(1)

The purpose of the amendments to Directive 2013/36/EU of the European Parliament and of the Council (3) in connection with supervisory powers, sanctions, third-country branches, and environmental, social and governance (ESG) risks is to further the harmonisation of the banking supervisory framework and, ultimately, deepen the internal market for banking. Competent authorities should seek to ensure that the supervisory framework is applied to institutions, as defined in that Directive, in a proportionate manner and, in particular, they should aim to reduce compliance and reporting costs for small and non-complex institutions to the extent possible, having due regard to the recommendations set out in the report entitled ‘Study of the cost of compliance with supervisory reporting requirements’ published by the European Supervisory Authority (European Banking Authority) (EBA) established by Regulation (EU) No 1093/2010 of the European Parliament and of the Council (4) in 2021, which targeted an average reduction of reporting costs of 10 % to 20 %.

(2)

Competent authorities, their members of staff and the members of their governance bodies should be independent and free from political and economic influence. Risks of conflicts of interest undermine the integrity of the Union financial system and harm the goal of an integrated banking and capital markets union. Directive 2013/36/EU should lay down more detailed provisions for Member States to ensure that the competent authorities, including their members of staff and the members of their governance bodies, act independently and objectively. In that context, minimum requirements should be laid down to prevent conflicts of interest and limit ‘revolving doors’, providing, in particular, for cooling-off periods, a prohibition on trading instruments issued by supervised entities, and a maximum tenure period for relevant members of governance bodies. EBA should issue guidelines addressed to competent authorities on the prevention of conflicts of interest which are based on international best practices.

(3)

Members of staff and members of the competent authority’s governance body subject to cooling-off periods should be entitled to appropriate compensation, the purpose of which should be to compensate them for the inability to take up employment, for a certain period, with entities in relation to which those cooling-off restrictions apply. The compensation should be proportionate to the length of the relevant cooling-off period and its form should be decided by each Member State.

(4)

Supervisors should act with the utmost integrity in the exercise of their supervisory functions. In order to increase transparency and ensure high ethical standards, it is appropriate for members of staff and members of the competent authority’s governance body to submit a declaration of interests on an annual basis. That declaration should disclose information on the member’s holdings of financial instruments in order to reduce the risks arising from conflicts of interest that might result from those holdings and to allow competent authorities to manage such risks appropriately. A declaration of interests should be without prejudice to any requirement to submit a wealth declaration under applicable national rules.

(5)

The provision of core banking services listed in Annex I, points 1, 2 and 6, to Directive 2013/36/EU should be made conditional on an explicit and harmonised authorisation requirement in Union law, specifying that undertakings established in a third country which seek to provide such core banking services in the Union should at least establish a branch in a Member State and that such branch should be authorised in accordance with Union law, unless the undertaking wishes to provide banking services in the Union through a subsidiary.

(6)

The consumption of banking services outside the Union, as in the context of the World Trade Organisation Understanding on commitments in financial services, is to remain unaffected. The requirement to establish a branch in the Union should not apply to cases of reverse solicitation, that is where a client or counterparty approaches an undertaking established in a third country at its own exclusive initiative for the provision of banking services, including their continuation, or banking services closely related to those originally solicited. When transposing this Directive, Member States should be able to take measures to preserve clients’ acquired rights under existing contracts. Such measures should apply solely for the purpose of facilitating the transition to implementation of this Directive, and should be narrowly framed to avoid instances of circumvention. To prevent the circumvention of the rules applicable to the cross-border provision of banking services by third-country undertakings, competent authorities should be able to monitor the provision of those services. The requirement to establish a branch in the Union should also not apply to interbank and interdealer transactions. In addition, without prejudice to the authorisation regime provided for in Directive 2014/65/EU of the European Parliament and of the Council (5) and in Regulation (EU) No 648/2012 of the European Parliament and of the Council (6), the requirement to establish a branch should not apply to cases where third-country credit institutions provide in the Union the investment services and activities listed in Annex I, Section A, to Directive 2014/65/EU and any accommodating ancillary services, such as related deposit taking or the granting of credit or loans the purpose of which is to provide services under that Directive, including the provision of trading of financial instruments services or private wealth management. Nonetheless, such exemption should take into account compliance with anti-money laundering and counter-terrorist financing rules as laid down in Directive (EU) 2015/849 of the European Parliament and of the Council (7).

(7)

Competent authorities should have the necessary power to withdraw the authorisation granted to a credit institution where such a credit institution has been determined as failing or likely to fail, there is no reasonable prospect that any alternative private sector measures or supervisory action would prevent a failure of such a credit institution within a reasonable timeframe and a resolution action is not necessary in the public interest. In such a situation, a credit institution should be wound up in accordance with the applicable national insolvency proceedings, or with other types of proceedings laid down for those institutions under national law, which would ensure its orderly exit from the market, and should therefore discontinue the activities for which the authorisation had been granted. However, there should be no automatic link between the failing or likely to fail determination and the withdrawal of the authorisation, as for other cases where the competent authority is entitled to withdraw the authorisation. Competent authorities should exercise their powers in a manner that is proportionate and that takes into consideration the features of the applicable national insolvency proceedings, including existing judicial procedures. The power to withdraw the authorisation should not be used to prevent the opening, or force the termination, of insolvency proceedings, such as the application of a judicial moratorium or other measures which are conditional upon an active licence.

(8)

Financial holding companies and mixed financial holding companies that are parent undertakings of banking groups should remain subject to the identification and approval mechanism introduced by Directive (EU) 2019/878 of the European Parliament and of the Council (8). That mechanism enables competent authorities to bring certain financial holding companies and mixed financial holding companies under the direct scope of their supervision and of their supervisory powers pursuant to Directive 2013/36/EU and Regulation (EU) No 575/2013 of the European Parliament and of the Council (9) to ensure compliance on a consolidated basis. Under specific circumstances, competent authorities should have the discretion to exempt from approval a financial holding company or mixed financial holding company set up for the purpose of holding participations in undertakings. In addition, to cater for the specificities of certain banking groups, the consolidating supervisor should be able to allow financial holding companies or mixed financial holding companies which are exempted from approval to be excluded from the perimeter of consolidation of a banking group. However, the power to exclude those entities from the perimeter of consolidation of a banking group should only be exercised in exceptional circumstances, where all the conditions set out in the applicable law are complied with and, to that end, the banking group concerned should demonstrate that the holding entity that should be excluded is not involved in, or relevant for, the management of that banking group.

(9)

Supervisors of credit institutions should have all the necessary powers that enable them to perform their duties and that cover the various operations conducted by the supervised entities. To that end and to increase the level playing field, supervisors should have at their disposal all the supervisory powers enabling them to cover the material operations that can be undertaken by the supervised entities. The competent authorities should therefore be notified if material operations undertaken by a supervised entity, including acquisitions by supervised entities of material holdings in financial or non-financial sector entities, material transfers of assets and liabilities from or to supervised entities, and mergers and divisions involving supervised entities, raise concerns over that entity’s prudential profile, or over possible money laundering or terrorist financing activities. Furthermore, the competent authorities should have the power to intervene in cases of acquisitions of material holdings, mergers or divisions.

(10)

In order to ensure proportionality and avoid undue administrative burden, the additional powers of competent authorities should only apply to operations deemed material. Only operations consisting in mergers or divisions should be treated automatically as material operations, as the newly created entity can be expected to present a significantly different prudential profile from the entities initially involved in the merger or division. Also, mergers or divisions should not be concluded by entities undertaking them before a prior positive opinion is received from the competent authorities. Acquisitions of holdings, when considered material, should be assessed by the competent authority concerned, based on a tacit approval procedure.

(11)

In order to ensure that competent authorities are able to intervene before a material operation is undertaken, they should be notified in advance. That notification should be accompanied by information necessary for the competent authorities to assess the proposed operation from a prudential and anti-money laundering and counter-terrorist financing perspective. That assessment by competent authorities should commence at the moment of the receipt of the notification including all the requested information. In the case of the acquisition of a material holding, or where the proposed operation involves only financial stakeholders from the same group, that assessment should be limited in time.

(12)

In the case of the acquisition of a material holding, the conclusion of the assessment could lead the competent authority to decide to oppose to the operation. In the absence of opposition from the competent authority within a given period, the operation should be deemed approved.

(13)

It is necessary to align provisions related to the acquisition of a qualifying holding in a credit institution with provisions on the acquisition of a material holding by an institution, in case both assessments have to be undertaken for the same operation. Without proper alignment, those provisions could lead to inconsistencies in the assessment undertaken by competent authorities and, ultimately, in the decisions taken by them.

(14)

Concerning mergers and divisions, Directive (EU) 2017/1132 of the European Parliament and of the Council (10) lays down harmonised rules and procedures, in particular for cross-border mergers and divisions of limited liability companies. Therefore, the assessment procedure by the competent authorities provided for in this Directive should be complementary to the procedure laid down in Directive (EU) 2017/1132 and should not contradict any of its provisions. In the case of those cross-border mergers and divisions which fall under the scope of Directive (EU) 2017/1132, the reasoned opinion issued by the competent authority should be part of the assessment of the compliance with all relevant conditions and the proper completion of all procedures and formalities required for the pre-merger or pre-division certificate. The reasoned opinion should therefore be transmitted to the designated national authority responsible for issuing the pre-merger or pre-division certificate under Directive (EU) 2017/1132.

(15)

In some situations, for instance when entities established in various Member States are involved, operations might require multiple notifications and assessments from different competent authorities, and therefore require efficient cooperation among those authorities. It is therefore necessary to specify cooperation obligations, in particular early cross-border notifications, smooth exchange of information, including with authorities responsible for anti-money laundering or counter-terrorist financing, and coordination in the assessment process.

(16)

EBA should be mandated to develop draft regulatory technical standards, draft implementing technical standards and guidelines to ensure an appropriate framing of the use of the additional supervisory powers. Those draft regulatory technical standards and draft implementing technical standards should, in particular, specify the information to be received by the competent authorities, the elements to be assessed, and the cooperation required where more than one competent authority is involved. Those various elements are crucial to ensuring that a sufficiently harmonised supervisory methodology allows provisions on the additional powers to be implemented efficiently, with the minimum possible additional administrative burden.

(17)

The regulation of branches established by undertakings in a third country to provide banking services in a Member State is subject to national law and only harmonised to a very limited extent by Directive 2013/36/EU. While third-country branches have a significant and increasing presence in Union banking markets, they are currently subject only to very general information requirements, but not to any Union-level prudential standards or supervisory cooperation arrangements. The complete absence of a common prudential framework leads to third-country branches being subject to disparate national requirements of varying levels of prudence and scope. Furthermore, competent authorities lack comprehensive information and the necessary supervisory tools to properly monitor the specific risks created by third-country groups operating in one or more Member States through branches and subsidiaries. There are currently no integrated supervisory arrangements in relation to them and the competent authority responsible for the supervision of each branch of a third-country group is not obliged to exchange information with the competent authorities supervising the other branches and subsidiaries of the same group. Such a fragmented regulatory landscape creates risks to financial stability and market integrity in the Union and should be properly addressed through a harmonised regulatory framework on third-country branches. Such a framework should comprise minimum common requirements on authorisation, prudential standards, internal governance, supervision and reporting. That set of requirements should build on those that Member States already apply to third-country branches in their territories and should take into account similar or equivalent requirements that third countries apply to foreign branches, in order to ensure consistency between Member States and align the Union’s regulatory framework for third-country branches with the prevailing international practices in this field.

(18)

When authorising and supervising third-country branches, competent authorities should be able to exercise their supervisory functions effectively. To that end they need to have access to all the necessary information on the third-country branch’s head undertaking from the supervisory authorities of the relevant third country and be able to effectively coordinate their supervisory activities with those of the third country’s supervisory authorities. Before a third-country branch commences its activities in a Member State, competent authorities should endeavour to conclude an agreement with the supervisory authority of the third country concerned to enable cooperation and information exchange. Such an agreement should be based on the model administrative arrangements developed by EBA in accordance with Article 33(5) of Regulation (EU) No 1093/2010. Competent authorities should submit information about such agreements to EBA. Where the conclusion of an administrative agreement on the basis of the model developed by EBA is not possible, competent authorities should be able to use other arrangements, for example an exchange of letters, to ensure that they can exercise their supervisory functions.

(19)

For reasons of proportionality, the minimum requirements imposed on third-country branches should be relative to the risk that they pose to financial stability and market integrity in the Union and the Member States. Third-country branches should, therefore, be classified as either class 1, where they are deemed riskier, or, otherwise, as class 2, where they are considered to be small and non-complex and not to pose a significant financial stability risk, consistent with the definition of ‘small and non-complex institution’ in Regulation (EU) No 575/2013. Accordingly, third-country branches with booked assets in a Member State in an amount equal to or greater than EUR 5 billion should be regarded as posing such a higher risk due to their larger size and complexity, because their failure could lead to a significant disruption of the banking services market or the banking system of the Member State. Third-country branches authorised to accept retail deposits should similarly be regarded as riskier regardless of their size where the amount of such retail deposits exceeds a certain threshold, insofar as their failure could affect highly vulnerable depositors and could lead to a loss of confidence in the safety and soundness of the banking system of the Member State and its ability to protect citizens’ savings. Both types of third-country branch should, therefore, be classified as class 1 third-country branches.

(20)

Third-country branches should also be classified as class 1 where the head undertaking is subject to regulation and the oversight and implementation of that regulation are not determined to be at least equivalent to what is required by Directive 2013/36/EU and Regulation (EU) No 575/2013, or where the relevant third country is listed as a high-risk third country that has strategic deficiencies in its anti-money laundering and counter-terrorist financing regime in accordance with Directive (EU) 2015/849. Those third-country branches pose a significant risk to financial stability in the Union and the Member State of establishment because the regulatory or anti-money laundering and counter-terrorist financing frameworks that apply to their head undertaking fail to adequately capture or fail to permit the proper monitoring of the specific risks that arise from the activities conducted by the branch in the Member State, or of the risks to counterparties in the Member State that arise from the third-country group. For the purpose of determining the equivalence of the third country’s banking prudential and supervisory standards to the Union’s standards, the Commission should be able to instruct EBA to conduct an assessment and issue a report on the relevant third country’s banking regulatory framework in accordance with Article 33 of Regulation (EU) No 1093/2010. EBA should ensure that the assessment is conducted in a rigorous and transparent manner and in accordance with a sound methodology. Furthermore, EBA should also consult and cooperate closely with the third country’s supervisory authorities, the government departments in charge of its banking regulation and, where appropriate, private sector parties, endeavouring to treat those parties fairly and to give them the opportunity to submit documentation and make representations within reasonable timeframes. Furthermore, EBA should ensure that the report issued is adequately reasoned, sets out a detailed description of the matters assessed and is delivered within a reasonable timeframe. In order to ensure uniform conditions for the implementation of this Directive, implementing powers should be conferred on the Commission to adopt decisions on the equivalence of the banking regulatory frameworks of third-country branches. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council (11).

(21)

Competent authorities should have an explicit power to require, on a case-by-case basis, that third-country branches apply for authorisation in accordance with Title III, Chapter 1 of Directive 2013/36/EU, at a minimum where those branches engage in activities with clients or counterparties in other Member States in breach of the internal market rules, where they pose a significant risk to the financial stability of the Union or of the Member State where they are established or where the aggregate amount of the assets of all third-country branches in the Union which belong to the same third-country group is equal to or greater than EUR 40 billion or the amount of the third-country branch’s assets in the Member State where it is established is equal to or greater than EUR 10 billion. Moreover, competent authorities should be required to assess whether third-country branches have systemic importance where the aggregate amount of the assets of all third-country branches in the Union which belong to the same third-country group is equal to or greater than EUR 40 billion. All third-country branches that belong to the same third-country group established in one Member State or across the Union should be subject to such assessment by their respective competent authorities. That assessment should examine, in accordance with specific criteria, whether those branches pose an analogous level of risk to the financial stability of the Union or its Member States as institutions defined as ‘systemically important’ under Directive 2013/36/EU and Regulation (EU) No 575/2013. Where competent authorities conclude that the third-country branches are systemically important, they should impose requirements on those branches that are appropriate to mitigate risks to financial stability. For those purposes, competent authorities should be able to require third-country branches to apply for authorisation as subsidiary institutions under Directive 2013/36/EU in order to continue conducting banking activities in the Member State or across the Union. Moreover, competent authorities should be able to impose other requirements, in particular an obligation to restructure third-country branches’ assets or activities in the Union so that those branches cease to have systemic importance, or a requirement to comply with additional capital, liquidity, reporting or disclosure requirements, where that would be sufficient to address the risks to financial stability. Competent authorities should have the possibility not to impose any of those requirements on third-country branches assessed as having systemic importance, in which case they should provide a reasoned notification to EBA and the competent authorities of the Member States where the relevant third-country group has established other third-country branches or subsidiary institutions. In order to consider the Union-wide implications, competent authorities which decide to exercise their power to require the authorisation as a subsidiary institution should, in advance, consult EBA and the competent authorities concerned.

(22)

To promote the consistency of supervisory decisions regarding a third-country group that has branches and subsidiaries across the Union, competent authorities should, when performing the assessment of systemic importance, consult EBA and competent authorities of the Member States where the relevant third-country group has established other third-country branches or subsidiary institutions, in order to assess the financial stability risks that the relevant third-country branch might pose for Member States other than the Member State where it is established.

(23)

Competent authorities should conduct regular reviews of third-country branches’ compliance with relevant requirements under Directive 2013/36/EU, and impose supervisory measures on those branches to ensure or restore compliance with those requirements. To facilitate the effective supervision of compliance with those requirements by third-country branches and to allow for a comprehensive overview of third-country groups’ activities within the Union, common supervisory and financial reporting should be made available to competent authorities in accordance with standardised templates. EBA should be mandated to develop draft implementing technical standards setting out those templates. Furthermore, in order to ensure that all the activities of third-country groups operating in the Union through third-country branches are subject to comprehensive supervision, to prevent the requirements applicable to those groups under Union law from being circumvented and to minimise potential risks to financial stability in the Union, it is necessary to implement appropriate cooperation arrangements between competent authorities. In particular, class 1 third-country branches should be included within the scope of the colleges of supervisors of third-country groups in the Union. Where such a college does not yet exist, competent authorities should set up an ad hoc college for all class 1 third-country branches of the same group where that group operates in more than one Member State.

(24)

The Union framework for third-country branches should be applied without prejudice to the discretion that Member States currently have to require on a general basis that third-country undertakings from certain third countries conduct banking activities in their territory solely through subsidiary institutions authorised in accordance with Title III, Chapter 1 of Directive 2013/36/EU. That requirement might refer to third countries that apply banking prudential and supervisory standards that are not equivalent to the standards under the Member State’s national law or to third countries that have strategic deficiencies in their anti-money laundering and counter-terrorist financing regime.

(25)

Notwithstanding currently applicable secrecy rules, information exchange between competent authorities and tax authorities should be improved. The exchange of information should, in any event, be in accordance with national law and, where the information originates in another Member State, agreement for disclosure should be reached between the relevant competent authorities.

(26)

It is crucial that institutions, financial holding companies and mixed financial holding companies comply with the prudential requirements to ensure their safety and soundness and preserve the stability of the financial system, both at the level of the Union as a whole and in each Member State. Therefore, the European Central Bank (ECB) and national competent authorities should have the power to take timely and decisive measures where those institutions, financial holding companies and mixed financial holding companies and their effective managers fail to comply with the prudential requirements or supervisory decisions.

(27)

To ensure a level playing field in the area of sanctioning powers, Member States should be required to provide for effective, proportionate and dissuasive administrative penalties, periodic penalty payments and other administrative measures in respect of breaches of national provisions transposing Directive 2013/36/EU and breaches of Regulation (EU) No 575/2013 or decisions taken by a competent authority on the basis of those provisions or that Regulation. Those administrative penalties, periodic penalty payments and other administrative measures should meet certain minimum requirements, including the minimum powers that should be vested in competent authorities to be able to impose them, the criteria that competent authorities should take into account in their application, publication requirements or the levels of administrative penalties and periodic penalty payments. EBA should be mandated to report on the cooperation between competent authorities in the context of the application of administrative penalties, periodic penalty payments and other administrative measures.

(28)

Member States should be able to impose administrative penalties where the relevant breach is also subject to national criminal law. Competent authorities should have regard to any previous criminal penalties that have been imposed for the same breach on the natural or legal person responsible for that breach when determining the type of administrative penalties or other administrative measures and the level of administrative pecuniary penalties. This is to ensure that the severity of all the administrative penalties and other administrative measures imposed for punitive purposes in the case of an accumulation of administrative and criminal proceedings arising from the same wrongful conduct is limited to what is necessary in view of the seriousness of the breach concerned. To that end, Member States should put in place appropriate mechanisms to ensure that competent authorities and judicial authorities are duly informed, in a timely manner, of any administrative or criminal proceedings initiated against the same natural or legal person.

(29)

Administrative pecuniary penalties should have a deterrent effect in order to prevent the natural or legal person in breach of national provisions transposing Directive 2013/36/EU or in breach of Regulation (EU) No 575/2013 from engaging in the same or similar conduct in the future. Administrative pecuniary penalties on legal persons should be applied consistently, in particular as regards the determination of the maximum amount of such penalties, which should take into account the total annual net turnover of the relevant undertaking. However, total annual net turnover within the meaning of Directive 2013/36/EU is currently neither exhaustive nor sufficiently clear to ensure a level playing field in the application of administrative pecuniary penalties. To ensure a consistent calculation throughout the Union, Directive 2013/36/EU should provide for a list of elements to be included in the calculation of the total annual net turnover.

(30)

In addition to administrative pecuniary penalties, competent authorities should be empowered to impose periodic penalty payments on institutions, financial holding companies, mixed financial holding companies and on those members of the management body in its management function, senior management, key function holders, other material risk takers and any other natural persons who are identified as responsible, in accordance with national law, for the breach of the obligation to comply with national provisions transposing Directive 2013/36/EU, or with their obligations under Regulation (EU) No 575/2013 or under a decision taken by a competent authority on the basis of those provisions or that Regulation. Member States should lay down specific rules and effective mechanisms regarding the application of periodic penalty payments. Periodic penalty payments should be imposed where a breach is continuing. Without prejudice to the procedural rights of the affected persons under applicable law, including the right of those persons to be heard, competent authorities should be able to impose periodic penalty payments without having to address a prior request, order or warning to the party in breach requiring a return to compliance. Since the purpose of the periodic penalty payments is to compel natural or legal persons to terminate an ongoing breach, the application of periodic penalty payments should not prevent competent authorities from imposing subsequent administrative penalties for the same breach. It should be possible for periodic penalty payments to be imposed on a given date and to start applying at a later date. Unless otherwise provided for by Member States, periodic penalty payments should be calculated on a daily basis.

(31)

In order to ensure the greatest possible scope for action following a breach and to help prevent further breaches, irrespective of whether such breaches are subject to an administrative penalty or other administrative measure under national law, Member States should be able to provide for additional administrative penalties and a higher level of administrative pecuniary penalties and periodic penalty payments.

(32)

When imposing periodic penalty payments, a competent authority should take into account the potential impact of the periodic penalty payment on the financial situation of the natural or legal person in breach and seek to avoid a situation where the penalty would cause the natural or legal person in breach to become insolvent or lead to serious financial distress or would represent a disproportionate percentage of the annual income of the natural person or of the total annual turnover of the legal person. Competent authorities should also ensure that periodic penalty payments are applied to the members of the management body, senior management, key function holders, other material risk takers and to any other natural persons who are identified as being directly responsible for the breach, either individually or collectively.

(33)

In exceptional circumstances, where the legal system of the Member State does not allow the imposition of the administrative penalties provided for in this Directive, it should be possible to exceptionally apply the rules on administrative penalties in such a manner that the penalty is initiated by the competent authority and imposed by a judicial authority. Nevertheless, it is necessary for those Member States to ensure that the application of such rules and penalties has an effect equivalent to the administrative penalties imposed by the competent authorities. The penalties provided for should therefore be effective, proportionate and dissuasive.

(34)

In order to provide for appropriate sanctions for breaches of national provisions transposing Directive 2013/36/EU and for breaches of Regulation (EU) No 575/2013, the list of breaches subject to administrative penalties, periodic penalty payments and other administrative measures should be supplemented. Therefore, the list of breaches set out in Directive 2013/36/EU should be amended.

(35)

Following the introduction of International Financial Reporting Standard 9 Financial Instruments (IFRS 9) on 1 January 2018, the outcome of the expected credit losses calculations, which is based on modelling approaches, directly affects the amount of own funds and the regulatory ratios of institutions. The same modelling approaches are also the basis for the expected credit losses calculation where institutions apply national accounting frameworks. As a result, it is important that competent authorities and EBA have a clear view of the impact that those calculations have on the range of values for risk-weighted assets and own funds requirements that arise for similar exposures. To that end, the benchmarking exercise should also cover those modelling approaches. Given that institutions calculating own funds requirements in accordance with the standardised approach for credit risk may also use models for the calculation of expected credit losses within the IFRS 9 framework, those institutions should also be included in the benchmarking exercise, taking into account the principle of proportionality.

(36)

Regulation (EU) 2019/876 of the European Parliament and of the Council (12) amended Regulation (EU) No 575/2013 by introducing a revised market risk framework developed by the Basel Committee on Banking Supervision. The alternative standardised approach that is part of that new framework allows institutions to model certain parameters used in the calculation of risk-weighted assets and own funds requirements for market risk. It is therefore important for competent authorities and EBA to have a clear view of the range of values for risk-weighted assets and own funds requirements that arise for similar exposures not only under the alternative internal model approach, but also under the alternative standardised approach. As a result, the market risk benchmarking exercise should cover the revised standardised and internal model approaches, taking into account the principle of proportionality.

(37)

The global transition towards a sustainable economy as enshrined in the Paris Agreement (13), adopted on 12 December 2015 under the United Nations Framework Convention on Climate Change (the ‘Paris Agreement’), and the United Nations 2030 Agenda for Sustainable Development will require a profound socio-economic transformation and will depend on the mobilisation of significant financial resources from the public and private sectors. The European Green Deal, introduced by the Commission in its communication of 11 December 2019, commits the Union to becoming climate-neutral by 2050. The financial system has a relevant role to play in supporting that transition, which relates not only to capturing and supporting the opportunities that will arise but also to properly managing the risks that it may entail. As those risks can have implications for the stability of both individual institutions and the financial system as a whole, an enhanced regulatory prudential framework that better integrates the related risks is necessary.

(38)

The unprecedented scale of transition towards a sustainable, climate-neutral and circular economy will have considerable impacts on the financial system. In 2018, the Network of Central Banks and Supervisors for Greening the Financial System acknowledged that climate-related risks are a source of financial risk. The communication of the Commission of 6 July 2021 entitled ‘Strategy for Financing the Transition to a Sustainable Economy’ (the ‘Renewed Sustainable Finance Strategy’) emphasises that ESG risks, and risks arising from the physical impact of climate change, biodiversity loss and the broader environmental degradation of ecosystems in particular, pose an unprecedented challenge to the Union’s economy and to the stability of the financial system. Those risks present specificities such as their forward-looking nature and their distinctive impacts over short-, medium- and long-term time horizons. The specificity of climate-related and other environmental risks, for example risks arising from environmental degradation and biodiversity loss, as regards both transition and physical risks, requires in particular the management of those risks with a long-term time horizon of at least 10 years.

(39)

The long-term nature and the profoundness of the transition towards a sustainable, climate-neutral and circular economy will entail significant changes in the business models of institutions. The adequate adjustment of the financial sector, and of credit institutions in particular, is necessary to achieve the objective of net-zero greenhouse gas emissions in the Union’s economy by 2050, while keeping the inherent risks under control. Competent authorities should, therefore, be enabled to assess that process of adjustment and to intervene in cases where institutions manage climate risks, as well as risks arising from environmental degradation and biodiversity loss, in a way that endangers the stability of the individual institutions, or financial stability overall. Competent authorities should also monitor and be empowered to act where there are risks arising from transition trends in the context of the relevant Union and Member States regulatory objectives in relation to ESG factors, for example as set out in Regulation (EU) 2021/1119 of the European Parliament and of the Council (14), the communication of the Commission of 14 July 2021 entitled ‘Fit for 55’: delivering the EU’s 2030 Climate Target on the way to climate neutrality’ (the ‘Fit for 55 package’) and the Kunming-Montreal Global Biodiversity Framework, adopted on 19 December 2022 by the Conference of the Parties to the Convention on Biological Diversity of the United Nations, as well as, where relevant for internationally active institutions, third-country legal and regulatory objectives, resulting in risks to their business models and strategies, or to financial stability. Competent authorities should also be empowered to reinforce targets, measures and actions of institutions’ prudential plans where they are considered insufficient to address the ESG risks in the short-, medium- and long-term time horizon and could in that regard pose material risks to their solvability. Climate risks and, more broadly, environmental risks, should be considered together with social risks and governance risks under a single category of risk to enable a comprehensive and coordinated integration of those factors, as they are often intertwined. ESG risks are closely linked with the concept of sustainability, as ESG factors represent the three main pillars of sustainability.

(40)

To maintain adequate resilience to the negative impacts of ESG factors, institutions established in the Union need to be able to systematically identify, measure and manage ESG risks, and their supervisors should be required to assess the risks at the level of the individual institution as well as at the systemic level, giving priority to environmental factors and progressing to other sustainability factors as the methodologies and tools for the assessment evolve. Institutions should be required to assess the alignment of their portfolios with the ambition of the Union to become climate-neutral by 2050 as well as avert environmental degradation and biodiversity loss. Institutions should have the obligation to set out specific plans to address the financial risks arising, in the short, medium and long term, from ESG factors, including from transition trends in the context of the relevant regulatory objectives of the Union and Member States, for example as set out in the Paris Agreement, Regulation (EU) 2021/1119, the Fit for 55 package and the Kunming-Montreal Global Biodiversity Framework, as well as, where relevant for internationally active institutions, third-country legal and regulatory objectives. Institutions should be required to have robust governance arrangements and internal processes for the management of ESG risks and to have in place strategies approved by their management bodies that take into consideration not only the current but also the forward-looking impact of ESG factors. The collective knowledge and awareness of ESG factors by institutions’ management bodies and internal capital allocation to address ESG risks will also be key to strengthening resilience to the negative impacts of those risks. The specificities of ESG risks mean that understanding, measurements and management practices can differ significantly across institutions. To ensure convergence across the Union and a uniform understanding of ESG risks, appropriate definitions and minimum standards for the assessment of those risks should be provided for in a prudential regulatory framework. To achieve that objective, definitions should be introduced in Directive 2013/36/EU and EBA should be empowered to specify a minimum set of reference methodologies for the assessment of the impact of ESG risks on the financial stability of institutions, giving priority to the impact of environmental factors. Since the forward-looking nature of ESG risks means that scenario analysis and stress testing, together with plans for addressing those risks, are particularly informative assessment tools, EBA should be also empowered to develop uniform criteria for the content of the plans to address those risks and for the setting of scenarios and the application of stress testing methods. EBA should base its scenarios on available scientific evidence, building on the work of the Network of Central Banks and Supervisors for Greening the Financial System and the efforts by the Commission to strengthen cooperation between all relevant public authorities with a view to developing a common methodological base, as outlined in the Renewed Sustainable Finance Strategy. Environment-related risks, including climate-related risks and risks arising from environmental degradation and biodiversity loss, should take priority in light of their urgency and the particular relevance of scenario analysis and stress testing for their assessment.

(41)

As major providers of funding for businesses and households in the Union, institutions have a relevant role to play in promoting sustainable development across the Union. For the Union to deliver on its overall objective of achieving climate neutrality by 2050 as set out in Regulation (EU) 2021/1119, institutions need to integrate into their policies and activities the role of promoting sustainable development. To cater for that process of integration, institutions’ business models and strategies must be tested against the relevant Union regulatory objectives for a sustainable economy, including, for example, against the measures prescribed by the European Scientific Advisory Board on Climate Change, to identify ESG risks arising from misalignments. Where institutions disclose their sustainability objectives and commitments under other mandatory or voluntary sustainability frameworks, such as under Directive 2013/34/EU of the European Parliament and of the Council (15), those objectives and commitments should be consistent with the specific plans to address the ESG risks they face in the short, medium and long term. Competent authorities should assess through their relevant supervisory activities the extent to which institutions face ESG risks and have accompanying management policies and operational actions reflected in the targets and milestones set out in their prudential plans that are consistent with their disclosed sustainability commitments in the context of the process of adjustment towards climate neutrality by 2050. To promote sound and effective risk oversight as well as managerial behaviour aligned with their long-term strategy on sustainability, the risk appetite of institutions in relation to ESG risks should be an integral part of their remuneration policies and practices.

(42)

ESG risks can have far-reaching implications for the stability of both individual institutions and the financial system as a whole. Hence, competent authorities should consistently factor those risks into their relevant supervisory activities, including the supervisory review and evaluation process and the stress testing of those risks. The Commission, by means of the Technical Support Instrument established by Regulation (EU) 2021/240 of the European Parliament and of the Council (16), has been providing support to national competent authorities in developing and implementing stress testing methodologies and will continue to provide technical support in this respect. However, the stress testing methodologies for ESG risks have so far mainly been applied in an exploratory manner. To firmly and consistently embed stress testing of ESG risks in supervision, EBA, the European Supervisory Authority (European Insurance and Occupational Pensions Authority) (EIOPA) established by Regulation (EU) No 1094/2010 of the European Parliament and of the Council (17) and the European Supervisory Authority (European Securities and Markets Authority) (ESMA) established by Regulation (EU) No 1095/2010 of the European Parliament and of the Council (18) should jointly develop guidelines to ensure consistent considerations and common methodologies for stress testing ESG risks. Stress testing of those risks should start with climate and environment-related factors, and as more ESG risk data and methodologies become available to support the development of additional tools to assess their quantitative impact on financial risks, competent authorities should increasingly assess the impact of those risks in their adequacy assessments of institutions. In order to ensure convergence of supervisory practices, EBA should issue guidelines regarding the uniform inclusion of ESG risks in the supervisory review and evaluation process.

(43)

The provisions of Directive 2013/36/EU on the systemic risk buffer framework may already be used to address various kinds of systemic risks, including systemic risks related to climate change. To the extent that the institution’s competent authorities or designated authorities consider that risks related to climate change have the potential to have serious negative consequences for the financial system and the real economy in Member States, they should introduce a systemic risk buffer rate which could also be applied to certain sets or subsets of exposures, for instance to those subject to physical and transition risks related to climate change, where they consider that the introduction of such a rate is effective and proportionate to mitigate those risks.

(44)

Markets in crypto-assets have grown rapidly in recent years. To address potential risks for institutions caused by their crypto-asset exposures that are not sufficiently covered by the existing prudential framework, the Basel Committee on Banking Supervision developed a standard for the prudential treatment of crypto-asset exposures. Part of that standard concerns the risk management by institutions and the application of the supervisory review and evaluation process on institutions. Institutions with direct or indirect crypto-asset exposures or institutions that provide related services for any form of crypto-asset should be required to have risk management policies, processes and practices in place to appropriately manage risks caused by their crypto-asset exposures. In particular, in their risk management activities, institutions should consider the crypto-asset technology risks, general information and communication technology (ICT) and cyber risks, legal risks, money laundering and terrorist financing risks and valuation risks. Competent authorities should be able to take the necessary supervisory actions where the institutions’ risk management practices are deemed insufficient.

(45)

The purpose of assessing the suitability of members of management bodies is to ensure that those members are qualified for their role and are of good repute. Having a robust ‘fit-and-proper’ framework for assessing the suitability of members of the management body and key function holders is a crucial factor in ensuring that institutions are adequately run and their risks are appropriately managed. Existing rules do not ensure that there is a timely suitability assessment of members of the management body by the appointing institution. Furthermore, there are currently no rules for the suitability assessment of key function holders. Moreover, cross-border institutions must navigate through a wide diversity of national rules and processes, which reduces the efficiency of the current framework. The existence of considerably different requirements as regards the suitability assessment across the Union is a particularly relevant issue in the context of the banking union. As a result, it is important to lay down a set of rules at Union level to put in place a more consistent and predictable ‘fit-and-proper’ framework. This will foster supervisory convergence, further enable trust between competent authorities and provide more legal certainty to institutions. ‘Fit-and-proper’ assessments are an important supervisory element along with other mechanisms such as the supervisory review and evaluation process and remuneration rules that together ensure sound governance of institutions.

(46)

To ensure sound governance, facilitate independent opinions and critical challenges, and present a variety of views and experiences, management bodies should be sufficiently diverse as regards age, gender, geographical provenance and educational and professional background. Gender balance is of particular importance to ensure adequate representation of the population, and should be promoted.

(47)

Having the primary responsibility for assessing the suitability of each member of the management body, institutions, and financial holding companies and mixed financial holding companies should carry out the initial suitability assessment before a new member takes up the position, subject to certain exceptions, followed by a verification by the competent authorities. Those entities should ensure that information about the suitability of the members of the management body remains up-to-date. Those entities should communicate that information to the competent authority. As soon as any new facts or other circumstances that could affect the suitability of members of the management body become known, those entities should inform the competent authorities thereof without undue delay. Those entities should take the necessary measures if they conclude that a member or a prospective member of the management body does not fulfil the suitability requirements. The same requirements should also apply to key function holders.

(48)

In order to ensure legal certainty and predictability for the entities, it is necessary to establish procedural rules for verifying the suitability of members of the management body and key function holders of large institutions by competent authorities. Such procedural rules should enable competent authorities to request any additional information, where necessary, including through documentation, interviews and hearings. Information and documents that are necessary for the suitability assessment by the competent authorities, including in the context of the suitability application to be provided before a prospective member takes up a position (the ‘ex ante suitability application’) by large institutions for members of the management body in its management function or the chair of the management body in its supervisory function, should be made available to the competent authorities by means determined by the competent authorities. Competent authorities should reassess a member’s suitability where the relevant information concerning that member’s suitability has changed. Competent authorities should not be required to reassess the suitability of the members of the management body when their mandate is renewed, unless relevant information that is known to competent authorities has changed and such change may affect the suitability of the member concerned. Competent authorities should have the power to take the necessary measures if they conclude that the suitability requirements are not fulfilled. Competent authorities should be able to request the authority responsible for the supervision of anti-money laundering or counter-terrorist financing in accordance with Directive (EU) 2015/849 to consult, on a risk-sensitive basis, the relevant information concerning the members of the management body, and to have access to the central anti-money laundering and counter-terrorist financing database.

(49)

Due to the risks posed by large institutions resulting in particular from potential contagion effects, the competent authorities of Member States in which the supervisor’s suitability assessment is carried out after the member has taken up the position in the management body, in accordance with national law, should be notified without undue delay as soon as there is a clear intention to appoint a member of the management body in its management function or the chair of the management body in its supervisory function. Large institutions should in any event ensure that competent authorities receive an ex ante suitability application at the latest 30 working days before the prospective member takes up the position. The ex ante suitability application should be accompanied by all relevant documents and information that is necessary for the assessment, irrespective of whether the suitability assessment by the competent authorities is finalised before or after the person takes up the position. If criminal records or other documents required under national law or listed by competent authorities become available at a later stage, competent authorities should also receive those documents or information without undue delay. The ex ante suitability application should enable the competent authorities to start their analysis and take action in the context of the assessment. Such action can include preventing the prospective member from taking up the position as long as the competent authority does not receive sufficient information, or engaging in an enhanced dialogue in case the competent authority has concerns regarding the prospective member’s suitability with a view to ensuring that the prospective member is or becomes suitable when taking up the position. EBA should issue guidelines on the modalities of the focused and in-depth dialogue between the competent authority and the large institution with a view to removing any obstacles regarding the suitability of the prospective member in a spirit of cooperation. The ex ante suitability application should allow the competent authorities to engage in an early dialogue with large institutions on the suitability of members of the management body in its management function or the chair of the management body in its supervisory function before they take up their position. However, the ex ante suitability application should be without prejudice to the large institution’s prerogatives and responsibility when ensuring the suitability of the members of the management body, and to any ex post assessments conducted by the competent authorities, where permitted in accordance with national law.

(50)

Furthermore, in relation to large institutions, competent authorities should duly consider setting a maximum period for concluding the suitability assessment, at least with respect to the appointment of members of the management body and the appointment of the head of internal control functions and the chief financial officer, for a position in such institutions. It should be possible to extend such a maximum period, where appropriate.

(51)

The suitability assessment of the members of the management body should be without prejudice to national law on the appointment of representatives of employees in the management body and on the appointment of members of the management body in its supervisory function by regional or local elected bodies. In those cases, appropriate safeguards should be put in place to ensure the suitability of those members of the management body.

(52)

By 31 December 2029, EBA, in close cooperation with the ECB, should review and report on the application and efficiency of the ‘fit-and-proper’ framework, taking into account also the principle of proportionality, in particular with respect to small and non-complex institutions.

(53)

EBA should develop guidelines on the criteria to determine whether there are reasonable grounds to suspect that money laundering or terrorist financing is being or has been committed or attempted, or if there is an increased risk thereof in connection with an entity. When developing those guidelines, EBA should cooperate with ESMA and with the Authority for Anti-Money Laundering and Countering the Financing of Terrorism established by Regulation (EU) 2024/1620 of the European Parliament and of the Council (19) (the ‘Authority for Anti-Money Laundering and Countering the Financing of Terrorism’). In the event that the Authority for Anti-Money Laundering and Countering the Financing of Terrorism is not operational when those guidelines are prepared, EBA should adopt those guidelines without having to cooperate with that authority.

(54)

In light of the role of the suitability assessment for the prudent and sound management of institutions, it is necessary to equip competent authorities with new tools to assess the suitability of members of management bodies, senior management and key function holders, such as statements of responsibilities and a mapping of duties. Those new tools should support the work of competent authorities when reviewing the governance arrangements of institutions as part of the supervisory review and evaluation process. Notwithstanding the overall collective responsibility of the management body, institutions should be required to draw up individual statements setting out the roles and duties of all members of the management body in its management function, senior management and key function holders and a mapping of duties, including details of the reporting lines, of the lines of responsibility, and of the persons who are part of the governance arrangements of the institution, and of their duties. Their individual duties and responsibilities are not always clearly or consistently defined and there might be situations where two or more roles overlap or where areas of duties and responsibilities are overlooked because they do not fall neatly under the remit of a single person. The scope of each individual’s duties and responsibilities should be well defined and no tasks should be left without ownership. Those tools should ensure further accountability of the members of the management body in its management function, of senior management and of key function holders. Furthermore, where Member States consider it necessary, they should be able to adopt or maintain stricter requirements for such tools.

(55)

The additional own funds requirement set by an institution’s competent authority in accordance with Directive 2013/36/EU to address risks other than the risk of excessive leverage should not be increased as a result of the institution becoming bound by the output floor laid down in Regulation (EU) No 575/2013, all else being equal. Furthermore, upon the institution becoming bound by the output floor, the competent authority should review that institution’s additional own funds requirement and assess, in particular, whether and to what extent such requirements are already fully covered by the fact that the institution is bound by the output floor. Where that is the case, the institution’s additional own funds requirement should be regarded as overlapping with the risks captured by the output floor in the own funds requirement of the institution and, consequently, the competent authority should reduce that requirement to the extent necessary to remove any such overlap for as long as the institution remains bound by the output floor.

(56)

Similarly, upon becoming bound by the output floor, the nominal amount of an institution’s Common Equity Tier 1 capital required under the systemic risk buffer and O-SII buffer could increase even though there has not been a corresponding increase in the macroprudential or systemic risks associated with the institution. In such cases, the institution’s competent authority or designated authority should review the calibration of the systemic risk buffer rates and make sure that they remain appropriate and do not double-count the risks that are already covered by virtue of the fact that the institution is bound by the output floor. Such a review should take place with the same frequency as the review of the buffers, which is annual for the O-SII buffer and every two years for the systemic risk buffer. However, it should be possible for the institution’s competent authority or designated authority to adjust the calibration of the buffers on a more frequent basis.

(57)

To enable the timely and effective activation of the systemic risk buffer, it is necessary to clarify the application of the relevant provisions and simplify and align the applicable procedures. Setting a systemic risk buffer should be possible for designated authorities in all Member States to ensure that authorities are empowered to address systemic risks in a timely, proportionate and effective manner and to enable the recognition of systemic risk buffer rates set by authorities in other Member States. Recognition of a systemic risk buffer rate set by another Member State should require only a notification from the authority recognising the rate. To avoid unnecessary authorisation procedures where the decision to set a buffer rate results in a decrease or no change from any of the previously set rates, the procedure laid down in Article 131(15) of Directive 2013/36/EU needs to be aligned with the procedure laid down in Article 133(9) of that Directive. The procedures laid down in Article 133(11) and (12) of that Directive should be clarified and made more consistent with the procedures applicable to other systemic risk buffer rates, where relevant.

(58)

The Commission should be empowered to adopt the regulatory technical standards developed by EBA with regard to the waiver for authorisation of investment firms as credit institutions, the list of minimum information to be provided for assessing material operations, the process to assess material operations, the booking arrangements for third-country branches, the mechanism of cooperation and the functioning of colleges of supervisors, the concept of exposures to default risk which are material in absolute terms and the thresholds for large numbers of material counterparties and positions in traded debt or equity instruments of different issuers, and the minimum content of the suitability questionnaire, curricula vitae and the internal suitability assessment. The Commission should adopt those regulatory technical standards by means of delegated acts pursuant to Article 290 of the Treaty on the Functioning of the European Union (TFEU) and in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.

(59)

The Commission should be empowered to adopt the implementing technical standards developed by EBA with regard to the uniform formats and definitions for intermediate parent undertaking reporting; the consultation process between competent authorities in relation to the acquisition of a qualifying holding; the consultation process between competent authorities in relation to a merger or division; the regulatory and financial information on third-country branches and on head undertakings. The Commission should adopt those implementing technical standards by means of implementing acts pursuant to Article 291 TFEU and in accordance with Article 15 of Regulation (EU) No 1093/2010.

(60)

When drafting technical standards and guidelines and when replying to questions relating to their practical application or implementation, EBA should give due consideration to the principle of proportionality and ensure that those standards and guidelines can also be applied by small and non-complex institutions without undue effort.

(61)

Since the objectives of this Directive cannot be sufficiently achieved by the Member States but can rather, by reason of its scale and effects, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Directive does not go beyond what is necessary in order to achieve those objectives.

(62)

Directive 2013/36/EU should therefore be amended accordingly,

(1)

Article 2 is amended as follows:

(2)

in Article 3, paragraph 1 is amended as follows:

(3)

in Article 4, paragraph 4 is replaced by the following:

(4)

the following article is inserted:

(*3)  Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC (OJ L 331, 15.12.2010, p. 12)."

(*4)  Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions (OJ L 287, 29.10.2013, p. 63)."

(*5)  Regulation (EU) No 468/2014 of the European Central Bank of 16 April 2014 establishing the framework for cooperation within the Single Supervisory Mechanism between the European Central Bank and national competent authorities and with national designated authorities (SSM Framework Regulation) (ECB/2014/17) (OJ L 141, 14.5.2014, p. 1)."

(*6)  Regulation (EU) No 806/2014 of the European Parliament and of the Council of 15 July 2014 establishing uniform rules and a uniform procedure for the resolution of credit institutions and certain investment firms in the framework of a Single Resolution Mechanism and a Single Resolution Fund and amending Regulation (EU) No 1093/2010 (OJ L 225, 30.7.2014, p. 1).’;"

(5)

Article 8a is amended as follows:

(6)

in Article 18, the following point is added:

;

(7)

Article 21a is amended as follows:

(8)

in Article 21b, the following paragraph is inserted:

(9)

the following article is inserted:

(10)

in Article 22(2), the first subparagraph is replaced by the following:

‘Competent authorities shall acknowledge, in writing, the receipt of notification under paragraph 1 or of further information under paragraph 3 promptly and in any event within 10 working days following receipt of the notification or of the information.’

(11)

Article 23 is amended as follows:

(12)

in Title III, the following chapters are added:

(*9)  Directive (EU) 2019/2162 of the European Parliament and of the Council of 27 November 2019 on the issue of covered bonds and covered bond public supervision and amending Directives 2009/65/EC and 2014/59/EU (OJ L 328, 18.12.2019, p. 29)."

(*10)  Council Regulation (EC) No 139/2004 of 20 January 2004 on the control of concentrations between undertakings (the EC Merger Regulation) (OJ L 24, 29.1.2004, p. 1).’;"

(13)

Title VI is replaced by the following:

(*11)  Commission Delegated Regulation (EU) 2015/61 of 10 October 2014 to supplement Regulation (EU) No 575/2013 of the European Parliament and the Council with regard to liquidity coverage requirement for Credit Institutions (OJ L 11, 17.1.2015, p. 1)."

(*12)  Directive 2014/49/EU of the European Parliament and of the Council of 16 April 2014 on deposit guarantee schemes (OJ L 173, 12.6.2014, p. 149)."

(*13)  Regulation (EC) No 1606/2002 of the European Parliament and of the Council of 19 July 2002 on the application of international accounting standards (OJ L 243, 11.9.2002, p. 1).’;"

(14)

in Article 53(1), the second subparagraph is replaced by the following:

‘Confidential information which such persons, auditors or experts receive in the course of their duties may be disclosed only in summary or aggregate form, such that individual credit institutions cannot be identified, without prejudice to cases covered by criminal or tax law.’

(15)

in Article 56, the following paragraph is added:

‘Article 53(1) and Article 54 shall not preclude the exchange of information between competent authorities and tax authorities in the same Member State, in accordance with national law. Where the information originates in another Member State, it shall only be exchanged as referred to in the first sentence of this paragraph with the express agreement of the competent authorities which have disclosed it.’

(16)

Articles 65 and 66 are replaced by the following:

(*14)  Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L 333, 27.12.2022, p. 1)."

(*15)  Commission Implementing Regulation (EU) 2021/451 of 17 December 2020 laying down implementing technical standards for the application of Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to supervisory reporting of institutions and repealing Implementing Regulation (EU) No 680/2014 (OJ L 97, 19.3.2021, p. 1).’;"

(17)

Article 67 is amended as follows:

(18)

Article 70 is replaced by the following:

(19)

in Article 73, the first paragraph is replaced by the following:

‘Institutions shall have in place sound, effective and comprehensive strategies and processes to assess and maintain on an ongoing basis the amounts, types and distribution of internal capital that they consider adequate to cover the nature and level of the risks to which they are or might be exposed. Institutions shall explicitly take into account the short, medium and long term for the coverage of ESG risks.’

(20)

in Article 74, paragraph 1 is replaced by the following:

(21)

Article 76 is amended as follows:

(22)

Article 77 is amended as follows:

(23)

Article 78 is amended as follows:

(24)

in Article 79, the following point is added:

;

(25)

Article 81 is replaced by the following:

(26)

in Article 83, the following paragraph is added:

(27)

in Article 85, paragraph 1 is replaced by the following:

(28)

the following article is inserted:

(29)

Article 88 is amended as follows:

(30)

Article 91 is replaced by the following:

(*19)  Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010 (OJ L, 2024/1620, 19.6.2024, ELI: http://data.europa.eu/eli/reg/2024/1620/oj).’;"

(31)

the following article is inserted:

(32)

Article 92 is amended as follows:

(33)

Article 94 is amended as follows:

(34)

in Article 97(4), the second subparagraph is replaced by the following:

‘When conducting the review and evaluation referred to in paragraph 1 of this Article, competent authorities shall apply the principle of proportionality in accordance with the criteria disclosed pursuant to Article 143(1), point (c). In particular, for the purpose of conducting the review and evaluation of an institution, the competent authority may consider whether all of the following conditions are met:

(35)

Article 98 is amended as follows:

(36)

in Article 100, the following paragraphs are added:

(37)

in Article 101, paragraph 3 is replaced by the following:

(38)

Article 104 is amended as follows:

(39)

Article 104a is amended as follows:

(40)

in Article 104b, the following paragraph is inserted:

(41)

in Article 106, paragraph 1 is replaced by the following:

(42)

in Title VII, Chapter 3, the following Section is inserted before Section I:

(43)

Article 121 is replaced by the following:

(44)

Article 131 is amended as follows:

(45)

Article 133 is amended as follows:

(46)

Article 142 is amended as follows:

(47)

Article 161 is amended as follows: