XXXXXXXXXX XXXXXXXX CENTRÁLNÍ XXXXX (XX) 2021/1758
ze xxx 21. září 2021,
kterým xx xxxx xxxxxxxxxx XXX/2007/7 x&xxxx;xxxxxxxxxx TARGET2-ECB (XXX/2021/43)
XXXXXXX RADA XXXXXXXX XXXXXXXXX XXXXX,
x&xxxx;xxxxxxx xx Xxxxxxx x&xxxx;xxxxxxxxx Xxxxxxxx xxxx, a zejména xx xxxxx x&xxxx;xxxxxxx xxxxxxx xx.&xxxx;127 odst. 2 xxxx xxxxxxx,
x&xxxx;xxxxxxx xx statut Xxxxxxxxxx xxxxxxx centrálních xxxx x&xxxx;Xxxxxxxx xxxxxxxxx xxxxx, a zejména xx xxxxxx&xxxx;11.6 a články 17, 22 x&xxxx;23 xxxxxx xxxxxxx,
xxxxxxxx k těmto xxxxxxx:
(1) |
Xxxx xxxxxxxxx xxxxxxx&xxxx;(1) dne 20.&xxxx;xxxxxxxx 2021 xxxxxx xxxxxx Evropské xxxxxxxxx xxxxx ECB/2012/27 (2) x&xxxx;xxxxx: x) xxxxxxxx, že xxxxxxxx TIPS XXX xxxxx x&xxxx;XXXXXX2 xxxxxxxxx xxxxxxxxxxxxxxx xxxxxxxxxx xxxxxxx xxxxx xxxxxxxxxxxxxx Xxxxxxxxxxx (Xxxxxxxxxx Single Xxxxxx Xxxxxxxxxxxxxx Gateway) xx xxxxxxxxx 2021 x&xxxx;xxxxxxxx X2X DCA xxxxx x&xxxx;XXXXXX2 xxxxxxxxxxxxxxx xxxxxx xxxxxxx připojeni xx xxxxxx 2022; x) xxxxxxxx x&xxxx;xxxxxxxx xxxxxxxx xxxxxxxx xx xxxxxxxxxx xxxxxxxxx na bezpečnost xxxxxxxxx bodu XXXXXX2, xxx se xxxxxxxxx, xx se xxxxxx XXXXXX2 bude xxxx xxxxxxx xxx, xxx xxx schopen xxxxx xxxxxxx x&xxxx;xxxxxxx kybernetické xxxxxxxxxxx; x) zavést xxxxxxxxx, xxx xxxxxxxx xxxx XX, xxxxxx xxxxxxx účastníci x&xxxx;xxxxxxxxxxxxx xxxxxxxx kódu XXX, xxxxx xxxxxxxxxxx x&xxxx;xxxxxxxxxxx xxxxxxx XXX Inst xxxxxxxx xxxxxx x&xxxx;xxxxxxxxxx xxxxxxx xxx xxxxxxxx xxxxxxxxxxxxx xxxxxxx XXXX, xxxx a zůstali trvale xxxxxxxxxxx xx xxxxxxxxx XXXX xxxxxxxxxxxxxxx XXXX XXX, tak xxx xx zajistila xxxxxxxxxx xxxxxxxxxx xxxxxx x&xxxx;xxxx Xxxx; x) xxxxxx xxxxxxxxxxxxxxx, xxxxx xxx x&xxxx;xxxxxxx xxxxxxx xxxxxxxx x&xxxx;xxxx účastníků x&xxxx;XXXXXX2 xx xxxxxxxxxxxx xxxxxxxxxxx xxxx x&xxxx;xxxxxxxx systému XXXXXX, aby xxxx xxxxxxxxx právní jistota, x&xxxx;x) xxxxxxxx x&xxxx;xxxxxxxxxxxx xxxxxxx další aspekty xxxxxxxx xxxxx ECB/2012/27. |
(2) |
Jakmile xxxx zprovozněn projekt xxxxxxxxxxx X2-X2X, xxxx x&xxxx;xxxxx právní xxxxxxx xxxxxx xxxxxxxx xxxxxxxx xxxxxxxxxxxxxxx, xxxxx xxx x&xxxx;xxxxxxx xxxxxxx xxxxxxxx x&xxxx;xxxx xxxxxxxxx v TARGET2-ECB xx odpovídající xxxxxxxxxxx xxxx. |
(3) |
Xxxxx obecných zásad XXX/2012/27, které xxxx xxxx xx podmínky XXXXXX2-XXX, xx xxxxx xxxxxxxxx x&xxxx;xxxxxxxxxx Xxxxxxxx xxxxxxxxx xxxxx XXX/2007/7&xxxx;(3). |
(4) |
Xxxxxxxxxx XXX/2007/7 xx xxxxx xxxxx xxxxxxxxxxxxx xxxxxxxx xxxxxx, |
XXXXXXX XXXX ROZHODNUTÍ:
Článek 1
Změny
Přílohy X, II x&xxxx;XXX xxxxxxxxxx XXX/2007/7 xx mění x&xxxx;xxxxxxx x&xxxx;xxxxxxxxx xxxxxx rozhodnutí.
Článek 2
Závěrečná xxxxxxxxxx
Xxxx rozhodnutí xxxxxxxx x&xxxx;xxxxxxxx xxxxx xxxx po xxxxxxxxxx x&xxxx;Xxxxxxx xxxxxxxx Xxxxxxxx xxxx.
Xxxxxxx xx ode xxx 21. listopadu 2021, x&xxxx;xxxxxxxx xxxx.&xxxx;1 xxxx. x) x&xxxx;xxxxxxxx 7 x&xxxx;9 xxxxxxx XX xxxxxx xxxxxxxxxx, které xx použijí ode xxx 13. června 2022.
Ve Xxxxxxxxxx xxx Xxxxxxx xxx 21. září 2021.
Xxxxxxxxxxx XXX
Xxxxxxxxx LAGARDE
(1) Obecné xxxxxx Evropské centrální xxxxx (XX) 2021/1759 xx xxx 20. července 2021, kterými se xxxx xxxxxx xxxxxx XXX/2012/27 o transevropském xxxxxxxxx xxxxxxxxxxxxxxx xxxxxxx zúčtování xxxxxx x&xxxx;xxxxxxx xxxx (XXXXXX2) (XXX/2021/30) [(viz xxxxxx 45 x&xxxx;xxxxx xxxxx Úředního xxxxxxxx).
(2)&xxxx;&xxxx;Xxxxxx xxxxxx Xxxxxxxx xxxxxxxxx xxxxx ECB/2012/27 xx xxx 5.&xxxx;xxxxxxxx 2012 x&xxxx;xxxxxxxxxxxxxx expresním automatizovaném xxxxxxx xxxxxxxxx plateb x&xxxx;xxxxxxx xxxx (XXXXXX2) (Xx. věst. X&xxxx;30, 30.1.2013, x. 1).
(3) Rozhodnutí Xxxxxxxx xxxxxxxxx xxxxx XXX/2007/7 ze dne 24.&xxxx;xxxxxxxx 2007 x&xxxx;xxxxxxxxxx XXXXXX2-XXX (Úř. věst. X&xxxx;237, 8.9.2007, x. 71).
XXXXXXX X
Xxxxxxx I rozhodnutí XXX/2007/7 se mění xxxxx:
1. |
Xxxxxx&xxxx;1 xx xxxx xxxxx:
|
2. |
V článku 2 xxxxxx xxxxxxxx xx xxxxxxxx xxxx xxxx, xxxxx zní:
|
3. |
Článek 3 se xxxx xxxxx:
|
4. |
Xxxxxx&xxxx;5 se nahrazuje xxxxx: „Xxxxxxx&xxxx;5 Xxxxxx participants PM xxxxxxx xxxxxxx xx TARGET2-ECB xxx xxxxxx xxxxxxxxxxxx xxx shall comply xxxx xxx xxxxxxxxxxxx xxx xxx in Xxxxxxx&xxxx;8(1) and (2). Xxxx xxxxx have xx xxxxx xxx XX xxxxxxx xxxx xxx XXX. XX xxxxxxx xxxxxxx xxxx xxxx xxxxxxx xx the XXX Inst xxxxxx xx signing xxx XXXX Xxxxxxx Xxxxxx Xxxxxxxx Adherence Xxxxxxxxx xxxxx xx xxx xxxxx xxxxxx reachable xx xxx TIPS Xxxxxxxx xx all xxxxx, either xx x&xxxx;XXXX XXX xxxxxx xx xx x&xxxx;xxxxxxxxx xxxxx xxx a TIPS XXX xxxxxx.“; |
5. |
Xxxxxx&xxxx;22 xx xxxxxxxxx tímto: „Article 22 Security Xxxxxxxxxxxx xxx Control Xxxxxxxxxx 1.&xxxx;&xxxx;&xxxx;Xxxxxxxxxxxx xxxxx implement xxxxxxxx xxxxxxxx xxxxxxxx to xxxxxxx xxxxx xxxxxxx xxxx xxxxxxxxxxxx access xxx use. Xxxxxxxxxxxx xxxxx xx xxxxxxxxxxx xxxxxxxxxxx xxx xxx xxxxxxxx xxxxxxxxxx xx xxx xxxxxxxxxxxxxxx, integrity xxx xxxxxxxxxxxx xx xxxxx systems. 2. Participants xxxxx xxxxxx the ECB xx any xxxxxxxx-xxxxxxx xxxxxxxxx xx xxxxx xxxxxxxxx xxxxxxxxxxxxxx xxx, xxxxx xxxxxxxxxxx, xxxxxxxx-xxxxxxx xxxxxxxxx xxxx occur xx xxx xxxxxxxxx xxxxxxxxxxxxxx xx xxx xxxxx xxxxx xxxxxxxxx. Xxx ECB may xxxxxxx further information xxxxx xxx incident xxx, xx xxxxxxxxx, xxxxxxx that the xxxxxxxxxxx xxxx xxxxxxxxxxx xxxxxxxx xx xxxxxxx x&xxxx;xxxxxxxxxx of xxxx xx xxxxx. 3.&xxxx;&xxxx;&xxxx;Xxx XXX xxx xxxxxx additional xxxxxxxx requirements, in xxxxxxxxxx with xxxxxx xx cybersecurity or xxx prevention xx xxxxx, xx all xxxxxxxxxxxx and/or xx xxxxxxxxxxxx xxxx xxx xxxxxxxxxx xxxxxxxx xx xxx XXX. 4.&xxxx;&xxxx;&xxxx;Xxxxxxxxxxxx xxxxx xxxxxxx xxx XXX xxxx: (x) permanent xxxxxx to their xxxxxxxxxxx of xxxxxxxxx xx their xxxxxx xxxxxxx xxxxxxx xxxxxxxx’x xxxxxxxx xxxxxxxx xxxxxxxxxxxx, xxx (ii) xx xx xxxxxx xxxxx xxx XXXXXX2 xxxx-xxxxxxxxxxxxx xxxxxxxxx xx published xx the XXX’x xxxxxxx in Xxxxxxx. 4x.&xxxx;&xxxx;&xxxx;Xxx XXX xxxxx xxxxxx xxx xxxxxxxxxxx’x xxxx-xxxxxxxxxxxxx xxxxxxxxx(x) on xxx xxxxxxxxxxxx level xx xxxxxxxxxx xxxx each xx xxx xxxxxxxxxxxx xxx xxx xx xxx TARGET2 xxxx-xxxxxxxxxxxxx xxxxxxxxxxxx. Xxxxx xxxxxxxxxxxx xxx xxxxxx in Xxxxxxxx XXX, xxxxx xx addition to xxx other Xxxxxxxxxx xxxxxx in Xxxxxxx&xxxx;2(1), xxxxx xxxx an xxxxxxxx xxxx xx xxxxx Xxxxxxxxxx. 4x.&xxxx;&xxxx;&xxxx;Xxx participant’s xxxxx of compliance xxxx xxx requirements xx the XXXXXX2 xxxx-xxxxxxxxxxxxx xxxxx be xxxxxxxxxxx xx follows, xx xxxxxxxxxx xxxxx xx severity: ‘xxxx xxxxxxxxxx’; ‘xxxxx xxx-xxxxxxxxxx’; xx ‘xxxxx xxx-xxxxxxxxxx’. Xxx following criteria xxxxx: xxxx compliance xx xxxxxxx xxxxx xxxxxxxxxxxx xxxxxxx 100% xx xxx xxxxxxxxxxxx; xxxxx xxx-xxxxxxxxxx is xxxxx x&xxxx;xxxxxxxxxxx satisfies xxxx xxxx 100% xxx at least 66% xx xxx xxxxxxxxxxxx xxx xxxxx xxx-xxxxxxxxxx xxxxx a participant xxxxxxxxx xxxx xxxx 66% xx xxx xxxxxxxxxxxx. Xx x&xxxx;xxxxxxxxxxx xxxxxxxxxxxx xxxx x&xxxx;xxxxxxxx xxxxxxxxxxx xx xxx xxxxxxxxxx to it, xx xxxxx be xxxxxxxxxx as compliant xxxx xxx xxxxxxxxxx xxxxxxxxxxx xxx xxx xxxxxxxx xx the xxxxxxxxxxxxxx. A participant xxxxx xxxxx xx xxxxx ‘xxxx compliance’ xxxxx xxxxxx xx xxxxxx xxxx xxxxxxxxxxxxx xxx xx intends xx xxxxx xxxx compliance. Xxx XXX xxxxx xxxxxx xxx xxxxxxxx xxxxxxxxxxx xxxxxxxxxxx of xxx xxxxxx of xxxx participant’s xxxxxxxxxx. 4x.&xxxx;&xxxx;&xxxx;Xx xxx xxxxxxxxxxx xxxxxxx xx grant xxxxxxxxx xxxxxx to xxx xxxxxxxxxxx of xxxxxxxxx xx xxxxx xxxxxx XXXx endpoint xxxxxxxx xxxxxxxxxxxx or does xxx xxxxxxx xxx XXXXXX2 xxxx-xxxxxxxxxxxxx the xxxxxxxxxxx’x xxxxx of xxxxxxxxxx xxxxx xx xxxxxxxxxxx xx ‘xxxxx xxx-xxxxxxxxxx’. 4x.&xxxx;&xxxx;&xxxx;Xxx XXX shall xxxxxxxx xxxxxxxxxx of xxxxxxxxxxxx xx xx xxxxxx basis. 4e. The XXX xxx xxxxxx the xxxxxxxxx measures xx xxxxxxx xx xxxxxxxxxxxx xxxxx xxxxx xx xxxxxxxxxx xxx assessed xx xxxxx xx xxxxx xxx-xxxxxxxxxx, xx xxxxxxxxxx xxxxx of xxxxxxxx:
|
6. |
X&xxxx;xxxxxx&xxxx;33 xx odstavec 1 nahrazuje tímto: „1. Participants xxxxx xx xxxxxx xx xx aware xx, xxxxx comply xxxx, xxx xxxxx xx xxxx xx xxxxxxxxxxx xxxx xxxxxxxxxx xx xxx relevant xxxxxxxxx xxxxxxxxxxx with xxx xxxxxxxxxxx xx xxxx xxxxxxxx xx xxxxxxxxxxx on xxxx xxxxxxxxxx. They xxxxx xx xxxxxx xx xx aware xx, xxx shall xxxxxx xxxx xxx obligations xx xxxx xxxxxxxx xx xxxxxxxxxxx on xxxxxxxxxx xx xxxxx xxxxxxxxxx xxx the xxxxxxxxx xx xxxxxxxxx, xxxxxxxxxxxxx-xxxxxxxxx xxxxxxx xxxxxxxxxx xxx xxx development xx xxxxxxx weapons xxxxxxxx xxxxxxx, xx xxxxxxxxxx xx terms xx xxxxxxxxxxxx xxxxxxxxxxx xxxxxxxx xxxxxxxxxx xxx xxxxxxxx xxxxxxx or xxxxxxxx xx xxxxx XX accounts. Participants xxxxx xxxxxx xxxx xxxx xxx informed xxxxx the TARGET2 xxxxxxx xxxxxxx xxxxxxxx’x xxxx retrieval xxxxxx xxxxx to entering xxxx xxx xxxxxxxxxxx xxxxxxxxxxxx xxxx xxx XXXXXX2 xxxxxxx service xxxxxxxx.“; |
7. |
Xxxxxx xx xxxx xxxxxx&xxxx;39x, xxxxx zní: „Article 39a Transitional xxxxxxxxxx 1.&xxxx;&xxxx;&xxxx;Xxxx xxx XXXXXX xxxxxx xx xxxxxxxxxxx xxx TARGET2 has xxxxxx operation, PM xxxxxxx xxxxxxxx xxxxx xx xxxxxxxxxxx to xxx xxxxxxx xxxxxx’x xxxxxxxxxxxxx successor xxxxxxxx xx xxx XXXXXX xxxxxx. 2.&xxxx;&xxxx;&xxxx;Xxx xxxxxxxxxxx xxxx XX xxxxxxx holders, xxxxxxxx Xxxxxxxxxxxx xxx xxxxxxxxxxx XXX holders xxxxxxxx xx xxx XXX Xxxx xxxxxx xx reachable xx xxx XXXX Platform xxxxxxxx xx Article 5 xxxxx xxxxx xx xx 25 Xxxxxxxx 2022.“; |
8. |
X&xxxx;xxxxxxx X&xxxx;xx v odst. 8 xxxxxxx. 4 xxxxxxxxx xxxxxxx b) tímto:
|
9. |
X&xxxx;xxxxxxx XX se x&xxxx;xxxxxxxx 6 xxxxxxxxx písmeno x) xxxxx:
|
10. |
Xxxxxxxx xx xxxx xxxxxxx XXX, xxxxx xxx: „Xxxxxxxx XXX Xxxxxxxxxxxx regarding xxxxxxxxxxx xxxxxxxx management xxx business xxxxxxxxxx xxxxxxxxxx Xxxxxxxxxxx security xxxxxxxxxx Xxxxx xxxxxxxxxxxx xxx applicable xx xxxx xxxxxxxxxxx, xxxxxx xxx xxxxxxxxxxx xxxxxxxxxxxx xxxx x&xxxx;xxxxxxxx xxxxxxxxxxx is xxx xxxxxxxxxx xx xx. Xx establishing xxx xxxxx xx xxxxxxxxxxx xx xxx requirements xxxxxx xxx infrastructure, xxx participant xxxxxx xxxxxxxx the elements xxxx xxx xxxx xx xxx Payment Xxxxxxxxxxx Chain (PTC). Xxxxxxxxxxxx, xxx PTC xxxxxx xx a Point xx Xxxxx (XxX), x.x. x&xxxx;xxxxxx xxxxxxxx xx xxx creation xx xxxxxxxxxxxx (x.x. xxxxxxxxxxxx, xxxxx-xxxxxx xxx xxxx-xxxxxx xxxxxxxxxxxx, middleware), xxx ends xx xxx xxxxxx responsible xx send the xxxxxxx xx XXXXX (x.x. XXXXX VPN Xxx) xx Internet (xxxx xxx xxxxxx xxxxxxxxxx to Internet-based Xxxxxx). Xxxxxxxxxxx 1.1: Information xxxxxxxx xxxxxx Xxx xxxxxxxxxx xxxxx set x&xxxx;xxxxx xxxxxx xxxxxxxxx xx xxxx with business xxxxxxxxxx xxx xxxxxxxxxxx xxxxxxx xxx xxx xxxxxxxxxx to xxxxxxxxxxx xxxxxxxx xxxxxxx xxx xxxxxxxx, approval xxx xxxxxxxxxxx of xx xxxxxxxxxxx xxxxxxxx policy xxxxxx xx xxxxxxxx xxxxxxxxxxx security xxx xxxxx resilience across xxx organisation xx xxxxx xx xxxxxxxxxxxxxx, xxxxxxxxxx xxx treatment xx information security xxx xxxxx resilience xxxxx. Xxx policy xxxxxx xxxxxxx xx xxxxx the following xxxxxxxx: xxxxxxxxxx, xxxxx (xxxxxxxxx domains xxxx xx xxxxxxxxxxxx, xxxxx xxxxxxxxx, asset management xxx.), principles xxx xxxxxxxxxx xx xxxxxxxxxxxxxxxx. Xxxxxxxxxxx 1.2: Xxxxxxxx xxxxxxxxxxxx Xx xxxxxxxxxxx security framework xxxxx be xxxxxxxxxxx xx implement the xxxxxxxxxxx xxxxxxxx xxxxxx xxxxxx xxx xxxxxxxxxxxx. Xxx xxxxxxxxxx xxxxx xxxxxxxxxx xxx xxxxxx xxx establishment xx xxx xxxxxxxxxxx xxxxxxxx xxxxxxxxx xx xxxxxx xxx xxxxxxxxxxxxxx of xxx information security xxxxxx (as per Xxxxxxxxxxx 1.1) xxxxxx xxx xxxxxxxxxxxx, xxxxxxxxx xxx xxxxxxxxxx of xxxxxxxxxx resources xxx xxxxxxxxxx of security xxxxxxxxxxxxxxxx xxx xxxx xxxxxxx. Xxxxxxxxxxx 1.3: External xxxxxxx Xxx xxxxxxxx xx xxx xxxxxxxxxxxx’x xxxxxxxxxxx xxx xxxxxxxxxxx xxxxxxxxxx xxxxxxxxxx xxxxxx not xx xxxxxxx xx xxx introduction of, xxx/xx the xxxxxxxxxx xx, xx xxxxxxxx xxxxx/xxxxxxx or products/services xxxxxxxx xx xxxx. Xxx xxxxxx xx xxx organisation’s information xxxxxxxxxx facilities xx xxxxxxxx xxxxxxx xxxxx xx xxxxxxxxxx. Xxxx xxxxxxxx parties xx xxxxxxxx/xxxxxxxx of xxxxxxxx xxxxxxx are xxxxxxxx xx access the xxxxxxxxxxxx’x xxxxxxxxxxx xxxxxxxxxx xxxxxxxxxx, x&xxxx;xxxx xxxxxxxxxx xxxxx xx xxxxxxx xxx xx xxxxxxxxx xxx xxxxxxxx implications xxx xxxxxxx xxxxxxxxxxxx. Xxxxxxxx xxxxx xx xxxxxx and defined xx xx agreement xxxx xxxx xxxxxxxx xxxxxxxx party. Requirement 1.4: Xxxxx xxxxxxxxxx Xxx xxxxxxxxxxx xxxxxx, the xxxxxxxx xxxxxxxxx xxx the xxxxxxxxxx xxxxxxxxxxx systems, xxxx xx xxxxxxxxx xxxxxxx, infrastructures, xxxxxxxx xxxxxxxxxxxx, off-the-shelf xxxxxxxx, xxxxxxxx xxx user-developed xxxxxxxxxxxx, xx xxx xxxxx xx xxx Xxxxxxx Xxxxxxxxxxx Xxxxx xxxxx xx accounted xxx and xxxx x&xxxx;xxxxxxxxx xxxxx. The xxxxxxxxxxxxxx xxx the xxxxxxxxxxx xxx the xxxxxxxxx of xxxxxxxxxxx xxxxxxxx xx the xxxxxxxx xxxxxxxxx and xxx xxxxxxx XX xxxxxxxxxx xx safeguard xxx information xxxxxx xxxxx be xxxxxxxx. Xxxx: xxx owner xxx xxxxxxxx xxx xxxxxxxxxxxxxx of xxxxxxxx xxxxxxxx xx xxxxxxxxxxx, xxx xxxxxxx xxxxxxxxxxx xxx the xxxxxx xxxxxxxxxx xx xxx xxxxxx. Xxxxxxxxxxx 1.5: Xxxxxxxxxxx xxxxxx xxxxxxxxxxxxxx Xxxxxxxxxxx xxxxxx xxxxx be xxxxxxxxxx xx terms xx xxxxx xxxxxxxxxxx xx xxx xxxxxx xxxxxxxx xx the xxxxxxx xx xxx xxxxxxxxxxx. Xxx xxxxxxxxxxxxxx shall xxxxxxxx xxx xxxx, xxxxxxxxxx xxx xxxxxx xx protection xxxxxxxx xxxx xxxxxxxx xxx xxxxxxxxxxx asset xx xxx xxxxxxxx xxxxxxxx xxxxxxxxx and shall xxxx xxxx xxxx xxxxxxxxxxxxx xxx xxxxxxxxxx XX xxxxxxxxxx. Xx xxxxxxxxxxx xxxxx classification xxxxxx approved xx xxx management xxxxx xx xxxx xx xxxxxx xx xxxxxxxxxxx xxx of protection xxxxxxxx xxxxxxxxxx the xxxxxxxxxxx xxxxx lifecycle (xxxxxxxxx xxxxxxx xxx xxxxxxxxxxx of xxxxxxxxxxx xxxxxx) xxx to xxxxxxxxxxx xxx need xxx xxxxxxxx xxxxxxxx xxxxxxxx. Xxxxxxxxxxx 1.6: Human xxxxxxxxx xxxxxxxx Xxxxxxxx xxxxxxxxxxxxxxxx xxxxx xx addressed xxxxx xx xxxxxxxxxx xx adequate xxx xxxxxxxxxxxx and xx xxxxx and xxxxxxxxxx xx employment. All xxxxxxxxxx xxx xxxxxxxxxx, xxxxxxxxxxx xxx third xxxxx users shall xx xxxxxxxxxx xxxxxxxx, xxxxxxxxxx for sensitive xxxx. Xxxxxxxxx, xxxxxxxxxxx xxx xxxxx xxxxx xxxxx xx xxxxxxxxxxx xxxxxxxxxx facilities xxxxx xxxx xx xxxxxxxxx xx xxxxx xxxxxxxx xxxxx and responsibilities. Xx xxxxxxxx xxxxx xx awareness xxxxx xx xxxxxxx among xxx xxxxxxxxx, xxxxxxxxxxx xxx third xxxxx xxxxx, xxx education xxx training in xxxxxxxx procedures xxx xxx xxxxxxx use xx information processing xxxxxxxxxx xxxxx be xxxxxxxx to them xx minimise possible xxxxxxxx risks. X&xxxx;xxxxxx xxxxxxxxxxxx xxxxxxx xxx xxxxxxxx security xxxxxxxx xxxxx xx xxxxxxxxxxx xxx xxxxxxxxx. Xxxxxxxxxxxxxxxx xxxxx be xx xxxxx xx xxxxxx xxxx xx xxxxxxxx’x, xxxxxxxxxx’x or xxxxx xxxxx xxxx’x xxxx xxxx xx xxxxxxxx xxxxxx xxx organisation xx xxxxxxx, xxx xxxx the return xx xxx equipment xxx xxx removal xx all access xxxxxx are xxxxxxxxx. Xxxxxxxxxxx 1.7: Physical xxx xxxxxxxxxxxxx xxxxxxxx Xxxxxxxx xx xxxxxxxxx information processing xxxxxxxxxx xxxxx be xxxxxx in xxxxxx xxxxx, xxxxxxxxx xx xxxxxxx security xxxxxxxxxx, xxxx xxxxxxxxxxx xxxxxxxx xxxxxxxx xxx entry xxxxxxxx. Xxxx shall xx xxxxxxxxxx xxxxxxxxx xxxx xxxxxxxxxxxx access, xxxxxx and xxxxxxxxxxxx. Xxxxxx xxxxx be xxxxxxx xxxx to xxxxxxxxxxx who fall xxxxxx xxx xxxxx xx Requirement 1.6. Xxxxxxxxxx and xxxxxxxxx xxxxx xx established xx xxxxxxx xxxxxxxx xxxxx containing information xxxxxx when in xxxxxxx. Xxxxxxxxx xxxxx xx xxxxxxxxx xxxx xxxxxxxx xxx xxxxxxxxxxxxx xxxxxxx. Xxxxxxxxxx xx xxxxxxxxx (xxxxxxxxx xxxxxxxxx xxxx xxx-xxxx) and xxxxxxx xxx xxxxxxx xx xxxxxxxx is xxxxxxxxx xx reduce xxx xxxx xx xxxxxxxxxxxx xxxxxx to information xxx xx xxxxx xxxxxxx xxxx xx xxxxxx xx equipment xx xxxxxxxxxxx. Special xxxxxxxx xxx be xxxxxxxx xx xxxxxxx xxxxxxx physical threats xxx xx xxxxxxxxx xxxxxxxxxx facilities xxxx xx xxx xxxxxxxxxx xxxxxx and xxxxxxx xxxxxxxxxxxxxx. Xxxxxxxxxxx 1.8: Operations xxxxxxxxxx Xxxxxxxxxxxxxxxx xxx xxxxxxxxxx xxxxx be established xxx xxx xxxxxxxxxx xxx xxxxxxxxx of xxxxxxxxxxx xxxxxxxxxx xxxxxxxxxx xxxxxxxx all the xxxxxxxxxx systems in xxx Xxxxxxx Xxxxxxxxxxx Xxxxx xxx-xx-xxx. Xx xxxxxxx xxxxxxxxx xxxxxxxxxx, including xxxxxxxxx xxxxxxxxxxxxxx xx XX systems, xxxxxxxxxxx xx duties xxxxx xx implemented, where xxxxxxxxxxx, xx xxxxxx xxx xxxx xx xxxxxxxxx or deliberate xxxxxx xxxxxx. Where xxxxxxxxxxx xx duties xxxxxx be xxxxxxxxxxx xxx to documented xxxxxxxxx xxxxxxx, xxxxxxxxxxxx xxxxxxxx xxxxx xx xxxxxxxxxxx xxxxxxxxx x&xxxx;xxxxxx xxxx xxxxxxxx. Xxxxxxxx xxxxx xx established xx prevent xxx xxxxxx xxx introduction xx xxxxxxxxx xxxx xxx systems xx xxx Payment Xxxxxxxxxxx Xxxxx. Xxxxxxxx shall xx xxxx established (xxxxxxxxx xxxx xxxxxxxxx) xx prevent, detect xxx xxxxxx xxxxxxxxx xxxx. Xxxxxx xxxx xxxxx xx xxxx xxxx from xxxxxxx xxxxxxx (x.x. xxxxxx Xxxxxxxxx XXX components xxx Xxxx Applets). Xxx xxxxxxxxxxxxx xx xxx browser (x.x. xxx xxx xx xxxxxxxxxx and plugins) xxxxx be xxxxxxxx xxxxxxxxxx. Xxxx xxxxxx xxx xxxxxxxx xxxxxxxx xxxxx xx xxxxxxxxxxx xx xxx xxxxxxxxxx; xxxxx xxxxxxxx xxxxxxxx xxxxx xxxxxxx x&xxxx;xxxx xx xxx xxxxxxxxxxx xxxxxxx xxxxx is tested xx xxxxxxx xxxxxxxxx xx xxxxx xxxxxxxx. Xxxxxxx xxxx are xxxxxxxx xxx xxx xxxxxxxx xx xxxxxxxx xxxxx xx xxxxxxxxx xxx xxxxxx xxxxxxxx xx xxxxxxxxxxx security xxxxx xx xxxxxxxx. Xxxxxxxx xxxx shall xx xxxx xx xxxxxx xxxx xxxxxxxxxxx xxxxxx xxxxxxxx xxx xxxxxxxxxx. Xxxxxxxx logs xxxxx xx xxxxxxxxx xxxxxxxx xx x&xxxx;xxxxxx xxxxx, xxxxx on xxx xxxxxxxxxxx xx xxx xxxxxxxxxx. Xxxxxx monitoring xxxxx be used xx xxxxx xxx xxxxxxxxxxxxx of xxxxxxxx xxxxx are identified xx xxxxxxxx for xxx security xx xxxxxxxx xxx xx xxxxxx xxxxxxxxxx xx xx access xxxxxx xxxxx. Xxxxxxxxx of information xxxxxxx organisations shall xx based on x&xxxx;xxxxxx xxxxxxxx policy, xxxxxxx out in xxxx xxxx xxxxxxxx xxxxxxxxxx among xxx xxxxxxxx xxxxxxx xxx xxxxx be xxxxxxxxx xxxx xxx xxxxxxxx xxxxxxxxxxx. Xxxxx party xxxxxxxx components xxxxxxxx xx xxx xxxxxxxx xx information with XXXXXX2 (xxxx xxxxxxxx xxxxxxxx xxxx x&xxxx;Xxxxxxx Xxxxxx xx scenario 2 of the xxxxx xxxxxxx of xxx XXXXXX2 xxxx-xxxxxxxxxxxxx xxxxxxxxxxx document) xxxx xx xxxx xxxxx x&xxxx;xxxxxx xxxxxxxxx xxxx xxx xxxxx xxxxx. Xxxxxxxxxxx 1.9: Xxxxxx xxxxxxx Xxxxxx xx xxxxxxxxxxx xxxxxx xxxxx xx justified xx xxx basis xx xxxxxxxx xxxxxxxxxxxx (xxxx-xx-xxxx&xxxx;(1)) xxx according xx the xxxxxxxxxxx xxxxxxxxx xx xxxxxxxxx xxxxxxxx (xxxxxxxxx the xxxxxxxxxxx xxxxxxxx xxxxxx). Xxxxx access xxxxxxx xxxxx xxxxx xx xxxxxxx xxxxx on xxx xxxxxxxxx xx xxxxx privilege (2) xx xxxxxxx closely the xxxxx xx the xxxxxxxxxxxxx business xxx XX xxxxxxxxx. Xxxxx xxxxxxxx (e.g. for xxxxxx xxxxxxxxxx) xxxxxxx xxxxxx xxxxxxx xxxxxx xx xxxxxxxxxx xxxx xxxxxxxx xxxxxx xxxxxxx xxxxxx there xxx xxxxxxxx xxxxxxxxxxxx xxxxxxxx xx xxxxx (x.x. xxxxxxxxxx, xxxxxxxx xxxx xxxxxxxxxxxxx). Xxxxxx xxx xxxxxxxxxx xxxxxxxxxx xxxxx xx xx xxxxx xx xxxxxxx xxx allocation xx xxxxxx xxxxxx xx information xxxxxxx xxx services xxxx xxxx xxxxxx the xxxxx xx xxx Xxxxxxx Xxxxxxxxxxx Xxxxx. Xxx procedures xxxxx xxxxx xxx stages xx xxx lifecycle xx user xxxxxx, xxxx xxx xxxxxxx xxxxxxxxxxxx of xxx xxxxx to xxx xxxxx xxxxxxxxxxxxxx xx xxxxx xxxx no xxxxxx xxxxxxx xxxxxx. Xxxxxxx xxxxxxxxx shall xx xxxxx, where appropriate, xx xxx xxxxxxxxxx xx access xxxxxx xx xxxx xxxxxxxxxxx xxxx xxx abuse xx xxxxx access xxxxxx xxxxx xxxx xx x&xxxx;xxxxxx xxxxxxx xxxxxx xx xxx xxxxxxxxxx xx xxx xxxxxxxxxxx (x.x. xxxxxx xxxxxx xxxxxxxx xxxxxx xxxxxxxxxxxxxx, xxxxxxxx xx xxxxxx controls, direct xxxxxx xx xxxxxxxx xxxx). Xxxxxxxxxxx xxxxxxxx xxxxx xx xxx in xxxxx xx xxxxxxxx, xxxxxxxxxxxx xxx xxxxxxxxx xxxxx xx specific xxxxxx xx the xxxxxxxxxxxx’x xxxxxxx, x.x. xxx xxxxx and xxxxxx xxxxxx to xxxxxxx xx xxx Xxxxxxx Xxxxxxxxxxx Chain. Xxxxxxxx accounts xxxxx xxx xx xxxxxx xx xxxxx xx xxxxxx xxxxxxxxxxxxxx. Xxx xxxxxxxxx, xxxxx xxxxx xx xxxxxxxxxxx xxx xxxxxxxx xx specific controls xx ensure xxxx xxxxxxxxx xxxxxx be xxxxxx xxxxxxx, x.x. xxxxxxxxxx rules xxx xxxxxxx-xxxx validity. X&xxxx;xxxx xxxxxxxx xxxxxxxx xxx/xx xxxxx xxxxxxxx xxxxx xx xxxxxxxxxxx. X&xxxx;xxxxxx shall xx xxxxxxxxx xxx xxxxxxxxxxx on the xxx xx cryptographic xxxxxxxx xx xxxxxxx xxx xxxxxxxxxxxxxxx, xxxxxxxxxxxx xxx xxxxxxxxx xx xxxxxxxxxxx. X&xxxx;xxx xxxxxxxxxx xxxxxx xxxxx xx xxxxxxxxxxx to xxxxxxx xxx xxx xx xxxxxxxxxxxxx xxxxxxxx. Xxxxx xxxxx xx policy for xxxxxxx xxxxxxxxxxxx xxxxxxxxxxx xx xxxxxx xx xx print (x.x. x&xxxx;xxxxx xxxxxx, x&xxxx;xxxxx xxxx xxxxxx) to xxxxxx xxx risk xx unauthorised access. When xxxxxxx xxxxxxxx, the xxxxx xx xxxxxxx xx an xxxxxxxxxxx xxxxxxxxxxx xxxxx xx xxxxxxxxxx xxx xxxxxxxxxxx xxxxxxxxx and xxxxxxxxxxxxxx xxxxxxxx shall xx xxxxxxx. Xxxxxxxxxxx 1.10: Information xxxxxxx acquisition, xxxxxxxxxxx xxx xxxxxxxxxxx Xxxxxxxx xxxxxxxxxxxx xxxxx be identified xxx xxxxxx prior xx xxx xxxxxxxxxxx xxx/xx xxxxxxxxxxxxxx xx xxxxxxxxxxx xxxxxxx. Xxxxxxxxxxx xxxxxxxx xxxxx be xxxxx xxxx applications, including xxxx-xxxxxxxxx xxxxxxxxxxxx, to xxxxxx xxxxxxx xxxxxxxxxx. Xxxxx xxxxxxxx shall xxxxxxx xxx xxxxxxxxxx xx xxxxx xxxx, xxxxxxxx xxxxxxxxxx xxx xxxxxx xxxx. Xxxxxxxxxx xxxxxxxx xxx xx xxxxxxxx xxx xxxxxxx xxxx process, xx xxxx xx xxxxxx xx, xxxxxxxxx, valuable xx xxxxxxxx xxxxxxxxxxx. Xxxx xxxxxxxx xxxxx xx determined on xxx xxxxx of xxxxxxxx xxxxxxxxxxxx xxx xxxx xxxxxxxxxx according xx the xxxxxxxxxxx xxxxxxxx (x.x. information xxxxxxxx xxxxxx, xxxxxxxxxxxxx xxxxxxx xxxxxx). Xxx xxxxxxxxxxx xxxxxxxxxxxx xx xxx xxxxxxx shall xx xxxxxxxxxxx, documented xxx xxxxxx xxxxx to xxxxx acceptance xxx xxx. Xx xxxxxxx xxxxxxx security, xxxxxxxxxxx xxxxxxxx, xxxxxxxxx xxxxxxxxxxxx xxx secure xxxxxxxxxx, xxxxxx xx xxxxxxxxxxx xxxxx xx xxx xxxxxxxxxxx of data xxxxx xxx the xxxxx xx xxxx xx xxx network xxxxx xx xxx xxxxxxxxxxxx. Xxxxx xxxxx xx xxxxxxxx xxxxxxxx xx protect xxxxxxxxx xxxxxxxxxxx xxxxxxx over xxxxxx xxxxxxxx. Xxxxxx xx xxxxxx xxxxx xxx xxxxxxx xxxxxx code xxxxx xx xxxxxxxxxx xxx IT xxxxxxxx xxx support xxxxxxxxxx xxxxxxxxx xx a secure xxxxxx. Care xxxxx xx taken xx xxxxx xxxxxxxx of xxxxxxxxx xxxx xx xxxx xxxxxxxxxxxx. Xxxxxxx xxx xxxxxxx environments xxxxx xx strictly xxxxxxxxxx. Xxxxxxxxxx of xxxxxxx xx xxxxxxxxxx xxxxx xx strictly xxxxxxxxxx. X&xxxx;xxxx assessment xx xxx major xxxxxxx xx xx xxxxxxxx in production xxxxx be xxxxxxxxx. Xxxxxxx xxxxxxxx testing xxxxxxxxxx xx xxxxxxx xx xxxxxxxxxx xxxxx also xx xxxxxxxxx according xx x&xxxx;xxxxxxxxxx xxxx xxxxx xx xxx xxxxxxx of x&xxxx;xxxx xxxxxxxxxx, xxx xxxxxxxx xxxxxxx xxxxx xxxxxxx, xx xxxxx, xxxxxxxxxxxxx xxxxxxxxxxx. Xxx xx xxx xxxxxxxxxxxx xxxxxxxxxxx xxxxxx the xxxxxxxx xxxxxxx xxxxxxxxxx xxxxx xx xxxxxxxx and xxxxxx xxxxx xx xxxxx xxx xxxxxxxxxx xxx xxxxx be xxxxxxxx xxx followed xx in x&xxxx;xxxxxx xxxxxxx. Xxxxxxxxxxx 1.11: Information xxxxxxxx xx xxxxxxxx&xxxx;(3) xxxxxxxxxxxxx Xx xxxxxx xxxxxxxxxx xx xxx xxxxxxxxxxx’x xxxxxxxx xxxxxxxxxxx systems xxxx are xxxxxxxxxx xx suppliers, xxxxxxxxxxx xxxxxxxx xxxxxxxxxxxx xxx xxxxxxxxxx the xxxxx xxxxxxxxxx xxxx xxxxxxxx’x xxxxxx xxxxx xx xxxxxxxxxx xxx xxxxxxxx xxxxxx xxxx with xxx supplier. Requirement 1.12: Xxxxxxxxxx of xxxxxxxxxxx xxxxxxxx xxxxxxxxx xxx xxxxxxxxxxxx Xx xxxxxx a consistent xxx effective xxxxxxxx xx xxx xxxxxxxxxx xx information xxxxxxxx xxxxxxxxx, xxxxxxxxx communication xx xxxxxxxx events xxx xxxxxxxxxx, xxxxx, xxxxxxxxxxxxxxxx xxx procedures, xx xxxxxxxx and xxxxxxxxx xxxxx, shall xx xxxxxxxxxxx xxx xxxxxx xx xxxxxx x&xxxx;xxxxx, effective xxx xxxxxxx xxx xxxxxx xxxxxxx xxxx xxxxxxxxxxx xxxxxxxx xxxxxxxxx xxxxxxxxx xxxxxxxxx related xx x&xxxx;xxxxx-xxxxxxx xxxxx (x.x. x&xxxx;xxxxx xxxxxxx xx xx xxxxxxxx xxxxxxxx xx by an xxxxxxx). Personnel xxxxxxxx xx xxxxx xxxxxxxxxx xxxxx xx xxxxxxxxxx xxxxxxx. Xxxxxxxxxxx 1.13: Xxxxxxxxx xxxxxxxxxx xxxxxx X&xxxx;xxxxxxxxxxx’x internal xxxxxxxxxxx systems (x.x. xxxx office xxxxxxx, xxxxxxxx networks xxx xxxxxxxx xxxxxxx connectivity) xxxxx xx xxxxxxxxx xxxxxxxx xxx xxxxxxxxxx xxxx xxx organisation’s xxxxxxxxxxx xxxxxxxxx of xxxxxxxx (x.x. xxxxxxxxxxx xxxxxxxx xxxxxx, xxxxxxxxxxxxx xxxxxxx xxxxxx). Xxxxxxxxxxx 1.14: Xxxxxxxxxxxxxx Xxxxx virtual machines xxxxx xxxxxx with xxx xxx xxxxxxxx xxxxxxxx xxxx xxx xxx xxx physical xxxxxxxx xxx xxxxxxx (x.x. xxxxxxxxx, logging). Xxxxxxxx xxxxxxxx to xxxxxxxxxxx must include: xxxxxxxxx of xxx xxxxxxxxxx and xxx xxxxxxx operating xxxxxx, xxxxxxx xxxxxxxx, xxxxxx xxxxxxxxxx of xxxxxxxxx xxxxxxxxxxxx (x.x. xxxxxxxxxx xxx development). Centralised xxxxxxxxxx, logging and xxxxxxxxxx xx well xx xxxxxxxx xx xxxxxx xxxxxx, xx xxxxxxxxxx xxx xxxx xxxxxxxxxx xxxxxxxx, xxxxx xx xxxxxxxxxxx based xx x&xxxx;xxxx xxxxxxxxxx. Xxxxx xxxxxxx xxxxxxxx xxxxxxx by the xxxx xxxxxxxxxx shall xxxx x&xxxx;xxxxxxx xxxx xxxxxxx. Xxxxxxxxxxx 1.15: Cloud xxxxxxxxx Xxx usage xx xxxxxx xxx/xx xxxxxx xxxxx xxxxxxxxx in xxx Payment Transaction Xxxxx must xx xxxxx xx x&xxxx;xxxxxx xxxx assessment, xxxxxx xxxx xxxxxxx xxx xxxxxxxxx controls xxx xxx xxxxxxxxxxx xxxxxxx xxxxxxx xx xxx xxxxx xxxxxxxx. Xx hybrid xxxxx xxxxxxxxx xxx xxxx, xx is xxxxxxxxxx that xxx xxxxxxxxxxx xxxxx xx xxx overall xxxxxx xx xxx xxxxxxx xxx xx xxx xxxxxxxxx systems. All xx-xxxxxxxx xxxxxxxxxx xx xxx xxxxxx xxxxxxxxx xxxx be xxxxxxxxxx xxxx xxx xxxxx xx-xxxxxxxx systems. Business xxxxxxxxxx xxxxxxxxxx (xxxxxxxxxx only xx xxxxxxxx participants) The xxxxxxxxx xxxxxxxxxxxx (2.1 xx 2.6) xxxxxx xx xxxxxxxx xxxxxxxxxx xxxxxxxxxx. Each XXXXXX2 xxxxxxxxxxx classified xx xxx Xxxxxxxxxx xx xxxxx xxxxxxxx for xxx xxxxxx xxxxxxxxxxx xx xxx TARGET2 xxxxxx shall xxxx x&xxxx;xxxxxxxx continuity xxxxxxxx xx xxxxx xxxxxxxxxx xxx xxxxxxxxx xxxxxxxx.
|
(1)&xxxx;&xxxx;Xxx xxxx-xx-xxxx principle refers xx xxx xxxxxxxxxxxxxx xx xxx xxx xx xxxxxxxxxxx that xx individual xxxxx xxxxxx xx xx xxxxx xx xxxxx xxx xxx/xxx xxxxxx.
(2)&xxxx;&xxxx;Xxx xxxxxxxxx xx xxxxx xxxxxxxxx xxxxxx to xxxxxxxxx x&xxxx;xxxxxxx’x access xxxxxxx xx xx XX xxxxxx in xxxxx to xxxxx xxx xxxxxxxxxxxxx xxxxxxxx xxxx.
(3)&xxxx;&xxxx;X&xxxx;xxxxxxxx in xxx xxxxxxx xx this xxxxxxxx xxxxxx xx xxxxxxxxxx as xxx xxxxx xxxxx (xxx xxx xxxxxxxxx) xxxxx xx under contract (xxxxxxxxx), xxxx the xxxxxxxxxxx, to xxxxxxx x&xxxx;xxxxxxx xxx under xxx xxxxxxx agreement xxx xxxxx xxxxx (xxx xxx xxxxxxxxx) xx xxxxxxx xxxxxx, xxxxxx remotely xx xx-xxxx, xx xxxxxxxxxxx xxx/xx xxxxxxxxxxx systems xxx/xx information xxxxxxxxxx xxxxxxxxxx of xxx xxxxxxxxxxx in scope xx associated xx xxx xxxxx xxxxxxx xxxxx xxx xxxxxxxx xx xxx XXXXXX2 xxxx-xxxxxxxxxxxxx.
XXXXXXX II
Příloha XX xxxxxxxxxx XXX/2007/7 xx xxxx xxxxx:
1. |
Xxxxxx&xxxx;1 xx xxxx xxxxx:
|
2. |
V čl. 4 odst. 2 xx xxxxxxx xx) xxxxxxxxx xxxxx:
|
3. |
X&xxxx;xx.&xxxx;4 xxxx.&xxxx;2 xx xxxxxx xxxx xxxxxxx xx), které xxx:
|
4. |
X&xxxx;xxxxxx&xxxx;4 xx odstavec 3 xxxxxxxxx xxxxx: „3.&xxxx;&xxxx;&xxxx;XXXXXX2 provides xxxx-xxxx gross xxxxxxxxxx xxx xxxxxxxx in xxxx, xxxx xxxxxxxxxx xx central xxxx xxxxx across XX xxxxxxxx, X2X XXXx xxx XXXX DCAs. XXXXXX2 xx xxxxxxxxxxx xxx xxxxxxxxx xx xxx xxxxx xx xxx XXX through xxxxx xxxxxxx xxxxxx xxx xxxxxxxxx and xxxxxxxxx xxx through xxxxx payments xxx xxxxxxxxxx received xx xxx same technical xxxxxx. As far xx xxx xxxxxxxxx xxxxxxxxx xx the X2X XXXx is xxxxxxxxx, TARGET2 xx xxxxxxxxxxx xxxxxxxxxxx and xxxxxxxxx xx the xxxxx of xxx X2X Platform. Xx xxx xx xxx xxxxxxxxx operation xx xxx TIPS XXXx xxx XXXX XX xxxxxxxxx xxxxxxxx xx xxxxxxxxx, XXXXXX2 xx xxxxxxxxxxx xxxxxxxxxxx xxx xxxxxxxxx on the xxxxx xx the XXXX Xxxxxxxx. The XXX is xxx xxxxxxxx xx xxxxxxxx xxxxx xxxxx Xxxxxxxxxx. Xxxx xxx xxxxxxxxx xx the SSP-providing XXXx xxx xxx 4XXx xxxxx xx xxxxxxxxxx acts xxx xxxxxxxxx xx xxx XXX, xxx xxxxx xx xxxxx xxxxxx xxxxxxxxx xx xxxxxxxxxx xxxx Xxxxxxx&xxxx;21 of xxxx Xxxxx. Xxxxxxxxxxxxx xxxxxxxx xx these Xxxxxxxxxx xxxxx xxx xxxxxx x&xxxx;xxxxxxxxxxx xxxxxxxxxxxx xxxxxxx X2X XXX xxxxxxx and xxx XXX-xxxxxxxxx XXXx or xxx 4CBs xxxx xxx of the xxxxxx acts xx xxxx capacity. Xxxxxxxxxxxx, xxxxxxxx xx xxxxxxxxxxx xxxxx a T2S DCA xxxxxx xxxxxxxx xxxx, xx xxxxx to, xxx XXX or X2X Xxxxxxxx xx xxxxxxxx xx xxx xxxxxxxx xxxxxxxx under xxxxx Conditions are xxxxxx xx xx xxxxxxxx xxxx, or xxxx to, xxx XXX.“; |
5. |
X&xxxx;xxxxxx&xxxx;8 xx odstavec 3 xxxxxxxxx xxxxx: „3.&xxxx;&xxxx;&xxxx;Xxxxx xxx XXX xxx xxxxxxx a request xx x&xxxx;X2X XXX xxxxxx xxxxxxxx to xxxxxxxxx 1, that X2X XXX xxxxxx xx xxxxxx xx have xxxxx xxx participating XXX(x) x&xxxx;xxxxxxx to xxxxx xxx X2X XXX xxxx the xxxxxxx xxxxxxxx to xxxxxxxxxx xxxxxxxxxxxx xxxxxxxx xx those securities xxxxxxxx.“; |
6. |
X&xxxx;xxxxxx&xxxx;28 xx xxxxxxxx 1 xxxxxxxxx xxxxx: „1.&xxxx;&xxxx;&xxxx;X2X XXX xxxxxxx xxxxx xx deemed xx xx xxxxx xx, xxxxx xxxxxx with, xxx shall be xxxx to xxxxxxxxxxx xxxx xxxxxxxxxx xx xxx xxxxxxxx xxxxxxxxx xxxxxxxxxxx with all xxxxxxxxxxx on xxxx xxxxxxxx xx xxxxxxxxxxx xx xxxx xxxxxxxxxx. Xxxx xxxxx xx xxxxxx to be xxxxx xx, and xxxxx xxxxxx with xxx xxxxxxxxxxx on xxxx xxxxxxxx xx xxxxxxxxxxx xx xxxxxxxxxx xx money laundering xxx xxx financing xx xxxxxxxxx, xxxxxxxxxxxxx-xxxxxxxxx xxxxxxx activities xxx xxx xxxxxxxxxxx xx xxxxxxx weapons xxxxxxxx xxxxxxx, in xxxxxxxxxx xx terms xx xxxxxxxxxxxx xxxxxxxxxxx measures xxxxxxxxxx any xxxxxxxx xxxxxxx xx credited xx xxxxx X2X XXXx. Xxxxx to xxxxxxxx xxxx the xxxxxxxxxxx xxxxxxxxxxxx xxxx xxx T2S xxxxxxx xxxxxxx xxxxxxxx, X2X XXX holders shall xxxxxx xxxx they xxx xxxxxxxx about xxx xxxx xxxxxxxxx xxxxxx.“; |
7. |
Xxxxxx&xxxx;30 xx xxxxxxxxx xxxxx: „Xxxxxxx&xxxx;30 Xxxxxxxxxxx relationship xxxx xx XXX 1.&xxxx;&xxxx;&xxxx;X2X DCA xxxxxxx xxxxx either:
2. The xxxxx relationship xxxxxxx x&xxxx;X2X XXX holder xxx the XXX xxxxx be xxxxxxxxxxx xxxxxxxx xx the xxxxx and xxxxxxxxxx xx xxx xxxxxxxx xxxxxxxx xxxxxxxxx xxxx xx NSP xx xxxxxxxx xx xx xxxxxxxxx 1(x). 3.&xxxx;&xxxx;&xxxx;Xxx services xx xx provided xx the XXX xxxxx not xxxx xxxx xx the xxxxxxxx xx be xxxxxxxxx by the XXX in xxxxxxx xx TARGET2. 4. The XXX xxxxx xxx be xxxxxx xxx xxx xxxx, xxxxxx xx xxxxxxxxx of xxx XXX (xxxxxxxxx its xxxxxxxxx, staff xxx xxxxxxxxxxxxxx), xx xxx xxx xxxx, xxxxxx xx omissions xx xxxxx xxxxxxx selected xx participants xx xxxx xxxxxx to xxx NSP’s network.“; |
8. |
Vkládá xx xxxx článek 34a, xxxxx xxx: „Xxxxxxx&xxxx;34x Xxxxxxxxxxxx xxxxxxxxxx Xxxx xxx XXXXXX xxxxxx xx operational and XXXXXX2 has ceased xxxxxxxxx, T2S DCA xxxxxxx xxxxx become X2X XXX holders xx the XXXXXX xxxxxx.“; |
9. |
Xxxxxx xx pojem „X2X xxxxxxx service xxxxxxxx“ (x&xxxx;xxxxxxxxx xxxx xxxxxxx xxxxx) x&xxxx;xx.&xxxx;6 xxxx.&xxxx;1 písm. x) xxxx i), xx.&xxxx;9 xxxx.&xxxx;5, xx.&xxxx;10 odst. 6, xx.&xxxx;14 xxxx.&xxxx;1 xxxx. x), xx.&xxxx;22 xxxx.&xxxx;1, xx.&xxxx;22 odst. 2, xx.&xxxx;22 xxxx.&xxxx;3, xx.&xxxx;27 odst. 5, xx.&xxxx;28 xxxx.&xxxx;1, xx.&xxxx;29 xxxx.&xxxx;1 xxxxxxx XX x&xxxx;x&xxxx;xxxxxxxx 1 xxxxxxx X&xxxx;xx xxxxxxxxx odkazem „XXX“; |
10. |
X&xxxx;xxxxxxx X&xxxx;xx v odst. 8 xxxxxxx. 4 xxxxxxxxx xxxxxxx x) tímto:
|
XXXXXXX XXX
Xxxxxxx XXX xxxxxxxxxx XXX/2007/7 xx xxxx takto:
1. |
Odkazy na xxxxx „XXXX xxxxxxx xxxxxxx xxxxxxxx“ (x&xxxx;xxxxxxxxx xxxx xxxxxxx xxxxx) x&xxxx;xxxx xxxxxxx xx xxxxxxxxx xxxxxxx „XXX“; |
2. |
Xxxxxx&xxxx;1 xx xxxx xxxxx:
|
3. |
X&xxxx;xx.&xxxx;3 xxxx.&xxxx;1 xx zrušuje xxxxx xx „Xxxxxxxx X: XXXX xxxxxxxxxxxx xxxxxxxxx xxxxxxxxxxxx“; |
4. |
Xxxxxx&xxxx;4 xx xxxx xxxxx:
|
5. |
X&xxxx;xx.&xxxx;6 xxxx.&xxxx;1 xxxx. x) xx xxx x) xxxxxxxxx xxxxx:
|
6. |
Xxxxxx&xxxx;9 xx nahrazuje xxxxx: „Xxxxxxx&xxxx;9 Xxxxxxxxxxx relationship xxxx xx NSP 1. Participants xxxxx xxxxxx:
2.&xxxx;&xxxx;&xxxx;Xxx legal xxxxxxxxxxxx between x&xxxx;xxxxxxxxxxx xxx xxx NSP xxxxx xx xxxxxxxxxxx xxxxxxxx by the xxxxx and xxxxxxxxxx xx their xxxxxxxx xxxxxxxx as referred xx in xxxxxxxxx 1(x). 3.&xxxx;&xxxx;&xxxx;Xxx xxxxxxxx to xx provided xx xxx NSP xxxxx xxx xxxx xxxx xx the xxxxxxxx xx be xxxxxxxxx xx the ECB xx respect of XXXXXX2. 4.&xxxx;&xxxx;&xxxx;Xxx XXX xxxxx xxx be xxxxxx xxx any xxxx, xxxxxx or xxxxxxxxx xx the NSP (xxxxxxxxx its xxxxxxxxx, xxxxx and xxxxxxxxxxxxxx), xx xxx any xxxx, xxxxxx xx xxxxxxxxx xx xxxxx xxxxxxx selected xx xxxxxxxxxxxx to xxxx xxxxxx to xxx XXX’x xxxxxxx.“; |
7. |
Xxxxxx&xxxx;10 se xxxxxxx; |
8. |
Xxxxxx xx nový xxxxxx&xxxx;11x, xxxxx zní: „Article 11a MPL xxxxxxxxxx 1.&xxxx;&xxxx;&xxxx;Xxx xxxxxxx XXX xxxxxxxxxx xxxxxxxx the xxxxx – XXXX xxxxxxx table for xxx xxxxxxxx xx xxx XXX xxxxxxx. 2.&xxxx;&xxxx;&xxxx;Xxxx xxxxx may be xxxxxx xx xxxx xxx IBAN. Xx XXXX xxx be xxxxxx xx xxx xx xxxxxxxx xxxxxxx. 3.&xxxx;&xxxx;&xxxx;Xxxxxxx&xxxx;29 xxxxx xxxxx xx xxx data xxxxxxxxx xx xxx XXX xxxxxxxxxx.“; |
9. |
X&xxxx;xxxxxx&xxxx;12 se xxxxxxx xxxxxxxx 9; |
10. |
Xxxxxx&xxxx;16 xx xxxxxxxxx xxxxx: „Xxxxxxx&xxxx;16 Xxxxx xx xxxxxxx orders xx XXXX XXX Xxx following xxx classified xx xxxxxxx xxxxxx xxx xxx xxxxxxxx xx xxx XXXX xxxxxxx:
|
11. |
X&xxxx;xxxxxx&xxxx;18 xx xxxxxxxx 6 xxxxxxxxx xxxxx: „6.&xxxx;&xxxx;&xxxx;Xxxxx x&xxxx;XXXX XXX xx XX xxxxxxxxx xxxxxxxx order, x&xxxx;XXXX XXX to XXXX XX xxxxxxxxx xxxxxxx xxxxxxxxx xxxxxxxx xxxxx xx a TIPS XX xxxxxxxxx account xx XXXX XXX liquidity xxxxxxxx xxxxx has xxxx xxxxxxxx xx xxxxxxxx to in Xxxxxxx&xxxx;17, xxx XXXXXX2-XXX xxxxx xxxxx xxxxxxx xxxxxxxxxx xxxxx xxx xxxxxxxxx xx xxx xxxxx'x xxxxxxx. If xxxxxxxxxx xxxxx xxx xxx xxxxxxxxx the xxxxxxxxx transfer xxxxx xxxxx xx xxxxxxxx. Xx xxxxxxxxxx xxxxx xxx xxxxxxxxx xxx xxxxxxxxx xxxxxxxx order xxxxx be settled xxxxxxxxxxx.“; |
12. |
X&xxxx;xx.&xxxx;20 odst. 1 xx xxxxxxx b) nahrazuje xxxxx:
|
13. |
X&xxxx;xxxxxx&xxxx;30 xx xxxxxxxx 1 xxxxxxxxx xxxxx: „1.&xxxx;&xxxx;&xxxx;XXXX XXX holders xxxxx xx xxxxxx xx xx xxxxx xx, xxxxx comply with xxx xxxxx xx xxxx xx demonstrate xxxx compliance xx xxx xxxxxxxx xxxxxxxxx xxxxxxxxxxx xxxx all xxxxxxxxxxx xx them xxxxxxxx xx legislation xx xxxx xxxxxxxxxx. Xxxx xxxxx be xxxxxx to be xxxxx xx, xxx xxxxx xxxxxx xxxx xxx xxxxxxxxxxx xx xxxx xxxxxxxx to xxxxxxxxxxx on xxxxxxxxxx xx xxxxx xxxxxxxxxx xxx the financing xx xxxxxxxxx, xxxxxxxxxxxxx-xxxxxxxxx xxxxxxx xxxxxxxxxx xxx xxx xxxxxxxxxxx xx xxxxxxx weapons delivery xxxxxxx, xx particular xx xxxxx of xxxxxxxxxxxx appropriate xxxxxxxx xxxxxxxxxx xxx xxxxxxxx xxxxxxx xx xxxxxxxx xx xxxxx XXXX XXXx. XXXX DCA xxxxxxx xxxxxx that xxxx xxx xxxxxxxx xxxxx xxxxx xxxxxx XXX'x xxxx xxxxxxxxx xxxxxx prior xx xxxxxxxx xxxx x&xxxx;xxxxxxxxxxx xxxxxxxxxxxx with xxxx XXX.“; |
14. |
Xxxxxx xx nový xxxxxx&xxxx;35x, xxxxx xxx: „Xxxxxxx&xxxx;35x Xxxxxxxxxxxx xxxxxxxxx Xxxx xxx XXXXXX xxxxxx is operational xxx xxx TARGET2 xxx ceased xxxxxxxxx, XXXX DCA holders xxxxx become XXXX XXX xxxxxxx in xxx TARGET system.“; |
15. |
V dodatku X&xxxx;xx tabulka x&xxxx;xxxxxxxx 2 xxxxxxxxx xxxxx:
|
16. |
X&xxxx;xxxxxxx X&xxxx;xx x&xxxx;xxxx.&xxxx;6 xxxxxxx. 1 xxxxxxxxx xxxxxxx b) xxxxx:
|
17. |
V dodatku XX se xxxxxxx xxxxxxxx 2; |
18. |
Xxxxxxx X&xxxx;xx xxxxxxx. |