RESTRICTED

Terms of Reference

CSD Skopje Functional Upgrade

Phase 2:

System Development and Implementation

  1. BACKGROUND

The Central Securities Depository (“CSD”) Skopje is the depository in FYR Macedoniawhichis authorised forrecord-keeping of securitiesissuedin the country, settlementof trade transactionsand free-of-payment (“FOP”) transfers of securities. CSD Skopje is a self-regulatory organisation and operates under a licence issued by the Macedonian Securities and Exchange Commission (“MSEC”).

In line with FYR Macedonia's Euro-integration agenda, CSD Skopje has a strategic goal to harmonise its systems, services and practices with European and international standards, using as its benchmark other depositories in the region.. CSD Skopje will comply with best international standards in order to protect the securities market integrity and the interests of international investors.

CSD Skopje wishes to develop a new web portal for end users -investors and issuers of securities- following best practice in information technology security and data protection to increase market transparency and access to information. The service aims to provide investors with improved access to their shareholding information, to streamline information availability for reporting purposes, and enable receiving information on corporate actions as required by their shareholders. Currently, CSD Skopje cannot offer on-line access to account holders and all reports are produced upon request on paper or on CDs. Especially for international investors this represents an information barrier as critical notifications may be received later than by local market participants.

The project is aligned with the EBRD’s mandate to deliver the objectives of the Local Currency and Capital Markets Initiative to support the development of capital market infrastructure. The modernisation of the system will improve not only the CSD but the securities market as whole. The members of Macedonia Stock Exchange (“MSE”), which is a member of the SEE Link project[1], will also benefit from the operational upgrade of CSD Skopje it would enhance the transparency of the market including online access to account information. This brings the Macedonian capital market to a level playing field with its regional peers and facilitates the harmonisation of the Macedonia capital market into the SEE Link platform. The far-reaching results would improve cross-border capital market cooperation and elevate the possibility of joining Target2Securities (T2S).

CSD Skopje has engaged a consultant to carry out Phase 1 of the Project: “Strategy Scoping and Procurement Support”, under which the Terms of Reference for Phase 2 of the Project were defined.

CSD Skopje now wishes to engage a consultant (the “Consultant”) to carry out Phase 2 of the Project: “System Development and Implementation” (the “Assignment”).

  1. OBJECTIVES

The overall objective of the Assignment is to support CSD Skopje in developing and implementing a web-based IT solution that will provide restricted access to depository data to issuers and investors. The Consultant will design and develop an Issuers and Investors Portal, procure, install and configure all the necessary hardware and software licences for its operation, integrate the entire IT system within the ICT infrastructure, and put it in live operation.

  1. SCOPE OF WORK

The Consultant will:

1)Design (including development of a system specification), develop, implement and test the Investors and Issuers Portal and lead the solution launch.

2)Procure, install and integrate the necessary hardware, network and standard software components necessary for operation of the Investors and Issuers Portal; Cost of hardware, network and standard software licenses is to be included in the IT Company full budget proposal.

3)Implement relevant security processes, data protection measures, authorised access levels for usage of the Investor and Issuers Portal;

4)Draft the Terms of Use, create interactive online User’s Manual and the standards and procedures for the users of the Investor and Issuers Portal(for both the administrators and the end-users);

5)Perform acceptance - and penetration tests for the functionality, security and resilience of the system against unauthorized access. The penetration tests should be performed by a person or company according to CEPT, GWAPT, OSCP, CEH, LPT or comparable methodologies and certifications. Depending on the results of the tests, the IT Company will have to adjust the system and repeat the tests until functionalities are obtained, performance of the System is acceptable and any unauthorized access is prevented;

6)Assist in capacity building for CSD staff, members and relevant stakeholders on the new system functionalities.

Annex A describes the existing infrastructure in the Skopje CSD and the new infrastructure and services that should be implemented.

  1. DELIVERABLES AND TIMING

The Assignment is expected to start on 1 October 2016, with a planned duration of 26 weeks.

The Consultant will sign a Contract with the CSD Skopje that, among other issues, regulates intellectual property rights.The Consultant must deliver source code and documentation for all the programs and applications to CSD Skopje . The Supplier will grant CSD Skopje all rights to the intellectual property sufficient to conduct its business operations in FYR Macedonia and to make all necessary adaptation, arrangement and any other alteration of the computer program for CSD Skopje’sfuture needs. All other aspects will be agreed during the negotiations and defined accordingly in the Contract.

  1. IMPLEMENTATION ARRANGEMENTS

a)CSD Skopje will nominate a Project Manager who will closely monitor the Consultant’s progress on a day-to-day basis.

The Consultant will report on all aspects of the Assignment to CSD Skopje’s Project Manager, liaise with the EBRD as necessary.

b)The Consultantwill nominate a Team Leader (the “TL”)who will manage the Assignment, monitor the quality of the work produced and have overall responsibility for delivering the assignment in accordance with the agreed work plan. The TL will be responsible for managing communication between CSD Skopje, the EBRD and the Consultant.The TL will represent the consultant at the Steering Committee (SC). CSD Skopje and the Consultant are expected to cooperate closely and liaise regularly with the Operation Leader (the “OL”) nominated by EBRD.

c)The estimated cost of the Assignment is EUR 190,000, of which procurement of specified hardware, network and standard software components is estimated at EUR 51,100.

CSD Skopje will provide the following resources for the Assignment:

  • An in-kind contribution in the form of time and input of a member of the SC coordinating the Project, technical support to the Consultant;
  • Arranging access to local market participants and valuable sources of local information;.
  • Providing office space for up to two of the Consultant’s experts within its premises in Skopje, FYR Macedonia;
  • Providing access to the internet, a printer and a telephone; and
  • Providing the venues and covering possible catering costs related to any of the workshops and/or roundtables related to the Assignment.
  1. DONOR VISIBILITY

The donor supporting the project is the EBRD Shareholder Special Fund, which will require adequate visibility for their contribution. The Consultant shall collect evidence of the EBRD’s and the EBRD Shareholder Special Fund’s visibility, such as media coverage, official notices and press releases, reports and publications referring to the project. No public statement should be made on the content of the Project without prior written consent of the EBRD and CSD Skopje. The final report should detail the way in which the donor’s visibility requirements were adhered to.

  1. CONSULTANT’S AND KEY EXPERTS’ PROFILE

The Consultant will be a firm or a group of firms withdocumented experience in:

  • Working with market participants, financial institutions and authorities on similar assignments;
  • Design of functional and technical requirements for portal solutions, including e-filing of documents
  • Defining data services for clients in the financial sector, including delivery of certified digital documents and e-payment of services
  • Business analysis (data modelling of e-service portal solutions); and
  • Data base competencies, development of complex databases (MS SQL Server / analytical tools).

The Consultant should propose a team of highly experienced specialists which will carry out the project. The provided expertise should cover all areas as defined in the scope of work. It is expected that the Consultant’s team of key experts should consist of a:

  • Team Leader, with an understanding of capital market / CSD operations through:
  • Preferably 10 years’ experience in managing large-scale ICT projects for registration and analytics of regulated data for capital markets, financial institutions and/or regulatory bodies;
  • Preferably 5 years’ experience acting as a team leader in managing projects for implementation of e-service based portals;
  • Excellent proficiency in written and spoken English language.
  • Software Architect, with experience in creating data portals through:
  • Preferably 7 years’ experience in designing, developing and implementing e-service delivery portals;
  • Preferably 5 years’ experience in preparation of design specifications using international best practices for enterprise architecture modelling;
  • At minimum a Bachelor degree in information technology, business informatics or software engineering;
  • Excellent proficiency in written and spoken English language.
  • Security Specialist
  • Preferably 5 years’ experience in designing, implementing, and / or maintaining network security of large enterprise solutions
  • Experience in information security/risk/incident analysis supporting front line defence of networks, protecting information from unauthorised access and violations.
  • At minimum a Bachelor degree in information technology
  • Microsoft certificates in “Network server security”, “messaging”, and “infrastructure design” – or similar.
  • Proficiency in written and spoken English language
  1. Technical Requirements for the Investor and Issuers Portal

See Annex A

CSD Skopje Functional Upgrade -

Terms of Reference (TOR) for Assignment 2: System Development and Implementation

ANNEX A

Technical Requirements for the Investor and Issuers Portal

OFFICIAL USE

Page1 of6

RESTRICTED

RESTRICTED

1 Introduction

CSD will engage an IT consulting company that will design, develop and implement an Investors and Issuers Portal that will provide digital services to all the users of CSD based on the following principles:

  • Free and paid (by credit card) access to customers;
  • Targeting two customer groups Issuers and Investors;
  • Information dissemination in digitalized format towards customers;
  • Provision of official (digitally signed and timestamped) or unofficial (informative purposes only) CSD certificates and documents;
  • Authentication (1-factor and 2-factor) and authorization of CSD customers;
  • Allowing ease of maintenance to CSD administrators and further expansion for services towards public regulators.

The portal will represent the point of single contact for all interactions of the public with CSD and should be designed and implemented in such a way that:

  • It uses parts of all the outlined platforms that will be building blocks of the entire future information system of the CSD;
  • It is delivered on a new scalable ICT infrastructure that can be used as a basis for further transformation of the core CSD infrastructure.

Interface

  • User friendly interface structured according to the portals functionalities, functional on the commonly used browsers (Internet Explorer, Mozilla Firefox, Google Chrome, etc.)

Software(s):

  • Client software – developed by the IT Company;
  • Business rules software – developed by the IT Company;
  • Database software – developed by the IT Company and the CSD.

2Existing Infrastructure

CSD is hosting all of its core and ancillary systems and externally accessible data and content within its own infrastructure in the organization’s premises.

The CSD system operation is performed within a “closed ecosystem” and consequently well secured seen from a network perspective. There is a main system, and a backup location in line with modern design.

CSD works on a Microsoft platform and uses MS SQL database. This means that the software(s) that will be developed should be compatible with this platform.

Current CSD infrastructure contains Microsoft Exchange Server. CSD will also provide MS SQL Server 2008 R2 Database with tables that will contain all necessary data for reports, which will be generated by the System. The IT Company will develop database stored procedures.

3New ICT infrastructure to be provided

The new portal needs to be hosted on a separate new ICT infrastructure that will be integrated with the existing CSD infrastructure. The bidder needs to procure, install and configure at least the following infrastructure for the portal:

Hardware / Quantity
Single 8core CPU, 128GB ram memory, high speed HDD, advanced raid controller with Microsoft Server Datacenter 2012 R2 / 2
Dell Power Vault MD3800i ISCSI storage, or similar / 1
Dell Power connect 2848 L3 Performance switching capacity 96gpbs or similar / 2
Palo Alto PA500 Firewall, or similar / 1
Software
external connector web license / 1
Symantec Public web certificate / 1
Veeam Backup Essentials Enterprise software for Backup and Disaster Recovery with 24x7 3 year support / 1

The successful bidder will cover all cost for procuring, installing, integrating and configuring the above infrastructure.

4Services to be provided

The Investor and Issuers Portal should provide the following services to its users:

Service name / Scope of data / Type of service / Target users
Client profile / Account information and personal information such as postal address, bank accounts, e-mail address and others / Data report / Investors
Client profile history / Changes in client profile data for the past 15 days / Data report / Investors
Statement of holdings / An overview of investor’s holdings of shares, bonds and other securities. The statement can show each account separately, or the investor’s total account / Data report and charts / Investors
Statement of transactions / A list of all transactions by the investor for the past 15 days / Data report and charts / Investors
Statement of blocked securities / Information on blocked securities (with pledge, court orders, etc.) / Data report and charts / Investors
New owner alert / Email notification for changes in ownership / Notifications / Investors
Portfolio change alert / Email notification for changes on the investors account / Notifications / Investors
Corporate actions alert / Email notification on corporate actions for the securities owned by the investor / Notifications / Investors
GM scheduling alert / Email notification on AGM/GM information for the securities owned by the investor / Notifications / Investors
IPO alert / IPO notification services – issuers, issue info, period of subscription, and prospectuses links. / Notifications / Investors
Portfolio value / The market value of the securities in holding according the price from the last trading day at MSE (T-1) / Data report and charts / Investors
Ownership history / Changes in ownership in the last year (1 January-31 December). / Data report and charts / Investors
List of issued securities / List of ISINs of the issuer / Data report / Issuers
Shareholders book / Shareholders book by ISIN / Data report / Issuers
Top shareholders / Top 20 shareholders by ISIN / Data report and charts / Issuers
ISIN information / ISINs info of the issuer / Data report / Issuers, Investors
Corporate actions / ISIN corporate actions – historical data for disclosed information for the ISIN / Data report / Issuers
ISIN trading history / Securities transfers for the previous 7 days by ISIN / Data report and charts / Issuers
Insiders trading / Change in ownership by “insiders” with reporting obligations / Data report and charts / Issuers
Shareholders search / Search for shareholders in the shareholders book by ISIN / Data report / Issuers
Account search / Search for types of accounts in the shareholders book by ISIN / Data report / Issuers
Investors region / Shareholders residence by ISIN / Data report and charts / Issuers
Disclosure documents / Upload official information for ISIN corporate actions and/or GM/AGM information for future disclosure. / Data collection / Issuers

4.1Service pricing models

Every single service should have its own pricing policy. This means that CSD should be able to define whether a service is free of charge, has discount in a particular period or has a fixed price. The users should have the ability to buy combined services. It should be possible to deliver all services as digitally signed and timestamped reports, valid for formal usage, or deliver them unsigned for information purpose only.

4.2Target users and service levels

Two types of users should have the ability to use services of the portal:

  1. Investors

CSD Investor Services will be available for securities account holders, and it will provide them with an overview of all securities held on CSD investor accounts. The CSD Investors Service will be able to send email report summarizing client holdings directly from CSD data base after every change in holdings or notification for changes on account directing the investor to enter the Portal. Also, the investors e-mail service can be used for submitting information on general meetings to be held by companies in which client hold shares or to receive information on corporate actions that affect securities that the investors holds, and other types of notifications.

  1. Issuers

CSD Issuers Services will give CSD registered companies access to detailed information about their shareholders book in an electronic, simple and cost effective manner. The issuers of shares will be provided with access to up-to-date information on the company's shareholders at all times, as well as additional functionalities like reports for changes in shareholders, dissemination of information for corporate actions from registered company, meetings and agenda, etc.

It must be possible to combine all the individual services for the users in different service level groups:

  • Basic
  • Medium
  • Professional / Advanced
  • Official

5Logical system outline

The portal should represent a single point of contact with the CSD’s clients, thus merging with the current website of the organization at