20.&xxxx;xxxxxxxx 2021, kterými se xxxx xxxxxx xxxxxx XXX/2012/27 x&xxxx;xxxxxxxxxxxxxx xxxxxxxxx xxxxxxxxxxxxxxx xxxxxxx zúčtování xxxxxx v reálném xxxx (XXXXXX2) (XXX/2021/30) [(xxx xxxxxx 45 v tomto xxxxx Xxxxxxxx věstníku).
(2) Obecné xxxxxx Xxxxxxxx centrální xxxxx XXX/2012/27 xx xxx 5. prosince 2012 x&xxxx;xxxxxxxxxxxxxx expresním automatizovaném xxxxxxx xxxxxxxxx xxxxxx x&xxxx;xxxxxxx čase (XXXXXX2) (Xx. xxxx. X&xxxx;30, 30.1.2013, x. 1).
(3) Rozhodnutí Xxxxxxxx xxxxxxxxx xxxxx XXX/2007/7 xx xxx 24.&xxxx;xxxxxxxx 2007 o podmínkách XXXXXX2-XXX (Xx. xxxx. X&xxxx;237, 8.9.2007, s. 71).
XXXXXXX I
Příloha X&xxxx;xxxxxxxxxx XXX/2007/7 xx xxxx xxxxx:
1. |
Xxxxxx&xxxx;1 xx xxxx xxxxx:
|
2. |
X&xxxx;xxxxxx&xxxx;2 xxxxxx xxxxxxxx se xxxxxxxx xxxx xxxx, xxxxx zní:
|
3. |
Xxxxxx&xxxx;3 xx xxxx xxxxx:
|
4. |
Xxxxxx&xxxx;5 xx xxxxxxxxx xxxxx: „Xxxxxxx&xxxx;5 Xxxxxx xxxxxxxxxxxx XX xxxxxxx xxxxxxx xx XXXXXX2-XXX xxx xxxxxx participants xxx xxxxx comply xxxx the xxxxxxxxxxxx xxx xxx xx Xxxxxxx&xxxx;8(1) xxx&xxxx;(2). Xxxx xxxxx have xx xxxxx xxx XX xxxxxxx with xxx XXX. PM account xxxxxxx xxxx xxxx xxxxxxx to the XXX Xxxx xxxxxx xx signing xxx XXXX Xxxxxxx Xxxxxx Xxxxxxxx Xxxxxxxxx Xxxxxxxxx xxxxx xx xxx xxxxx xxxxxx xxxxxxxxx xx xxx XXXX Xxxxxxxx xx all xxxxx, xxxxxx xx x&xxxx;XXXX XXX holder xx as x&xxxx;xxxxxxxxx xxxxx xxx x&xxxx;XXXX XXX holder.“; |
5. |
Článek 22 xx xxxxxxxxx xxxxx: „Xxxxxxx&xxxx;22 Xxxxxxxx Requirements xxx Xxxxxxx Procedures 1. Participants xxxxx xxxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xx xxxxxxx their systems xxxx xxxxxxxxxxxx xxxxxx xxx use. Participants xxxxx be xxxxxxxxxxx xxxxxxxxxxx xxx xxx xxxxxxxx xxxxxxxxxx of xxx xxxxxxxxxxxxxxx, xxxxxxxxx xxx xxxxxxxxxxxx xx xxxxx xxxxxxx. 2.&xxxx;&xxxx;&xxxx;Xxxxxxxxxxxx xxxxx xxxxxx the XXX xx any xxxxxxxx-xxxxxxx xxxxxxxxx xx xxxxx xxxxxxxxx xxxxxxxxxxxxxx xxx, xxxxx xxxxxxxxxxx, xxxxxxxx-xxxxxxx xxxxxxxxx xxxx xxxxx xx the technical xxxxxxxxxxxxxx xx xxx xxxxx party xxxxxxxxx. Xxx XXX xxx xxxxxxx xxxxxxx information xxxxx xxx incident xxx, if xxxxxxxxx, xxxxxxx that the xxxxxxxxxxx take xxxxxxxxxxx xxxxxxxx xx prevent x&xxxx;xxxxxxxxxx of xxxx xx xxxxx. 3.&xxxx;&xxxx;&xxxx;Xxx ECB xxx impose additional xxxxxxxx requirements, xx xxxxxxxxxx with xxxxxx xx cybersecurity xx xxx prevention xx xxxxx, xx xxx xxxxxxxxxxxx and/or xx xxxxxxxxxxxx that xxx xxxxxxxxxx critical xx xxx ECB. 4. Participants xxxxx xxxxxxx xxx XXX xxxx: (i) permanent xxxxxx xx their xxxxxxxxxxx of adherence xx xxxxx xxxxxx xxxxxxx xxxxxxx xxxxxxxx’x xxxxxxxx xxxxxxxx xxxxxxxxxxxx, xxx (ii) xx xx xxxxxx xxxxx xxx XXXXXX2 xxxx-xxxxxxxxxxxxx xxxxxxxxx as xxxxxxxxx xx the XXX’x xxxxxxx in English. 4a. The XXX shall assess xxx xxxxxxxxxxx’x xxxx-xxxxxxxxxxxxx xxxxxxxxx(x) xx the xxxxxxxxxxxx level of xxxxxxxxxx xxxx xxxx xx xxx requirements xxx out xx xxx XXXXXX2 xxxx-xxxxxxxxxxxxx xxxxxxxxxxxx. Xxxxx requirements xxx xxxxxx in Xxxxxxxx XXX, xxxxx xx addition xx xxx xxxxx Appendices xxxxxx xx Article 2(1), xxxxx xxxx xx xxxxxxxx part of xxxxx Xxxxxxxxxx. 4x.&xxxx;&xxxx;&xxxx;Xxx participant’s xxxxx xx xxxxxxxxxx xxxx the xxxxxxxxxxxx xx the XXXXXX2 xxxx-xxxxxxxxxxxxx shall be xxxxxxxxxxx as xxxxxxx, xx increasing xxxxx xx xxxxxxxx: ‘xxxx xxxxxxxxxx’; ‘minor xxx-xxxxxxxxxx’; xx ‘xxxxx xxx-xxxxxxxxxx’. Xxx xxxxxxxxx xxxxxxxx xxxxx: xxxx compliance xx xxxxxxx xxxxx xxxxxxxxxxxx xxxxxxx 100% xx xxx xxxxxxxxxxxx; xxxxx non-compliance is xxxxx x&xxxx;xxxxxxxxxxx xxxxxxxxx xxxx than 100% xxx xx xxxxx 66% xx xxx xxxxxxxxxxxx and xxxxx xxx-xxxxxxxxxx where x&xxxx;xxxxxxxxxxx xxxxxxxxx xxxx xxxx 66% xx xxx xxxxxxxxxxxx. Xx a participant xxxxxxxxxxxx that a specific xxxxxxxxxxx is xxx xxxxxxxxxx to xx, xx xxxxx xx xxxxxxxxxx as xxxxxxxxx xxxx the xxxxxxxxxx xxxxxxxxxxx for xxx xxxxxxxx xx xxx xxxxxxxxxxxxxx. X&xxxx;xxxxxxxxxxx xxxxx xxxxx xx xxxxx ‘xxxx compliance’ xxxxx xxxxxx xx xxxxxx xxxx xxxxxxxxxxxxx how xx intends to xxxxx xxxx compliance. Xxx XXX shall xxxxxx the xxxxxxxx xxxxxxxxxxx xxxxxxxxxxx of xxx status xx xxxx xxxxxxxxxxx’x xxxxxxxxxx. 4x.&xxxx;&xxxx;&xxxx;Xx xxx xxxxxxxxxxx xxxxxxx xx grant xxxxxxxxx xxxxxx xx its xxxxxxxxxxx of adherence xx xxxxx chosen XXXx endpoint xxxxxxxx xxxxxxxxxxxx xx xxxx xxx xxxxxxx the XXXXXX2 xxxx-xxxxxxxxxxxxx xxx xxxxxxxxxxx’x xxxxx of xxxxxxxxxx xxxxx xx xxxxxxxxxxx as ‘xxxxx xxx-xxxxxxxxxx’. 4x.&xxxx;&xxxx;&xxxx;Xxx XXX xxxxx xxxxxxxx xxxxxxxxxx xx xxxxxxxxxxxx on xx xxxxxx basis. 4e. The XXX xxx xxxxxx xxx xxxxxxxxx measures xx xxxxxxx on participants xxxxx xxxxx of xxxxxxxxxx xxx xxxxxxxx xx xxxxx xx xxxxx non-compliance, xx xxxxxxxxxx xxxxx of xxxxxxxx:
|
6. |
X&xxxx;xxxxxx&xxxx;33 xx xxxxxxxx 1 xxxxxxxxx tímto: „1. Participants xxxxx xx deemed xx xx xxxxx xx, xxxxx xxxxxx xxxx, xxx shall xx able xx xxxxxxxxxxx xxxx xxxxxxxxxx xx xxx relevant xxxxxxxxx xxxxxxxxxxx xxxx xxx xxxxxxxxxxx on xxxx relating xx xxxxxxxxxxx on data xxxxxxxxxx. They shall xx xxxxxx xx xx aware of, xxx shall comply xxxx all obligations xx xxxx relating xx legislation xx xxxxxxxxxx xx xxxxx xxxxxxxxxx xxx xxx xxxxxxxxx xx terrorism, xxxxxxxxxxxxx-xxxxxxxxx nuclear xxxxxxxxxx xxx xxx xxxxxxxxxxx xx xxxxxxx xxxxxxx xxxxxxxx systems, in xxxxxxxxxx xx xxxxx xx implementing appropriate xxxxxxxx concerning any xxxxxxxx debited xx xxxxxxxx on xxxxx XX xxxxxxxx. Participants xxxxx xxxxxx xxxx xxxx xxx informed xxxxx xxx TARGET2 xxxxxxx service xxxxxxxx’x xxxx retrieval xxxxxx xxxxx xx xxxxxxxx xxxx the xxxxxxxxxxx xxxxxxxxxxxx xxxx the XXXXXX2 xxxxxxx service xxxxxxxx.“; |
7. |
Xxxxxx xx nový xxxxxx&xxxx;39x, xxxxx xxx: „Xxxxxxx&xxxx;39x Xxxxxxxxxxxx xxxxxxxxxx 1.&xxxx;&xxxx;&xxxx;Xxxx the XXXXXX xxxxxx xx operational xxx XXXXXX2 xxx xxxxxx xxxxxxxxx, XX xxxxxxx balances xxxxx xx transferred xx xxx account xxxxxx’x xxxxxxxxxxxxx xxxxxxxxx accounts xx xxx TARGET xxxxxx. 2.&xxxx;&xxxx;&xxxx;Xxx requirement xxxx XX xxxxxxx holders, xxxxxxxx Participants xxx xxxxxxxxxxx XXX xxxxxxx xxxxxxxx to the XXX Xxxx xxxxxx xx xxxxxxxxx xx xxx XXXX Xxxxxxxx xxxxxxxx xx Article 5 xxxxx xxxxx as xx 25 February 2022.“; |
8. |
X&xxxx;xxxxxxx X&xxxx;xx v odst. 8 xxxxxxx. 4 nahrazuje xxxxxxx x) xxxxx:
|
9. |
V dodatku XX xx x&xxxx;xxxxxxxx 6 xxxxxxxxx xxxxxxx x) tímto:
|
10. |
Xxxxxxxx xx xxxx xxxxxxx XXX, xxxxx xxx: „Xxxxxxxx XXX Xxxxxxxxxxxx xxxxxxxxx xxxxxxxxxxx security xxxxxxxxxx xxx xxxxxxxx xxxxxxxxxx xxxxxxxxxx Xxxxxxxxxxx security xxxxxxxxxx Xxxxx xxxxxxxxxxxx xxx applicable xx each participant, xxxxxx xxx xxxxxxxxxxx xxxxxxxxxxxx xxxx x&xxxx;xxxxxxxx xxxxxxxxxxx is not xxxxxxxxxx xx it. Xx xxxxxxxxxxxx xxx xxxxx of xxxxxxxxxxx xx xxx requirements xxxxxx xxx xxxxxxxxxxxxxx, xxx xxxxxxxxxxx should xxxxxxxx the elements xxxx xxx xxxx xx the Payment Xxxxxxxxxxx Chain (PTC). Xxxxxxxxxxxx, xxx XXX xxxxxx xx x&xxxx;Xxxxx xx Xxxxx (XxX), x.x. a system involved xx xxx xxxxxxxx xx transactions (x.x. xxxxxxxxxxxx, front-office and xxxx-xxxxxx applications, middleware), xxx xxxx at xxx xxxxxx xxxxxxxxxxx xx xxxx xxx xxxxxxx to XXXXX (x.x. XXXXX VPN Xxx) xx Xxxxxxxx (xxxx xxx xxxxxx xxxxxxxxxx xx Internet-based Xxxxxx). Xxxxxxxxxxx 1.1: Information xxxxxxxx xxxxxx Xxx xxxxxxxxxx xxxxx xxx x&xxxx;xxxxx xxxxxx direction in xxxx xxxx xxxxxxxx xxxxxxxxxx xxx xxxxxxxxxxx xxxxxxx xxx xxx xxxxxxxxxx xx information xxxxxxxx xxxxxxx xxx xxxxxxxx, approval xxx xxxxxxxxxxx xx xx xxxxxxxxxxx xxxxxxxx policy xxxxxx xx managing xxxxxxxxxxx security xxx xxxxx resilience across xxx xxxxxxxxxxxx in xxxxx xx xxxxxxxxxxxxxx, xxxxxxxxxx and xxxxxxxxx xx information security xxx cyber resilience xxxxx. Xxx policy xxxxxx xxxxxxx at xxxxx xxx following xxxxxxxx: xxxxxxxxxx, scope (xxxxxxxxx domains such xx xxxxxxxxxxxx, xxxxx xxxxxxxxx, xxxxx management xxx.), xxxxxxxxxx xxx xxxxxxxxxx of xxxxxxxxxxxxxxxx. Xxxxxxxxxxx 1.2: Xxxxxxxx xxxxxxxxxxxx Xx xxxxxxxxxxx security xxxxxxxxx xxxxx xx established xx xxxxxxxxx the xxxxxxxxxxx xxxxxxxx xxxxxx xxxxxx xxx organisation. Xxx xxxxxxxxxx xxxxx xxxxxxxxxx xxx xxxxxx xxx establishment xx xxx xxxxxxxxxxx xxxxxxxx xxxxxxxxx xx xxxxxx xxx xxxxxxxxxxxxxx xx xxx xxxxxxxxxxx xxxxxxxx xxxxxx (xx per Xxxxxxxxxxx 1.1) xxxxxx xxx xxxxxxxxxxxx, xxxxxxxxx xxx xxxxxxxxxx xx xxxxxxxxxx xxxxxxxxx xxx xxxxxxxxxx xx xxxxxxxx xxxxxxxxxxxxxxxx xxx xxxx xxxxxxx. Xxxxxxxxxxx 1.3: External xxxxxxx Xxx xxxxxxxx xx xxx xxxxxxxxxxxx’x information xxx xxxxxxxxxxx processing xxxxxxxxxx xxxxxx not xx xxxxxxx xx xxx introduction xx, xxx/xx xxx xxxxxxxxxx xx, an xxxxxxxx xxxxx/xxxxxxx xx xxxxxxxx/xxxxxxxx xxxxxxxx by xxxx. Xxx xxxxxx to xxx organisation’s xxxxxxxxxxx xxxxxxxxxx xxxxxxxxxx by xxxxxxxx xxxxxxx xxxxx xx controlled. Xxxx xxxxxxxx xxxxxxx xx xxxxxxxx/xxxxxxxx xx xxxxxxxx xxxxxxx xxx required xx xxxxxx xxx xxxxxxxxxxxx’x xxxxxxxxxxx xxxxxxxxxx xxxxxxxxxx, x&xxxx;xxxx xxxxxxxxxx xxxxx be xxxxxxx xxx xx xxxxxxxxx xxx xxxxxxxx implications xxx control xxxxxxxxxxxx. Xxxxxxxx xxxxx xx xxxxxx xxx xxxxxxx xx xx agreement xxxx xxxx relevant xxxxxxxx party. Requirement 1.4: Xxxxx management All information xxxxxx, xxx business xxxxxxxxx and the xxxxxxxxxx information xxxxxxx, xxxx xx operating xxxxxxx, infrastructures, xxxxxxxx xxxxxxxxxxxx, off-the-shelf products, xxxxxxxx and xxxx-xxxxxxxxx xxxxxxxxxxxx, in the xxxxx of the Xxxxxxx Xxxxxxxxxxx Xxxxx xxxxx xx xxxxxxxxx xxx xxx have x&xxxx;xxxxxxxxx xxxxx. The xxxxxxxxxxxxxx for xxx xxxxxxxxxxx and the xxxxxxxxx of xxxxxxxxxxx xxxxxxxx xx xxx xxxxxxxx xxxxxxxxx xxx xxx xxxxxxx XX xxxxxxxxxx xx safeguard xxx information assets xxxxx xx xxxxxxxx. Xxxx: the owner xxx xxxxxxxx the xxxxxxxxxxxxxx of specific xxxxxxxx xx appropriate, xxx xxxxxxx xxxxxxxxxxx xxx xxx xxxxxx xxxxxxxxxx of the xxxxxx. Xxxxxxxxxxx 1.5: Xxxxxxxxxxx xxxxxx classification Information assets xxxxx be xxxxxxxxxx xx terms xx xxxxx xxxxxxxxxxx to xxx xxxxxx delivery xx xxx xxxxxxx xx xxx participant. Xxx xxxxxxxxxxxxxx xxxxx xxxxxxxx xxx xxxx, xxxxxxxxxx and xxxxxx xx xxxxxxxxxx required xxxx handling the xxxxxxxxxxx asset xx xxx relevant business xxxxxxxxx xxx xxxxx xxxx xxxx xxxx xxxxxxxxxxxxx xxx underlying XX components. Xx xxxxxxxxxxx xxxxx classification xxxxxx approved by xxx xxxxxxxxxx shall xx xxxx xx xxxxxx an xxxxxxxxxxx xxx xx xxxxxxxxxx xxxxxxxx throughout the xxxxxxxxxxx xxxxx xxxxxxxxx (xxxxxxxxx xxxxxxx xxx xxxxxxxxxxx xx information xxxxxx) and xx xxxxxxxxxxx xxx xxxx xxx xxxxxxxx handling xxxxxxxx. Xxxxxxxxxxx 1.6: Human xxxxxxxxx security Security responsibilities xxxxx xx xxxxxxxxx xxxxx xx xxxxxxxxxx xx xxxxxxxx xxx xxxxxxxxxxxx xxx xx xxxxx and conditions xx xxxxxxxxxx. All xxxxxxxxxx xxx xxxxxxxxxx, xxxxxxxxxxx and xxxxx xxxxx users xxxxx xx adequately xxxxxxxx, xxxxxxxxxx xxx xxxxxxxxx xxxx. Xxxxxxxxx, contractors xxx xxxxx xxxxx xxxxx xx xxxxxxxxxxx xxxxxxxxxx xxxxxxxxxx xxxxx xxxx xx agreement xx xxxxx xxxxxxxx xxxxx xxx responsibilities. Xx xxxxxxxx level xx xxxxxxxxx shall xx xxxxxxx xxxxx xxx xxxxxxxxx, xxxxxxxxxxx xxx xxxxx party xxxxx, and xxxxxxxxx xxx xxxxxxxx xx xxxxxxxx xxxxxxxxxx xxx xxx correct xxx xx xxxxxxxxxxx processing xxxxxxxxxx xxxxx xx xxxxxxxx xx xxxx xx xxxxxxxx xxxxxxxx xxxxxxxx xxxxx. A formal xxxxxxxxxxxx process xxx xxxxxxxx xxxxxxxx breaches xxxxx xx xxxxxxxxxxx xxx employees. Xxxxxxxxxxxxxxxx xxxxx xx in xxxxx xx xxxxxx xxxx an employee’s, xxxxxxxxxx’x xx third xxxxx xxxx’x xxxx xxxx or transfer xxxxxx xxx xxxxxxxxxxxx xx xxxxxxx, and xxxx the xxxxxx xx xxx xxxxxxxxx xxx the xxxxxxx xx all access xxxxxx xxx xxxxxxxxx. Xxxxxxxxxxx 1.7: Xxxxxxxx xxx xxxxxxxxxxxxx xxxxxxxx Xxxxxxxx or xxxxxxxxx xxxxxxxxxxx processing xxxxxxxxxx xxxxx be xxxxxx in secure xxxxx, protected by xxxxxxx xxxxxxxx xxxxxxxxxx, xxxx appropriate xxxxxxxx xxxxxxxx xxx xxxxx xxxxxxxx. They shall xx xxxxxxxxxx xxxxxxxxx xxxx xxxxxxxxxxxx access, xxxxxx and interference. Xxxxxx xxxxx xx xxxxxxx xxxx xx xxxxxxxxxxx xxx xxxx xxxxxx xxx xxxxx xx Requirement 1.6. Xxxxxxxxxx and xxxxxxxxx xxxxx xx xxxxxxxxxxx xx xxxxxxx xxxxxxxx xxxxx xxxxxxxxxx xxxxxxxxxxx xxxxxx xxxx xx xxxxxxx. Xxxxxxxxx shall xx xxxxxxxxx xxxx physical xxx xxxxxxxxxxxxx xxxxxxx. Xxxxxxxxxx of xxxxxxxxx (xxxxxxxxx xxxxxxxxx xxxx xxx-xxxx) xxx against xxx xxxxxxx xx xxxxxxxx xx necessary xx xxxxxx the xxxx of xxxxxxxxxxxx xxxxxx xx xxxxxxxxxxx xxx xx xxxxx xxxxxxx xxxx or xxxxxx xx equipment xx xxxxxxxxxxx. Xxxxxxx xxxxxxxx xxx xx xxxxxxxx to protect xxxxxxx xxxxxxxx xxxxxxx xxx xx safeguard xxxxxxxxxx xxxxxxxxxx xxxx xx xxx xxxxxxxxxx xxxxxx xxx xxxxxxx xxxxxxxxxxxxxx. Xxxxxxxxxxx 1.8: Operations xxxxxxxxxx Xxxxxxxxxxxxxxxx xxx xxxxxxxxxx xxxxx xx established xxx xxx xxxxxxxxxx xxx xxxxxxxxx xx xxxxxxxxxxx xxxxxxxxxx xxxxxxxxxx xxxxxxxx xxx xxx xxxxxxxxxx systems xx xxx Payment Xxxxxxxxxxx Xxxxx xxx-xx-xxx. Xx regards xxxxxxxxx procedures, xxxxxxxxx xxxxxxxxx xxxxxxxxxxxxxx xx XX xxxxxxx, segregation xx xxxxxx xxxxx xx xxxxxxxxxxx, xxxxx xxxxxxxxxxx, xx xxxxxx xxx risk xx xxxxxxxxx xx xxxxxxxxxx xxxxxx xxxxxx. Xxxxx xxxxxxxxxxx xx xxxxxx xxxxxx be xxxxxxxxxxx xxx to documented xxxxxxxxx xxxxxxx, compensatory xxxxxxxx xxxxx xx xxxxxxxxxxx xxxxxxxxx x&xxxx;xxxxxx xxxx analysis. Xxxxxxxx xxxxx be xxxxxxxxxxx xx prevent xxx xxxxxx xxx introduction xx xxxxxxxxx xxxx xxx systems xx xxx Payment Xxxxxxxxxxx Xxxxx. Controls xxxxx xx xxxx xxxxxxxxxxx (xxxxxxxxx user awareness) xx xxxxxxx, xxxxxx xxx remove xxxxxxxxx xxxx. Mobile xxxx xxxxx be xxxx xxxx from xxxxxxx xxxxxxx (x.x. xxxxxx Xxxxxxxxx COM xxxxxxxxxx xxx Xxxx Applets). Xxx configuration xx xxx browser (x.x. xxx use xx xxxxxxxxxx xxx plugins) xxxxx be strictly xxxxxxxxxx. Xxxx backup xxx xxxxxxxx policies xxxxx xx xxxxxxxxxxx xx xxx xxxxxxxxxx; xxxxx xxxxxxxx xxxxxxxx shall xxxxxxx x&xxxx;xxxx xx xxx xxxxxxxxxxx xxxxxxx xxxxx xx xxxxxx xx regular xxxxxxxxx xx xxxxx xxxxxxxx. Xxxxxxx xxxx xxx xxxxxxxx xxx xxx xxxxxxxx xx xxxxxxxx shall xx monitored and xxxxxx xxxxxxxx xx xxxxxxxxxxx security xxxxx xx recorded. Operator xxxx xxxxx xx xxxx xx ensure xxxx xxxxxxxxxxx xxxxxx xxxxxxxx xxx xxxxxxxxxx. Xxxxxxxx xxxx xxxxx xx xxxxxxxxx reviewed xx x&xxxx;xxxxxx basis, xxxxx xx xxx xxxxxxxxxxx xx xxx xxxxxxxxxx. System xxxxxxxxxx xxxxx xx xxxx xx xxxxx xxx xxxxxxxxxxxxx xx controls xxxxx xxx xxxxxxxxxx xx critical for xxx xxxxxxxx of xxxxxxxx and xx xxxxxx xxxxxxxxxx xx xx xxxxxx policy xxxxx. Xxxxxxxxx xx xxxxxxxxxxx xxxxxxx xxxxxxxxxxxxx shall xx xxxxx on x&xxxx;xxxxxx xxxxxxxx xxxxxx, xxxxxxx out xx xxxx xxxx exchange xxxxxxxxxx xxxxx xxx xxxxxxxx xxxxxxx xxx xxxxx xx compliant xxxx xxx relevant xxxxxxxxxxx. Xxxxx xxxxx xxxxxxxx xxxxxxxxxx xxxxxxxx xx xxx xxxxxxxx xx information with XXXXXX2 (xxxx software xxxxxxxx xxxx x&xxxx;Xxxxxxx Xxxxxx in scenario 2 xx xxx xxxxx xxxxxxx xx xxx XXXXXX2 xxxx-xxxxxxxxxxxxx xxxxxxxxxxx xxxxxxxx) xxxx xx xxxx xxxxx x&xxxx;xxxxxx xxxxxxxxx with xxx third xxxxx. Xxxxxxxxxxx 1.9: Xxxxxx control Access xx xxxxxxxxxxx xxxxxx xxxxx xx xxxxxxxxx xx xxx xxxxx xx xxxxxxxx xxxxxxxxxxxx (xxxx-xx-xxxx&xxxx;(1)) and xxxxxxxxx xx the established xxxxxxxxx xx xxxxxxxxx xxxxxxxx (including xxx xxxxxxxxxxx xxxxxxxx xxxxxx). Xxxxx xxxxxx control xxxxx xxxxx xx xxxxxxx xxxxx xx xxx principle of xxxxx xxxxxxxxx&xxxx;(2) xx xxxxxxx xxxxxxx the xxxxx xx the xxxxxxxxxxxxx xxxxxxxx and XX xxxxxxxxx. Where xxxxxxxx (x.x. for xxxxxx management) xxxxxxx xxxxxx xxxxxxx xxxxxx xx consistent with xxxxxxxx access xxxxxxx xxxxxx xxxxx are xxxxxxxx xxxxxxxxxxxx controls xx place (x.x. xxxxxxxxxx, xxxxxxxx xxxx xxxxxxxxxxxxx). Xxxxxx xxx documented xxxxxxxxxx xxxxx be xx xxxxx xx xxxxxxx xxx xxxxxxxxxx xx access xxxxxx xx xxxxxxxxxxx xxxxxxx xxx services xxxx xxxx xxxxxx xxx xxxxx xx xxx Xxxxxxx Xxxxxxxxxxx Xxxxx. Xxx xxxxxxxxxx xxxxx xxxxx xxx stages xx xxx xxxxxxxxx xx xxxx xxxxxx, xxxx xxx initial xxxxxxxxxxxx xx xxx xxxxx to xxx xxxxx xxxxxxxxxxxxxx of xxxxx xxxx xx xxxxxx xxxxxxx xxxxxx. Xxxxxxx xxxxxxxxx xxxxx xx xxxxx, where appropriate, xx the xxxxxxxxxx xx access xxxxxx xx such xxxxxxxxxxx xxxx the abuse xx xxxxx access xxxxxx xxxxx lead xx x&xxxx;xxxxxx xxxxxxx xxxxxx xx xxx xxxxxxxxxx xx xxx xxxxxxxxxxx (x.x. xxxxxx xxxxxx allowing xxxxxx xxxxxxxxxxxxxx, xxxxxxxx xx xxxxxx xxxxxxxx, direct xxxxxx to business xxxx). Xxxxxxxxxxx xxxxxxxx xxxxx xx put xx xxxxx xx xxxxxxxx, xxxxxxxxxxxx xxx authorise xxxxx xx specific xxxxxx xx xxx xxxxxxxxxxxx’x xxxxxxx, x.x. xxx local and xxxxxx access xx xxxxxxx xx the Xxxxxxx Xxxxxxxxxxx Xxxxx. Xxxxxxxx xxxxxxxx xxxxx xxx xx xxxxxx xx xxxxx to xxxxxx accountability. For xxxxxxxxx, xxxxx shall be xxxxxxxxxxx xxx enforced xx xxxxxxxx xxxxxxxx xx xxxxxx xxxx xxxxxxxxx xxxxxx xx xxxxxx xxxxxxx, e.g. xxxxxxxxxx xxxxx and xxxxxxx-xxxx validity. X&xxxx;xxxx xxxxxxxx xxxxxxxx xxx/xx xxxxx xxxxxxxx shall xx xxxxxxxxxxx. X&xxxx;xxxxxx shall xx xxxxxxxxx xxx xxxxxxxxxxx xx xxx xxx of cryptographic xxxxxxxx to xxxxxxx xxx xxxxxxxxxxxxxxx, xxxxxxxxxxxx xxx xxxxxxxxx xx xxxxxxxxxxx. X&xxxx;xxx management xxxxxx xxxxx xx xxxxxxxxxxx to xxxxxxx xxx use of xxxxxxxxxxxxx controls. There xxxxx xx xxxxxx xxx xxxxxxx xxxxxxxxxxxx xxxxxxxxxxx xx screen or xx xxxxx (x.x. x&xxxx;xxxxx xxxxxx, x&xxxx;xxxxx xxxx xxxxxx) xx xxxxxx xxx xxxx xx unauthorised xxxxxx. Xxxx xxxxxxx xxxxxxxx, xxx xxxxx of working xx xx xxxxxxxxxxx xxxxxxxxxxx xxxxx xx xxxxxxxxxx and xxxxxxxxxxx xxxxxxxxx xxx xxxxxxxxxxxxxx xxxxxxxx xxxxx xx xxxxxxx. Xxxxxxxxxxx 1.10: Information xxxxxxx xxxxxxxxxxx, development xxx maintenance Security xxxxxxxxxxxx xxxxx xx identified xxx xxxxxx xxxxx xx xxx development xxx/xx xxxxxxxxxxxxxx xx xxxxxxxxxxx xxxxxxx. Xxxxxxxxxxx xxxxxxxx xxxxx be xxxxx xxxx xxxxxxxxxxxx, including xxxx-xxxxxxxxx xxxxxxxxxxxx, xx xxxxxx correct xxxxxxxxxx. Xxxxx controls shall xxxxxxx xxx xxxxxxxxxx xx xxxxx data, xxxxxxxx xxxxxxxxxx and xxxxxx xxxx. Xxxxxxxxxx xxxxxxxx xxx xx xxxxxxxx xxx xxxxxxx xxxx xxxxxxx, or xxxx an impact xx, sensitive, xxxxxxxx xx xxxxxxxx xxxxxxxxxxx. Xxxx controls xxxxx xx xxxxxxxxxx on xxx basis xx xxxxxxxx xxxxxxxxxxxx xxx xxxx xxxxxxxxxx xxxxxxxxx xx xxx established xxxxxxxx (x.x. xxxxxxxxxxx xxxxxxxx xxxxxx, xxxxxxxxxxxxx xxxxxxx xxxxxx). Xxx operational xxxxxxxxxxxx xx xxx xxxxxxx xxxxx xx xxxxxxxxxxx, xxxxxxxxxx and xxxxxx prior to xxxxx xxxxxxxxxx and xxx. Xx xxxxxxx xxxxxxx security, appropriate xxxxxxxx, including xxxxxxxxxxxx xxx xxxxxx management, xxxxxx xx implemented xxxxx xx xxx xxxxxxxxxxx xx data xxxxx xxx the xxxxx xx risk xx xxx xxxxxxx xxxxx xx the xxxxxxxxxxxx. Xxxxx shall xx xxxxxxxx xxxxxxxx xx xxxxxxx sensitive xxxxxxxxxxx xxxxxxx xxxx xxxxxx networks. Access xx xxxxxx xxxxx xxx xxxxxxx xxxxxx code xxxxx xx xxxxxxxxxx xxx XX projects xxx xxxxxxx activities xxxxxxxxx in x&xxxx;xxxxxx xxxxxx. Xxxx xxxxx xx taken xx xxxxx exposure xx xxxxxxxxx data in xxxx xxxxxxxxxxxx. Xxxxxxx xxx xxxxxxx xxxxxxxxxxxx xxxxx xx xxxxxxxx xxxxxxxxxx. Xxxxxxxxxx xx xxxxxxx xx xxxxxxxxxx xxxxx be xxxxxxxx xxxxxxxxxx. X&xxxx;xxxx assessment xx xxx xxxxx xxxxxxx xx xx xxxxxxxx xx xxxxxxxxxx xxxxx xx conducted. Regular xxxxxxxx xxxxxxx activities xx systems xx xxxxxxxxxx xxxxx also xx conducted xxxxxxxxx xx x&xxxx;xxxxxxxxxx xxxx xxxxx xx xxx xxxxxxx xx a risk xxxxxxxxxx, xxx xxxxxxxx xxxxxxx xxxxx xxxxxxx, xx least, vulnerability xxxxxxxxxxx. All of xxx shortcomings highlighted xxxxxx xxx xxxxxxxx xxxxxxx xxxxxxxxxx xxxxx xx assessed xxx xxxxxx xxxxx xx xxxxx xxx identified xxx xxxxx xx xxxxxxxx xxx xxxxxxxx xx xx x&xxxx;xxxxxx xxxxxxx. Xxxxxxxxxxx 1.11: Xxxxxxxxxxx xxxxxxxx xx xxxxxxxx&xxxx;(3) xxxxxxxxxxxxx Xx xxxxxx protection xx the xxxxxxxxxxx’x xxxxxxxx xxxxxxxxxxx xxxxxxx xxxx xxx accessible xx xxxxxxxxx, xxxxxxxxxxx xxxxxxxx requirements for xxxxxxxxxx the xxxxx xxxxxxxxxx xxxx xxxxxxxx’x xxxxxx shall xx xxxxxxxxxx xxx xxxxxxxx xxxxxx xxxx xxxx xxx supplier. Requirement 1.12: Xxxxxxxxxx xx xxxxxxxxxxx xxxxxxxx xxxxxxxxx and xxxxxxxxxxxx Xx xxxxxx x&xxxx;xxxxxxxxxx xxx xxxxxxxxx xxxxxxxx xx xxx management xx xxxxxxxxxxx xxxxxxxx xxxxxxxxx, xxxxxxxxx xxxxxxxxxxxxx xx xxxxxxxx xxxxxx xxx weaknesses, roles, xxxxxxxxxxxxxxxx xxx procedures, xx business and xxxxxxxxx level, xxxxx xx established xxx xxxxxx to ensure x&xxxx;xxxxx, xxxxxxxxx and xxxxxxx xxx xxxxxx xxxxxxx from information xxxxxxxx xxxxxxxxx xxxxxxxxx xxxxxxxxx related xx x&xxxx;xxxxx-xxxxxxx xxxxx (x.x. x&xxxx;xxxxx xxxxxxx xx xx xxxxxxxx xxxxxxxx xx xx xx xxxxxxx). Personnel involved xx xxxxx xxxxxxxxxx xxxxx xx adequately xxxxxxx. Xxxxxxxxxxx 1.13: Xxxxxxxxx xxxxxxxxxx xxxxxx X&xxxx;xxxxxxxxxxx’x xxxxxxxx xxxxxxxxxxx systems (e.g. xxxx xxxxxx systems, xxxxxxxx networks xxx xxxxxxxx network xxxxxxxxxxxx) xxxxx xx xxxxxxxxx xxxxxxxx xxx xxxxxxxxxx xxxx xxx organisation’s xxxxxxxxxxx xxxxxxxxx of xxxxxxxx (x.x. information xxxxxxxx xxxxxx, xxxxxxxxxxxxx xxxxxxx xxxxxx). Xxxxxxxxxxx 1.14: Xxxxxxxxxxxxxx Xxxxx xxxxxxx xxxxxxxx xxxxx comply xxxx xxx the xxxxxxxx xxxxxxxx xxxx xxx xxx for xxxxxxxx xxxxxxxx xxx xxxxxxx (x.x. hardening, xxxxxxx). Xxxxxxxx xxxxxxxx xx xxxxxxxxxxx xxxx include: xxxxxxxxx xx xxx xxxxxxxxxx xxx the xxxxxxx xxxxxxxxx xxxxxx, xxxxxxx xxxxxxxx, xxxxxx xxxxxxxxxx xx xxxxxxxxx xxxxxxxxxxxx (x.x. xxxxxxxxxx xxx xxxxxxxxxxx). Xxxxxxxxxxx xxxxxxxxxx, logging xxx xxxxxxxxxx as well xx xxxxxxxx of xxxxxx xxxxxx, in xxxxxxxxxx xxx xxxx xxxxxxxxxx accounts, shall xx xxxxxxxxxxx based xx x&xxxx;xxxx xxxxxxxxxx. Xxxxx xxxxxxx machines xxxxxxx xx xxx xxxx hypervisor xxxxx xxxx x&xxxx;xxxxxxx risk xxxxxxx. Xxxxxxxxxxx 1.15: Xxxxx xxxxxxxxx Xxx usage of xxxxxx and/or xxxxxx xxxxx solutions xx xxx Xxxxxxx Transaction Xxxxx xxxx be xxxxx xx a formal xxxx assessment, xxxxxx xxxx account xxx xxxxxxxxx xxxxxxxx xxx xxx xxxxxxxxxxx clauses xxxxxxx to xxx xxxxx xxxxxxxx. Xx xxxxxx xxxxx solutions xxx xxxx, it xx xxxxxxxxxx that the xxxxxxxxxxx xxxxx xx xxx xxxxxxx system xx xxx highest xxx of the xxxxxxxxx xxxxxxx. All xx-xxxxxxxx components of xxx hybrid xxxxxxxxx xxxx xx xxxxxxxxxx xxxx the xxxxx xx-xxxxxxxx xxxxxxx. Xxxxxxxx xxxxxxxxxx xxxxxxxxxx (xxxxxxxxxx xxxx xx xxxxxxxx xxxxxxxxxxxx) Xxx xxxxxxxxx xxxxxxxxxxxx (2.1 xx 2.6) xxxxxx xx xxxxxxxx continuity xxxxxxxxxx. Each XXXXXX2 xxxxxxxxxxx xxxxxxxxxx xx xxx Xxxxxxxxxx xx xxxxx xxxxxxxx xxx xxx xxxxxx xxxxxxxxxxx xx xxx XXXXXX2 xxxxxx shall have x&xxxx;xxxxxxxx xxxxxxxxxx strategy xx xxxxx xxxxxxxxxx xxx xxxxxxxxx elements.
|
(1)&xxxx;&xxxx;Xxx xxxx-xx-xxxx xxxxxxxxx refers xx the identification xx xxx xxx xx information xxxx xx xxxxxxxxxx xxxxx xxxxxx xx in xxxxx to xxxxx xxx her/his xxxxxx.
(2)&xxxx;&xxxx;Xxx xxxxxxxxx xx xxxxx xxxxxxxxx xxxxxx xx xxxxxxxxx x&xxxx;xxxxxxx’x access xxxxxxx xx xx XX xxxxxx xx xxxxx xx xxxxx xxx xxxxxxxxxxxxx xxxxxxxx xxxx.
(3)&xxxx;&xxxx;X&xxxx;xxxxxxxx xx xxx xxxxxxx xx xxxx xxxxxxxx should xx xxxxxxxxxx as xxx xxxxx xxxxx (xxx xxx personnel) xxxxx xx xxxxx xxxxxxxx (xxxxxxxxx), xxxx xxx xxxxxxxxxxx, to xxxxxxx x&xxxx;xxxxxxx xxx under xxx xxxxxxx xxxxxxxxx xxx xxxxx party (xxx xxx xxxxxxxxx) xx xxxxxxx xxxxxx, xxxxxx remotely xx xx-xxxx, xx xxxxxxxxxxx xxx/xx xxxxxxxxxxx systems xxx/xx xxxxxxxxxxx processing xxxxxxxxxx xx xxx xxxxxxxxxxx in xxxxx xx xxxxxxxxxx xx xxx xxxxx covered xxxxx xxx xxxxxxxx xx xxx XXXXXX2 xxxx-xxxxxxxxxxxxx.
PŘÍLOHA II
Příloha XX xxxxxxxxxx XXX/2007/7 xx xxxx takto:
1. |
Článek 1 xx xxxx xxxxx:
|
2. |
X&xxxx;xx.&xxxx;4 xxxx.&xxxx;2 xx xxxxxxx xx) xxxxxxxxx tímto:
|
3. |
X&xxxx;xx.&xxxx;4 xxxx.&xxxx;2 se xxxxxx xxxx písmeno xx), které zní:
|
4. |
X&xxxx;xxxxxx&xxxx;4 xx xxxxxxxx 3 xxxxxxxxx tímto: „3. TARGET2 provides xxxx-xxxx xxxxx settlement xxx payments xx xxxx, with xxxxxxxxxx xx xxxxxxx xxxx xxxxx xxxxxx PM xxxxxxxx, X2X XXXx xxx XXXX XXXx. XXXXXX2 xx established xxx functions on xxx basis of xxx SSP through xxxxx xxxxxxx orders xxx submitted and xxxxxxxxx and xxxxxxx xxxxx xxxxxxxx xxx xxxxxxxxxx xxxxxxxx in xxx same xxxxxxxxx xxxxxx. Xx far xx the xxxxxxxxx xxxxxxxxx of xxx X2X DCAs xx xxxxxxxxx, XXXXXX2 is xxxxxxxxxxx xxxxxxxxxxx xxx xxxxxxxxx xx xxx xxxxx xx xxx X2X Xxxxxxxx. Xx xxx xx the xxxxxxxxx xxxxxxxxx xx xxx XXXX DCAs xxx XXXX AS xxxxxxxxx xxxxxxxx is xxxxxxxxx, XXXXXX2 xx xxxxxxxxxxx xxxxxxxxxxx and xxxxxxxxx xx the xxxxx xx the XXXX Xxxxxxxx. The XXX is xxx xxxxxxxx xx services xxxxx xxxxx Xxxxxxxxxx. Xxxx and xxxxxxxxx xx xxx XXX-xxxxxxxxx XXXx xxx xxx 4XXx xxxxx xx xxxxxxxxxx xxxx xxx xxxxxxxxx of xxx XXX, xxx which xx xxxxx xxxxxx xxxxxxxxx xx xxxxxxxxxx xxxx Xxxxxxx&xxxx;21 of xxxx Xxxxx. Xxxxxxxxxxxxx xxxxxxxx xx xxxxx Xxxxxxxxxx xxxxx xxx xxxxxx x&xxxx;xxxxxxxxxxx xxxxxxxxxxxx xxxxxxx X2X DCA xxxxxxx xxx the XXX-xxxxxxxxx XXXx or xxx 4CBs xxxx xxx xx xxx xxxxxx xxxx xx xxxx capacity. Xxxxxxxxxxxx, xxxxxxxx or xxxxxxxxxxx xxxxx a T2S XXX xxxxxx receives xxxx, xx xxxxx xx, xxx SSP xx X2X Platform xx xxxxxxxx to xxx xxxxxxxx xxxxxxxx xxxxx xxxxx Xxxxxxxxxx are xxxxxx xx xx xxxxxxxx xxxx, xx xxxx to, the XXX.“; |
5. |
X&xxxx;xxxxxx&xxxx;8 xx odstavec 3 nahrazuje xxxxx: „3.&xxxx;&xxxx;&xxxx;Xxxxx xxx ECB has xxxxxxx x&xxxx;xxxxxxx by x&xxxx;X2X DCA xxxxxx xxxxxxxx xx xxxxxxxxx 1, that T2S XXX xxxxxx xx xxxxxx to have xxxxx xxx xxxxxxxxxxxxx XXX(x) a mandate xx xxxxx xxx X2X XXX with xxx xxxxxxx relating to xxxxxxxxxx transactions xxxxxxxx xx those xxxxxxxxxx xxxxxxxx.“; |
6. |
X&xxxx;xxxxxx&xxxx;28 xx odstavec 1 nahrazuje xxxxx: „1.&xxxx;&xxxx;&xxxx;X2X XXX holders shall xx xxxxxx xx xx xxxxx xx, xxxxx xxxxxx with, xxx xxxxx xx xxxx xx xxxxxxxxxxx xxxx xxxxxxxxxx xx xxx xxxxxxxx competent xxxxxxxxxxx xxxx xxx xxxxxxxxxxx xx xxxx xxxxxxxx to xxxxxxxxxxx xx xxxx xxxxxxxxxx. Xxxx xxxxx be xxxxxx xx xx xxxxx xx, xxx xxxxx xxxxxx xxxx xxx obligations on xxxx relating xx xxxxxxxxxxx xx xxxxxxxxxx xx xxxxx xxxxxxxxxx xxx xxx xxxxxxxxx xx xxxxxxxxx, proliferation-sensitive xxxxxxx xxxxxxxxxx xxx xxx xxxxxxxxxxx of xxxxxxx weapons xxxxxxxx xxxxxxx, in xxxxxxxxxx xx xxxxx xx xxxxxxxxxxxx appropriate xxxxxxxx xxxxxxxxxx xxx xxxxxxxx xxxxxxx xx xxxxxxxx xx xxxxx T2S XXXx. Prior xx xxxxxxxx xxxx the xxxxxxxxxxx relationship with xxx X2X network xxxxxxx xxxxxxxx, X2X XXX holders shall xxxxxx that they xxx xxxxxxxx xxxxx xxx xxxx xxxxxxxxx xxxxxx.“; |
7. |
Xxxxxx&xxxx;30 se nahrazuje xxxxx: „Xxxxxxx&xxxx;30 Xxxxxxxxxxx relationship xxxx xx NSP 1. T2S DCA xxxxxxx xxxxx either:
2.&xxxx;&xxxx;&xxxx;Xxx xxxxx relationship xxxxxxx x&xxxx;X2X XXX xxxxxx xxx xxx XXX xxxxx be exclusively xxxxxxxx xx the xxxxx and xxxxxxxxxx xx xxx separate xxxxxxxx concluded with xx XXX xx xxxxxxxx xx xx xxxxxxxxx 1(x). 3.&xxxx;&xxxx;&xxxx;Xxx xxxxxxxx xx xx provided xx the XXX xxxxx xxx xxxx xxxx xx xxx xxxxxxxx xx xx xxxxxxxxx xx the XXX xx xxxxxxx xx TARGET2. 4. The ECB xxxxx xxx be xxxxxx xxx xxx xxxx, xxxxxx xx xxxxxxxxx of xxx XXX (including its xxxxxxxxx, staff xxx xxxxxxxxxxxxxx), xx xxx xxx xxxx, errors xx xxxxxxxxx of xxxxx xxxxxxx selected xx xxxxxxxxxxxx xx xxxx access xx xxx NSP’s xxxxxxx.“; |
8. |
Xxxxxx xx nový xxxxxx&xxxx;34x, xxxxx zní: „Article 34a Transitional xxxxxxxxxx Xxxx xxx TARGET system xx xxxxxxxxxxx xxx XXXXXX2 xxx ceased xxxxxxxxx, X2X DCA xxxxxxx shall xxxxxx X2X DCA holders xx xxx TARGET xxxxxx.“; |
9. |
Xxxxxx xx pojem „X2X xxxxxxx xxxxxxx xxxxxxxx“ (v jednotném xxxx xxxxxxx čísle) x&xxxx;xx.&xxxx;6 xxxx.&xxxx;1 xxxx. a) xxxx i), xx.&xxxx;9 xxxx.&xxxx;5, xx.&xxxx;10 xxxx.&xxxx;6, xx.&xxxx;14 xxxx.&xxxx;1 xxxx. x), xx.&xxxx;22 xxxx.&xxxx;1, xx.&xxxx;22 xxxx.&xxxx;2, xx.&xxxx;22 xxxx.&xxxx;3, čl. 27 xxxx.&xxxx;5, xx.&xxxx;28 xxxx.&xxxx;1, xx.&xxxx;29 xxxx.&xxxx;1 xxxxxxx II x&xxxx;x&xxxx;xxxxxxxx 1 xxxxxxx X&xxxx;xx nahrazují xxxxxxx „XXX“; |
10. |
X&xxxx;xxxxxxx X&xxxx;xx x&xxxx;xxxx.&xxxx;8 xxxxxxx. 4 xxxxxxxxx xxxxxxx b) tímto:
|
PŘÍLOHA XXX
Xxxxxxx III xxxxxxxxxx XXX/2007/7 se xxxx xxxxx:
1. |
Xxxxxx na xxxxx „TIPS xxxxxxx xxxxxxx xxxxxxxx“ (x&xxxx;xxxxxxxxx xxxx xxxxxxx xxxxx) x&xxxx;xxxx příloze xx xxxxxxxxx xxxxxxx „XXX“; |
2. |
Xxxxxx&xxxx;1 xx xxxx xxxxx:
|
3. |
V čl. 3 xxxx.&xxxx;1 xx xxxxxxx xxxxx xx „Xxxxxxxx X: XXXX connectivity xxxxxxxxx xxxxxxxxxxxx“; |
4. |
Xxxxxx&xxxx;4 se xxxx takto:
|
5. |
X&xxxx;xx.&xxxx;6 xxxx.&xxxx;1 písm. x) xx xxx x) nahrazuje xxxxx:
|
6. |
Xxxxxx&xxxx;9 se xxxxxxxxx xxxxx: „Xxxxxxx&xxxx;9 Xxxxxxxxxxx xxxxxxxxxxxx with xx XXX 1.&xxxx;&xxxx;&xxxx;Xxxxxxxxxxxx shall xxxxxx:
2.&xxxx;&xxxx;&xxxx;Xxx legal xxxxxxxxxxxx between x&xxxx;xxxxxxxxxxx xxx xxx XXX xxxxx xx xxxxxxxxxxx xxxxxxxx xx xxx xxxxx and xxxxxxxxxx xx xxxxx xxxxxxxx xxxxxxxx xx xxxxxxxx xx in paragraph 1(x). 3.&xxxx;&xxxx;&xxxx;Xxx xxxxxxxx to xx xxxxxxxx by xxx XXX xxxxx xxx xxxx part xx xxx xxxxxxxx xx xx xxxxxxxxx xx xxx XXX xx xxxxxxx xx XXXXXX2. 4.&xxxx;&xxxx;&xxxx;Xxx XXX shall xxx xx xxxxxx xxx any acts, xxxxxx xx xxxxxxxxx xx xxx XXX (xxxxxxxxx xxx directors, xxxxx xxx xxxxxxxxxxxxxx), xx xxx xxx xxxx, xxxxxx xx xxxxxxxxx by third xxxxxxx xxxxxxxx xx xxxxxxxxxxxx to xxxx xxxxxx xx xxx XXX’x xxxxxxx.“; |
7. |
Xxxxxx&xxxx;10 xx xxxxxxx; |
8. |
Xxxxxx se xxxx xxxxxx&xxxx;11x, xxxxx zní: „Article 11a MPL xxxxxxxxxx 1.&xxxx;&xxxx;&xxxx;Xxx xxxxxxx MPL xxxxxxxxxx xxxxxxxx xxx xxxxx – IBAN xxxxxxx xxxxx for xxx xxxxxxxx of xxx MPL xxxxxxx. 2.&xxxx;&xxxx;&xxxx;Xxxx xxxxx may xx xxxxxx to xxxx xxx XXXX. Xx XXXX xxx be xxxxxx xx xxx xx xxxxxxxx xxxxxxx. 3.&xxxx;&xxxx;&xxxx;Xxxxxxx&xxxx;29 xxxxx apply xx xxx xxxx contained xx the MPL xxxxxxxxxx.“; |
9. |
X&xxxx;xxxxxx&xxxx;12 xx xxxxxxx xxxxxxxx 9; |
10. |
Xxxxxx&xxxx;16 xx xxxxxxxxx xxxxx: „Xxxxxxx&xxxx;16 Xxxxx xx xxxxxxx orders in XXXX DCA The xxxxxxxxx xxx classified xx xxxxxxx orders for xxx xxxxxxxx xx xxx XXXX service:
|
11. |
V článku 18 xx xxxxxxxx 6 nahrazuje xxxxx: „6.&xxxx;&xxxx;&xxxx;Xxxxx x&xxxx;XXXX XXX xx XX xxxxxxxxx xxxxxxxx xxxxx, a TIPS XXX xx TIPS XX xxxxxxxxx account xxxxxxxxx xxxxxxxx xxxxx xx a TIPS XX xxxxxxxxx account xx XXXX XXX liquidity xxxxxxxx xxxxx xxx xxxx xxxxxxxx as xxxxxxxx xx xx Xxxxxxx&xxxx;17, xxx TARGET2-ECB xxxxx xxxxx xxxxxxx xxxxxxxxxx funds xxx xxxxxxxxx xx xxx xxxxx'x xxxxxxx. Xx xxxxxxxxxx xxxxx xxx xxx available xxx xxxxxxxxx transfer order xxxxx xx rejected. Xx sufficient xxxxx xxx xxxxxxxxx xxx xxxxxxxxx xxxxxxxx xxxxx xxxxx be settled xxxxxxxxxxx.“; |
12. |
X&xxxx;xx.&xxxx;20 xxxx.&xxxx;1 xx xxxxxxx b) xxxxxxxxx xxxxx:
|
13. |
X&xxxx;xxxxxx&xxxx;30 xx odstavec 1 xxxxxxxxx xxxxx: „1.&xxxx;&xxxx;&xxxx;XXXX XXX xxxxxxx shall xx deemed xx xx aware xx, xxxxx xxxxxx with xxx shall xx xxxx to xxxxxxxxxxx xxxx xxxxxxxxxx to xxx xxxxxxxx xxxxxxxxx xxxxxxxxxxx xxxx xxx xxxxxxxxxxx xx xxxx xxxxxxxx xx xxxxxxxxxxx xx data xxxxxxxxxx. Xxxx xxxxx xx xxxxxx xx be xxxxx xx, and xxxxx xxxxxx xxxx xxx obligations on xxxx xxxxxxxx xx xxxxxxxxxxx xx xxxxxxxxxx xx xxxxx laundering xxx xxx xxxxxxxxx xx terrorism, xxxxxxxxxxxxx-xxxxxxxxx xxxxxxx xxxxxxxxxx xxx xxx xxxxxxxxxxx xx xxxxxxx weapons xxxxxxxx xxxxxxx, in particular xx xxxxx xx xxxxxxxxxxxx xxxxxxxxxxx xxxxxxxx xxxxxxxxxx xxx xxxxxxxx xxxxxxx xx credited xx their XXXX XXXx. TIPS XXX xxxxxxx xxxxxx xxxx xxxx xxx xxxxxxxx xxxxx xxxxx xxxxxx XXX'x data retrieval xxxxxx xxxxx to xxxxxxxx xxxx x&xxxx;xxxxxxxxxxx xxxxxxxxxxxx xxxx xxxx XXX.“; |
14. |
Xxxxxx xx nový xxxxxx&xxxx;35x, xxxxx xxx: „Xxxxxxx&xxxx;35x Xxxxxxxxxxxx xxxxxxxxx Xxxx xxx XXXXXX xxxxxx xx operational xxx xxx XXXXXX2 xxx xxxxxx xxxxxxxxx, XXXX DCA xxxxxxx xxxxx xxxxxx XXXX XXX xxxxxxx in xxx XXXXXX xxxxxx.“; |
15. |
X&xxxx;xxxxxxx X&xxxx;xx tabulka x&xxxx;xxxxxxxx 2 xxxxxxxxx tímto:
|
16. |
X&xxxx;xxxxxxx I se v odst. 6 xxxxxxx. 1 xxxxxxxxx xxxxxxx x) xxxxx:
|
17. |
X&xxxx;xxxxxxx XX se xxxxxxx xxxxxxxx 2; |
18. |
Xxxxxxx V se xxxxxxx. |