Open search form Open menu
Search for an expert
Search
Financial Services
  • 10 Sep 2025
  • 10 min read

ESMA issues comprehensive Registration Guide for financial entities under its direct supervision

Written by

Dr. Michael Huertas

RegCORE Client Alert | Capital Markets Union

QuickTake

On 14 August 2025, the European Securities and Markets Authority (ESMA) published a detailed Registration Guide for financial entities seeking to operate under its direct supervision within the European Union (the Registration Guide). The Registration Guide is a pivotal document for those EU-based and third-country entities (TCEs) seeking registration, authorisation or recognition under ESMA’s direct supervision. It provides practical, non-binding guidance on the registration process for a broad range of entities, including credit rating agencies (CRAs), benchmark administrators, trade repositories (TRs), securitisation repositories (SRs), data reporting service providers (DRSPs), external reviewers of European Green Bonds and ESG rating providers. The Registration Guide aims to enhance transparency, consistency and efficiency in the registration process, while clarifying ESMA’s expectations and the applicable legal frameworks.

This Client Alert assesses the key takeaways from the Registration Guide and should be read in conjunction with further thought leadership from our EU RegCORE assessing the legislative and regulatory requirements as well as supervisory expectations applicable to those regulated firms subject to ESMA’s direct supervision.

Key takeaways from ESMA’s Registration Guide

Some of the principles and expectations set out in the Registration Guide should be well familiar to seasoned practitioners in EU licensing applications and ongoing compliance, whereas others have ESMA-specific considerations.

Importantly, while the Registration Guide is formally not a legally binding document, it aims to serve as a practical tool to support applicants in preparing robust, compliant applications. ESMA is clear that it should be read in conjunction with binding sector-specific legislation, Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS) that are applicable to EU based firms as well as to TCEs. Specifically, ESMA reminds TCEs of general and sector-specific considerations applicable to them. These include the need for establishment of legal representative in the EU and in some cases applications to ESMA needing to provide detailed consideration of how equivalence decisions, as published by the European Commission, are relevant to a TCE’s business operations and ESMA supervision.

In terms of structure, the Registration Guide follows the respective phases of engagement with ESMA i.e., from preparation and submission of applications to ESMA through to ongoing supervision. The Registration Guide sets out ESMA’s expectations in respect of each of these phases. ESMA is clear that registration should not be viewed as a one-off event but rather marks the beginning of a continuous supervisory relationship that merits ongoing compliance, reporting and proactive engagement.

While applicants can withdraw an application at any stage, the respective process that ESMA will run through from submission to decision can be summarised as follows:

  1. Communication to ESMA: marks the first phase and prospective applicants are encouraged to engage with ESMA prior to formal submission to discuss organisational plans and application timelines even though it should be noted that ESMA will not formally review draft applications or pre-application advice per se. Applications may be submitted in any EU official language, though English is preferred. All documentation must be cross-referenced and indexed as per ESMA’s requirements. Firms should allocate sufficient resources, both human and financial, to manage the application process and ongoing compliance. High standards of documentation, version control and internal consistency are essential to avoid delays and ensure a smooth process. Application fees are payable to ESMA as specified in the respective sectoral legislation.
  2. Completeness Phase: marks the second phase and involves ESMA assessing whether all required information and documentation have been provided to ESMA. Incomplete applications result in a letter of incompleteness, with a deadline for rectification. Resubmissions require both tracked and clean versions of amended documents. This dual submission is mandatory and ensures clarity regarding the basis for the compliance assessment.
  3. Compliance Phase: marks the third phase in which ESMA conducts a substantive review to determine if the applicant meets all regulatory requirements. ESMA’s review focuses on operational substance, governance, internal controls, ICT security and other regulatory requirements. Additional information may be requested during the Compliance Phase and the Completeness Phase may be reopened if significant new material is submitted. 
  4. Decision Phase: The final phase is the decision stage, where ESMA’s Board of Supervisors makes the final determination as a reasoned decision to grant or refuse registration, which is then communicated to the applicant. Successful applicants receive a post-registration letter outlining ongoing supervisory expectations.

Applicants must be open and transparent in all communications with ESMA. All information provided is subject to strict confidentiality rules, but full disclosure is expected throughout the process above as well as during ongoing supervision.

Stopping the clock

As with other comparable licensing applications, practical realities and competing time pressures, may mean that ESMA will seek to “stop the clock” on statutory timelines applicable to each of the phases discussed above. This typically arises especially during the Completeness and Compliance Phases and usually for the following reasons:

Reasons for “Stop the Clock” during the Completeness Phase

  • Missing or incomplete information: If the application dossier is missing required documents or contains incomplete information, ESMA will request the applicant to provide the missing items. The review period is paused until the applicant submits the requested information.
  • Clarification requests: ESMA may need clarification on certain aspects of the application. The clock is stopped while the applicant prepares and submits clarifications.
  • Legal or procedural deficiencies: If the application does not comply with formal requirements (e.g., unsigned documents, incorrect formats), ESMA may halt the review until these are rectified.

Reasons for “Stop the Clock” during the Compliance Phase

  • Substantive information gaps: During the in-depth review, ESMA may identify gaps in the applicant’s policies, procedures, or organisational structure that require further explanation or additional documentation.
  • Follow-up questions: ESMA often have follow-up questions regarding the business plan, risk management, or governance arrangements. The review period is paused while the applicant responds.
  • Third-party checks: Sometimes, ESMA must consult with other authorities (e.g., home/host supervisors, law enforcement for fit and proper checks). The clock may be stopped pending these external inputs.
  • Complexity of the application: For particularly complex or novel business models, ESMA may need additional time to assess compliance and may pause the review to allow the applicant to address specific concerns.

If significant new material is submitted during the Compliance Phase, ESMA may, with the applicant’s written consent, reopen the Completeness Phase. This can affect the statutory review timelines.

ESMA’s assessment criteria and supervisory expectations during authorisation and into ongoing supervision

ESMA’s assessment encompasses several core areas:

  • General Presentation: Clear articulation of business activities, resources and continuity plans.
  • Governance: Robust governance structures, clear allocation of roles and, where required, assessment of senior management fitness and propriety. 
  • Internal Controls: Effective risk management, compliance and internal audit functions, proportionate to the entity’s size and complexity.
  • Outsourcing and Third-Party Risk: Demonstration of operational substance and oversight of outsourced functions, avoiding “empty shell” operations.
  • ICT and Information Security: Compliance with the Digital Operational Resilience Act (DORA) where applicable, or demonstration of adequate ICT risk management and business continuity for other entities.
  • Methodologies: For CRAs and benchmark administrators, robust, transparent and validated methodologies are required, with clear documentation of rating or benchmark determination processes.

Firms should anticipate ongoing supervisory engagement post-registration and remain alert to evolving regulatory requirements, as the Registration Guide should be viewed very much as a ‘living document’ that will be updated to reflect future developments including much more than changes to sectoral legislation.

Legal frameworks and sector-specific requirements

The Registration Guide provides an extensive annex detailing the relevant EU regulations, delegated acts, technical standards and guidelines for each category of supervised entity. Before submission, applicants should conduct a comprehensive gap analysis against all relevant RTS/ITS and sectoral legislation to identify and address any compliance gaps. Key sectoral highlights relevant to ESMA’s direct supervisory mandate include:

  • Benchmark Administrators: Registration under the Benchmarks Regulation (BMR), with specific requirements for EU and third-country administrators and detailed technical standards on governance, methodology and ESG disclosures.
  • Credit Rating Agencies: Registration and ongoing supervision under the Credit Rating Agencies Regulation (CRAR), with additional provisions for third-country equivalence and endorsement.
  • Market Transparency Infrastructures: Registration of TRs, SRs and DRSPs under EMIR, SFTR, the Securitisation Regulation and MiFIR, with detailed application and operational standards.
  • External Reviewers of European Green Bonds: Registration under the European Green Bond Regulation, with specific requirements for both EU and third-country reviewers.
  • ESG Rating Providers: Registration under the ESG Ratings Regulation, including a temporary regime for small providers and third-country access via equivalence or legal representation.

With ESMA’s receipt of new mandates, such as for small ESG rating providers, applicants may be subject to temporary regimes or transitional provisions. Applicants should review the latest ESMA guidance to determine eligibility and applicable requirements.

Strategic and operational considerations

Preparation and diligence are paramount in any application to ESMA – in particular even for existing regulated firms. Applicants must ensure applications are comprehensive, internally consistent and tailored to the specific regulatory requirements. Generic or boilerplate responses are insufficient. ESMA scrutinises the actual presence and substance of operations in the EU, particularly for third-country entities and “empty shell” structures are not acceptable to ESMA.

Robust governance frameworks, clear allocation of roles and effective internal controls—encompassing risk management, compliance and internal audit—are mandatory. Firms remain fully responsible for outsourced functions and must demonstrate effective oversight and risk management, especially for critical or key functions. Entities within the scope of DORA must comply with its requirements, while others must demonstrate adequate ICT risk management and business continuity arrangements.

ESMA’s approach to its assessment is both legal and prudential, focusing on the general presentation of the applicant, including a clear business plan, justification for registration and evidence of resources to ensure business continuity. For CRAs and benchmark administrators, methodologies must be robust, transparent and subject to regular validation and back-testing. Each type of entity is subject to detailed, sector-specific requirements as set out in the relevant EU regulations and delegated acts. All applicants should consider appending a checklist or roadmap summarising the key steps, required documents and cross-references to facilitate internal review and ensure completeness of an application and how this translates into ongoing supervisory priorities.

Strategically, early engagement with ESMA and careful planning of the application timeline are critical, given the strict regulatory deadlines and the potential for delays if applications are incomplete. Firms should conduct a gap analysis against the relevant RTS/ITS and sectoral legislation to identify and address any compliance gaps before submission. Regulatory requirements and ESMA’s expectations evolve over time, so firms must monitor regulatory developments and be prepared to update their policies, procedures and operational arrangements accordingly.

Outlook

ESMA’s Registration Guide represents a significant step towards greater transparency and harmonisation in the supervision of critical financial market infrastructure and service providers in the EU. While the Registration Guide should not be formally viewed as legally binding, it does very much serve as an essential reference for entities navigating the registration process and seeking to ensure compliance with EU regulatory standards for ESMA direct supervision.

Entities seeking registration with ESMA must ensure thorough preparation of application materials, tailored to the specific regulatory and technical standards applicable to their sector. The Registration Guide underscores the importance of operational substance, robust governance and transparent methodologies. Applicants are strongly encouraged to consult ESMA’s guidelines and consultation papers on management body expectations, internal controls, and third-party risk, which provide further detail on supervisory expectations.

In conclusion, the ESMA Registration Guide sets a high bar for entry and ongoing participation in the EU financial markets. Regulated firms must approach the process with diligence, transparency and a commitment to robust governance and operational substance. The Registration Guide’s detailed procedural and substantive requirements reflect ESMA’s focus on market integrity, investor protection and financial stability. Firms that invest in thorough preparation and maintain a proactive, open relationship with ESMA will be best positioned to achieve and retain registration in this demanding regulatory environment.

About us

PwC Legal is assisting a number of financial services firms and market participants in forward planning for changes stemming from relevant related developments. We have assembled a multi-disciplinary and multijurisdictional team of sector experts to support clients navigate challenges and seize opportunities as well as to proactively engage with their market stakeholders and regulators.

Moreover, we have developed a number of RegTech and SupTech tools for supervised firms, including PwC Legal’s Rule Scanner tool, backed by a trusted set of managed solutions from PwC Legal Business Solutions, allowing for horizon scanning and risk mapping of all legislative and regulatory developments as well as sanctions and fines from more than 2,500 legislative and regulatory policymakers and other industry voices in over 170 jurisdictions impacting financial services firms and their business.

Equally, in leveraging our Rule Scanner technology, we offer a further solution for clients to digitise financial services firms’ relevant internal policies and procedures, create a comprehensive documentation inventory with an established documentation hierarchy and embedded glossary that has version control over a defined backward plus forward looking timeline to be able to ensure changes in one policy are carried through over to other policy and procedure documents, critical path dependencies are mapped and legislative and regulatory developments are flagged where these may require actions to be taken in such policies and procedures.

The PwC Legal Team behind Rule Scanner are proud recipients of ALM Law.com’s coveted “2024 Disruptive Technology of the Year Award” as well as the “2025 Regulatory, Governance and Compliance Technology Award”. 

If you would like to discuss any of the developments mentioned above, or how they may affect your business more generally, please contact any of our key contacts or PwC Legal’s RegCORE Team via de_regcore@pwc.com or our website.

Contact us

Dr. Michael Huertas

Partner Frankfurt am Main
Financial Services

Tel.  +49 160 97375760

Email  E-Mail

Show profile

Other Expert Articles and Blogs

EU’s State of the Union 2025 – key implications for financial markets
Financial Services
EU’s State of the Union 2025 – key implications for financial markets
  • 10 Sep 2025
  • 15 min read
Financial Services
Operational Resilience in Payment Transactions: Established Requirements, New Urgency
  • 10 Sep 2025
  • 7 min read
Financial Services
EIOPA publishes results of its first mystery shopping exercise
  • 08 Sep 2025
  • 9 min read
All Expert Articles and Blogs