Source: OJ L, 2025/1125, 15.9.2025

Current language: EN

Article 4 Information about the internal governance arrangements and the structural organisation


Summary What does Article 4 of the RTS on ART issuer authorisation say?

This article sits within the broader authorisation application requirements and specifically addresses what an applicant issuer must demonstrate about its internal organisation and governance.

It requires applicants to show that their operational structure, management body arrangements, human and technical resources, codes of conduct, complaints handling, conflicts of interest policies, and disclosure procedures are all well designed and ensure sound and prudent management.

The article also extends to third-party service providers involved in key functions such as operating, investing, and custodying the reserve of assets, requiring detailed disclosure of those arrangements.

Important points:

  • Provide a comprehensive picture of your governance and operational structure, covering everything from the organisational chart and management body terms of reference to your code of conduct and conflicts of interest policy.
  • Disclose the current state of implementation of your operational structure, including recruiting plans and the acquisition of technical resources, not just the intended end-state.
  • Fully document all third-party service provider arrangements for reserve of assets functions, including rationale, resources, internal controls, business continuity plans, and audit rights for both the issuer and the competent authority.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. For the purposes of Article 18(2), point (f), of Regulation (EU) 2023/1114, the application for authorisation shall contain clear and comprehensive information on the applicant issuer’s organisation, operational structure and governance arrangements demonstrating that they are well designed and that they ensure the sound and prudent management of the applicant issuer. That information shall include:

      1. the organisational chart laying down the operational structure in terms of business lines and units and related allocation of staff, the interactions between the applicant issuer’s various functions, the indication of clear and effective reporting lines and allocation of responsibilities reflecting the applicant issuer’s business activities;

      2. the terms of reference of the management body, with a mapping of the roles, duties and reporting lines of each member;

      3. a detailed and comprehensive description of the foreseen number and profile of human resources, including seniority, skills, expertise of those, and technical resources, including specific features and functions, up-to-datedness, innovative character with an explanation of the adequacy of human and technical resources to implement the business plan;

      4. detailed description of the procedures and arrangements to ensure the accurate and timely reporting of data relating to the asset-referenced token;

      5. a description of the code of conduct laying down the applicant issuer’s ethical and professional corporate values and the risk culture;

      6. a description of the complaints handling procedures as referred to in Article 31 of Regulation (EU) 2023/1114 and in accordance with Commission Delegated Regulation (EU) 2025/293(12);

      7. a description of the conflicts of interest policy as referred to in Article 32 of Regulation (EU) 2023/1114, and in accordance with Commission Delegated Regulation establishing regulatory technical standards adopted pursuant to Article 32(5) of Regulation (EU) 2023/1114;

      8. a description of the procedures ensuring that the applicant issuer will comply with all the disclosure requirements towards the holders of the asset-referenced token set out in Article 30 of Regulation (EU) 2023/1114;

    2. For the purposes of point (c), the application for authorisation shall also illustrate the actual state of play of the implementation of the envisaged operational structure, including the recruiting plan for the human resources, and the acquisition and operationalisation of the technical resources.

    1. The application for authorisation shall contain the names and contact details of all third-party service providers that the applicant issuer intends to conclude or has concluded arrangements with for operating the reserve of assets, and for the investment of the reserve assets, the custody of the reserve assets and, where applicable, the distribution of the asset-referenced tokens to the public as referred to in Article 34(5) of Regulation (EU) 2023/1114, and a description of such third-party arrangements, including all of the following:

      1. the rationale for the use of a third-party service provider to support or perform critical or important functions;

      2. the location of the third-party service provider and where applicable the location where the data are stored or processed;

      3. the human, financial and technical resources of the third-party service provider related to critical or important functions;

      4. the applicant issuer’s internal control system for monitoring and managing the arrangement with the third-party provider;

      5. the business continuity plans in the event that the third-party service provider cannot provide continuity of service;

      6. the content of the contractual arrangements regarding the obligation to ensure information access and inspection and audit rights to both the applicant issuer and the competent authority;

      7. the reporting line to the management body.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod