On 27 October 2021, the European Commission adopted a new Banking Package to enhance the EU banking regulatory framework and to strengthen banks' resilience to potential future economic shocks. This new Banking Package finalises the implementation of the Basel III agreement (which provides an international regulatory framework for banks), introduces additional requirements in terms of sustainability risks (ESG risks) for credit institutions and provides stronger enforcement tools for supervisors overseeing EU credit institutions.

The Banking Package comprises the following legislative proposals:

  • a proposal for a Directive to amend Directive 2013/36/EU1 (the Capital Requirements Directive or “CRD IV”) (the “CRD VI Proposal”)2
  • a proposal for a Regulation to amend Regulation 575/20133 (the Capital Requirements Regulation or “CRR”) (the “CRR III Proposal”)4
  • a separate legislative proposal to amend CRR in the area of resolution (the “Daisy Chain Proposal”)5.

The CRD VI Proposal would establish a harmonized framework for the provision of banking services in the EU by third-country firms. More specifically, the proposal requires third-country credit institutions to establish a branch in the EU to start or to continue the provision of banking activities in the EU and, in this respect, comply with a new specific prudential framework, except where the services are provided on the basis of reverse solicitation. Further, existing branches of third-country firms would need to be re-authorized.

Background – access to the EU single market by third-country credit institutions

EU passport for financial services

Any entity willing to provide regulated financial services in the EU must first apply for the appropriate regulatory license, authorization or approval from the national competent authority (“NCA”). If this regulatory license, authorization or approval is obtained, the entity is allowed to provide services in its home Member State and in other Member States. The regime of financial passports, which is at the foundation of the EU single market for financial services, indeed allows financial regulated entities to provide certain financial services throughout the EEA.

With regard to the provision of banking services, the European single passport under CRD IV entitles regulated credit institutions to provide their services in other EEA Member States, either within the framework of the right of establishment (ie through the establishment of a local branch), or on a cross-border basis.

Access to the single market by non-EEA financial undertakings

Such right of passport is however not accessible to third-country firms. To provide any regulated activity in the EU, these institutions need to obtain the appropriate authorization in each Member State where they intend to provide services, which will depend on the kind of services they intend to provide. Several EU financial regulations provide for a “third party” regime allowing non-EEA firms to offer a limited number of services in the EU. As an example, Directive 2014/65 on markets in financial instruments6 (“MiFID II”) contains dispositions applicable to the provision of investment services and activities by third-country firms through the free provision of services (to certain permitted investors only) and the establishment of a branch.

With regard to the provision of banking services, until today, access to the EU banking market for non-EU undertakings is only harmonised to a very limited extent: CRD IV only requires EU Member States not to engage in regulatory competition by adopting a regime that would be more favourable than that of branches of EU institutions. In addition, Directive 2019/878 amending CRD IV7 (“CRD V”) recently introduced a new specific reporting applicable to third-country branches. On the other hand, CRD IV does not contain any provision allowing third-country banks to provide their activities in the EU on a cross-border basis.

In the absence of any equivalence mechanism, third-country financial institutions wishing to provide their services in the EU are required to comply with the national requirements on market access (including authorisation and/or licencing requirements) and supervision applicable to third country entities provided by the national legislation where they intend to provide services. Accordingly, non-EEA credit institutions intending to provide their services in Belgium will be subject to the requirements of the Belgian Law of 25 April 2014 on the statute of and the supervision of credit institutions (the “Banking Law”), which requires third-country credit institutions, duly licensed in their home country, to establish an authorized branch in Belgium to provide their services in Belgium. The third-country branch must seek authorization from the National Bank of Belgium, which will only be granted after consultation with the home state regulator of the third-country credit institution and provided that certain authorization requirements are met (similar to those applicable to Belgian credit institutions). If granted, the scope of the authorization provided by the National Bank of Belgium is however limited to the provision of services in Belgium and does not grant such Belgian branch any right to passport its activities in any other Member State.

CRD VI Proposal – Requirement for third-country undertakings to establish a local branch to provide banking services in the EU

The footprint of third-country branches in the banking single market is significant: according to a recent report from the European Banking Authority8 (“EBA”), as of 31 December 2020, third-country branches originated from 23 third countries and held an aggregate amount of total assets just over EUR510 billion, most of which was concentrated in a handful of Member States, including Belgium. For some of them, the individual asset size even exceeds the threshold that would make them qualify as significant institutions under the direct supervision of the European Central Bank in the context of the Single Supervisory Mechanism. In parallel, the European Commission seems to detect a trend towards an increasing use of third-country branches to access Member States’ banking markets, which has obviously taken a new dimension after Brexit.

Lack of prudential framework applicable to third-country branches

In the EEA, EU credit institutions are subject to a robust prudential and supervisory regime imposed by CRD IV and CRR (as amended), to manage their risks and to protect the financial stability of the EU and its Member States.

As mentioned, the establishment of third-country branches is currently fundamentally subject only to national legislation and is not subject to a proper harmonized framework in the EU. This lack of harmonization leads to situations where some third-country branches are subject to limited requirements only in certain Member States, which also raises regulatory arbitrage concerns. In this regard, the EBA report has shown that the current patchy regulatory landscape offers third-country branches significant opportunities for regulatory and supervisory arbitrage to conduct their banking activities while leading to a lack of supervisory oversight and increased financial stability risks for the EU. At this stage, the current EU-wide supervisory cooperation mechanisms do not capture third-country branches, and several third-country groups use complex legal structures through a mix of subsidiaries and branches to conduct their activities in the EU. Such complex structures can be opaque and very difficult for competent authorities to properly supervise given the different and disjointed set of requirements that apply to each of those, as well as the lack of information and powers needed by regulators to properly address those risks, which leaves blind spots in the supervision of these entities. In addition, the growing trend of digitalization makes it almost impossible for supervisors to ensure that third country firms limit their services into the Member State where they are established.

Requirement to set up a branch

To address the above issues, the European Commission has proposed the insertion of an EU-harmonized prudential regulation applicable to third-country branches, to prevent areas or segments in the markets falling outside the scope or reach of the system of prudential regulation and supervision Accordingly, the European Commission conditions the provision of banking services in the EU to the obligation of having a physical presence in a Member State, as only through such physical presence may credit institutions be subject to effective prudential regulation and supervision in the EU.

The CRD VI Proposal would now clearly introduce the requirement for third-country undertakings to set up a branch in a Member State and seek authorization for that branch as a condition for being allowed to start conducting banking activities in that Member State. The notion of “third-country branches” encompasses credit institutions with their head office in a third country, but also undertakings with their head office in a third country for the purpose of carrying out banking activities in the EU.

Harmonized prudential supervision framework applicable to third-country branches

To address the above issues, the European Commission has proposed the instauration of an ad hoc set of minimum-harmonising requirements for third-country branches that builds on existing national frameworks of Member States currently in force and ensures minimum standards and consistent requirements throughout the EU.

The European Commission aims, by introducing a robust EU framework for third-country undertakings providing banking services in the EU, to limit the regulatory and supervisory arbitrage resulting from the current patchy regulatory landscape and to minimize financial stability risks in the EU.

The CRD VI Proposal would now provide that EU Member States require undertakings established in a third country to establish a branch in their territory and seek authorisation to commence or continue conducting activities in the relevant EU Member State. The establishment of third-country branches will therefore be subject to a new system of prior authorisation but also to a new specific set of minimum regulatory requirements. This encompasses new provisions on:

  • authorisation process: the establishment of a third-country branch in a Member State would become subject to an explicit authorisation procedure and minimum requirements;
  • minimum regulatory requirements, requiring third-country branches to:
    • maintain a minimum capital endowment;
    • comply with a liquidity requirement;
    • meet internal governance and risk control requirements, and to implement booking arrangements;
  • reporting requirements: third-branches would be required to report regularly to their competent authorities information on their compliance with the legal requirements and financial information in relation to the assets and liabilities on their books;
  • supervision by competent authorities, required to conduct regular reviews of third-country branches’ compliance with their regulatory requirements, and take supervisory measures to ensure or restore compliance with those requirements.

Classification of third-country branches

The CRD VI Proposal distinguishes two categories of third-country branches:

  • Class 1 third-country branches, comprising the larger branches, those authorized to take deposits from customers and those considered as “non-qualifying.”
  • Class 2 third-country branches, considered as smaller and less risky, comprising all third-country branches not classified as Class 1.

For reasons of proportionality, class 2 third-country branches would be subject to comparably less stringent prudential and reporting requirements than those classified as Class 1.

Upon receiving an application for authorisation, competent authorities shall also assess whether the third-country branch qualifies or not as a “qualifying third-country branch,” which will be the case where its head office is established in a country that has in place an equivalent supervisory and regulatory framework for banks and equivalent confidentiality requirements than those in the EU and that is not listed as a high-risk third-country for AML purposes.

Finally, where third-country branches have assets on their books for EUR30 billion, competent authorities must proceed to an assessment of systemic importance, ie assess on a regular basis whether such branch poses a level of risk to the financial stability of the respective Member State and of the EU. Should they conclude that the branch is systemic, they would be able to take one of the following measures:

  • requirement to subsidiarise, in order to continue its activities;
  • requirement to restructure their activities so that they cease to meet the criteria of systemic importance or the EUR30 billion threshold;
  • impose additional Pillar II requirements (eg additional capital, liquidity, reporting or disclosure requirements).

Unclarity related to the scope of application

Due to the current drafting of the CRD VI Proposal, the exact scope of application of the new rules is not entirely clear at this stage, and might lead to unexpected consequences.

In the EEA, the license as a credit institution not only allows such entities to provide traditional banking services; indeed, credit institutions duly licensed are also allowed to provide certain other financial regulated services.

Therefore, the current wording of the CRD VI Proposal is likely not only to cover these traditional banking services, but also those other regulated financial services that licensed credit institutions are allowed to provide, such as payment services, investment services (such as dealing on own account, portfolio management or investment advice), custody services, corporate finance advice, credit reference services and issuing electronic money. At this stage, it is indeed not clear whether the CRD VI Proposal would only apply to all non-EU undertakings wishing to perform the abovementioned services (not only banking services) or whether the CRD VI Proposal would be limited to third country undertakings who would require authorisation as a third-country branch in the EU for the provision of banking services. In practice, clarification on this current grey zone and on the interconnection between these new rules and the other EU financial regulations will be essential for non-EU firms. These firms might become subject to the new framework, not only for the provision of banking services, but also for the provision of any of the other abovementioned financial regulated services in the EU. And they might therefore become prevented from providing on a cross-border basis, as the case may be.

Exemption on the basis of reverse solicitation

The CRD VI Proposal would provide for a general exemption for services provided on the basis of reverse solicitation. This means that where an EU customer approaches an undertaking established in a third country at its own initiative for the provision of banking services, such undertaking shall not be subject to the new prudential regime and to the requirement to establish a local branch in the Home Member state of this customer.

More specifically, third-country undertakings providing banking services in a Member State through reverse solicitation of services are therefore exempted from the requirement to establish a branch in the EU, if the third country undertaking does not solicit EU customers. In addition, the third-country undertaking would not be able to take advantage of the customer’s initiative to cross-sell or market other categories of products, activities or services than those that the customer had solicited.

Impact of the framework and next steps

The CRD VI Proposal, along with the other proposals of the Banking Package, will now be submitted to the European Parliament and the Council under the ordinary legislative procedure.

Once adopted and officially published, Member States will be required to transpose the CRD VI Proposal into national law within 18 months following the official publication in the Official Journal. Third-country branches already operating in the EU will have to be reauthorised under the new framework, but will however benefit from a transitional period of 12 months following the 18 months transposition period of the CRD VI Proposal to obtain the required authorisation.