(1) Does BaFin have any formal or informal restrictions on banks domiciled in the United Kingdom (UK) applying for a local subsidiary licence? If so, what are they?
Restrictions resulting from the UK leaving the European Union (EU) would be of a general nature and not directed specifically at UK banks.
(2) Regarding activities like euro clearing, sales and coverage or middle and back office functions, is there a minimum level of activity expected or type of activity not accepted?
Banks must apply for a general licence (for a detailed description of the requirements please see points 3 to 6.1 for the establishment of a subsidiary and point 6.1 for the establishment of a local branch within the Guidance notice on the granting of authorisation to conduct banking business pursuant to section 32 (1) of the German Banking Act as at 31 December 2007 (Merkblatt über die Erlaubnis zum Betreiben von Bankgeschäften gem. § 32 Abs. 1 KWG). This document is currently only available in German.
(3) Does BaFin have any preference as to whether the bank uses/converts an already existing branch or establishes a new subsidiary?
From BaFin's point of view both are possible. The decision depends on the interests and aims of the individual bank. The current situation is that using the EU passport would no longer be an option after the UK leaves the European Economic Area (EEA). This creates an authorisation requirement as well as making it necessary to satisfy the supervisory requirements that exist under both European and German law.
(4) Is the application process different in case of converting an already existing branch compared to the establishment of a new subsidiary?
In both cases authorisation must be granted pursuant to section 32 of the KWG. The advantage of converting an already existing branch is that the application process could possibly be accomplished more quickly, provided BaFin is familiar with the main features of the business model of the new subsidiary/branch due to the already existing branch.
(5) What is the expected timeframe/the expected average time to complete the application and authorisation procedure?
If the new credit institution is a CRR credit institution within the meaning of Article 4(1) of Regulation (EU) No 575/2013 (Credit Requirements Regulation – CRR), the common supervisory procedures apply in accordance with Article 14 of Regulation (EU) No 1024/2013 (SSM Regulation). The authorisation procedure to be carried out with the ECB takes six to twelve months on average, depending on the quality of the submitted documents. (For information on the required content of the application see point 5, and for information on branches in Germany see also point 6.1 on pages 14 and 15 of the Guidance notice on authorisation to conduct banking business pursuant to section 32 (1) of the German Banking Act as at 31 December 2007 (Merkblatt über die Erteilung einer Erlaubnis zum Betreiben von Bankgeschäften gem. § 32 Abs. 1 KWG, only available in German). To accelerate the process, it is advisable for institutions to contact BaFin at an early stage as this is the best way to ensure completeness of the documents. In case many banks file an application at the same time, BaFin will adjust its personnel capacity accordingly in consultation with the Bundesbank.
(6) Given that the precise nature of the EU-UK treaty is yet to be determined, has BaFin already taken a stance with regard to the establishment of local banks which are subsidiaries of UK banks?
BaFin has not taken a position on this question yet. However, applications of UK banks will not be treated any differently to applications of banks from other third countries.
(7) Where can we find information on the prudential organisational requirements on risk management and outsourcing (in addition to commercial law)?
Section 25a of the German Banking Act (Kreditwesengesetz – KWG) is the legal basis for bank-specific organisational requirements. Further requirements on outsourcing arrangements can be found in section 25b of the KWG.
BaFin makes public its interpretations of the requirements laid down in sections 25a and 25b of the KWG in its circular Minimum Requirements for Risk Management (Mindestanforderungen an das Risikomanagement – MaRisk). Section AT 9 (AT = Allgemeiner Teil or general part) of the MaRisk is dedicated to the management of outsourcing arrangements.
- The current version of the MaRisk is only available in German.
The MaRisk are applicable to all significant institutions (SIs) and less significant institutions (LSIs) in Germany. This includes all subsidiaries in Germany and branches of banks domiciled outside the European Economic Area (EEA). The MaRisk do not apply to branches of banks domiciled within the EEA (see AT 2.1 of the MaRisk).
(8) Management and resources: what are the minimum requirements with regard to local management, risk and supervisory functions as well as the approvals processes?
The institution's management must satisfy the requirements of section 25c (4a) of the German Banking Act (Kreditwesengesetz – KWG) and must ensure that the institution is in compliance with European and national requirements regarding proper business organisation and adequate risk management. The institution's risk management must be designed independently of the nature, scale, complexity and riskiness of its business activities. Pursuant to section 25a of the KWG, it is the responsibility of the institution to establish an adequate and proportional design of its internal risk management. The Minimum Requirements for Risk Management (Mindestanforderungen an das Risikomanagement – MaRisk) specify the requirements of section 25a of the KWG. The requirements are principle-based and can be applied proportionally to all banks in Germany (including small and specialised institutions). When it comes to supervision of the significant institutions, compliance with these minimum requirements is monitored by the joint supervisory teams (JSTs). These are made up of employees of BaFin, the Deutsche Bundesbank, the European Central Bank (ECB) as well as other national competent authorities as required. In accordance with the principle-based approach, the JSTs can place requirements on the institutions which go beyond these minimum requirements.
Part of an adequate risk management system is determining strategies, in particular determining a business strategy that is aimed at sustainable development of the institution and a risk strategy that is consistent with this, the establishment of processes relating to the planning, implementation, assessment and adjustment of strategies as well as procedures to calculate and safeguard internal capital adequacy, which are to be based on a conservative determination of risks and of the available risk coverage potential.
In addition, internal control procedures with an internal control system and an independent internal audit function as well as an independent risk control and compliance function must be established. The special functions of risk control, compliance and internal auditing must be adequately equipped both in terms of personnel and technology. Furthermore, these functions must also be granted a full, unlimited right to information.
Absolute prerequisite is that the management board members in the German entity are trustworthy and have the necessary professional qualifications pursuant to section 25c (1) of the KWG (see point 3 on pages 6 and 7 as well as point 6.1 on page 14 (for a local branch) of the Guidance notice on authorisation to conduct banking business pursuant to section 32 (1) of the KWG as at 31 December 2007 (Merkblatt über die Erlaubnis zum Betreiben von Bankgeschäften gem. § 32 Abs. 1 KWG, only available in German) as well as a minimum of organisational structure (see also point 3 on page 7 ibid.), which is guaranteed by internal control mechanisms (see point 5 on page 11 ibid.). The management board members must also dedicate sufficient time to performing their duties and are subject to legal restrictions regarding the number of other directorships they may hold on administrative and supervisory bodies pursuant to section 25 (2) of the KWG. Furthermore, the business has to be reflected in the balance sheet (see point 5 on page 11 as well as point 6.1 on page 15 ibid. for a local branch) and in the internal capital adequacy assessment process (ICAAP) / the internal liquidity adequacy assessment process (ILAAP).
All managers are responsible – irrespective of their internal competencies – for ensuring that the company has a proper business organisation and that this organisation is developed further. Their duties include the enacting of principles of proper business organisation which guarantee due care in management of the institution and, in particular, the establishment of separation of duties in the institution's organisation as well as measures to prevent conflicts of interest. They must also ensure that these principles are implemented. The managers must monitor and regularly evaluate the principles they have enacted.
(9) Will Brexit make the outsourcing of products and activities more difficult?
In general, outsourcing of activities and processes outside the EU/EEA is possible. National requirements on outsourcing within Germany do not fundamentally differ from requirements on outsourcing to non-EU countries. They also are in keeping with the fundamental view in the SSM, which is influenced by the relevant CEBS Guidelines on Outsourcing. Nevertheless, certain limits apply to outsourcing where the core banking areas and controlling functions (risk controlling, compliance, internal auditing) are affected. EU banks are to essentially have their own controlling functions, which are to be staffed appropriately in both quantitative and qualitative terms. Complete outsourcing of these functions, e.g. to the corporate base in London, is therefore not possible. The same applies to important front-office and back-office functions (credit business, trading business). In any case, institutions must comply with the requirements on outsourcing management and monitoring (see AT 9 of the MaRisk). Compliance is analysed on a case-by-case basis.
(10) Are national organisational requirements in line with internationally accepted requirements?
The requirements for proper business organisation and appropriate risk management pursuant to section 25a of the German Banking Act (Kreditwesengesetz – KWG), which have been specified in the Minimum Requirements for Risk Management (Mindestanforderungen an das Risikomanagement – MaRisk), are implemented by the corresponding provisions of the Capital Requirements Directive (CRD). The MaRisk are based on both national experience (supervisory practice since 2002) and international publications by the Committee of European Banking Supervisors (CEBS) / the European Banking Authority (EBA), the Basel Committee on Banking Supervision (BCBS), the European Systemic Risk Board (ESRB) and the Financial Stability Board (FSB). Slight deviations exist where the MaRisk formulate minimum requirements which are applicable to all German banks (i.e. also very small, specialised and less complex institutions). The MaRisk formulate principles all banks have to comply with and BaFin expects large and complex institutions also to take into consideration the applicable international requirements/guidance (where banks see contradictions they should contact BaFin).
The Single Supervisory Mechanism (SSM) may publish further non-binding guidance on risk management (see for example the consultation on guidance for banks on dealing with their non-performing loans (NPLs). BaFin does not expect contradictions, but if there are doubts, it is open for discussions.
(11) Is there a special outsourcing notification/authorisation process?
In Germany, there is no formal ex-ante notification/authorisation requirement for outsourcing arrangements. Nevertheless, banks are encouraged to inform supervisors before they outsource material activities or processes.
Moreover, there is a formal indirect ex-post notification procedure for material outsourcings (see section 9 (3) and appendix 4 of the German Audit Report Regulation (Prüfungsberichtsverordnung – PrüfBV). According to the regulation, the external auditors of the annual financial statements are obliged to list all material outsourcings and to provide basic information on the outsourcing arrangements in the annual audit report.
(12) What are the fundamental concerns of BaFin with regard to outsourcing arrangements, i.e. the objectives of organisational requirements on outsourcing arrangements?
There are two major concerns when institutions begin to outsource material activities or processes. First, a potential loss of control of the institution itself has to be prevented. Outsourcing might negatively influence management board members' ability to control and manage the proper conduct of the institution's business in a responsible manner due to a lack of knowledge of and influence on the services outsourced. In addition, outsourcing might result in dependency on the companies to which the services are outsourced.
Furthermore, supervisory authorities could be hindered in their ability to monitor the supervised entities if they do not have access to information. Consequently, the institutions are required to guarantee inspections and information rights (see section 25b of the KWG and guideline 4 of the CEBS/EBA guidelines on outsourcing).
(13) What are the views of BaFin on centralised risk management (and booking) in the UK or elsewhere?
BaFin is aware that it can make sense for banks to make use of established risk management processes on the one hand and to implement centralised risk management at the group level, e.g. for market risks, on the other hand. Nevertheless, BaFin places great importance on institutions setting up and maintaining appropriate governance structures and a functioning risk management system which ensure sufficient capital resources as well as ensuring that risk management is performed independently of entities in foreign countries. This means that the competent supervisory authorities must critically examine the booking models used and ensure that neither the responsibility of the local management nor the independent risk management and monitoring system are negatively influenced.
The course pursued within the SSM includes the following requirements:
- An appropriate risk management system is in place at the level of the EU bank. In particular, this includes a functioning risk control function with sufficient quantitative and qualitative human resources which ensure that the risk management system takes account of all material risks (including market risks) at the level of the EU bank.
- The autonomy and independence of the EU bank must be ensured. The EU bank must be able to exercise autonomous, effective control over the risks entered into and over the balance sheet structure. Accounting practices must not lead de facto to empty corporate shells.
- A significant portion of the market risk is to be managed and monitored by the EU bank.
See also question 8 for more details on governance structures and risk management.
(14) What are the views of BaFin on a transitional period to be in line with organisational requirements?
BaFin welcomes an approach where branches of UK banks would expand their internal risk management capacities before Brexit. They would thus continuously reduce their dependence on group risk management, becoming autonomous in the process, and be able to fulfil all requirements when Brexit occurs.
For newly established subsidiaries within the eurozone, a higher level of outsourcing and dependence on group risk management would not be acceptable in the long term. In this case, institutions would have to deliver a business plan explaining how they intend to comply promptly with the SSM requirements, and then quickly begin to set up their risk management arrangements within the German entity. Excessive dependence on other group entities by way of outsourcing solutions is to be avoided at any rate.
In any case, a business plan should be discussed between the institution and supervisory authorities (ECB, BaFin, Deutsche Bundesbank). Moreover, especially in the beginning, the UK Prudential Regulation Authority (PRA) should be involved.
(15) Which aspects have to be considered concerning booking models?
This depends on the specific design of the booking model:
In principle, booking models are permitted to a certain extent. However, they are subject to a critical analysis by the supervisory authorities. In addition, they must not lead to a complete transfer of risk (especially market risks). See also question 13 for more information on this.
Depending on the scope and riskiness of the business activities involved, the (market) risks must be managed and monitored appropriately by the entity in Germany in accordance with the Minimum Requirements for Risk Management (Mindestanforderungen an das Risikomanagement – MaRisk). In addition, the counterparty risks must be given consideration in the German entity's internal capital adequacy assessment process (ICAAP) (the concept of individual responsibility also applies to subsidiaries). Letterbox companies with a banking licence are not in line with national supervisory law (see the MaRisk for specific requirements/principles).
With regard to the Pillar 1 capital requirements for market risks, there are no particularities that must be considered: a German subsidiary must meet the requirements of the applicable Capital Requirements Regulation (CRR) to cover market risks, unless these are secured by intra-group back-to-back transactions. Precisely which rules will be applied will not be clear until the CRR has been revised in relation to the new rules on market risk. However, with regard to the application of the new standardised approach pursuant to the Basel Committee's Fundamental Review of the Trading Book (FRTB) in particular the capital requirements for market risks are expected to be manageable, since the new standardised approach largely takes account of the hedging effect of back-to-back transactions, especially for plain vanilla transactions.
Neither are there any particularities regarding the liquidity requirements contained within the CRR. The liquidity risks arising from transactions are to be addressed by complying with the liquidity coverage ratio (LCR) and with the internal liquidity risk management system at the level of the EU bank.
With regard to the Pillar 1 own funds requirements for credit risk, it should be noted that pursuant to Article 113(6) of the CRR a zero risk weight can only be applied to exposures to counterparties which belong to the institution's group and are located in the same Member State as the institution; therefore a privileged treatment of cross-border exposures is ruled out.
(16) How would BaFin assess the internal models which are approved by the Prudential Regulatory Authority (PRA)?
Internal models for calculating supervisory capital requirements for credit, counterparty and market risk which have already been approved by the PRA may, once an appropriate application has been submitted, continue to be used temporarily for COREP reporting, for an as yet undetermined period of time. The transitional provisions will be used for supervisory procedures (examination of applications, supervisory visits and inspections) so that there is a reliable basis for the necessary decisions regarding the authorisation of the models concerned until the transitional provisions end. Depending on the scope of the changes to the methodology, the processes and the organisation, BaFin may rely on the previous assessment of the PRA when examining the model's suitability.
The necessary preconditions for internal models approved by the PRA to continue to be used temporarily in this way are:
- an application for permission for the model
- proof of a comparable model application granted by the PRA
- binding agreements being concluded guaranteeing that focussed supervisory consultations and on-site inspections of the degree of maturity and implementation of the models will be conducted promptly, and committing to the timely integration into BaFin's ongoing model supervision to the greatest extent possible.
BaFin reserves the right to take supervisory measures if weaknesses are identified in the model.
Pursuant to Article 6(4) of Regulation (EU) No 1024/2013 (SSM Regulation), as a national competent authority BaFin is responsible for granting authorisation for the models of less significant institutions. The ECB itself can also exercise responsibility for the supervision of a less significant institution pursuant to point (b) of Article 6(5) of the SSM Regulation. The responsibility for granting authorisation for models for MiFID investment firms lies exclusively with BaFin.
Regardless of the formal competence (SI/LSI), and notwithstanding the procedure described above, a decision regarding authorisation is to be made when the transitional provisions end.
The following applies here: a risk model for the calculation of own funds requirements which must be authorised by the competent authority pursuant to Articles 92 to 386 of Regulation (EU) No 575/2013 (own funds calculation approach subject to authorisation pursuant to section 3 of the German Solvency Regulation (Solvabilitätsverordnung – SolvV)) does not enjoy any grandfathering provision with regard to the authorisation of the model when the latter is transferred to another jurisdiction. In addition to the suitability of the mathematical methods, the suitability of the processes associated with the model constitutes a further essential condition for supervisory authorisation to be granted.
This is because certain processes, the organisation and persons involved also change as the model is transferred. For both formal and material reasons, therefore, an initial authorisation of the model will be necessary. Model authorisation can be granted upon application pursuant to section 2 of the SolvV subject to the requirements for the respective approaches as laid down in sections 3 to 23 of the SolvV (prior suitability examination in accordance with section 44 (1) sentence 2 of the KWG among others).
(17) Does BaFin have any experience with the authorisation procedure of the ECB? In case of expanding its business activity, when is a bank classified as an SI and how in cooperation with the ECB is the classification procedure carried out?
If the new credit institution is a CRR credit institution within the meaning of Article 4(1) of Regulation (EU) No 575/2013 (Credit Requirements Regulation – CRR), the common supervisory procedures apply in accordance with Article 14 of Regulation (EU) No 1024/2013 (SSM Regulation). This means that the decision on the granting of authorisation to a credit institution is made by the ECB Governing Council after submission of the draft decision by the ECB's Supervisory Board on the basis of a draft decision of BaFin. The supervisory decision is issued to BaFin, which passes it on, together with the fee notice, to the applicant.
BaFin promptly informs the ECB about the application submitted and provides the ECB with all the associated documentation. BaFin reviews the documents submitted and, in close coordination with the corresponding bodies in the ECB, issues a draft decision on the basis of the application documents submitted in full. It then forwards this draft decision to the ECB. The ECB undertakes its own review, making a determination in the SSM Supervisory Board in relation to a draft decision transmitted by BaFin in principle within ten working days of receipt pursuant to Article 14 of Regulation (EU) No 1024/2013.
The duration of this procedure depends on the extent of remarks and amendments by the ECB in the coordination process.
We recommend getting in touch with us early on in order to make the authorisation procedure as smooth as possible.
If a bank intends to expand its business activities, the ECB reviews the submitted business plan and decides if and at what time (concrete date) the credit institution will be categorised as an SI. The total asset threshold of EUR 30 billion is merely one of several criteria in this respect. Exceptions are possible under special circumstances and subject to relevant argumentation on the part of the institution.
(18) Does BaFin recommend that UK banks address the ECB before lodging the application with BaFin?
If it can be foreseen from the outset that the new institution is a significant institution (SI), it certainly makes sense to initiate joint preparatory discussions via BaFin. However, the official application process envisages the submission of the application to the competent national supervisory authority, in this case BaFin. BaFin maintains regular, trustful communication with the ECB and will promptly pass on important information to the latter. This includes early, proactive interaction in all authorisation procedures.
(19) Regarding a future post-Brexit application, could BaFin take into account that UK banks are currently domiciled in an EU member state?
Subject to consent of the ECB, BaFin can consider granting authorisation with effect from the date of the potential withdrawal of the UK from the EU.
(20) What is the assessment of BaFin if a bank plans to establish a branch in combination with a new or already existing subsidiary in Germany?
Both the subsidiary and the branch of a bank domiciled outside the European Economic Area (EEA) require authorisation in accordance with the German Banking Act (Kreditwesengesetz – KWG) since the branch is considered to be a separate legal entity under German supervisory law. (Please see questions 7/8 of these FAQs for the minimum requirements with regard to local management, risk and supervisory functions as well as the approvals processes.)
(21) Large exposures: what is the German approach towards large exposure exemption for affiliates pursuant to section 2 of the German Regulation Governing Large Exposures and Loans of €1 Million or More (GroMiKV)?
The relevant framework for cross-border intra-group exemptions for large exposures is the Regulation Governing Large Exposures and Loans of €1 Million or More (Groß- und Millionenkreditverordnung – GroMiKV). This regulation implements the Member States' discretion pursuant to Article 493(3)(c) of the CRR.
According to section 2 (2) no. 2 of the GroMiKV, 75% of the value of cross-border intra-group exposures is exempted from the calculation of the utilisation of the large exposures limit, i.e. put positively, there is a reduced weighting of only 25%. The prerequisite is that the affiliate is covered by supervision on a consolidated basis in accordance with the CRR or with equivalent third-country standards to which the institution itself is subject. In other words, this leads to a general upper limit for cross-border intra-group exposures of 100% of the institution's eligible capital.
In addition, upon request of the institution BaFin can permit on a case-by-case basis the exemption of 93.75% of the exposure value, i.e. BaFin can permit a further reduction of the weighting to 6.25% (see section 2 (3) of the GroMiKV. In relation to the institution's eligible capital this translates to a maximum limit of 400% of the institution's eligible capital for cross-border intra-group exposures. In addition to the requirement of consolidated supervision in accordance with the CRR or with equivalent third-country standards mentioned above, the institution must demonstrate according to the current rules text that the exemption is necessary for the intra-group liquidity supply and that it would not create an inappropriate concentration risk. Please note that BaFin is conducting a public consultation until 12.07.2017 for amending this provision (see link). BaFin proposes to insert in section 2 (3) of the GroMiKV “for purposes of centralised risk management” as further reason for granting the further reduction of the weighting to 6.25%.
In this context, it might be worth mentioning the provisions of Article 395 (5), 397 CRR that allow trading book positions to exceed the large exposures limit if an additional own funds requirement is met. According to BaFin´s understanding these provisions are not applicable to exposures stemming from counterparty credit risk.
In order to determine the equivalence of a third-country standard for the purposes of section 2 of the GroMiKV, an institution may apply the list of third countries and territories set out in Annex I of Commission Implementing Decision (2014/908/EU) of 12 December 2014 on the equivalence of the supervisory and regulatory requirements of certain third countries and territories for the purposes of the treatment of exposures according to Regulation (EU) No 575/2013 of the European Parliament and of the Council as amended by Commission Implementing Decision (EU) 2016/2358 of 20 December 2016. Among others, the United States of America are included in this list.
Section 2 of the GroMiKV applies in Germany to both significant and less significant institutions within the meaning of Regulation (EU) No 468/2014 of the European Central Bank. Regulation (EU) 2016/445 of the European Central Bank of 14 March 2016 on the exercise of options and discretions available in Union law, here Article 400(2)(c) of the CRR, is not applicable (see Article 9(7) of Regulation (EU) 2016/445 of the European Central Bank of 14 March 2016).
Section 2 of the GroMiKV applies during the period mentioned in Article 493(3)(c) of the CRR, i.e. until the entry into force of any legal act following the review in accordance with Article 507, but not after 31 December 2028.
(22) Which aspects have to be taken into consideration regarding the decision between expanding an existing bank in Germany or establishing a broker-dealer business?
Even though a broker-dealer only requires authorisation pursuant to the Markets in Financial Instruments Directive (MiFID), unlike a bank a broker-dealer may not conduct deposit business.
The advantage of expanding the existing bank which already has authorisation as a CRR credit institution lies in the fact that the bank then does not have to go through any new authorisation procedure.
According to the legal requirements in place, the timeframe for granting authorisation for a new broker-dealer must not exceed six months. The specific timeframe that will apply depends ultimately on the quality of the documents submitted and on the complexity of the business model. Experience has shown that regular contact between BaFin and the entity making the application can accelerate this process.
(23) What are the requirements for and what is the role of recovery and resolution plans in authorisation application and/or model approvals?
Pursuant to the German Recovery and Resolution Act (Sanierungs- und Abwicklungsgesetz – SAG), which transposes the European Bank Recovery and Resolution Directive (BRRD) into German law, all CRR credit institutions and CRR investment firms ("institutions") are required to draw up and maintain recovery plans. If an institution is part of a group, a group recovery plan has to be drawn up by the superordinated undertaking. (According to section 10a of the German Banking Act (Kreditwesengesetz – KWG) superordinated undertakings are CRR institutions which pursuant to Article 11 of Regulation (EU) No 575/2013 are required to carry out consolidation as well as institutions which pursuant to section 1a of the KWG in conjunction with Article 11 of Regulation (EU) No 575/2013 are required to carry out consolidation.)
1. Scope of application of recovery planning requirements for foreign banks in Germany
a. Foreign banks that have a subsidiary in Germany
- German subsidiaries of institutions domiciled in the European Union
Pursuant to the SAG and the BRRD, the Union parent institution is required to draw up a group recovery plan that also covers all material subsidiaries and branches. An individual recovery plan with respect to the German subsidiary is therefore generally not required. (An individual recovery may be requested if the college of supervisors agrees on this request which is to be expected only in exceptional cases.)
- German subsidiaries of institutions established in third countries
If the German subsidiary of a third country institution is a CRR credit institution or a CRR investment firm it is required to draw up an individual recovery plan under German law. This requirement applies irrespective of whether the parent institution is also required to draw up a group recovery plan under the law of the country of its domicile.
b. Foreign banks that have a branch in Germany
- German subsidiaries of institutions domiciled in the European Union
These branches are not required to draw up recovery plans by law (section 1 no. 4 of the SAG).
- German branches of institutions domiciled in third countries
These branches are not required to draw up recovery plans. They are not deemed to be CRR credit institutions or CRR investment firms under German law (section 53 of the KWG).
2. Content of recovery plans
Institutions that are not deemed to be potentially systemically important (PSIs) – as determined by BaFin and the Deutsche Bundesbank – may apply simplified obligations to recovery plans. Simplified obligations are expected to apply to the vast majority of foreign banks. Details on simplified obligations will be contained in a regulation that the German Ministry of Finance will issue in the first half of 2017. This regulation will also contain requirements for recovery plans that are subject to full obligations. In particular this regulation will implement EBA Guidelines on recovery planning into German law. Further requirements on the content of recovery plans are contained in the directly applicable Commission Delegated Regulation EU 2016/1075.
3. Procedures and timing
Institutions are obliged to draw up recovery plans after they have received a written request from BaFin.
If simplified obligations apply, institutions will have 12 months to draw up the first recovery plan after the written request from BaFin. If full obligations apply, institutions will have to draw up the recovery plan within six months. Institutions may apply for an extension of up to six months.
In Germany recovery planning is an iterative process for which BaFin and the Deutsche Bundesbank offer support to institutions, for example by organising institution-specific workshops.
(24) To what extent does BaFin already also require documents on recovery planning as part of the authorisation process (given the fact that BaFin and the Bundesbank are more cautious than the ECB in their policy stances)?
If the German subsidiary of a third-country institution is a CRR credit institution or a CRR investment firm, it is required to draw up an individual recovery plan under German law. This requirement applies irrespective of whether the parent institution is required to draw up a group recovery plan under the law of its home country. However, it has not yet been conclusively clarified when the recovery plan has to be submitted; in this respect, the documents of the ECB are also contradictory. Since, however, the ECB makes the final decision about the authorisation of an institution, it is theoretically necessary to wait for a final stance from the ECB. Nevertheless, it can be expected that the banks will have to submit the plans no later than within six months of their authorisation being granted and will have to demonstrate at the time of submission how they intend to achieve this goal (project plan)
(25) Institutions which have their registered office in the UK maintain branch offices in different EEA countries. It is to be ensured that it is possible for the hitherto existing branch offices to continue operating, henceforth as branch offices of the German head office, following the granting of authorisation by BaFin or the ECB pursuant to section 32 of the KWG. At what point should the reporting process pursuant to section 24a of the KWG be initiated?
Due to the different processes and regulations applied in BaFin’s Securities and Banking Supervision directorates, the guidance to be followed differs in some aspects:
For CRR credit institutions, only once authorisation pursuant to section 32 of the KWG has been granted can the report pursuant to section 24a of the KWG be forwarded to the competent authorities. However, it is possible for the report pursuant to section 24a of the KWG to be submitted shortly before the respective authorisation procedure has been completed to ensure that it is forwarded promptly. With regard to the necessary information for the reporting procedure pursuant to section 24a of the KWG, please refer in particular to the forms and processes of Commission Implementing Regulation (EU) No 926/2014 of 27 August 2014. The processing time for the report is up to four weeks from the date on which the report is received (as a rule, this is on a first come, first served basis).
Experience has shown that because of the conditions to be met by the host supervisor it can take up to another eight weeks from when the report is forwarded until banking business can commence. Former EEA branch offices of the UK sister or parent company should therefore only be merged with the new bank a few weeks after the authorisation has been granted, as it is sometimes necessary for commercial register entries and memberships to associations to be organised and registration numbers or IBANs to be granted by the host supervisor, without which it is not possible to conduct banking business (please check the particularities in the respective host country yourself in good time). During the transitional period, the services must continue to be provided under the name and licence of the UK institution.
For securities trading firms, a report pursuant to section 24a of the KWG can be submitted at the same time as the application for authorisation or at any later point in time in order to ensure that the report can be forwarded promptly. However, in these cases the time limits for the home supervisor only formally begin once the authorisation is granted. For notifications pursuant to Articles 34 and 35 of the MiFID, ESMA has developed regulatory standards, although these have not yet been published in the Official Journal.
With regard to the processing time for reports pursuant to section 24a of the KWG, we endeavour to process these as quickly as possible.
Both for CRR credit institutions and for securities trading firms, regardless of when you initiate the reporting procedure pursuant to section 24a of the KWG, you should communicate in your application for authorisation the scale of the cross-border services you intend to provide and the extent to which you intend to establish branch offices.
(26) Authorisation pursuant to section 53 of the German Banking Act (Kreditwesengesetz – KWG): request for third-country branch, authorisation, process
- Can the request for the third-country branch already be submitted (or as soon as it is clear that the documents for the subsidiary are satisfactory and can be used as far as possible) and
- will the authorisation then be granted as at the day of Brexit (or even later, if the negotiations are not concluded by then)?
- Should the process involve the PRA, as it is the case with the passporting processes?
From BaFin's point of view, an application pursuant to section 32 in conjunction with section 53 of the KWG with regard to the branch of a CRR credit institution domiciled in the UK can already be submitted for all planned banking activities.
When issuing a notice in this regard, BaFin may add the pertinent ancillary provisions that make sure that the notice becomes effective only upon the UK's exit from the EEA (e.g. condition precedent).
The procedure pursuant to section 53 of the KWG does not depend on the PRA, unless the applicant wants BaFin to receive documents from the PRA. This must be seen to by the applicant.
(27) What is BaFin’s stance regarding the same person taking on the general management of both the subsidiary and the branch (provided that on conflicts of interest and time availability exist)?
In general, section 25c (2) of the KWG applies in cases where a subsidiary is to be established as well as in cases of a branch within the meaning of section 53 of the KWG. It should be noted that the provisions of section 25 (2) of the KWG on the restriction of the number of directorships apply only when either the new subsidiary or the branch is significant within the meaning of section 25c (2) sentence 6 of the KWG. The possibility of the parent company or company operating the branch being significant is not relevant in this context. The branch can only be deemed significant within the meaning of section 25c (2) sentence 6 of the KWG when the average value of its balance sheet total for the last three financial years reaches EUR 15 billion. As for the new subsidiary to be established, the other possibilities listed under section 25c (2) sentence 6 of the KWG also apply (direct ECB supervision, categorisation as having the potential to pose a systemic threat, financial trading institution).
If the provisions restricting the number of directorships apply, i.e. either the branch or the new subsidiary to be established are significant, a member of the management board may hold only one such directorship and no more than two directorships in administrative or supervisory bodies at the same time. Due to the possibility of privileged counting of directorships pursuant to section 25c (2) sentence 3 of the KWG, this may in practice also include several directorships in the management board. The question of whether the directorship in the management board of the branch within the meaning of section 53 of the KWG and the directorship in the management board of the newly established subsidiary can be counted as one directorship, provided the companies belong to the same group of institutions, can only be answered on a case-by-case basis and requires the specific knowledge of the group's structure. In such cases, however, such possibility of privileged treatment cannot generally be ruled out from the outset. For further information, please refer to the Guidance Notice on management board members pursuant to KWG, ZAG and KAGB.