Enforcement, sanctions and reporting breaches
Banks’ compliance with prudential requirements is fundamental to ensuring their safety and soundness and the stability of the financial system. So it is crucial that the competent authorities have the powers to take timely and appropriate action as soon as they have reason to suspect that a supervised entity is not complying with these requirements.
Under the Single Supervisory Mechanism (SSM), the European Central Bank (ECB) was entrusted with specific supervisory tasks concerning the prudential supervision of credit institutions. Other tasks such as consumer protection and the fight against money laundering and terrorist financing remained with the national authorities. The ECB was also given the power to adopt enforcement measures and, within the scope of its supervisory tasks, to impose pecuniary penalties, or fines, on supervised entities for breaches of directly applicable European Union law (including breaches of ECB decisions). The maximum fines that can be applied equate to twice the amount of the profits gained or losses avoided as a result of the breach where those can be determined, or 10% of the bank’s total annual turnover.
The ECB can also ask national competent authorities (NCAs) to open proceedings that may lead to the imposition of:
- non-pecuniary penalties for breaches of directly applicable Union law;
- pecuniary and non-pecuniary penalties for breaches of national law transposing relevant directives (e.g. breaches of governance and remuneration requirements);
- pecuniary and non-pecuniary penalties on natural persons belonging to the entities concerned for breaches of relevant Union law.
So far, the ECB has focused its sanctioning activity on the following areas.
- Capital requirements: adequate levels of capital of sufficient quality are fundamental to ensuring the prudential soundness and safety of credit institutions and, ultimately, the stability of the entire financial system.
- Large exposures: large exposures requirements address credit institutions’ concentration risk. They serve as a tool to limit the maximum potential loss faced by credit institutions, if a client or group of clients were to fail, to a level that would not endanger their solvency.
- Liquidity: the recent financial crisis demonstrated that even when they have adequate capital levels, credit institutions may experience difficulties because they have not managed their liquidity risks prudently. This highlights the importance of liquidity for the proper functioning of financial markets and the banking sector.
- Reporting obligations: it is essential to ensure compliance not only with substantive prudential requirements but also with the related reporting obligations. These enable the competent authorities to make an overall assessment of the risks to which the supervised entities are exposed and exercise their powers accordingly.
- Governance: weaknesses in corporate governance in institutions can contribute to excessive and imprudent risk-taking in the banking sector, which can lead to the failure of individual institutions and potential systemic problems.
By 31 December 2017 the ECB had imposed five penalties amounting to €15.3 million. As required by the SSM legal framework and to ensure that these penalties have a dissuasive effect, the ECB publishes its sanctioning decisions on its website. The ECB also submitted 12 requests to NCAs to open proceedings, which so far have led to total penalties of €5.1 million. In addition to these sanctioning proceedings, the ECB has handled two enforcement proceedings concerning breaches in the areas of large exposures and remuneration. In one case, the credit institution complied with the relevant prudential requirements in the course of the enforcement proceeding.
By taking specific measures when such infringements are detected, the ECB aims to ensure that all supervised entities fully comply with their obligations. However, competent authorities may on occasion face serious difficulties in identifying breaches, especially when deliberate actions are taken to conceal them. To bring these cases of business misconduct to light, the ECB has set up a breach reporting mechanism (BRM) to encourage persons with knowledge of such wrongdoing to report it. The BRM includes a web platform and communication channels within the ECB, and between the ECB and the NCAs, to ensure the smooth sharing of information. By 31 December 2017 the ECB had received about 280 breach reports from whistle-blowers, of which approximatively 200 led to further investigations by its supervisory teams. In about 90 cases, the ECB was able to identify previously undetected breaches of prudential requirements (involving, for example, governance issues). These led to follow-up actions such as requesting documents and explanations from the entity concerned, organising on-site inspections or initiating sanctioning proceedings.