Consultation on revised guidelines on internal governance – impact on third-country branches

CRD 6 requires TCBs to have at least two persons in the relevant Member State effectively directing their business. The Draft Guidelines specify that these persons shall have the same duties and responsibilities as the members of the management body (in its management function) of credit institutions and shall be subject to the same fit and proper requirements. This also applies to members of the local management committee that so-called class 1 TCBs may be required to establish.

The persons effectively directing the business of the TCB should be sufficiently present in the Member State and in the premises of the TCB to effectively fulfil their role. EBA does, unfortunately, not specify what this means. However, a general rule that would apply to all classes of TCBs would not be proportionate either. Interestingly, a similar requirement with respect to credit institutions has not found its way into the Draft Guidelines. Whether this means that a similar expectation also exists in this respect, is therefore unclear.

The Draft Guidelines further provide that TCBs should maintain at all times sufficient substance and not become ‘empty shells’ or ‘letter-box entities’, two buzzwords that have gained popularity among regulators following Brexit. This does not mean, however, that TCBs must be self-sufficient. The Draft Guidelines expressly allow reliance on third-party outsourcing and intragroup arrangements but specify that these arrangements must be made in an orderly manner. Moreover, EBA stresses that TCBs must have, among others, a clear and transparent organisational framework that enables them to ensure compliance with legal and regulatory requirements, as well as to exercise appropriate oversight of operational tasks of internal control functions that are outsourced to third party service providers. To this end, TCBs are required to have sufficient resources and capacities to ensure compliance with the aforementioned requirements.

Pursuant to the Draft Guidelines, TCBs should manage their ICT risks in accordance with Article 48g(4) CRD and Regulation (EU) 2022/2554 (DORA). Further, ICT third-party arrangements should be duly documented and filed within a register in accordance with DORA and Commission Implementing Regulation (EU) 2024/2956.

Both the legal basis and the scope of these requirements are unclear. TCBs are not expressly mentioned in DORA and are not covered by the DORA definition “credit institution” either. This speaks against the direct application of DORA to TCBs. EBA cannot extend the application of DORA to TCBs on the basis of guidelines. The reference to DORA can therefore only be relevant in jurisdictions where Member States have gold-plated DORA and apply the regulation also to TCBs (as is the case in Germany).

Booking requirements for TCBs have various dimensions in CRD 6. First, Article 48h CRD requires TCBs to maintain a registry book enabling TCBs to track and keep a comprehensive and precise record of all the assets and liabilities booked or originated by the TCB and to manage those assets and liabilities autonomously within the TCB. EBA has already published a consultation on draft RTS specifying these formal requirements on the book-keeping of TCBs.

Booking is also relevant in the context of Article 48g(6) CRD, which requires TCBs that engage in back-to-back or intragroup operations to have adequate resources to identify and properly manage their counterparty credit risk where material risks associated with assets booked by the TCB are transferred to the counterparty. The text of the directive itself does therefore not appear to restrict such booking practices. 

However, such restrictions are now being imposed by the Draft Guidelines: When relying on back-to back booking arrangements (i.e. arrangements where TCBs enter into contracts and then transfer the risk from those contract to the head undertaking), TCBs must ensure that transactions with an EU nexus are neither systematically nor substantially back-to-backed, and are risk-managed from the EU. EBA therefore appears to take a stricter stance on this question than required by CRD 6.

The legal basis for such requirement in the form of guidelines is questionable, as EBA only has a mandate to issue guidelines with respect to the internal governance and risk management arrangements of TCBs (Article 48g(9) CRD), whereas booking requirements are to be set out in regulatory technical standards (Article 48h(4) CRD). The limitation of a booking practice is not an internal governance or risk management requirement. More generally, EU law does also not provide for any clear restrictions with respect to booking practices. Risk management requirements and other broad concepts do not support far-reaching intrusions into banks’ business models.

Further, EBA leaves the meaning of “substantial” or “systematic” back-to-back booking activities open to interpretation. While the former appears to imply that the majority of transactions should be risk-managed in the branch (i.e. not back-to-backed), the latter appears to suggest that the booking decision should be taken on a case-by-case basis (with a preference for booking in the branch), rather than establishing a system where only certain client or transaction types are booked in the head undertaking or branch. 

It seems worth noting that the Draft Guidelines only provide for a limitation of back-to-back transactions with respect to TCBs. While the ECB did in the past (in particular in the context of Brexit) publish communications stating that banks under their supervision should not be “overly reliant” on intra-group back-to-back transactions, similar requirements for credit institutions are not expressly set out in the Draft Guidelines.

TCBs will be subject to the same remuneration principles that also apply to credit institutions under the CRD. This includes requirements on the appropriate ratio between fixed and variable pay, a requirement that may be of particular relevance for TCBs with head undertakings located in the UK where the bonus cap was lifted in 2023 (see our blogpost for an overview). Just like credit institutions, TCBs will also be expected to follow EBA’s guidelines on sound remuneration.