Navigating the EU financial regulatory landscape: 10 key developments in 2024

The EU banking package, implementing the final Basel III measures often referred to as Basel IV or Basel III.1, is expected to be adopted by the EU Parliament in April 2024, following the completion of the trilogue process in December 2023. The Capital Requirements Regulation (CRR) III, likely taking effect from January 2025, and the Capital Requirements Directive (CRD) VI, having an implementation deadline of 18 months, introduce not only Basel’s capital requirements, but also various other changes in banking supervisory law. Among the numerous changes, we’d like to highlight in particular the comprehensive requirements on ESG (see our blogpost), the treatment of third-country branches (described in our blogpost), the introduction of an ‘output floor’, the prudential, reporting and disclosure requirements relating to crypto assets (more details in our briefing), the notification requirements for M&A transactions, and new rules on fit & proper assessments.

Proposed amendments to strengthen EU bank crisis management and deposit insurance (CMDI) are also underway. The CMDI package entails wide-ranging changes to the second pillar of the Banking Union, the European resolution regime, introducing adjustments to the Bank Recovery and Resolution Directive (BRRD), the Single Resolution Mechanism Regulation and the Deposit Guarantee Scheme (DGS) Directive. The primary focus is on addressing financially distressed medium and small banks with regional business models, often resolved under national (insolvency) regulations outside the existing EU resolution regime – to ensure a more uniform application of the resolution regime for all banks in the EU, regardless of size, business model or deposit insurance setup. In addition to the expansion of the scope of resolution regime, the proposal introduces the so-called ‘DGS bridge’, which allows the contribution from national deposit guarantee schemes to count towards the 8 per cent threshold for accessing the Single Resolution Fund. Also, a single-tier depositor preference is proposed. The legislative timeline for the EU process is yet to be determined, with trilogue negotiations expected to commence later in the year (for further details check out our blogpost).

The Credit Secondary Market Directive, effective since 2021, is a response to the financial market crisis and aims to relieve banks’ capital requirements for NPLs. The directive had to be transposed into national law until December 2023 – however, only some jurisdictions like Germany have transposed the directive on time, with the new rules applying from 2024. NPLs involve, among others, payments 90 days overdue with doubts about full repayment. The new regime aims to create a uniform framework for credit purchasers and credit sellers of NPLs, harmonises the requirements for credit servicers and strengthens borrower rights. Among the many changes, it should be highlighted that credit services will be required to obtain a license if they offer credit services in connection with an NPL such as the collection and enforcement of claims, the renegotiation of contractual terms or the processing of complaints. 

The EU’s AML package, proposed over two years ago, is expected to be finalised by the end of February 2024. The package includes the sixth Anti-Money Laundering Directive (AMLD VI), an AML Regulation (AMLR), and the establishment of the EU Anti-Money Laundering Authority (AMLA). The AMLA will serve as a central hub coordinating the enforcement of anti-money laundering regulations, directly supervising certain credit and financial institutions, including crypto asset providers, which are deemed high-risk across at least six member states (see our blogpost). While the AMLA will have supportive oversight for non-financial sector entities, banks are advised to familiarise themselves with forthcoming AML regulations, including definitions of obliged entities, diligence requirements, and internal security measures. The AMLA’s location, however, remains undecided, with a vote expected in February.

The EU Commission also introduced a comprehensive legislative package, known as the ‘Retail Investment Strategy’, in May 2023 which aims at revising the second Markets in Financial Instruments Directive (MiFID II), Insurance Distribution Directive (IDD), UCITS/AIFM Directive, and PRIIPs Regulation. The strategy seeks to enhance the protection and trust of retail investors in the capital market, addressing concerns such as high costs and inadequate value for money. Proposed changes include a new ban on inducements in non-advisory services and replacing the ‘Quality Enhancement Test’ with a ‘Best Interest Test’ in relation to non-independent advisory services. Product oversight requirements for manufacturers and distributors, adjustments to appropriateness and suitability assessments, stricter rules on customer information and marketing, and eased criteria for classifying customers as professional clients are also part of the strategy. Currently undergoing the legislative process, the EU Commission’s proposal faces amendments proposed by the ECON, with trilogue negotiations expected in Q3/Q4 2024, and a final version anticipated by the year’s end (more in our blogpost).

In 2024, trilogue negotiations are expected to commence for the revision of the second Payment Services Directive (PSD II), as proposed by the EU Commission in June 2023. The proposal aims to address the evolving payment services market and the increase in electronic transactions, fuelled in part by the COVID-19 pandemic, and includes two significant modifications: the creation of separate legal acts in the form of a new directive on payment services and e-money services (PSD III) and a new regulation (Payment Services Regulation (PSR)). Additionally, PSD II will be merged with the E-Money Directive to streamline the regulatory framework for payment and e-money institutions. Moreover, the package introduces measures to combat rising fraud cases, including enhanced liability and transparency rights for consumers. It also mandates an IBAN-name-check and expands the range of penalties and supervisory powers for authorities. The PSR will be directly applicable across EU member states, contributing to the harmonisation of payment services regulation in the EU (see for further details our blogpost).

The EU Commission’s proposal for FIDA, also released in June 2023, accompanies the revisions to PSD II (explained above) and the introduction of the digital euro (described below). FIDA expands the existing open banking framework under PSD II to include access to all financial data (‘open finance’), aligning with the EU's efforts to empower new technology-driven business models. The framework sets requirements for financial institutions possessing customer data (data holders) and those with customer permission to access such data (data users), including specialised financial information service providers which will need to obtain a license and be subject to specific organisational requirements. FIDA also requires data holders to promptly provide requested data to customers and data users for agreed-upon purposes only, with strict security measures. The proposal encompasses various forms of B2B and B2C information and data, excluding certain sensitive information. FIDA will undergo the regular legislative process in the EU in the coming year (see our blogpost).

The European Central Bank (ECB) has kicked off the preparation phase for the digital euro, taking at least two years (see our blogpost). This involves developing technical solutions and regulations for its issuance. The ECB will engage with the public to address concerns about usage and data protection, while the final decision to proceed with the digital euro will be made by the ECB Governing Council after the end of this period. This initiative follows discussions in the Eurogroup in 2020 and the examination phase of the digital euro project, which began in July 2021. In June 2023, the EU Commission had already proposed regulations for the digital euro and cash, emphasising the importance of maintaining both digital and cash payment options. The ECB sees the digital euro as enhancing strategic sovereignty in European payment transactions.

Starting December 2024, the provisions of the Markets in Crypto-Assets Regulation (MiCAR) will be effective, except for rules for stablecoins (dubbed ‘asset-referenced tokens’ and ‘e-money tokens’), which will take effect from June 2024 (check out our comprehensive navigator). MiCAR also necessitates accompanying legislative measures by member states to establish fair competition conditions for crypto-asset offerings and services. Despite ESMA’s critique in October 2023 regarding MiCAR’s start date, providers of crypto-asset services operating in compliance with existing laws before 30 December 2024 can benefit from a comprehensive ‘grandfathering clause’. Besides MiCAR, the recast Funds Transfer Regulation integrates FATF requirements to enhance traceability of certain crypto-asset transfers for combating money laundering and terrorism financing. The regulation, effective from December 2024, mandates crypto-asset providers to gather specific transfer-related information and share it with competent authorities upon request. 

In 2024, the momentum for creating new rules and standards for ESG regulation will continue. The focus in 2024 will, however, lie on implementing and specifying the foundations already laid down by regulators and supervisory authorities in the previous years. Prudential regulations integrate ESG aspects into all pillars of banking supervisory law. Other notable developments include the effectiveness of the Taxonomy’s new Technical Screening Criteria as well as revisions to the Sustainable Finance Disclosure Regulation (SFDR) to address pressing issues (see our blogpost). In addition, the Corporate Sustainability Reporting Directive (CSRD), effective from July 2024, expands sustainability reporting, aiming to serve as a reliable ESG data source for real-economy and financial institutions alike, thus also strengthening the required data basis to comply with the enhanced requirements (more in our client briefing). Regarding the highly debated inclusion of financial sector entities into the scope of the Corporate Sustainability Due Diligence Directive (CSDDD), the final text of the draft remains subject to continuing technical negotiations, despite the preliminary compromise reached in December 2023 (further details in our blogpost). According to the latest draft, however, regulated financial entities will for the first time ever be materially required to draw up strategic transition plans. Further developments include the Green Bond Regulation, and a proposal to regulate ESG rating providers for enhanced credibility and transparency in this sector (as described in our blogpost). In the meantime, supervisory attention in 2024 will particularly focus on greenwashing as well as the closely related process and liability risks.