(1) A registry system shall—
(a) be constructed and operate in such a way—
(i) so as to ensure the ongoing integrity, safety and accuracy of all entries made in it,
(ii) so as to minimise the possibility of unauthorised access to, or modification of, any program or data held in any computer forming part of the registry system,
(iii) that each de-materialised instruction is properly authenticated in accordance with the specifications of the share registry which shall provide that each de-materialised instruction—
(aa) is identifiable as being from the computers of a particular intermediary, and
(bb) is designed to minimise fraud and forgery,
(cc) that each de-materialised instruction, in accordance with the specifications of the share registry, expresses by whom it was sent and, where relevant, on whose behalf it has been sent,
(dd) that the possibility for an intermediary to send a dematerialised instruction on behalf of a person from whom he or she has no authority is minimised,
(ee) that each de-materialised instruction, in accordance with the specifications of the share registry, indicates, where it is sent to an intermediary or the share registry, that it is addressed to that intermediary or the share registry;
(c) ensure that the system can send and respond to properly authenticated de-materialised instructions in sufficient volume and speed;
(d) maintain adequate records of all de-materialised instructions;
(e) include an on line issue service;
(f) be able to make correcting entries in such records as are maintained in order to comply with subregulations (3) and (4) which are inaccurate;
(g) comprise procedures which—
(i) provide that it responds only to properly authenticated dematerialised instructions which are attributable to an intermediary,
(ii) enable it to amend a register of securities kept by the share registry if necessary to correct an error and if in accordance with the rules and practices of the share registry instituted in order to comply with this regulation,
(iii) enable intermediaries to notify the share registry of an error in or relating to a de-materialised instruction, and
(iv) ensure that, where the share registry becomes aware of an error in or relating to a de-materialised instruction, it takes appropriate corrective action;
(h) institute and maintain such back-up facilities, including but not limited to daily back-up to disk and additional back-up to tape stored off-site, and such other procedures and measures, as are necessary to ensure the ongoing integrity, safety and accuracy of entries in every register of securities kept by the share registry;
(i) report to the Commission in writing within 24 hours of the occurrence of the system problem or failure any such problem or failure which affects or may affect the integrity, safety and accuracy of entries in any register of securities kept by the share registry.
(2) Before a registry system records a transfer of title to uncertificated units of a security, the registry system must be able to establish that the transferor has title to such number of units of the security as is in aggregate at least equal to the number to be transferred.
(3) The Commission may give to a share registry such directions as the Commission considers necessary to maintain the security of its registry system or the capabilities of the system as required by this regulation.
(4) The Commission may at any time conduct a regulatory audit of a share registry system to ensure its compliance with this regulation.