The ECB is committed to providing information to banks and interested parties about its supervisory expectations. This is especially relevant in the context of Brexit: to euro area banks with activities in the UK as well as to those banks relocating banking activities to the euro area.
Here, you will find some frequently asked questions (FAQs) about the ECB’s role in supervising euro area banks. Topics include the ECB’s expectations concerning authorisations and banking licences, internal governance and risk management – including the supervisory expectations on booking models – internal models in banks, and ongoing supervision.
This page was last modified in January 2021 to reflect the end of the Brexit transition period.
In the euro area, banking supervision is conducted by the ECB and the national supervisors of the participating countries – known as the national competent authorities (NCAs) – within the framework of the Single Supervisory Mechanism (SSM).
The supervisory roles and responsibilities of the ECB and the national supervisors for banks in the euro area are allocated on the basis of the significance of the supervised entities.
The ECB is exclusively responsible for authorising/withdrawing licences for all credit institutions in the countries participating in the SSM. It also approves the acquisition of qualifying holdings and other common procedures for such credit institutions within the context of the SSM Regulation (see also Section 3 "Authorisations and licences to carry out banking activities in the euro area" of the FAQs).
The SSM comprises the ECB and the national competent authorities of participating Member States. It is a system of coordinated banking supervision in the euro area that has the advantage of harnessing the strengths, experience and expertise of the ECB and the NCAs. The ECB is responsible for the effective and consistent functioning of the SSM and watches over it, respecting the allocation of supervisory responsibilities set out in the SSM Regulation. To ensure effective and efficient supervision, credit institutions are categorised as “significant” or “less significant”: the ECB directly supervises significant banks, whereas the NCAs are in charge of supervising less significant banks.
The NCAs and the ECB work closely together on the supervision of banks located in the euro area. The processes and procedures of the NCAs and the ECB are aligned to ensure, for example, compliance with timelines in the area of authorisations.
A summary of all the relevant criteria can be found in the criteria for determining significance.
Yes. The ECB together with the national supervisors carries out financial health checks of the banks that become or are likely to become subject to direct ECB supervision. These comprehensive assessments help to ensure that the banks are adequately capitalised and can withstand possible financial shocks. They include an asset quality review (AQR) and a stress test.
The ECB will decide on a case-by-case basis when exactly each institution should be included in the exercise. The aim generally is to conduct a comprehensive assessment as soon as it becomes clear that an institution will meet the significance criteria and that the transfer of activities/assets from the UK to the euro area is sufficiently advanced to warrant an assessment.
The comprehensive assessment is carried out at the highest level of prudential consolidation in participating Member States. If an investment firm is part of a consolidated banking group, that entity will be within the scope of the exercise. The exercise will focus on assessing risks related to both the lending business and investment services.
Where a bank is part of a group, for the purpose of determining significance, the situation of the group at the highest level of prudential consolidation within the euro area will be taken into account (not the individual situation of each entity). For example, if the group’s assets exceed €30 billion at the above-mentioned consolidated level, then all supervised entities within that group are considered as significant, even if they do not meet the threshold of €30 billion of assets at an individual level.
Where a bank is part of a significant group directly supervised by the ECB, the supervision of that bank is conducted both individually and on a consolidated basis. In order to conduct both layers of supervision, the SSM Regulation and the SSM Framework Regulation (the “regulations”) grant the ECB specific supervisory powers, not only over banks but also – for example – over (mixed) financial holding companies, as long as they are located within euro area countries and according to the specific rules of the regulations. If the group includes other financial institutions such as investment firms, these institutions would not be supervised by the ECB on an individual level, but would be included in the supervision of the group on a consolidated basis.
According to Article 2 (20) of the SSM Framework Regulation, “supervised entity” means any of the following: (a) a credit institution established in a participating Member State; (b) a financial holding company established in a participating Member State; (c) a mixed financial holding company established in a participating Member State, provided that it fulfils the conditions laid down in point (21)(b); (d) a branch established in a participating Member State by a credit institution which is established in a non-participating Member State.
The ECB is completely neutral regarding the location chosen and ensures consistent supervision throughout the euro area. All significant institutions are supervised directly by the ECB, using a single set of supervisory standards, irrespective of the country in which they are located. Less significant institutions are supervised directly by the national supervisor of the country where the bank is located. The ECB has an oversight role to ensure the consistency and quality of supervision across such institutions and over the entire system.
No. The ECB and national supervisors have agreed to apply consistent approaches across the euro area, to both significant and less significant institutions.
Banks are expected to complete the implementation of their Brexit plans in accordance with the timelines agreed with their supervisors.
The ECB and national supervisors will follow up on agreed commitments and track banks’ progress towards their target operating models. This may be included in key supervisory processes such as the Supervisory Review and Evaluation Process.
NCAs and the ECB work closely together on both supervision and the authorisation of banks. The procedures for granting authorisation are carried out in line with the SSM Framework Regulation.
In the euro area, the procedure for granting or extending a banking licence (where relevant) is one of what are known as “common procedures”. The ECB is responsible for these procedures with regard to all institutions in the euro area, i.e. for both significant and less significant institutions. The ECB and the national supervisors are involved in different stages of these procedures. In a common procedure, the entry point for all applications is the national supervisor of the country where the bank will be located, irrespective of whether the significance criteria are met or not. The work of supervisors is coordinated from the outset so as to ensure a seamless process that will not impact on timelines. The national supervisors and the ECB cooperate closely throughout this procedure, which is completed for all supervised credit institutions, and ends with the ECB taking the decision.
Therefore, in all cases, your licence application should be submitted directly to the relevant national supervisor, so that the common procedure can be triggered. In line with Article 22 of the Capital Requirements Directive (CRD IV), the same procedure should be followed in the event of an acquisition of a qualifying holding in a bank.
Whether it is necessary for a bank that plans to expand its business activities to apply for a new or additional authorisation will depend on various factors. These may include, among other things, local requirements as well as the form and extent of the banking authorisation already granted by the competent authority, which may vary from one participating Member State to another. When a bank does intend to expand its business activities, the ECB and/or NCAs (depending on whether the bank is a significant or less significant institution) should be contacted in order to clarify whether a new or additional authorisation is needed.
Regardless of the need for an authorisation, banks expanding their activities are expected to engage early and proactively with supervisors about their plans and about how they will ensure that they will have sufficient systems and controls in place to manage this new business. All requirements in relation to authorisation will of course need to be met on an ongoing basis.
Yes. The ECB and the national supervisors see value in having preparatory discussions with banks interested in establishing or increasing their presence within the euro area. Such discussions are encouraged on issues around your application as soon as you have defined the fundamental elements and narrowed down any options of your transformation or reorganisation plan. In any case, the ECB and the national supervisors start communicating with each other on such applications at an early stage, in order to ensure a smooth process.
Yes, a licence application will be considered by the ECB even without the documentation certifying the existence of the undertaking expected to be authorised. Nevertheless, the respective documentation needs to be submitted during the assessment period.
Please note that the information requirements for the authorisation of credit institutions have been further specified by the European Banking Authority in draft regulatory technical standards published on 14 July 2017, which need to be adopted by the Commission under Article 8(2) of the CRD IV. Consequently, the ECB practice described above may be subject to change, in order to ensure compliance with the respective regulation once it becomes applicable.
It usually takes six months from the applicant providing a complete application for a decision to be taken regarding a licence application. This period may be shorter in cases where the applicant asks for an extension of an existing licence, provided that the national framework allows for such an extension and that there are no supervisory concerns over the existing SSM entity. In any event, a decision must be taken within 12 months of the date of the application. (For detailed information on the common procedures, see Articles 14 and 15 of the SSM Regulation, as well as Part V of the SSM Framework Regulation.) Submitting a complete file of high quality at the outset is in any case crucial to make sure that your application is processed as smoothly as possible. Internal preparation of all relevant documentation before submission of applications is therefore important. Institutions should factor in enough time to prepare the application files.
No. All licensing applications are processed according to the common procedure described above, regardless of the country in which the application is filed (see also the question on how to submit a licensing application).
In general, according to Article 18(a) of the CRD IV, the competent authorities may withdraw the authorisation granted to a credit institution in the event that, among other things, the respective credit institution does not make use of the authorisation, i.e. it does not commence its business operations within 12 months after the authorisation has been granted. However, in some Member States, additional or shorter time frames may apply for the requirement to commence operations once authorisation has been granted. In any case, banks should clearly communicate in the authorisation process when they plan to commence operations. Banks also need to provide a strategy that clearly sets out how they intend to implement the business plan and build up an adequate risk control system.
The acquisition of, or increase in, a qualified holding in a credit institution – as defined in the Capital Requirements Directive – is subject to prior authorisation by the ECB. Like the assessment for granting a banking licence, this assessment is carried out under a common procedure. Therefore, the national supervisor is the entry point to which you should submit a notification. Following close cooperation and consultation with the national supervisor, the ECB will take a supervisory decision on the acquisition of the holding. For a smooth process, applicants should consider engaging in a dialogue with the respective NCA and the ECB prior to the official submission of the notification.
The CRD no longer applies to UK banks after the end of the transition period and EU branches of UK credit institutions will lose their EU “passport”. In order to provide any regulated activities, these institutions need to have an appropriate authorisation.
Banks in the euro area should be capable of managing all material risks potentially affecting them independently and at the local level, and should have control over the balance sheet and all exposures. They should be in a position to respond directly and independently to potential enquiries by the ECB or national supervisors on all activities affecting the bank and provide information swiftly. The governance and risk management mechanisms should be commensurate with the nature, scale and complexity of the business and fully comply with European legislation. Establishing an “empty shell” company would not be acceptable.
Generally, the credit institutions have to ensure, that sufficient staff are located in the supervised entity to run operations, including in both risk management and the front office.
If banks plan on giving more than one role to staff on a temporary or permanent basis, i.e. with staff working for several group entities (“dual hatting”), the ECB and national authorities will carry out a thorough assessment to ensure that sufficient time is spent carrying out such functions in the supervised banks. Organisational structures should not be such that they undermine clear reporting lines and responsibilities within the supervised entity, or lead to possible conflicts of interest. Banks need to establish locally independent functions and controls which report to the local board, for example in the areas of risk control, compliance and internal audit. Certain key roles should not be part of a dual hatting arrangement.
It is important that the management body devotes sufficient time to the consideration of risk issues. The management body has to be actively involved in, and ensure that adequate resources are allocated to, the management of all material risks as well as in the valuation of assets, the use of external credit ratings and internal models relating to those risks. Institutions must also have a risk management function that is independent of the operational functions and that has sufficient authority, stature, resources and access to the management body.
The ECB and the national supervisors believe that the purpose of branches in third countries is to meet local needs. The ECB and national supervisors do not expect that branches in third countries perform critical functions for the credit institution itself or provide services back to customers based in the EU.
The requirements for a well-functioning bank must be in place before an institution takes up any banking activities in the euro area.
From that starting point, to the extent that the institution is then building up its activities over time, it may be possible that some of the additional local capabilities and arrangements are also built up in parallel. Such arrangements may be permitted by the supervisor on a case-by-case basis and if aligned with the bank’s business plan. Any arrangement has to be based on a realistic and detailed business plan for the development of such capabilities, which has to be included in the authorisation application. The following have to be taken into account: the scope and risk of the planned activities; the booking policy and diversification of hedging/trading counterparties; the relocation of resources; the profitability of the SSM entity; reporting capabilities; and the IT infrastructure.
The arrangements should in no case endanger robust internal governance and sound and effective risk management, or mean that capabilities and controls are “running behind the business”.
Notwithstanding any temporary arrangements that they may agree on a case-by-case basis with the supervisor, the ECB and the national supervisors expect banks established in the euro area to have sufficient capabilities in place (including local infrastructure, staff and risk management functions) to manage all material risks locally.
With specific reference to the “back-to-back booking model”, the ECB and the national supervisors would expect (also for possible transitional arrangements allowed on a case-by-case basis) that part of the risk generated by all material product lines should be managed and controlled locally. For market risk, this might mean eventually establishing permanent local trading capabilities and local risk committees, as well as trading and hedging risks with a diversified set of external counterparties. The specific requirements and possible transitional periods will depend, among other things, on the structure of the booking model, the materiality and complexity of the business, the level of intra-group exposures as well as the underlying contractual relations and internal arrangements.
The ECB and the national supervisors assess booking practices (including back-to-back and remote booking) and the associated risks when a licence application is submitted and by carrying out ongoing supervision (monitoring). The booking models of incoming and existing banks should not result in “empty shells”, a reliance on the provision of services from third-country entities or impediments to swift implementation of recovery measures. Banks are also expected to be able to operate sufficiently on a stand-alone basis (i.e. independently of group support). The ECB and the national supervisors assess the extent to which banks meet (or plan to meet) these supervisory expectations when assessing booking models.
Specifically, the ECB and the national supervisors assess whether banks implement (or plan to implement) appropriate local-based governance and risk management frameworks, and employ staff to identify and manage risk originating locally. Particular attention is paid to whether the bank’s local governance framework and staffing infrastructure, as well as risk management capabilities, are appropriate and commensurate with its trading activities, hedging strategies and ability to hedge risk with a diversified set of counterparties, the planned level of access to financial market infrastructure, the level and internal arrangement of intragroup transactions and exposures, and counterparty concentrations and other large exposures.
Supervisory expectations vis-à-vis booking models are applied proportionately according to the materiality and complexity of each individual institution’s activities. This means that large banks, with a high level of interconnectedness and complex capital market operations, are subject to higher supervisory expectations and assessments.
The ECB and the national supervisors expect supervised banks to have robust risk control mechanisms in place in entities established in the euro area. These mechanisms should ensure that the implementation of outsourcing agreements (whether within or outside the group) is properly monitored by the entity’s management bodies and fully compliant with regulatory requirements.
In addition, the operational independence of the supervised bank should not be compromised as a result of the outsourcing of functions or services; appropriate contingency procedures must be in place and regularly tested to ensure continuity in the entity’s business operation. It is also crucial that outsourcing contracts provide for local management and that supervisors have access to full information and the ability to inspect the entity providing the services.
Generally, outsourcing arrangements will be reviewed and assessed by ECB and national supervisors on a case-by-case basis.
As required by Article 7(1) of the Bank Recovery and Resolution Directive (BRRD), EU parent undertakings have to draw up a group recovery plan at the highest level of consolidation within the EU. After the end of the transition period, this plan has to take into account the fact that the UK institution will no longer be the highest EU entity in the group.
Newly authorised credit institutions and existing banks that plan to significantly expand their activities will need to develop a BRRD-compliant EU recovery plan. The plan will need to reflect the obligations set by the relevant competent authority and should be developed in an appropriate time frame, i.e. within three to six months after the start of operations. A clear and detailed project plan on how the management body of the institution intends to fulfil these requirements within the above time frame should be included in the documentation for authorisation.
The grandfathering of internal model permissions in this context is not considered as feasible under the current legal framework.
Under the CRR, the (continued) use of internal models by:
requires the bank to submit a new application for permission.
In the context of the United Kingdom leaving the European Union, there is a limited period in which new euro area banks expanding or migrating from the United Kingdom can use internal models that have not yet been approved by the ECB.
Such agreements, which are subject to strict conditions, have been communicated to the affected banks.
The limited period during which banks can use internal models that are not yet ECB-approved will cease, at the latest, on 30 June 2022 or as soon as the bank’s model application has been approved or rejected by the ECB.
The EBA Opinion on Brexit Issues sets out principles regarding many of the topics also covered in these FAQs. The ECB’s stances are in line with those principles.
For example, the ECB agrees there is a need to maintain high authorisation standards and is planning to carry out a rigorous assessment of applications without any derogations. Institutions will not be allowed to outsource activities to such an extent that they operate as “empty shell” companies and will be required to have local capabilities to identify and manage risk. The ECB’s stance on internal models is also in line with all of the EBA’s principles, e.g. institutions seeking additional internal model permissions should submit the required applications and the EU27 competent authorities may rely on the UK assessment, but should subsequently conduct a review.
If you are a significant institution, you are subject to the ECB’s policy on the supervisory options and discretions available in EU law. The policy is reflected in the ECB Regulation and the ECB Guide on Options and Discretions, which have been applicable since 2016.
To ensure a level playing field and the consistent application of high supervisory standards across the euro area, it was decided to harmonise the exercise of options and discretions for less significant institutions (LSIs) as well. The final legal instruments were published on 13 April 2017.
The general framework on large exposures, as set out in the Capital Requirements Regulation, is to be applied directly by all banks. When it comes specifically to a potential exemption of a large exposure within entities in a group or network in the euro area, you should examine whether the country where you are located has adopted national laws on the exemption of intragroup large exposures, exercising the transitional discretion of Article 493(3) of the CRR.
|Stocktake of national implementation of large exposure limits*|
|ECB OND Regulation applies in countries where Article 400(2) CRR is exercised||ECB OND Regulation does not apply in countries where Article 493(3) CRR is exercised|
|IE, NL, SK, LT, EL, CY, SI, LV||AT, FR, LU, ES, PT, IT , MT, FI, EE, BE, DE|
* Table information as of Q2/2015.
The Supervisory Review and Evaluation Process (SREP) is based on the scope of prudential consolidation within the EU and is carried out taking the consolidated level of the group at EU level into account, thereby assessing the financial situation and risks of all entities within the group. This means that the SREP for the supervised bank will cover the EU parent, but not the third-country parent of a supervised group. The ECB determines the SREP requirements for significant banking groups in the euro area. In case the ultimate parent undertaking in the EU is located in a non-participating Member State, the competent authority in this respective EU country will be responsible for the SREP decision at group level.
The ECB may publish new and/or updated FAQs on supervisory issues on its banking supervision website.