Rules and Regs

Authorisations & Approvals

360X AG (hereinafter referred to as "the Company" or “360X”) is a German

stock corporation (Aktiengesellschaft), registered in the Commercial Register of Frankfurt am Main under commercial code B (“HRB”) 122917, LEI 529900M42L36KXZ1JD69, with her registered office at Westend Carree Grüneburgweg 16-18, 60322 Frankfurt am Main. 360X is a regulated securities exchange. Its unique market identifier code is 360X (MIC: 360X).

360X is an investment firm supervised by the German Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, “BaFin”) and Deutsche Bundesbank (Central Bank of the Federal Republic of Germany, regional office: Hesse), which holds the following licenses:

  • Investment brokerage (Section 2 (2) No. 3 Investment Firm Act (Wertpapierinstitutsgesetz, “WpIG”));

  • Trading on own account (Section 15 (3) WpIG);

  • Placement business (Section 2 (2) No. 8 WpIG);

  • Operating a MTF (Section 2 (2) No. 6 WpIG);

  • Operating a DLT-MTF (Article 8 (1) Regulation (EU) 2022/858,“DLTR”).

View here

Complaints

360X aims to deliver a high quality service but we recognise that sometimes things can go wrong. When this happens, we will do our best to put matters right quickly. We will listen to your complaint and:

  • treat it seriously, and in confidence;

  • investigate it thoroughly and fairly;

  • resolve it promptly, and informally whenever possible;

  • wherever possible find a remedy and;

  • learn from complaints to improve our services.

You can contact us with your complaint through various channels:

  • Directly with your Relationship Manager ;

  • By mail marked “to the attention of the Compliance Department” , 360X AG, Westend Carree, Grüneburgweg 16-18, 60322 Frankfurt am Main;

  • By email at complaints@360x.com;

Further information on feedback and complaints can be found here.

Complaints form

Conflict of Interest

360X endeavours to ensure that neither the Company, nor its staff or other persons linked with 360X, put themselves in such a position so as to give rise to an unnecessary potential or actual conflict of interest. Should for any reason a potential or actual conflict be perceived to have arisen, then that conflict will be promptly managed in accordance with effective Company organisational and administrative controls. For example; in relation to any inducements received by 360X from third party suppliers in connection with the provision of investment services or ancillary investment services, we ensure that those are not in conflict with our clients´ interest but are dedicated to maintain and continue improving the quality of our services. Detailed information of the conflict policy and inducements can be obtained via your relationship manager or clients@360x.com.

DORA

The Digital Operational Resilience Act (Regulation (EU) 2022/2554, “DORA”), is an EU regulation that entered into force on 17 January 2023 and will come into effect as of 17 January 2025. It aims to strengthen the resilience, reliability, and continuity of financial services across the European Union. DORA is designed to ensure that organisations can withstand, respond to, and recover from cyber incidents and therefore aims to strengthen the resilience, reliability, and continuity of financial services throughout the European Union.

In accordance with Art. 30 DORA, the minimum requirements set forth in agreements between a Financial Entity (as defined in DORA) and an ICT Third-Party Service Provider (as defined in DORA) with respect to the provision of ICT Services (as defined in DORA) shall apply.

The purpose of this page is to provide an overview of the roll-out approach and to answer frequently asked questions with respect to the relationship between customers (in their role as Financial Entity) and 360X AG (in its role as ICT Third Party Service Provider).

What is an ICT Service under DORA and which services provided by 360X AG are of relevance?

Art. 3 (21) DORA defines an ICT Service as any “digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis […]”. Consequently, an ICT Service provided by an ICT Third Party Service Provider on an ongoing basis towards a Financial Entity is subject to the requirements outlined in Art. 30 DORA.

More detail on what could constitute an ICT service can be found in Annex III of the Draft Implementing Technical Standards (ITS), which outlines the standard templates for registering information about all contracts involving ICT services provided by third-party providers, as required by Article 28(9) of DORA. This list may not be exhaustive as it primarily refers to information that needs to be put in the register pursuant to Art. 28(3) DORA.

360X AG (“360X”) is authorised to provide over-the-counter (OTC) trading and to operate a multilateral trading facility (MTF) under its licenses provided by the Federal Financial Supervisory Authority (BaFin). However, trading is not provided as an IT platform or software solution service. Trading is subject to a regulatory authorisation requirement which is conducted by 360X. Trading is not offered on the OTC or MTF platforms as PaaS, SaaS, or IaaS solutions to enable third-parties to conduct a market of their own. Since 360X does not offer services conformant to the ICT services mentioned in Annex III of the Draft ITS with respect to the operation of a trading system, these core functions are not to be considered as ICT Services.

Furthermore, and in the context of the DORA Dry Run, the European Supervisory Authorities (“ESAs“) published FAQs which also address the term ICT Services. In these FAQs it was clarified that “in case a financial entity must be authorised/licenced/registered as financial entity to deliver a service, such service is therefore a regulated financial service and not an ICT service in the meaning of DORA Art. 3(21)”.

This point has recently been confirmed in the DORA Q&A published on 14 January 2025 by the European Insurance and Occupational Pensions Authority (EIOPA), which additionally has applied the same rationale to ancillary services provided by a financial entity, and which are provided in course of the provision of a regulated financial service. See 2999 – DORA030 – EIOPA.

Consequently, any activities which are directly resulting from these authorisations would not constitute ICT Services. However, other services which are not subject to an authorisation requirement might conform to the definition of ICT Services.

360X has assessed whether and which other services offered might be subject to DORA. For such services, the DORA-specific adjustments will be implemented through an additional addendum to the existing contracts.