Banking & Finance Eurozone Hub
Our Expertise Banking & Finance
ECB-SSM releases two new supervisory "Guides" on banking licence applications
How will this change the licence process for traditional and FinTech firms and what clarifications are provided on the CRR/CRD IV Framework?
21 September 2017 marked the end of summer. It also marked the start of the supervisory and regulatory publications "season" for the EU-27 and equally the Eurozone-19's Banking Union. The European Central Bank (ECB), as the lead within the Single Supervisory Mechanism (SSM) pillar of Banking Union, published two supervisory "Guides" on licence applications. These apply to applicants requiring a licence for traditional as well as FinTech banking sector activity. Whereas national authorities1 in the SSM are the "entry point" to the authorisation and licence process, the ECB-SSM is the ultimate decision maker on all banking licence applications in the Eurozone-19 and its Banking Union. This Client Alert assesses the practical impacts of these Guides and how they apply to traditional and FinTech credit institutions. Given the heightened volume of licence applications and the long lead timelines, market participants ought to assess and take action now.
As with other SSM relevant Guides these two newest publications read like and thus should be interpreted as rulebooks. These Guides are currently in draft form and following their finalisation may evolve further as the Banking Union's application of the EU's Single Rulebook for financial services continues to develop. Importantly, these two Guides are complementary to one another, especially for those new entrants that would qualify as FinTech credit institutions (FCIs). A traditional credit institution undertaking FinTech activity, ought to take note of the supervisory expectations that apply to a FCI. A FCI must take note of the general licence application principles and process that apply to traditional credit institution applicants.
In summary, the Guides change the supervisory experience and deliver a more uniform tone in terms of supervisory expectations. They also provide clarifications on certain terms used in EU-wide prudential capital regulation in the CRR/CRD IV Framework. The consultation process on these Guides closes on 2 November 2017. A public hearing, which will also be webcast, will be held on 26 October 2017. The ECB has also released a FAQ2 that complement the Guides. We will
1 See the following, including a link to national authorities' application forms: https://www.bankingsupervision.europa.eu/banking/tasks/authorisation/html/index.en.html 2 See: https://www.bankingsupervision.europa.eu/legalframework/publiccons/pdf/licensing_and_fintech/licensing_and_fintech _faq.en.pdf
provide further coverage and analysis on these new rules as they continue to develop.
As with other related SSM Guides, the two Guides aim to harmonise but also expand the Single Rulebook. They also tie-in with other SSM workstreams. Notably, these licencing Guides should also be read in conjunction with the ECBSSM Guide on assessing the fitness and propriety of natural persons in relation to certain functions requiring supervisory approval (the F&P Guide)3 or the ECM-SSM Guide on-site inspections and internal model investigations (the OSIIM Guide)4.
All of these supervisory Guides and expectations will change how existing and new Banking Union Supervised Institutions (BUSIs) engage with national and ECB components of the SSM. For those that will qualify as FCIs, the Guides should also be read in conjunction with the European Banking Authority's policy on FinTech which we covered in a separate series of Client Alerts5. The ECB-SSM's move to establish rules on licence applications for FCIs, is a welcome move to establish greater harmonisation and certainty in an area of rapid transformation.
Harmonisation of the licencing process using a jurisdiction agnostic approach
The ECB-SSM's aim of achieving greater harmonisation of supervisory principles and practices is a general overarching priority. This now also specifically applies to licencing applications by introducing "jurisdiction agnostic" common standards that harmonise yet also interoperate with existing national standards and processes. All of this aims to ensure the Banking Union's application of the EU's Single Rulebook for financial services is truly more single. Having a truly Single Rulebook, based on a single supervisory culture contributes to a "level playing field" for BUSIs. Extending this approach to regulatory licence applications aims to reduce the risk that applicants circumvent banking sector regulation and supervision.
The publication of the ECB-SSM's:
"Guide to assessments of licence applications: License applications in general"6 (the General Licence Application Guide or GLAG); and
"Guide to assessments of fintech credit institution licence applications"7 (the FinTech Licence Application Guide or FLAG).
Each of these supervisory "Guides" contain common concepts and approaches that are relevant to credit institutions with additional requirements introduced by the FLAG in respect of FCI applicants. Both Guides are designed to be flexible and capable of amendment so as to remain practical and relevant in promoting awareness and transparency of the assessment criteria and processes of the establishment of a credit institution within the SSM.
3 See our recent Background Briefing on this available here: http://www.bakermckenzie.com/-
/media/files/insight/publications/ar_germany_backgroundbriefing_jul17.pdf?la=en 4 See our recent Client Alert on this available here:
http://www.bakermckenzie.com/en/insight/publications/2017/08/consultation-launched-on-draft-ecb-ssm 5 Available here: http://www.bakermckenzie.com/en/insight/publications/2017/09/eba-launches-consultation 6 Available here: http://www.bakermckenzie.com/en/insight/publications/2017/09/eba-launches-consultation 7 Available here:
Relation of the GLAG, FLAG and FCIs with EU requirements
Whilst the introduction of the FCI concept is of course welcome, it is important to note, that as a concept it does not exist in other EU, Eurozone and indeed global regulatory and legislative instruments. A FCI will not have its application or ongoing supervision regulated and supervised as a light-touch version of a creditinstitution. This is the case even where existing rules allow for a proportionate approach to supervision in respect of smaller and less-complex business models.
In terms of process, the GLAG and the FLAG, supplement national level instruments. A credit institution licence application process may also mean the involvement of other national authorities in the European System of Financial Supervision or indeed separate applications for licences. The processes of the GLAG and the FLAG do not replace those other processes.
Greater clarity on key terms in the CRR/CRD IV Framework
That being said, these ECB-SSM level supervisory Guides are limited to the Banking Union. They do not aim to replace or displace rules and supervisory approaches outside the scope of the SSM's scope and mandate. The GLAG specifically does however provide useful guidance, without prejudice to national law, on terms not otherwise defined in the CRR/CRD IV Framework.
This is particularly relevant where national transposition of the CRR/CRD IV Framework, as an EU regime, into the respective Member States has led to inconsistencies amongst national regimes. Some of these inconsistencies are due to national options and discretions but may also be as a result of incorrect interpretation and application by national authorities or their differing supervisory approaches. The GLAG's clarification on these inconsistencies aims to harmonise understanding in respect of some key terms in the CRR/CRD IV Framework. These include:
clarification that "deposits and other repayable funds" include, for supervisory purposes, long-term savings accounts, current accounts, immediately repayable savings accounts, funds in investment accounts, or in other forms that are to be repaid. Reference is also made to a 1999 Court of Justice of the European Union judgment8 where it was determined that "..."other repayable funds" refers not only to financial instruments with the intrinsic characteristic of reparability, but also to those which, although not having that characteristic, are the subject of a contractual agreement to repay the funds paid." This could bring a much larger scope of activity into the ECB-SSM's supervisory mandate. Deposits are clarified as those that are covered in the Deposit Guarantee Scheme Directive9 and confirms that funds received in the course of payment services activity or e-money activity is not subject to the CRR/CRD IV Framework but the relevant PSD2 and E-Money frameworks;
clarification that "public", for prudential regulatory and supervisory purposes, implies "...an element of protection for natural or legal persons entrusting funds to unsupervised entities whose financial soundness is not established." The GLAG thus, perhaps rather imprecisely, aims to
8 judgment of the Court of Justice of the European Union, Case C-366/97, 11 February 1999. 9 Directive 2014/49/EU of the European Parliament and of the Council of 16 April 2014 on deposit guarantee schemes, as implemented into national law.
delineate between what is the "public" and those that are have a (personal) relationship with the company to whom they entrust their money and are capable of assessing the financial soundness. Other "professional market parties" are not deemed to be the "public". Whilst this is an undefined term there is reference to such persons needing to evidence sufficient expertise and funds to conduct their own counterparty research. One might assume this refers to those parties that are not categorised as MiFID retail clients. It is unclear how this will impact HNWI or other financial services activity for the mass affluent;
clarification that "grant credit for own account" means that..."the granting of credits or loans, must be carried out by the credit institution "for its own account". The credit institution is therefore the creditor, while the credit/loans that it grants become its assets." A cross-reference to Annex 1 of the CRD IV is made as to what financial activity/products are covered. The GLAG also specifies that overdrafts can qualify as credits under the CRR/CRD IV Framework.
It is not clear whether non-Banking Union EU Member States, all of which embed the CRR/CRD IV Framework, will use the GLAG's guidance and clarifications of these terms.
The GLAG's key provisions
The GLAG specifies, including by using hypothetical examples, the processes and the stages in the licence application process. This SSM process can take up to 12 months from submission to complete. In summary, these SSM stages run from:
the pre-application stage;
to the submission to and verification by the national authority;
the subsequent assessment of the national authority's dossier in respect of the BUSI applicant by the ECB-SSM;
the issuing of a supervisory Decision by the ECB-SSM, which like any SSM Decision may impose "ancillary provisions" on the BUSI. These include the option of the SSM to set an "obligation" i.e., a requirement or restriction that applies for a set period; a "condition", i.e., a pre-requisite that needs to be fulfilled prior to granting of the licence; or a "recommendation", i.e., a non-binding suggestion or an "ex ante commitment" which are binding conditions subsequent; and
following the application of the Decision, the handover to "ongoing supervision" and the SREP process.
Throughout this SSM process, the national and ECB components apply the following four general licencing principles to the "common procedures". These are:
1. gatekeeper: the ECB-SSM acts as a gatekeeper10 in assessing whether a credit institution applicant should receive a licence. The SSM focuses on a BUSI applicant's:
a. capital levels;
10 and as a gatekeeper will probably need to continue to grow its supervisory staff and how it embeds technology in order to ensure it can deliver on heightened workload against compact deadlines.
b. "programme of operations" (which is being separately consulted upon in a forthcoming publication that we will cover);
c. structural organisation (including IT and outsourcing arrangements) and
d. the suitability of managers (conducted by the ECB-SSM for direct and indirect BUSIs) and
e. suitability of relevant direct and indirect shareholders (see also our Client Alert on the F&P Guide11) their qualifying holdings12 and any significant influence;
2. open and complete communication: the "supervisors" i.e., ECB-SSM and national level, expect each "...applicant to accurately and completely prepare their application and openly an swiftly share information to help the supervisors reach an informed decision. The information requirements are based on the EBA's RTS and ITS on the information required for the authorisation of credit institutions." This may mean that for a number of process, previously dictated by jurisdictional specifics, there is a much more centralised tone in when and how communication is expected. The same also applies in relation to the "supervisors" information requests and communication with the BUSI applicant;
3. harmonisation: the GLAG aims to improve harmonisation of supervisory approaches, rule interpretation and application in respect of licence applications. It applies to new or extended authorisations and will not lead to a re-assessment of existing authorisations that pre-date the GLAG's publication in its final form; and
4. case-by-case assessment and proportionality: as with certain other SSM Guides, the GLAG states that whilst "all relevant circumstances will be taken into account" it will include considerations of risk-based proportionality.
These principles, together with the contents of the GLAG, specify that the licence application review process will asses whether the BUSI applicant has sufficient13 substance. An assessment of substance will also look at whether the applicant is actually "sufficiently engaging in activities that it must undertake in order to be defined as a credit institution within the meaning of EU law."
These assessments will direct how the ECB-SSM rates the business model viability of the BUSI at inception. That analysis will in turn flow into the Supervisory Review and Evaluation Process (SREP)14 as a key supervisory tool used by the SSM to monitor BUSIs. The ECB-SSM-led SREP tool is itself being rolled-out to a much wider body of BUSIs15.
11 See our recent Background Briefing on this available here: http://www.bakermckenzie.com//media/files/insight/publications/ar_germany_backgroundbriefing_jul17.pdf?la=en 12 or, in the absence of qualifying holdings, the ECB-SSM will apply EBA standards to assess the 20 largest or possibly all shareholders. To briefly recap, for Banking Union purposes a participation in a credit institution will be a "qualifying holding" when it represents 10% or more of any shares and/or voting rights in the credit institution. A supervisory notification of that first 10% threshold and any relevant threshold above is required. This is in addition to any other supervisory reporting required in a respective jurisdiction. 13 Further analysis is available in the following Client Alert: http://www.bakermckenzie.com/en/insight/publications/2017/08/eu-banking-union-spors 14 Further analysis is available in the following Client Alert: http://www.bakermckenzie.com/en/insight/publications/2017/08/ecb-ssm-commits
15 Further analysis is available in the following Client Alert: http://www.bakermckenzie.com/-
Licence exemptions and lapses
The GLAG provides clear and definitive conditions16 when an initial licence application or a change in licence application will be required. The GLAG also specifies when an exemption to the licence requirement applies or when a licence lapses.
One key exemption to the need for a licence that the GLAG introduces is in the case of a merger. Where a merger exists for a "legal second" whether due to commercial or regulatory (i.e., BRRD and/or SRM) relevant measures, no licence application will be required by the ECB-SSM. Certain national requirements may however still be relevant and applicable.
The ECB-SSM defines a "legal second" as the length of time "...needed to complete the transactions involved..." and the SSM will take account of the specific circumstances prior to assessing whether a licence application exemption can be applied or whether a special "Bridge Bank" licence is required. It is important to note that an exemption request does not replace the need to obtain all other regulatory, supervisory and SSM-specific consents. This also extends to the continued need to obtain relevant merger or change in control consents irrespective of a SSM licence exemption.
A licence that has been issued by the SSM to a BUSI will lapse where the BUSI does not make use of the authorisation for 12 months. A licence will also lapse if the BUSI has ceased to engage in business for more than six months. The wording in the GLAG is not entirely precise, but this is taken to mean consecutive months and also cross-refers to the "sufficient substance and engagement" tests that were assessed as part of the initial application and business model viability assessment. It is not yet clear whether a lapse in one area will cascade through to other areas. Moreover, it is also not clear, whether a lapse or withdrawal of a SSM licence might have knock-on effects to any licences that the BUSI holds from other regulators. A BUSI may also withdraw its application or expressly renounce its authorisation.
The FLAG's key provisions
The FLAG exclusively applies to those BUSIs that qualify as FCIs. A FCI is a credit institution "...whose business models in which the production and delivery of banking products and services are based on technology-enabled innovation." The ECB's current term of what is and what is not FinTech, is different to that of the EBA and instead uses the definition of the Financial Stability Board. Leaving aside the fact the differences between definitions, for Banking Union purposes the definition that will be in the final version of the FLAG is important. This is the case as the definition sets who might qualify as a FCI and thus be subject to the FLAG's additional provisions, which supplement the provisions contained in the GLAG.
As an overarching supervisory principle, the ECB-SSM's scrutiny of FCIs aims to focus on ensuring that they are properly authorised and have in place risk control frameworks that anticipate and respond to the FinTech-specific and other nonFinTech risks that arise in their field of operations. The FLAG, in supplementing the GLAG, aims to balance the creation of a FinTech friendly supervisory environment whilst at the same time ensuring that proactive (systemic) risk
16 Including where an entity wishes to become a credit institution or where two or more institutions merge to form a new entity.
management and resilience measures are not compromised. Additional obligations and measures that are relevant to and which may be imposed upon FCIs, may also extend to FCIs having to hold additional regulatory capital.
Those additional obligations are however driven by firm-specific as opposed to business sector specific attributes. Moreover, the FLAG is not only jurisdiction agnostic but also describes itself as "technology-neutral" in that it does not favour traditional banking sector activity and actors over those using FinTech. Whether this will be the case in relation to the supervisory experience of FCIs remains to be seen. What is certain is that the FLAG aims to nurture FinTech's "oaks" and weed out a field of tulips. This means that FCIs will need to evidence a large amount of self-assessment on risks specific to it, risks that it contributes to its peers and the financial sector as a whole and how these are managed.
So what does this mean in practice? FCI applicants and potentially some existing BUSIs that heavily use FinTech in connection with their regulated activity are encouraged by the FLAG to:
sufficiently detail evidence of the technological knowledge of members of the management body;
consider appointing a Chief Information Technology Officer as a member of the executive board of the FCI;
ensure that any business incubators and/or providers of seed capital or other growth capital are aware of the fact that their holdings, financial soundness, reputation and shareholder and own corporate governance and other specific attributes will be reviewed as part of the authorisation process of a FCI;
engage in sufficiently clear dialogue with the SSM in relation to change of ownership models as the FCI grows. Dilution of founding capital investors will need to be managed as qualifying holdings and/or direct and indirect significant influence relationships change;
account for the fact that FCIs will be subject to heightened postauthorisation supervisory reviews, in particular in relation to evaluating credit-granting and scoring methodologies, collateral and security arrangements, and internal governance arrangements including compliance with the ECB-SSM's non-performing loans and exposures supervisory Guide i.e., rules17;
detail the adequacy of their resourcing needs. This applies to regulatory and economic capital as well as to sufficient human capital. FCIs are specifically expected to be able to evidence they are able to cover startup losses for the first three years of activity. Foreseeable losses and the break-even point are to be communicated in the application;
evidence robust and resilient IT arrangements, data governance and cyber-resilience processes and policies. This applies in relation to traditional regulated and non-regulated outsourcing and delegation arrangements as wells cloud outsourcing; and
17 See our coverage on this available here: http://www.bakermckenzie.com/en/insight/publications/2017/07/eu-setsmarching-orders
prepare, depending on the nature of the business and the BUSI applicant, an "exit plan" (details upon this are yet to be published and will be covered by us) to allow for a FCI to cease its own business operations on its own initiative. Cessation should occur in an orderly and solvent manner, without harm to consumers nor disruption to the financial system nor regulatory/supervisory intervention. Costs of the exit plan, including how to close without imposing losses on depositors is to be covered by the FCI's "own funds" component of its regulatory capital. The SSM (both ECB and national components) will consider performing a follow-up inspection one year after a FCI is licensed to assess whether the FCI is operating as envisioned in its application or whether an exit plan needs to be triggered.
Outlook and some next steps for existing and applicant BUSIs
For applicants looking to establish themselves as BUSIs and specifically those as FCIs, the two supervisory Guides, together with the F&P Guide provide:
a much clearer roadmap of what areas applicants and their advisors ought to highlight in their licence applications; and
the process stages and supervisory touchpoints that are relevant in respect of the licence applications.
For existing BUSIs, the GLAG and the FLAG provide clarity:
on where supervisory scrutiny, specifically in relation to entities that may evidence similar traits as FCIs, will lie in terms of SREP and any on-going supervisory inspections. One might expect a degree of focus on BUSIs evidencing sufficient financial sector and technological knowledge;
on what circumstances might require creation of an exit plan for FCIs; and
on forthcoming areas where the ECB-SSM will continue to drive harmonisation by either eliminating national options and discretions in the CRR/CRD IV Framework, as applied in the Banking Union, or where it will roll-out various provisions of the Single Rulebook that it has added to or where it leads on regulatory and supervisory policymaking to the much wider body of BUSIs than those that are directly supervised by the ECB component of the SSM.
The SSM distinguishes between those BUSIs that are "Significant Credit Institutions", and thus subject to direct ECB-SSM supervision and those that are "Less Significant Institutions", and thus subject to indirect ECB but direct national supervision. It is important to note that most FCIs are likely, for SSM purposes, to qualify as "high-priority Less Significant Institutions" (HP-LSIs). This means that the ECB component of the SSM will indirectly supervise and the national components of SSM will directly supervise the FCIs. HP-LSIs receive closer scrutiny from the ECB component of the SSM. Most FCIs are likely to be categorised as HP-LSIs due to their supervisory importance and perceived firm and/or systemic risk contribution. Whatever the BUSI type, the GLAG, the FLAG along with the other SSM rulemaking instruments and supervisory "Guides" are
likely to assist both the SSM and BUSIs in ensuring a more level playing field can take root.
If you need assistance with an existing or new, including FCI licence application or if you would like to receive more analysis from our wider Eurozone Group in relation to the topics discussed above, including what other SSM rules might mean for specific market participant types within or looking to enter the EU and/or the Eurozone, then please do get in touch with any of our Eurozone Hub key contacts below.
Our Eurozone Hub Contacts:
Michael Huertas, LL.M., MBA Counsel Solicitor (England & Wales and Ireland) Registered European Lawyer Frankfurt michael.huertas@ bakermckenzie.com
Sandra Wittinghofer Partner Rechtsanwltin and Solicitor (England & Wales)
Dr. Manuel Lorenz, LL.M. Partner Rechtsanwalt and Solicitor (England & Wales)
Baker & McKenzie - Partnerschaft von Rechtsanwlten, Wirtschaftsprfern und Steuerberatern mbB
Friedrichstrasse 88/Unter den Linden 10117 Berlin Tel.: +49 30 2 20 02 81 0 Fax: +49 30 2 20 02 81 199
Neuer Zollhof 2 40221 Dusseldorf Tel.: +49 211 3 11 16 0 Fax: +49 211 3 11 16 199
Frankfurt am Main Bethmannstrasse 50-54 60311 Frankfurt / Main Tel.: +49 69 2 99 08 0 Fax: +49 69 2 99 08 108
Mnchen Theatinerstrasse 23 80333 Munich Tel.: +49 89 5 52 38 0 Fax: +49 89 5 52 38 199
This client newsletter is prepared for information purposes only. The information contained therein should not be relied on as legal advice and should, therefore, not be regarded as a substitute for detailed legal advice in the individual case. The advice of a qualified lawyer should always be sought in such cases. In the publishing of this Newsletter, we do not accept any liability in individual cases.
Baker & McKenzie - Partnerschaft von Rechtsanwlten, Wirtschaftsprfern und Steuerberatern mbB is a professional partnership under German law with its registered office in Frankfurt/Main, registered with the Local Court of Frankfurt/Main at PR No. 1602. It is associated with Baker & McKenzie International, a Verein organized under the laws of Switzerland. Members of Baker & McKenzie International are Baker McKenzie law firms around the world. In common with terminology used in professional service organizations, reference to a "partner" means a professional who is a partner, or equivalent, in such a law firm. Similarly, reference to an "office" means an office of any such law firm.