The work undertaken by the KDPW Group in this area is aimed at continuously improving the security of the IT systems used in the services provided to you in response to new risks to cyber security. In this regard, secure connections between IT systems in the A2A model are particularly relevant, both for the communication and in the context of ensuring the continuity of services. At the same time, we are standardising A2A communication functions across all services provided by the KDPW Group.
The area of issuing and using electronic certificates to authenticate systems for MQ -based communication systems will be modernised.
It is planned to:
- abandoning personal certificates,
- standardisation of the structure of certificates (by introducing uniform cryptographic algorithms),
- unification of the place where certificates are stored,
- unification of the way certificates are used in all services of the KDPW Group. The process of applying for a certificate will be handled by a dedicated application within the Services Portal online.kdpw.pl based on a private key generated directly by the applicant. Moreover, uniform rules will be introduced as regards segregation of services within A2A communication, unification of names in queue configuration, and management of access to test environments.
The changes will be implemented in two steps:
- May 2023 - the changes covered the A2A communication of the EMIR TR, SFTR TR, ARM (excluding SWI communications), and LEI services,
- February 2025 - modernisation of SWI communication, i.e., services for KDPW direct members (including ARM and Compensation Scheme services) and KDPW_CCP clearing members.
IMPORTANT! Modifications to the rules of communication with participants from 28 May 2025.
As a result of the amendments to the KDPW_CCP Rules coming into force on 28 February 2025, the SWI agreements currently in place in the SWI system, concluded by clearing members with Krajowy Depozyt Papierów Wartościowych S.A., will be terminated with effect from 28 May 2025. Clearing members’ communication with KDPW_CCP will operate under the existing Agreements on access to KDPW_CCP’s services via the GUI application and under Agreements on access to KDPW_CCP services through established system connections (SEI System).
Communication in the SEI System (A2A) will operate on the basis of electronic certificates downloaded through the KDPW_CCP web application A2A Certificates. In the adopted model, the certificate will be used to establish a secure encrypted system connection between the participant and the KDPW_CCP IT systems. The certificate will be issued for the participant’s institution code, which is a four-character identifier of the participant in a service or services, according to an established scheme. Certificates can be managed, including the submission of requests for a certificate, downloading a certificate and cancelling a certificate, in the A2A Certificates application available in the Service Portal https://online.kdpw.pl
To establish a new A2A connection, each clearing member needs to conclude a separate Agreement on access to KDPW services through established system connections (SEI System) with KDPW_CCP. To this end, the following steps are required:
- generate a declaration when downloading the A2A Certificate and have the declaration signed by the participant’s duly authorised representatives,
- then ‐ not later than before the end of the transition period (28 May 2025), submit the signed declaration to KDPW_CCP (in paper form to the registered office of KDPW_CCP or, where the declaration is signed with electronic qualified signatures, to ccp@kdpw.pl).
30 January 2025, Letter CCP/ZW/28/2025
Description of the process for the implementation of changes in A2A communications covered by the ESDK protocol
(pdf 267,99 KB)
Download file
12 November 2024 - Letter outlining modification to IT systems in the area of A2A communication - confirmation the date of roll-out of the complete solution
Enclosures:
1. Configuration specification for MQ A2A connections
2. Description of the ESDK protocol used for A2A communication
3. Instructions for downloading the A2A certificates used for connecting to the KDPW and KDPW_CCP services
4. Using OpenSSL to obtain a certificate for A2A communication
5. Description of the process for the implementation of changes in A2A communications covered by the ESDK protocol
1. Configuration specification for MQ A2A connections
2. Description of the ESDK protocol used for A2A communication
3. Instructions for downloading the A2A certificates used for connecting to the KDPW and KDPW_CCP services
4. Using OpenSSL to obtain a certificate for A2A communication
5. Description of the process for the implementation of changes in A2A communications covered by the ESDK protocol
(pdf 3,71 MB)
Download file
7 February 2024 - Letter outlining modification to IT systems in the area of A2A communication
Enclosures:
1. Configuration specification for MQ A2A connections
2. Description of the ESDK protocol used for A2A communication
3. Instructions for downloading the A2A certificates used for connecting to the KDPW and KDPW_CCP services
4. Using OpenSSL to obtain a certificate for A2A communication
1. Configuration specification for MQ A2A connections
2. Description of the ESDK protocol used for A2A communication
3. Instructions for downloading the A2A certificates used for connecting to the KDPW and KDPW_CCP services
4. Using OpenSSL to obtain a certificate for A2A communication
(pdf 891,98 KB)
Download file
3 October 2023 - Modifications to KDPW_CCP and KDPW IT systems scheduled in 2024
point 6 - Upgrading the handling of access certificates in A2A communication
(pdf 286,80 KB)
Download file
20 March 2023 - Letter outlining changes to IT systems in the area of A2A communication
(pdf 167,80 KB)
Download file