Third country branches, ESG risks and Basel III standards

Introduction

Another milestone in EU banking regulations; on 9 July 2024, the amended Capital Requirements Regulation (CRR III) and the amended Capital Requirements Directive (CRD VI) entered into force. These pieces of legislation form part of the Banking Package, which includes both the Basel III reforms and non-Basel changes to the regulatory playing field of banking services. Although there are quite some amendments made by CRR III and CRD VI, this newsletter distils three key practical takeaways for both EU banks and non-EU parties providing banking services in the EU.

The Banking Package

First things first, what is the Banking Package? The Banking Package includes material amendments to CRR and CRD (CRR III and CRD VI) as – among other things – the final elements for implementation of the globally agreed Basel III regulatory reforms. The EU has already implemented the vast majority of Basel III.

The Banking Package includes, e.g.:

1. a newly introduced third country regime for banks established outside the EU which are active within a member state, in order to harmonise the EU supervision on third country banks and branches.
2. a requirement to properly manage ESG risk (e.g. regular climate stress testing), including the requirements to have ESG risk management systems, ESG reporting and disclosure requirements for all banks and the requirement that banks will have to draw up transition plans under the prudential framework that will need to be consistent with the sustainability commitments banks undertake under Corporate Sustainability Reporting Directive (CSRD).
3. changes to the way banks calculate their risk-weighted assets (RWA) giving greater weight to the standardized calculation approach, e.g. with the introduction for the preferential treatment of real estate exposures, including a new category of ‘buy-to-let’ exposures (Income Producing Real Estate) and exposures to real estate acquisition, development and construction (ADC).
4. introduction of an ‘output floor’, which is a lower limit on the capital requirements that banks calculate when using their models. The output floor is introduced to reduce the excessive variability of banks’ capital requirements calculated with internal models.
5. more detailed fit & proper tests, including harmonised checks for banks’ senior managers before they take their positions, and the introduction of a minimum common set of procedural rules and standardised information requirements.
6. expansion of the supervisory powers available to competent authorities in respect of (i) acquisitions by a credit institution of a material holding in a financial or non-financial entity, (ii) material transfers of assets or liabilities and (iii) mergers or divisions.

 

Three key takeaways

 

Takeaway 1: analyse the impact of the third country branch regime

The first takeaway is that third country (i.e. non-EU) parties that are active in the EU should pay attention to the potential applicability of the newly introduced third country branch (TCB) regime in CRD VI (see Articles 21c and 47-48r CRD VI).

Currently, the treatment of third country banks and its branches is largely left to national law, with fragmented regulation throughout the EU as a consequence. This fragmentation is now up for harmonisation under the TCB regime.

What does the TCB regime include?

In short, CRD VI requires third country providers of so-called ‘core’ banking services in the EU, also on a cross-border basis, to establish a TCB in the EU member state they are active in and apply for authorisation (see Article 21c CRD VI). These ‘core’ banking services include (i) deposit-taking, (ii) lending and (iii) guarantees and commitments. This means that undertakings established outside the EU which provide deposit taking, lending and/or guarantees and commitments to clients or counterparties within the EU, will in principle be required to establish a branch office in the member state(s) where their clients or counterparties are located. Subsequently, the branch must obtain authorisation for the relevant services provided (i.e. a licence from the national competent authority).

When establishing a TCB and applying for TCB authorisation, the TCBs must meet some minimum conditions (see Article 48c CRD VI). For example, the intended activities of the TCB must be covered by the home state license of the head undertaking (see Article 48c(4)(b) CRD VI). In addition, Articles 48e-48h CRD VI contain some minimum regulatory requirements which must be met in order to obtain the TCB authorisation. This includes capital endowment requirements (see Article 48e), liquidity requirements (see Article 48f), internal governance and risk management requirements (see Article 48g) and booking requirements (see Article 48h).

Are there any exemptions to the TCB regime?

The impact of this far-reaching TCB regime is somewhat alleviated by the exemptions included by the European legislator. For example, CRD VI includes a MiFID II inspired carve-out for reverse solicitation (see Article 21c(2)(a) CRD VI). As such, the TCB requirement does not apply where third country undertakings engage in the provision of banking services with clients and counterparties in an EU member state through ‘reverse solicitation’ (i.e. on the exclusive initiative of the client or counterparty). For example, if a Dutch client approaches a non-EU bank for deposit taking services exclusively on its own initiative, the TCB regime will not be applicable.

We note that currently reverse solicitation is not formally included in Dutch law for banking services. So far, the Dutch regulator (the Dutch Central Bank, DNB) has expressed a rather strict view on this. It will be interesting to see how DNB will implement the formally introduced reverse solicitation principle for banking services into its supervision and how this will affect third country parties in practice. In any case, it is recommended to assess the applicability of the reverse solicitation exemption a case-by-case basis and, to the extent possible, keep a paper trail of all communication with clients which demonstrates the client’s exclusive own initiative.

In addition to the above, the TCB regime does not apply to inter-bank services (services provided to a credit institution, see Article 21c(2)(b) CRD VI) or intra-group services (services provided within the same group of undertakings, see Article 21c(2)(c) CRD VI). The TCB regime also does not apply to non-EU undertakings providing deposit taking or the granting of credit or loans as an accommodating ancillary service to investment services or activities under MiFID II.

Who is affected by the TCB regime?

The TCB regime will have a broad impact for third country services providers. Not only non-EU banks should analyse whether they fall within scope of the TCB regime, but other non-EU parties should also carefully consider their services in the EU. The new Article 21c CRD VI states that ‘Member States shall require undertakings established in a third country as referred to in Article 47 to establish a branch in their territory and apply for authorisation (…)’. This implies that the TCB requirement would not only apply to non-EU banks, but also to other non-EU entities providing ‘core’ banking services.

However, Article 47 CRD VI requires the establishment of a TCB where (i) deposit taking services are being provided within the EU by any non-EU undertaking, or (ii) lending services and/or guarantees and commitments are being provided within the EU by a non-EU undertaking which would qualify as a credit institution (i.e. bank) within the meaning of Article 4(1) CRR. As such, the applicability of the TCB regime will depend on the services offered and whether the non-EU undertaking qualifies as a credit institution within the meaning of CRR (as it takes deposits/repayable funds and grants loans), regardless of whether it has a license as such.

Considering the above, it is crucial for both non-EU non-bank parties and non-EU banks to analyse their activities within the EU, as the application of the TCB regime would depend on which service is being provided. For non-EU undertakings with clients or counterparties within the EU, we would recommend creating an internal overview of the services provided within the EU and the member states in which the relevant clients and counterparties is located.

 

Takeaway 2: focus on ESG risks within the organisation

Another key topic included in CRR III and CRD VI is the focus on the integration of environmental, social and governance (ESG) risks within the organisation and risk management framework of EU banks. Although the most saliant amendments for EU banks are included in CRD VI, CRR III also includes some changes regarding ESG risks.

What will CRR III change in terms of ESG risks?

 The amendments made in respect of ESG risks are included in both CRR III and CRD VI. The amendments made by CRR III which are relevant for EU banks mainly focus on three topics: (i) new and harmonised definitions of various ESG risks, (ii) new requirements on the reporting of ESG risks by banks to national competent authorities (i.e. financial regulators) and (iii) extended requirements in relation to the disclosure of ESG risks.

In this regard it is important to note that also small and non-complex institutions must make very detailed annual ESG risk Pillar 3 disclosures, starting 1 January 2025 (see Article 433b(1)(e) jo. 449a CRR). Consequently, all banks should now brace themselves for the expansion of the ESG risk Pillar 3 datasets and an increase of the applicable disclosure requirements.

So far, this obligation only applied to large, listed EU banks. In November 2022, amending implementing technical standards (ITS) were published in the Official Journal of the EU (link) on the disclosure requirement of Article 449a CRR for large, listed EU banks. These ITS include comparable disclosures to show how climate change may exacerbate other risks within institutions’ balance sheets, how institutions are mitigating those risks, and their ratios, including the GAR (Green Asset Ratio), on exposures financing taxonomy-aligned activities. In the consultation paper of the EBA which was published in relation these ITS (link), the EBA further elaborates upon the background and rationale of the ITS. Small and non-complex institutions which will now also be subject to Article 449a CRR are recommended to review these ITS (and the accompanying EBA consultation paper) to prepare themselves for what is coming their way.

And what about CRD VI?

CRD VI, on the other hand, focuses more on the integration of ESG risks in the internal governance of EU banks and supervision. There are six key relevant revisions. In short, these revisions include:

 

• EU banks must include short-, medium- and long-term horizons of ESG risks in their strategies and processes in relation to adequate internal governance and for the evaluation of their internal capital needs in terms of amounts, types and distribution (ICAAP) (see Article 73(1) CRD VI).
• EU banks must have effective processes, systems, strategies and policies included in their governance arrangements to identify, manage, monitor and report short-, medium- and long-term ESG risks they are or might be exposed to (see Article 74(1) CRD VI and Article 87a CRD VI).[1] For example, the remuneration policy must also take into account the bank’s risk appetite in relation to ESG risks (see Article 74(1)(e) CRD VI).
• Management bodies of EU banks are required to develop and monitor the implementation of specific plans including targets and processes to monitor and address short-, medium-, and long-term ESG risks on a current and forward-looking basis (see Article 76 CRD VI).
• National competent authorities are required to assess the adequacy of the governance and risk management processes of EU banks in respect of managing ESG risks and the exposure thereto as part of the supervisory review and evaluation process (SREP) (see Article 98(9) CRD VI).
• The European Supervisory Authorities (ESAs) – including the EBA, ESMA and EIOPA – are mandated to establish guidelines to ensure consistent considerations and common methodologies for stress testing ESG risks (see Article 100(4) CRD VI).
• Competent authorities are given the power to request EU banks to reduce the short-, medium- and long-term ESG risks through adjustments of their business strategies, governance and risk management (see Article 104(1)(m) CRD VI).

Does proportionality play a role?

As can be expected where new legislation creates extra principle based governance requirements for parties in scope, the European legislator has taken proportionality into account. For example, the internal strategies, policies, processes and systems as referred to above under (ii) should be proportionate to the scale, nature and complexity of the ESG risks of the business model and scope of the bank’s activities (see Article 87a(2) CRD VI).

However, some parts of the proportionality-component are still up for discussion. For instance, EU member states must ensure a proportionate application of the requirement set out above under (iii) as applicable to management bodies where it concerns small and non-complex institutions. For this proportionate application, it is up the member state to indicate whether any waivers or a simplified procedure may be applied. Consequently, some questions remain unanswered until the implementation act is published by the national legislator.

But we are already taking ESG into account in our bank

 In practice, most banks already take ESG risks into account within their risk management framework and governance arrangements – or at least in the form of climate and environmental risk. As such, the ESG risk-related amendments will not come as a shock to most of the banking sector. However, the new provisions relating to ESG risk incorporation do create more formal and in-depth requirements to take such risks into account. Consequently, more focused supervision will take place by the (national) regulator, as it provides for legal grounds for the regulator to keep a close eye on ESG risk management within the banking sector.

 

Takeaway 3: Check the reformed Basel III standards

Although the emphasis in relation to the first two takeaways mainly lies with CRD VI, the reformed Basel III reforms as primarily included in CRR III also contain many new or amended rules with a practical impact. For this third takeaway, we focus on two items of the Basel III standards: the standardised approach for credit risk and the so-called output floor.

What revisions have been made in respect of the standardised approach for credit risk?

 As a quick refresher – credit risk (i.e. risk of loss due to failure by the counterparty to repay its debt (in full or in part)) is a result of a bank’s inherent lending activities. This provides the basis for the applicable Pillar 1 regulatory capital requirements of a bank. The standardised approach for credit risk allows banks to use a statutorily prescribed risk weight schedule for calculating its risk-weighted assets (also referred to as RWAs). To each asset and off-balance sheet position, the bank allocates a risk weight and consequently produces a sum of that bank’s total risk exposure amount. Other banks do not use prescribed risk weights, but calculate their own, on the basis of their own internal models (to the extent approved by their competent authority).

The revisions made by CRR III stem from the revised standardised approach for credit risk from the Basel Committee on Banking Supervision (BCBS) and aim to improve the risk sensitivity of the standardised approach. Provisions from CRR which have been revised include, inter alia, provisions relating to (i) exposure value of off-balance sheet items, (ii) exposures to credit institutions (i.e. banks) and corporates, (iii) treatment of specialised lending exposures, (iv) exposures secured by real estate (i.e. residential and/or commercial immovable properties), (v) equity exposures and (vi) defaulted exposures.

The introduction of the ‘output floor’ – how does it work?

Not all Basel III reforms concern revisions, there is also a new concept in the capital requirements calculation field: the output floor (see Article 92(3) CRR III). The output floor sets out a minimum limit (i.e. ‘floor’) on the capital requirements (i.e. ‘output’) as calculated by banks when using their internal models. The use of internal models, also called the internal ratings-based approach for credit risk or IRB approach, is an alternative to the standardised approach which allows banks to use internal estimates of borrowers’ creditworthiness to assess credit risk.

The aim of the introduction of this new feature is to reduce the excessive variability of banks’ capital requirements calculated with internal models, enhance the confidence in risk-based capital requirements and improve the solidity of banks using internal models. Consequently, capital requirements will be made more comparable across banks.

Banks using internal models are now required to compare the RWAs resulting from their internal models with those calculated by using the standardised approach as multiplied by a percentage factor of 72.5%, with the higher of the two amounts of RWAs being used to calculate the total risk exposure amount (TREA) of the bank.

When should the output floor be applied?

 As part of a transitional arrangements, banks may use a tiered approach to the output floor when calculating its TREA (see Article 465 CRR III). This tiered approach starts at an output floor of 50% from 1 January 2025 to 31 December 2025 and increasing with 5% each year up until an output floor of 70% from 1 January 2029 to 31 December 2029.

Next steps

When are parties in scope expected to comply?

In general, CRR III will apply from 1 January 2025 with some provisions already applying as of today (9 July 2024) and some provisions being phased in as part of transitional arrangements.

In respect of CRD VI, EU member states must transpose the amendments into national law by 10 January 2026 with these amendments becoming applicable on 11 January 2026. However, the new TCB regime will become applicable one year later on 11 January 2027.

What else is coming your way?

 In December 2023, the EBA published its roadmap on the Banking Package which includes the amendments made by CRR III and CRD VI. In this roadmap (link), EBA sets out that the Banking Package includes around 140 mandates (!) which are necessary to complement the actual practical implementation of the Banking Package.

These products consist primarily of regulatory and implementing technical standards (60) and guidelines (29). In addition, the EBA will provide several reports and opinions, most of which are related to the functioning of the prudential framework. The remaining items include several operational products developed by EBA to ensure a level playing field, regulatory disclosure across the EU and efficiency (for example, lists and databases).

When are these mandates expected to be developed and consulted?

The total package of mandates is developed over four phases, where the first phase has a deadline up to one year, the second phase up to two years, the third phase up to three years and the fourth phase up to four years after entry into force of the Banking Package. The EBA has noted that it will generally try to consult around a year before the legal deadline on mandates where this is required, i.e., regulatory and implementing technical standards and guidelines.

[1] The EBA is also required to establish guidelines on how these ESG risks should be assessed, including guidelines on the identification, measurement, management and monitoring of such risks.