Choose the experimental features you want to try

This document is an excerpt from the EUR-Lex website

Document 32013L0036

    Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC Text with EEA relevance

    OJ L 176, 27.6.2013, p. 338–436 (BG, ES, CS, DA, DE, ET, EL, EN, FR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

    This document has been published in a special edition(s) (HR)

    Legal status of the document In force: This act has been changed. Current consolidated version: 29/07/2024

    ELI: http://data.europa.eu/eli/dir/2013/36/oj

    27.6.2013   

    EN

    Official Journal of the European Union

    L 176/338


    DIRECTIVE 2013/36/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

    of 26 June 2013

    on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC

    (Text with EEA relevance)

    THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

    Having regard to the Treaty on the Functioning of the European Union, and in particular Article 53(1) thereof,

    Having regard to the proposal from the European Commission,

    After transmission of the draft legislative act to the national parliaments,

    Having regard to the opinion of the European Central Bank (1),

    Acting in accordance with the ordinary legislative procedure,

    Whereas:

    (1)

    Directive 2006/48/EC of the European Parliament and of the Council of 14 June 2006 relating to the taking up and pursuit of the business of credit institutions (2) and Directive 2006/49/EC of the European Parliament and of the Council of 14 June 2006 on the capital adequacy of investment firms and credit institutions (3) have been significantly amended on several occasions. Many provisions of Directives 2006/48/EC and 2006/49/EC are applicable to both credit institutions and investment firms. For the sake of clarity and in order to ensure a coherent application of those provisions, they should be merged into new legislative acts that are applicable to both credit institutions and investment firms, namely this Directive and Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 (4). For greater accessibility, the provisions of the Annexes to Directives 2006/48/EC and 2006/49/EC should be integrated into the enacting terms of this Directive and of that Regulation.

    (2)

    This Directive should, inter alia, contain the provisions governing the authorisation of the business, the acquisition of qualifying holdings, the exercise of the freedom of establishment and of the freedom to provide services, the powers of supervisory authorities of home and host Member States in this regard and the provisions governing the initial capital and the supervisory review of credit institutions and investment firms. The main objective and subject-matter of this Directive is to coordinate national provisions concerning access to the activity of credit institutions and investment firms, the modalities for their governance, and their supervisory framework. Directives 2006/48/EC and 2006/49/EC also contained prudential requirements for credit institutions and investment firms. Those requirements should be provided for in Regulation (EU) No 575/2013, which establishes uniform and directly applicable prudential requirements for credit institutions and investment firms, since such requirements are closely related to the functioning of financial markets in respect of a number of assets held by credit institutions and investment firms. This Directive should therefore be read together with Regulation (EU) No 575/2013 and should, together with that Regulation, form the legal framework governing banking activities, the supervisory framework and the prudential rules for credit institutions and investment firms.

    (3)

    The general prudential requirements laid down in Regulation (EU) No 575/2013 are supplemented by individual arrangements to be decided by the competent authorities as a result of their ongoing supervisory review of each individual credit institution and investment firm. The range of such supervisory arrangements should, inter alia, be set out in this Directive and the competent authorities should be able to exercise their judgment as to which arrangements should be imposed. With regard to such individual arrangements concerning liquidity, the competent authorities should, inter alia, take into account the principles set out in the Committee of European Banking Supervisors' Guidelines on Liquidity Cost Benefit Allocation of 27 October 2010.

    (4)

    Directive 2004/39/EC of the European Parliament and of the Council of 21 April 2004 on markets in financial instruments (5) allows investment firms authorised by the competent authorities of their home Member State and supervised by the same authorities to establish branches and provide services freely in other Member States. That Directive accordingly provides for the coordination of the rules governing the authorisation and pursuit of the business of investment firms. It does not, however, establish the amounts of the initial capital of such firms or a common framework for monitoring the risks incurred by them, which should be provided by this Directive.

    (5)

    This Directive should constitute the essential instrument for the achievement of the internal market from the point of view of both the freedom of establishment and the freedom to provide financial services in the field of credit institutions.

    (6)

    The smooth operation of the internal market requires not only legal rules but also close and regular cooperation and significantly enhanced convergence of regulatory and supervisory practices between the competent authorities of the Member States.

    (7)

    Regulation (EU) No 1093/2010 of the European Parliament and of the Council (6) established the European Supervisory Authority (European Banking Authority) ("EBA"). This Directive should take into account the role and function of EBA set out in that Regulation and the procedures to be followed when conferring tasks on EBA.

    (8)

    Given the increase of tasks conferred on EBA by this Directive and by Regulation (EU) No 575/2013, the European Parliament, the Council and the Commission should ensure that adequate human and financial resources are made available.

    (9)

    As a first step towards a banking union, a single supervisory mechanism (SSM) should ensure that the Union's policy relating to the prudential supervision of credit institutions is implemented in a coherent and effective manner, that the single rulebook for financial services is applied in the same manner to credit institutions in all Member States concerned, and that those credit institutions are subject to supervision of the highest quality, unfettered by other, non-prudential considerations. An SSM is the basis for the next steps towards a banking union. This reflects the principle that any introduction of common intervention mechanisms in the event of a crisis should be preceded by common controls to reduce the likelihood that such intervention mechanisms will have to be used. The European Council noted in its conclusions of 14 December 2012 that "the Commission will submit in the course of 2013 a proposal for a single resolution mechanism for Member States participating in the SSM, to be examined by co-legislators as a matter of priority with the intention of adopting it during the current parliamentary cycle.". The integration of the financial framework could be further enhanced through the setting up of a single resolution mechanism, including appropriate and effective backstop arrangements to ensure that bank resolution decisions are taken swiftly, impartially and in the best interests of all concerned.

    (10)

    The conferral of supervisory tasks on the European Central Bank (ECB) for some of the Member States should be consistent with the framework of the European System of Financial Supervision set up in 2010 and its underlying objective to develop the single rulebook and enhance convergence of supervisory practices across the Union as a whole. The ECB should carry out its tasks subject to and in compliance with any relevant primary and secondary Union law, Commission decisions in the areas of State aid, competition rules and merger control and the single rulebook applying to all Member States. EBA is entrusted with developing draft technical standards and guidelines and recommendations to ensure supervisory convergence and consistency of supervisory outcomes within the Union. The ECB should not carry out those tasks, but should exercise powers to adopt regulations under Article 132 of the Treaty on the Functioning of the European Union (TFEU) in accordance with acts adopted by the Commission on the basis of drafts developed by EBA and with guidelines and recommendation under Article 16 of Regulation (EU) No 1093/2010.

    (11)

    EBA's legally binding mediation role is a key element of the promotion of coordination, supervisory consistency and convergence of supervisory practices. Mediation by EBA can be initiated either on its own initiative where specifically provided for, or upon request by one or more competent authorities in the event of a disagreement. This Directive and Regulation (EU) No 575/2013 should extend the range of situations in which EBA can initiate its legally binding mediation role with a view to contributing to consistency in supervisory practices. EBA has no own-initiative mediation role with regard to the designation of significant branches and the determination of institution-specific prudential requirements under this Directive. However, in order to promote coordination and enhance consistent supervisory practices in those sensitive areas, competent authorities should have recourse to EBA mediation at an early stage of the process in the event of a disagreement. Such early EBA mediation should facilitate finding a resolution to the disagreement.

    (12)

    In order to protect savings and to create equal conditions of competition between credit institutions, measures to coordinate the supervision of credit institutions should apply to all of them. Due regard should, however, be had to the objective differences in their statutes and aims as laid down in national law.

    (13)

    In order to ensure a well-functioning internal market, transparent, predictable and harmonised supervisory practices and decisions are necessary for conducting business and steering cross-border groups of credit institutions. EBA should therefore enhance harmonisation of supervisory practices. Supervisory processes and decisions should not hamper the functioning of the internal market with regard to the free flow of capital. Supervisory colleges should ensure a common and aligned work programme and harmonised supervisory decisions. Cooperation between the competent authorities of the home and host Member States should be strengthened through a higher degree of transparency and information sharing.

    (14)

    The scope of measures should therefore be as broad as possible, covering all institutions whose business is to receive repayable funds from the public, whether in the form of deposits or in other forms such as the continuing issue of bonds and other comparable securities and to grant credits for their own account. Exceptions should be provided for in the case of certain credit institutions to which this Directive does not apply. This Directive should not affect the application of national laws which provide for special supplementary authorisations permitting credit institutions to carry out specific activities or undertake specific kinds of operations.

    (15)

    It is appropriate to effect harmonisation which is necessary and sufficient to secure the mutual recognition of authorisation and of prudential supervision systems, making possible the granting of a single licence recognised throughout the Union and the application of the principle of home Member State prudential supervision.

    (16)

    The principles of mutual recognition and home Member State supervision require that Member States' competent authorities should refuse or withdraw authorisation where factors such as the content of the activities programme, the geographical distribution of activities or the activities actually carried out indicate clearly that a credit institution has opted for the legal system of one Member State for the purpose of evading the stricter standards in force in another Member State within whose territory it carries out or intends to carry out the greater part of its activities. Where there is no such clear indication, but the majority of the total assets of the entities in a banking group is located in another Member State, the competent authorities of which are responsible for exercising supervision on a consolidated basis, responsibility for exercising supervision on a consolidated basis should be changed only with the agreement of those competent authorities.

    (17)

    The competent authorities should not authorise or continue to authorise a credit institution where they are liable to be prevented from effectively exercising their supervisory functions by the close links between that institution and other natural or legal persons. Credit institutions already authorised should also satisfy the competent authorities in respect of such close links.

    (18)

    The reference to the supervisory authorities' effective exercise of their supervisory functions covers supervision on a consolidated basis which should be exercised over a credit institution or investment firm where Union law so provides. In such cases, the authorities applied to for authorisation should be able to identify the authorities competent to exercise supervision on a consolidated basis over that credit institution or investment firm.

    (19)

    Credit institutions authorised in their home Member States should be allowed to carry out throughout the Union any or all of the activities referred to in the list of activities subject to mutual recognition by establishing branches or by providing services.

    (20)

    It is appropriate to extend mutual recognition to those activities where they are carried out by financial institutions which are subsidiaries of credit institutions, provided that such subsidiaries are covered by the consolidated supervision of their parent undertakings and meet certain strict conditions.

    (21)

    The host Member State should be able, in connection with the exercise of the right of establishment and the freedom to provide services, to require compliance with specific provisions of its own national laws or regulations on the part of entities not authorised as credit institutions in their home Member States and with regard to activities not referred to in the list of activities subject to mutual recognition, provided that, on the one hand, such provisions are not already provided for in Regulation (EU) No 575/2013, are compatible with Union law and are intended to protect the general good and that, on the other, such entities or such activities are not subject to equivalent rules under the laws or regulations of their home Member States.

    (22)

    In addition to Regulation (EU) No 575/2013 which establishes directly applicable prudential requirements for credit institutions and investment firms, Member States should ensure that there are no obstacles to carrying out activities receiving mutual recognition in the same manner as in the home Member State, provided that the latter do not conflict with legal provisions protecting the general good in the host Member State.

    (23)

    The rules governing branches of credit institutions having their head office in a third country should be analogous in all Member States. It is important to provide that such rules are not more favourable than those applicable to branches of credit institutions from another Member State. The Union should be able to conclude agreements with third countries providing for the application of rules which accord such branches the same treatment throughout its territory. Branches of credit institutions authorised in third countries should not enjoy the freedom to provide services or the freedom of establishment in Member States other than those in which they are established.

    (24)

    Agreement should be reached between the Union and third countries with a view to allowing the practical exercise of consolidated supervision over the largest possible geographical area.

    (25)

    Responsibility for supervising the financial soundness of a credit institution and in particular its solvency on a consolidated basis should lie with its home Member State. The supervision of Union banking groups should be the subject of close cooperation between the competent authorities of the home and host Member States.

    (26)

    The competent authorities of host Member States should have the power to carry out, on a case-by-case basis, on-the-spot checks and inspections of the activities of branches of institutions on their territory and require information from a branch about its activities and for statistical, informational, or supervisory purposes, where the host Member States consider it relevant for reasons of stability of the financial system.

    (27)

    The competent authorities of the host Member States should obtain information about activities carried out in their territories. Supervisory measures should be taken by the competent authorities of the home Member State unless the competent authorities of the host Member States have to take precautionary emergency measures.

    (28)

    The smooth operation of the internal banking market requires not only legal rules but also close and regular cooperation and significantly enhanced convergence of regulatory and supervisory practices between the competent authorities of the Member States. To that end, consideration of problems concerning individual credit institutions and the mutual exchange of information should take place through EBA. That mutual information procedure should not replace bilateral cooperation. Competent authorities of the host Member States should always be able, in an emergency, on their own initiative or on the initiative of the competent authorities of the home Member State, to check that the activities of a credit institution established within their territories comply with the relevant laws and with the principles of sound administrative and accounting procedures and adequate internal control.

    (29)

    It is appropriate to allow the exchange of information between the competent authorities and authorities or bodies which, by virtue of their function, help to strengthen the stability of the financial system. In order to preserve the confidential nature of the information forwarded, the list of addressees should be strictly limited.

    (30)

    Certain behaviour, such as fraud or insider dealing, is liable to affect the stability and the integrity of the financial system. It is necessary to specify the conditions under which exchange of information in such cases is authorised.

    (31)

    Where it is stipulated that information may be disclosed only with the express agreement of the competent authorities, the competent authorities should be able to make their agreement subject to compliance with strict conditions.

    (32)

    Exchanges of information should be authorised between the competent authorities and central banks and other bodies with a similar function in their capacity as monetary authorities and, where necessary for reasons of prudential supervision, prevention and resolution of failing institutions and in emergency situations, if relevant, other public authorities and departments of central government administrations responsible for drawing up legislation on the supervision of credit institutions, financial institutions, investment services and insurance companies, and public authorities responsible for supervising payment systems.

    (33)

    For the purposes of strengthening the prudential supervision of institutions and the protection of clients of institutions, auditors should have a duty to report promptly to the competent authorities, wherever, during the performance of their tasks, they become aware of certain facts which are liable to have a serious effect on the financial situation or the administrative and accounting organisation of an institution. For the same reason Member States should also provide that such a duty applies in all circumstances where such facts are discovered by an auditor during the performance of his tasks in an undertaking which has close links with an institution. The duty of auditors to communicate, where appropriate, to the competent authorities certain facts and decisions concerning an institution which they discover during the performance of their tasks in a non-financial undertaking should not in itself change the nature of their tasks in that undertaking nor the manner in which they should perform those tasks in that undertaking.

    (34)

    This Directive and Regulation (EU) No 575/2013 aim to ensure the solvency of institutions. If, notwithstanding the solvency requirements, a crisis occurs, it is necessary to ensure that institutions can be resolved in an orderly manner, limiting the negative impact on the real economy and avoiding the need for taxpayers to step in. For that purpose, pending further coordination at Union level, EBA should assess and coordinate initiatives, in accordance with Regulation (EU) No 1093/2010, on recovery and resolution plans with a view to promoting convergence in that area. To that end, EBA should be fully informed in advance of the organisation of meetings on recovery and resolution plans and should be entitled to participate in such meetings. Some Member States' authorities have already introduced obligations for institutions and authorities to prepare recovery and resolution plans. It is therefore appropriate that institutions be required to cooperate with authorities in that regard. Where a recovery or resolution plan is being drafted, EBA should contribute to and participate actively in the development and coordination of effective and consistent recovery and resolution plans in accordance with Regulation (EU) No 1093/2010. Priority should be given where such plans involve systemically important institutions.

    (35)

    In order to ensure compliance with the obligations deriving from this Directive and from Regulation (EU) No 575/2013 by institutions, by those who effectively control the business of an institution and by the members of an institution's management body, and to ensure similar treatment across the Union, Member States should be required to provide for administrative penalties and other administrative measures which are effective, proportionate and dissuasive. Therefore, administrative penalties and other administrative measures laid down by Member States should satisfy certain essential requirements in relation to addressees, the criteria to be taken into account in their application, their publication, key powers to impose penalties and levels of administrative pecuniary penalties.

    (36)

    In particular, competent authorities should be empowered to impose administrative pecuniary penalties which are sufficiently high to offset the benefits that can be expected and to be dissuasive even to larger institutions and their managers.

    (37)

    In order to ensure a consistent application of administrative penalties or other administrative measures across Member States, when determining the type of administrative penalties or other administrative measures and the level of administrative pecuniary penalties Member States should be required to ensure that the competent authorities take into account all relevant circumstances.

    (38)

    In order to ensure that administrative penalties have a dissuasive effect, they should normally be published except in certain well-defined circumstances.

    (39)

    For the purposes of assessing the good repute of directors and members of a management body, an efficient system of exchange of information is required where EBA, subject to professional secrecy and data protection requirements, should be entitled to maintain a central database containing details of administrative penalties, including any appeals in relation thereto, which is accessible to competent authorities only. In any event, information about criminal convictions should be exchanged in accordance with Framework Decision 2009/315/JHA (7) and Decision 2009/316/JHA (8), as transposed into national law, and with other relevant provisions of national law.

    (40)

    In order to detect potential breaches of national provisions transposing this Directive and of Regulation (EU) No 575/2013, competent authorities should have the necessary investigatory powers and should establish effective mechanisms to encourage reporting of potential or actual breaches. Those mechanisms should be without prejudice to the rights of the defence of anyone who has been charged.

    (41)

    This Directive should provide for administrative penalties and other administrative measures in order to ensure the greatest possible scope for action following a breach and to help prevent further breaches, irrespective of their qualification as an administrative penalty or other administrative measure under national law. Member States should be able to provide for additional penalties to, and higher level of administrative pecuniary penalties than, those provided for in this Directive.

    (42)

    This Directive should be without prejudice to any provisions in the law of Member States relating to criminal penalties.

    (43)

    Member States should ensure that credit institutions and investment firms have internal capital that, having regard to the risks to which they are or may be exposed, is adequate in quantity, quality and distribution. Accordingly, Member States should ensure that credit institutions and investment firms have strategies and processes in place for assessing and maintaining the adequacy of their internal capital.

    (44)

    Competent authorities should be entrusted with ensuring that institutions have a good organisation and adequate own funds, having regard to the risks to which the institutions are or might be exposed.

    (45)

    To ensure that institutions which are active in several Member States are not disproportionately burdened as a result of the continued responsibilities of individual Member State competent authorities as regards authorisation and supervision, it is essential to significantly enhance the cooperation between competent authorities. EBA should facilitate and enhance such cooperation.

    (46)

    In order to ensure comprehensive market discipline across the Union, it is appropriate that competent authorities publish information concerning the carrying out of the business of credit institutions and investment firms. Such information should be sufficient to enable a comparison of the approaches adopted by the different competent authorities of the Member States and complement requirements found in Regulation (EU) No 575/2013 regarding disclosure of technical information by institutions.

    (47)

    Supervision of institutions on a consolidated basis aims to protect the interests of depositors and investors of institutions and to ensure the stability of the financial system. In order to be effective, supervision on a consolidated basis should therefore be applied to all banking groups, including those the parent undertakings of which are not credit institutions or investment firms. Member States should provide competent authorities with the necessary legal instruments to enable them to exercise such supervision.

    (48)

    In the case of groups with diversified activities where parent undertakings control at least one subsidiary, the competent authorities should be able to assess the financial situation of each credit institution or investment firm in such a group. The competent authorities should at least have the means of obtaining from all undertakings within a group the information necessary for the performance of their function. Cooperation between the authorities responsible for the supervision of different financial sectors should be established in the case of groups of undertakings carrying out a range of financial activities.

    (49)

    Member States should be able to refuse or withdraw a credit institution's authorisation in the case of certain group structures considered inappropriate for carrying out banking activities, because such structures cannot be supervised effectively. In that respect the competent authorities should have the necessary powers to ensure the sound and prudent management of credit institutions. In order to secure a sustainable and diverse Union banking culture which primarily serves the interest of the citizens of the Union, small-scale banking activities, such as those of credit unions and cooperative banks, should be encouraged.

    (50)

    The mandates of competent authorities should take into account, in an appropriate manner, the Union dimension. Competent authorities should therefore duly consider the effect of their decisions not only on the stability of the financial system in their jurisdiction but also in all other Member States concerned. Subject to national law, that principle should serve to promote financial stability across the Union and should not legally bind competent authorities to achieve a specific result.

    (51)

    The financial crisis demonstrated links between the banking sector and so-called ‧shadow banking‧. Some shadow banking usefully keeps risks separate from the banking sector and hence avoids potential negative effects on taxpayers and systemic impact. Nevertheless, a fuller understanding of shadow banking operations and their links to financial sector entities, and tighter regulation to provide transparency, a reduction of systemic risk and the elimination of any improper practices are necessary for the stability of the financial system. Additional reporting from institutions can establish some of this but specific new regulation is also necessary.

    (52)

    Increased transparency regarding the activities of institutions, and in particular regarding profits made, taxes paid and subsidies received, is essential for regaining the trust of citizens of the Union in the financial sector. Mandatory reporting in that area can therefore be seen as an important element of the corporate responsibility of institutions towards stakeholders and society.

    (53)

    Weaknesses in corporate governance in a number of institutions have contributed to excessive and imprudent risk-taking in the banking sector which has led to the failure of individual institutions and systemic problems in Member States and globally. The very general provisions on governance of institutions and the non-binding nature of a substantial part of the corporate governance framework, based essentially on voluntary codes of conduct, did not sufficiently facilitate the effective implementation of sound corporate governance practices by institutions. In some cases, the absence of effective checks and balances within institutions resulted in a lack of effective oversight of management decision-making, which exacerbated short-term and excessively risky management strategies. The unclear role of the competent authorities in overseeing corporate governance systems in institutions did not allow for sufficient supervision of the effectiveness of the internal governance processes.

    (54)

    In order to address the potentially detrimental effect of poorly designed corporate governance arrangements on the sound management of risk, Member States should introduce principles and standards to ensure effective oversight by the management body, promote a sound risk culture at all levels of credit institutions and investment firms and enable competent authorities to monitor the adequacy of internal governance arrangements. Those principles and standards should apply taking into account the nature, scale and complexity of institutions' activities. Member States should be able to impose corporate governance principles and standards additional to those required by this Directive.

    (55)

    Different governance structures are used across Member States. In most cases a unitary or a dual board structure is used. The definitions used in this Directive are intended to embrace all existing structures without advocating any particular structure. They are purely functional for the purpose of setting out rules aimed at a particular outcome irrespective of the national company law applicable to an institution in each Member State. The definitions should therefore not interfere with the general allocation of competences in accordance with national company law.

    (56)

    A management body should be understood to have executive and supervisory functions. The competence and structure of management bodies differ across Member States. In Member States where management bodies have a one-tier structure, a single board usually performs management and supervisory tasks. In Member States with a two-tier system, the supervisory function is performed by a separate supervisory board which has no executive functions and the executive function is performed by a separate management board which is responsible and accountable for the day-to-day management of the undertaking. Accordingly, separate tasks are assigned to the different entities within the management body.

    (57)

    The role of non-executive members of the management body within an institution should include constructively challenging the strategy of the institution and thereby contributing to its development, scrutinising the performance of management in achieving agreed objectives, satisfying themselves that financial information is accurate and that financial controls and systems of risk management are robust and defensible, scrutinising the design and implementation of the institution's remuneration policy and providing objective views on resources, appointments and standards of conduct.

    (58)

    In order to monitor management actions and decisions effectively, the management body of an institution should commit sufficient time to allow it to perform its functions and to be able to understand the business of the institution, its main risk exposures and the implications of the business and the risk strategy. Combining too high a number of directorships would preclude a member of the management body from spending adequate time on the performance of that oversight role. Therefore, it is necessary to limit the number of directorships a member of the management body of an institution may hold at the same time in different entities. However, directorships in organisations which do not pursue predominantly commercial objectives, such as non-profit-making or charitable organisations, should not be taken into account for the purposes of applying such a limit.

    (59)

    When appointing members of the management body, the shareholders or members of an institution should consider whether the candidates have the knowledge, qualifications and skills necessary to safeguard proper and prudent management of the institution. Those principles should be exercised and manifested through transparent and open appointment procedures, with regard to members of the management body.

    (60)

    The lack of monitoring by management bodies of management decisions is partly due to the phenomenon of ‧groupthink‧. This phenomenon is, inter alia, caused by a lack of diversity in the composition of management bodies. To facilitate independent opinions and critical challenge, management bodies of institutions should therefore be sufficiently diverse as regards age, gender, geographical provenance and educational and professional background to present a variety of views and experiences. Gender balance is of particular importance to ensure adequate representation of population. In particular, institutions not meeting a threshold for representation of the underrepresented gender should take appropriate action as a matter of priority. Employee representation in management bodies could also, by adding a key perspective and genuine knowledge of the internal workings of institutions, be seen as a positive way of enhancing diversity. More diverse management bodies should more effectively monitor management and therefore contribute to improved risk oversight and resilience of institutions. Therefore, diversity should be one of the criteria for the composition of management bodies. Diversity should also be addressed in institutions' recruitment policy more generally. Such a policy should, for instance, encourage institutions to select candidates from shortlists including both genders.

    (61)

    In order to strengthen legal compliance and corporate governance, Member States should establish effective and reliable mechanisms to encourage reporting to competent authorities of potential or actual breaches of national provisions transposing this Directive and of Regulation (EU) No 575/2013. Employees reporting breaches committed within their own institutions should be fully protected.

    (62)

    Remuneration policies which encourage excessive risk-taking behaviour can undermine sound and effective risk management of credit institutions and investment firms. Members of the G-20 committed themselves to implementing the Financial Stability Board (FSB) Principles for Sound Compensation Practices and Implementing Standards, which address the potentially detrimental effect of poorly designed remuneration structures on the sound management of risk and control of risk-taking behaviour by individuals. This Directive aims to implement international principles and standards at Union level by introducing an express obligation for credit institutions and investment firms to establish and maintain, for categories of staff whose professional activities have a material impact on the risk profile of credit institutions and investment firms, remuneration policies and practices that are consistent with effective risk management.

    (63)

    In order to ensure that institutions have in place sound remuneration policies, it is appropriate to specify clear principles on governance and on the structure of remuneration policies. In particular, remuneration policies should be aligned with the risk appetite, values and long-term interests of the credit institution or investment firm. For that purpose, the assessment of the performance-based component of remuneration should be based on long-term performance and take into account the current and future risks associated with that performance.

    (64)

    When considering the policy on variable remuneration a distinction should be made between fixed remuneration, which includes payments, proportionate regular pension contributions, or benefits (where such benefits are without consideration of any performance criteria), and variable remuneration, which includes additional payments, or benefits depending on performance or, in exceptional circumstances, other contractual elements but not those which form part of routine employment packages (such as healthcare, child care facilities or proportionate regular pension contributions). Both monetary and non-monetary benefits should be included.

    (65)

    In any event, in order to avoid excessive risk taking, a maximum ratio between the fixed and the variable component of the total remuneration should be set. It is appropriate to provide for a certain role for the shareholders, owners or members of institutions in that respect. Member States should be able to set stricter requirements as regards the relationship between the fixed and the variable components of the total remuneration. With a view to encouraging the use of equity or debt instruments which are payable under long-term deferral arrangements as a component of variable remuneration, Member States should be able, within certain limits, to allow institutions to apply a notional discount rate when calculating the value of such instruments for the purposes of applying the maximum ratio. However, Member States should not be obliged to provide for such a facility and should be able to provide for it to apply to a lower maximum percentage of total variable remuneration than set out in this Directive. With a view to ensuring a harmonised and coherent approach which guarantees a level playing field across the internal market, EBA should provide appropriate guidance on the applicable notional discount rate to be used.

    (66)

    In order to ensure that the design of remuneration policies is integrated in the risk management of the institution, the management body should adopt and periodically review the remuneration policies in place. The provisions of this Directive on remuneration should reflect differences between different types of institutions in a proportionate manner, taking into account their size, internal organisation and the nature, scope and complexity of their activities. In particular it would not be proportionate to require certain types of investment firms to comply with all of those principles.

    (67)

    In order to protect and foster financial stability within the Union and to address any possible avoidance of the requirements laid down in this Directive, competent authorities should ensure compliance with the principles and rules on remuneration for institutions on a consolidated basis, that is at the level of the group, parent undertakings and subsidiaries, including the branches and subsidiaries established in third countries.

    (68)

    Since poorly designed remuneration policies and incentive schemes are capable of increasing to an unacceptable extent the risks to which credit institutions and investment firms are exposed, prompt remedial action and, if necessary, appropriate corrective measures should be taken. Consequently, it is appropriate to ensure that competent authorities have the power to impose qualitative or quantitative measures on the relevant institutions that are designed to address problems that have been identified in relation to remuneration policies in the supervisory review.

    (69)

    The provisions on remuneration should be without prejudice to the full exercise of fundamental rights guaranteed by Article 153(5) TFEU, general principles of national contract and labour law, Union and national law regarding shareholders' rights and involvement and the general responsibilities of the management bodies of the institution concerned, and the rights, where applicable, of the social partners to conclude and enforce collective agreements, in accordance with national law and customs.

    (70)

    Own funds requirements for credit risk and market risk should be based on external credit ratings only to the extent necessary. Where credit risk is material, institutions should therefore generally seek to implement internal ratings-based approaches or internal models. However, standardised approaches that rely on external credit ratings could be used where credit risk is less material, which is typically the case for less sophisticated institutions, for insignificant exposure classes, or in situations where using internal approaches would be overly burdensome.

    (71)

    Directives 2006/48/EC and 2006/49/EC are one of the pillars upon which the overreliance on external credit ratings was built. This Directive should take into account the G-20 conclusions and the FSB principles for Reducing Reliance on external credit ratings. Institutions should therefore be encouraged to use internal ratings rather than external credit ratings even for the purpose of calculating own funds requirements.

    (72)

    Overreliance on external credit ratings should be reduced and the automatic effects deriving from them should be gradually eliminated. Institutions should therefore be required to put in place sound credit-granting criteria and credit decision-making processes. Institutions should be able to use external credit ratings as one of several factors in that process but they should not rely solely or mechanistically on them.

    (73)

    The recognition of a credit rating agency as an external credit assessment institution (ECAI) should not increase the foreclosure of a market already dominated by three undertakings. EBA, the Member States' central banks and the ECB, without making the process easier or less demanding, should provide for the recognition of more credit rating agencies as ECAIs in order to open the market to other undertakings.

    (74)

    Given the wide range of approaches adopted by institutions using internal modelling approaches, it is important that competent authorities and EBA have a clear view of the range of values for risk-weighted assets and own funds requirements that arise for similar exposures under such approaches. To that end, institutions should be required to provide competent authorities with the results of internal models applied to EBA-developed benchmark portfolios covering a wide range of exposures. Based on the information received, competent authorities should take appropriate steps to ensure that similarities or differences in results for the same exposure are justifiable in terms of the risks incurred. More generally, the competent authorities and EBA should ensure that the choice between an internal modelling approach and a standardised approach does not result in the under-estimation of own funds requirements. While own funds requirements for operational risk are more difficult to allocate at individual exposure level and it is therefore appropriate to exclude this risk category from the benchmarking process, competent authorities should nevertheless keep abreast of developments in internal modelling approaches to operational risk, with the aim of monitoring the range of practices employed and improving supervisory approaches.

    (75)

    The development of relationship-based lending should be encouraged where information gleaned from a continuing business relationship with clients is used to get a better quality of due diligence and risk assessment than is available purely from standardised information and credit scores.

    (76)

    With respect to the supervision of liquidity, responsibility should lie with home Member States as soon as detailed criteria for the liquidity coverage requirement apply. It is therefore necessary to accomplish the coordination of supervision in this field in order to introduce supervision by the home Member State by that time. In order to ensure effective supervision, the competent authorities of the home and host Member States should further cooperate in the field of liquidity.

    (77)

    Where within a group liquid assets in one institution will under stress circumstances match liquidity needs of another member of that group, competent authorities should be able to exempt an institution from liquidity coverage requirements and apply those requirements on a consolidated basis instead.

    (78)

    Measures taken on the basis of this Directive should be without prejudice to measures taken in accordance with Directive 2001/24/EC of the European Parliament and of the Council of 4 April 2001 on the reorganisation and winding up of credit institutions (9). Supervisory measures should not lead to discrimination among creditors from different Member States.

    (79)

    In the light of the financial crisis and the pro-cyclical mechanisms that contributed to its origin and aggravated its effect, the FSB, the Basel Committee on Banking Supervision (BCBS), and the G-20 made recommendations to mitigate the pro-cyclical effects of financial regulation. In December 2010, the BCBS issued new global regulatory standards on bank capital adequacy (the Basel III rules), including rules requiring the maintenance of capital conservation and countercyclical capital buffers.

    (80)

    It is therefore appropriate to require credit institutions and relevant investment firms to hold, in addition to other own fund requirements, a capital conservation buffer and a countercyclical capital buffer to ensure that they accumulate, during periods of economic growth, a sufficient capital base to absorb losses in stressed periods. The countercyclical capital buffer should be built up when aggregate growth in credit and other asset classes with a significant impact on the risk profile of such credit institutions and investment firms are judged to be associated with a build-up of system-wide risk, and drawn down during stressed periods.

    (81)

    In order to ensure that countercyclical capital buffers properly reflect the risk to the banking sector of excessive credit growth, credit institutions and investment firms should calculate their institution-specific buffers as a weighted average of the countercyclical buffer rates that apply in the countries where their credit exposures are located. Every Member State should therefore designate an authority responsible for the quarterly setting of the countercyclical buffer rate for exposures located in that Member State. That buffer rate should take into account the growth of credit levels and changes to the ratio of credit to GDP in that Member State, and any other variables relevant to the risks to the stability of the financial system.

    (82)

    In order to promote international consistency in setting countercyclical buffer rates, the BCBS has developed a methodology on the basis of the ratio between credit and GDP. This should serve as a common starting point for decisions on buffer rates by the relevant national authorities, but should not give rise to an automatic buffer setting or bind the designated authority. The buffer rate should reflect, in a meaningful way, the credit cycle and the risks due to excess credit growth in the Member State and should duly take into account specificities of the national economy.

    (83)

    Restrictions on variable remuneration are an important element in ensuring that credit institutions and investment firms rebuild their capital levels when operating within the buffer range. Credit institutions and investment firms are already subject to the principle that awards and discretionary payments of variable remuneration to those categories of staff whose professional activities have a material impact on the risk profile of the institution have to be sustainable, having regard to the financial situation of the institution. In order to ensure that an institution restores its levels of own funds in a timely manner, it is appropriate to align the award of variable remuneration and discretionary pension benefits with the profit situation of the institution during any period in which the combined buffer requirement is not met, taking into account the long-term health of the institution.

    (84)

    Institutions should address and control all concentration risks by means of written policies and procedures. Given the nature of public sector exposures, controlling concentration risks is more effective than risk weighting those exposures, given their size and the difficulties in calibrating own funds requirements. The Commission should, at an appropriate time, submit a report to the European Parliament and the Council about any desirable changes to the prudential treatment of concentration risk.

    (85)

    Member States should be able to require certain institutions to hold, in addition to a capital conservation buffer and a countercyclical capital buffer, a systemic risk buffer in order to prevent and mitigate long-term non-cyclical systemic or macroprudential risks not covered by Regulation (EU) No 575/2013, where there is a risk of disruption in the financial system with the potential to have serious negative consequences for the financial system and the real economy in a specific Member State. The systemic risk buffer rate should apply to all institutions, or to one or more subsets of those institutions, where the institutions exhibit similar risk profiles in their business activities.

    (86)

    In order to ensure consistent macroprudential oversight across the Union, it is appropriate that the European Systemic Risk Board (ESRB) develop principles tailored to the Union economy and be responsible for monitoring their application. This Directive should not prevent the ESRB from taking any actions that it considers necessary under Regulation (EU) No 1092/2010 of the European Parliament and of the Council of 24 November 2010 on European Union macroprudential oversight of the financial system and establishing a European Systemic Risk Board (10).

    (87)

    Member States should be able to recognise the systemic risk buffer rate set by another Member State and apply that buffer rate to domestically authorised institutions for the exposures located in the Member State setting the buffer rate. The Member State setting the buffer rate should also be able to ask the ESRB to issue a recommendation as referred to in Article 16 of Regulation (EU) No 1092/2010, addressed to one or more Member States which are in a position to recognise the systemic risk buffer rate recommending that they do so. Such a recommendation is subject to the "comply or explain" rule set out in Article 3(2) and Article 17 of that Regulation.

    (88)

    It is appropriate that decisions of Member States on countercyclical buffer rates are coordinated as far as possible. In that regard, the ESRB, if requested to do so by competent or designated authorities, could facilitate discussions between those authorities about setting proposed buffer rates, including relevant variables.

    (89)

    Where a credit institution or investment firm fails to meet in full the combined buffer requirement, it should be subject to measures designed to ensure that it restores its levels of own funds in a timely manner. In order to conserve capital, it is appropriate to impose proportionate restrictions on discretionary distributions of profits, including dividend payments and payments of variable remuneration. So as to ensure that such institutions or firms have a credible strategy to restore levels of own funds, they should be required to draw up and agree with the competent authorities a capital conservation plan that sets out how the restrictions on distributions will be applied and other measures that the institution or firm intends to take to ensure compliance with the full buffer requirements.

    (90)

    Authorities are expected to impose higher own funds requirements on global systemically important institutions (G-SIIs) in order to compensate for the higher risk that G-SIIs represent for the financial system and the potential impact of their failure on taxpayers. Where an authority imposes the systemic risk buffer and the G-SII buffer is applicable, the higher of the two should apply. Where the systemic risk buffer only applies to domestic exposures, it should be cumulative with the G-SII buffer or the buffer relating to other systemically important institutions (O-SIIs) which is applied in accordance with this Directive.

    (91)

    Technical standards in financial services should ensure consistent harmonisation and adequate protection of depositors, investors and consumers across the Union. As a body with highly specialised expertise, it would be efficient and appropriate to entrust EBA with the elaboration of draft regulatory and implementing technical standards which do not involve policy choices, for submission to the Commission. EBA should ensure efficient administrative and reporting processes when drafting technical standards.

    (92)

    The Commission should adopt regulatory technical standards developed by EBA in the areas of authorisations and acquisitions of significant holdings in credit institutions, information exchanges between competent authorities, the exercise of the freedom of establishment and the freedom to provide services, supervisory collaboration, remuneration policies of credit institutions and investment firms and the supervision of mixed financial holding companies by means of delegated acts pursuant to Article 290 TFEU and in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010. The Commission and EBA should ensure that those standards can be applied by all institutions concerned in a manner that is proportionate to the nature, scale and complexity of those institutions and their activities.

    (93)

    Given the detail and number of regulatory technical standards that are to be adopted pursuant to this Directive, where the Commission adopts a regulatory technical standard which is the same as the draft regulatory technical standard submitted by EBA, the period within which the European Parliament or the Council may object to a regulatory technical standard should, where appropriate, be further extended by one month. Moreover, the Commission should aim to adopt the regulatory technical standards in good time to permit the European Parliament and the Council to exercise full scrutiny, taking account of the volume and complexity of regulatory technical standards and the details of the European Parliament's and the Council's rules of procedure, calendar of work and composition.

    (94)

    The Commission should also be empowered to adopt implementing technical standards developed by EBA in the areas of authorisation of and acquisitions of significant holdings in credit institutions, information exchange between competent authorities, supervisory collaboration, specific prudential requirements and disclosure of information by supervisory authorities by means of implementing acts pursuant to Article 291 TFEU and in accordance with Article 15 of Regulation (EU) No 1093/2010.

    (95)

    In order to ensure uniform conditions for the implementation of this Directive, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 on laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission's exercise of implementing powers (11).

    (96)

    In order to specify the requirements set out in this Directive, the power to adopt acts in accordance with Article 290 TFEU should be delegated to the Commission in respect of clarifying the definitions and the terminology used in this Directive, expanding the list of activities subject to mutual recognition and improving the exchange of information concerning branches of credit institutions. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level. The Commission, when preparing and drawing up delegated acts, should ensure a simultaneous, timely and appropriate transmission of relevant documents to the European Parliament and to the Council.

    (97)

    References to Directives 2006/48/EC and 2006/49/EC should be construed as references to this Directive and to Regulation (EU) No 575/2013.

    (98)

    Directive 2002/87/EC of the European Parliament and of the Council of 16 December 2002 on the supplementary supervision of credit institutions, insurance undertakings and investment firms in a financial conglomerate (12), Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007 on payment services in the internal market (13), Directive 2009/65/EC of the European Parliament and of the Council of 13 July 2009 on the coordination of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities (UCITS) (14), Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions (15) and Directive 2011/61/EU of the European Parliament and of the Council of 8 June 2011 on Alternative Investment Fund Managers (16) refer to provisions of Directives 2006/48/EC and 2006/49/EC concerning own funds requirements which should be set out in this Directive and in Regulation (EU) No 575/2013. Consequently, references in those Directives to Directives 2006/48/EC and 2006/49/EC should be construed as references to the provisions governing own funds requirements in this Directive and in Regulation (EU) No 575/2013.

    (99)

    In order to allow for technical standards to be developed so that institutions that are part of a financial conglomerate apply the appropriate calculation methods for the determination of required capital on a consolidated basis, Directive 2002/87/EC should be amended accordingly.

    (100)

    In order for the internal banking market to operate with increasing effectiveness and for citizens of the Union to be afforded adequate levels of transparency, it is necessary that competent authorities publish, in a manner which allows for meaningful comparison, information on the manner in which this Directive is implemented.

    (101)

    With respect to the supervision of liquidity, there should be a period of time within which Member States effect transition towards the regulatory regime under which detailed criteria for the liquidity coverage requirement apply.

    (102)

    In order to ensure a stable, smooth and progressive transition by institutions to new liquidity and stable funding requirements at Union level, competent authorities should make full use of their supervisory powers under this Directive and under any applicable national law. In particular, competent authorities should assess whether there is a need to apply administrative penalties or other administrative measures, including prudential charges, the level of which should broadly relate to the disparity between the actual liquidity position of an institution and the liquidity and stable funding requirements. In making this assessment, competent authorities should have due regard to market conditions. Such administrative penalties or other administrative measures should apply until detailed legal acts on liquidity and stable funding requirements are implemented at Union level.

    (103)

    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (17) and Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (18), should be fully applicable to the processing of personal data for the purposes of this Directive.

    (104)

    Since the objectives of this Directive, namely the introduction of rules concerning access to the activity of institutions, and the prudential supervision of institutions, cannot be sufficiently achieved by the Member States and can therefore, by reason of the scale and the effects of the proposed action, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Directive does not go beyond what is necessary in order to achieve those objectives.

    (105)

    In accordance with the Joint Political Declaration of Member States and the Commission on explanatory documents of 28 September 2011, Member States have undertaken to accompany, in justified cases, the notification of their transposition measures with one or more documents explaining the relationship between the components of a directive and the corresponding parts of national transposition instruments. With regard to this Directive, the legislator considers the transmission of such documents to be justified.

    (106)

    The European Data Protection Supervisor has been consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 and has adopted an opinion (19).

    (107)

    Directive 2002/87/EC should be amended accordingly and Directives 2006/48/EC and 2006/49/EC should be repealed,

    HAVE ADOPTED THIS DIRECTIVE:

    TITLE I

    SUBJECT MATTER, SCOPE AND DEFINITIONS

    Article 1

    Subject matter

    This Directive lays down rules concerning:

    (a)

    access to the activity of credit institutions and investment firms (collectively referred to as "institutions");

    (b)

    supervisory powers and tools for the prudential supervision of institutions by competent authorities;

    (c)

    the prudential supervision of institutions by competent authorities in a manner that is consistent with the rules set out in Regulation (EU) No 575/2013;

    (d)

    publication requirements for competent authorities in the field of prudential regulation and supervision of institutions.

    Article 2

    Scope

    1.   This Directive shall apply to institutions.

    2.   Article 30 shall apply to local firms.

    3.   Article 31 shall apply to the firms referred to in point (2)(c) of Article 4(1) of Regulation (EU) No 575/2013.

    4.   Article 34 and Title VII, Chapter 3 shall apply to financial holding companies, mixed financial holding companies and mixed-activity holding companies which have their head offices in the Union;

    5.   This Directive shall not apply to the following:

    (1)

    access to the activity of investment firms in so far as it is regulated by Directive 2004/39/EC;

    (2)

    central banks;

    (3)

    post office giro institutions;

    (4)

    in Belgium, the ‧Institut de Réescompte et de Garantie/Herdiscontering- en Waarborginstituut‧;

    (5)

    in Denmark, the ‧Eksport Kredit Fonden‧, the ‧Eksport Kredit Fonden A/S‧, the ‧Danmarks Skibskredit A/S‧ and the ‧KommuneKredit‧;

    (6)

    in Germany, the ‧Kreditanstalt für Wiederaufbau‧, undertakings which are recognised under the ‧Wohnungsgemeinnützigkeitsgesetz‧ as bodies of State housing policy and are not mainly engaged in banking transactions, and undertakings recognised under that law as non-profit housing undertakings;

    (7)

    in Estonia, the ‧hoiu-laenuühistud‧, as cooperative undertakings that are recognised under the ‧hoiu-laenuühistu seadus‧;

    (8)

    in Ireland, credit unions and the friendly societies;

    (9)

    in Greece, the ‧Ταμείο Παρακαταθηκών και Δανείων‧ (Tamio Parakatathikon kai Danion);

    (10)

    in Spain, the ‧Instituto de Crédito Oficial‧;

    (11)

    in France, the ‧Caisse des dépôts et consignations‧;

    (12)

    in Italy, the ‧Cassa depositi e prestiti‧;

    (13)

    in Latvia, the ‧krājaizdevu sabiedrības‧, undertakings that are recognised under the ‧krājaizdevu sabiedrību likums‧ as cooperative undertakings rendering financial services solely to their members;

    (14)

    in Lithuania, the ‧kredito unijos‧ other than the ‧Centrinė kredito unija‧;

    (15)

    in Hungary, the ‧MFB Magyar Fejlesztési Bank Zártkörűen Működő Részvénytársaság‧ and the ‧Magyar Export-Import Bank Zártkörűen Működő Részvénytársaság‧;

    (16)

    in the Netherlands, the ‧Nederlandse Investeringsbank voor Ontwikkelingslanden NV‧, the ‧NV Noordelijke Ontwikkelingsmaatschappij‧, the ‧NV Industriebank Limburgs Instituut voor Ontwikkeling en Financiering‧ and the ‧Overijsselse Ontwikkelingsmaatschappij NV‧;

    (17)

    in Austria, undertakings recognised as housing associations in the public interest and the ‧Österreichische Kontrollbank AG‧;

    (18)

    in Poland, the ‧Spółdzielcze Kasy Oszczędnościowo — Kredytowe‧ and the ‧Bank Gospodarstwa Krajowego‧;

    (19)

    in Portugal, the ‧Caixas Económicas‧ existing on 1 January 1986 with the exception of those incorporated as limited companies and of the ‧Caixa Económica Montepio Geral‧;

    (20)

    in Slovenia, the ‧SID-Slovenska izvozna in razvojna banka, d.d. Ljubljana‧;

    (21)

    in Finland, the ‧Teollisen yhteistyön rahasto Oy/Fonden för industriellt samarbete AB‧, and the ‧Finnvera Oyj/Finnvera Abp‧;

    (22)

    in Sweden, the ‧Svenska Skeppshypotekskassan‧;

    (23)

    in the United Kingdom, the National Savings Bank, the Commonwealth Development Finance Company Ltd, the Agricultural Mortgage Corporation Ltd, the Scottish Agricultural Securities Corporation Ltd, the Crown Agents for overseas governments and administrations, credit unions and municipal banks.

    6.   The entities referred to in point (1) and points (3) to (23) of paragraph 5 of this Article shall be treated as financial institutions for the purposes of Article 34 and Title VII, Chapter 3.

    Article 3

    Definitions

    1.   For the purposes of this Directive, the following definitions shall apply:

    (1)

    ‧credit institution‧ means credit institution as defined in point (1) of Article 4(1) of Regulation (EU) No 575/2013;

    (2)

    ‧investment firm‧ means investment firm as defined in point (2) of Article 4(1) of Regulation (EU) No 575/2013;

    (3)

    ‧institution‧ means institution as defined in point (3) of Article 4(1) of Regulation (EU) No 575/2013;

    (4)

    ‧local firm‧ means local firm as defined in point (4) of Article 4(1) of Regulation (EU) No 575/2013;

    (5)

    ‧insurance undertaking‧ means insurance undertaking as defined in point (5) of Article 4(1) of Regulation (EU) No 575/2013;

    (6)

    ‧reinsurance undertaking‧ means reinsurance undertaking as defined in point (6) of Article 4(1) of Regulation (EU) No 575/2013;

    (7)

    ‧management body‧ means an institution's body or bodies, which are appointed in accordance with national law, which are empowered to set the institution's strategy, objectives and overall direction, and which oversee and monitor management decision-making, and include the persons who effectively direct the business of the institution;

    (8)

    ‧management body in its supervisory function‧ means the management body acting in its role of overseeing and monitoring management decision-making;

    (9)

    ‧senior management‧ means those natural persons who exercise executive functions within an institution and who are responsible, and accountable to the management body, for the day-to-day management of the institution;

    (10)

    ‧systemic risk‧ means a risk of disruption in the financial system with the potential to have serious negative consequences for the financial system and the real economy;

    (11)

    ‧model risk‧ means the potential loss an institution may incur, as a consequence of decisions that could be principally based on the output of internal models, due to errors in the development, implementation or use of such models;

    (12)

    ‧originator‧ means originator as defined in point (13) of Article 4(1) of Regulation (EU) No 575/2013;

    (13)

    ‧sponsor‧ means sponsor as defined in point (14) of Article 4(1) of Regulation (EU) No 575/2013;

    (14)

    ‧parent undertaking‧ means parent undertaking as defined in point (15) of Article 4(1) of Regulation (EU) No 575/2013;

    (15)

    ‧subsidiary‧ means subsidiary as defined in point (16) of Article 4(1) of Regulation (EU) No 575/2013;

    (16)

    ‧branch‧ means branch as defined in point (17) of Article 4(1) of Regulation (EU) No 575/2013;

    (17)

    ‧ancillary services undertaking‧ means ancillary services undertaking as defined in point (18) of Article 4(1) of Regulation (EU) No 575/2013;

    (18)

    ‧asset management company‧ means asset management company as defined in point (19) of Article 4(1) of Regulation (EU) No 575/2013;

    (19)

    ‧financial holding company‧ means financial holding company as defined in point (20) of Article 4(1) of Regulation (EU) No 575/2013;

    (20)

    ‧mixed financial holding company‧ means mixed financial holding company as defined in point (21) of Article 4(1) of Regulation (EU) No 575/2013;

    (21)

    ‧mixed activity holding company‧ means mixed activity holding company as defined in point (22) of Article 4(1) of Regulation (EU) No 575/2013;

    (22)

    ‧financial institution‧ means financial institution as defined in point (26) of Article 4(1) of Regulation (EU) No 575/2013;

    (23)

    ‧financial sector entity‧ means financial sector entity as defined in point (27) of Article 4(1) of Regulation (EU) No 575/2013;

    (24)

    ‧parent institution in a Member State‧ means parent institution in a Member State as defined in point (28) of Article 4(1) of Regulation (EU) No 575/2013;

    (25)

    ‧EU parent institution‧ means EU parent institution as defined in point (29) of Article 4(1) of Regulation (EU) No 575/2013;

    (26)

    ‧parent financial holding company in a Member State‧ means parent financial holding company in a Member State as defined in point (30) of Article 4(1) of Regulation (EU) No 575/2013;

    (27)

    ‧EU parent financial holding company‧ means EU parent financial holding company as defined in point (31) of Article 4(1) of Regulation (EU) No 575/2013;

    (28)

    ‧parent mixed financial holding company in a Member State‧ means parent mixed financial holding company in a Member State as defined in point (32) of Article 4(1) of Regulation (EU) No 575/2013;

    (29)

    ‧EU parent mixed financial holding company‧ means EU parent mixed financial holding company as defined in point (33) of Article 4(1) of Regulation (EU) No 575/2013;

    (30)

    ‧systemically important institution‧ means an EU parent institution, an EU parent financial holding company, an EU parent mixed financial holding company or an institution the failure or malfunction of which could lead to systemic risk;

    (31)

    ‧central counterparty‧ means central counterparty as defined in point (34) of Article 4(1) of Regulation (EU) No 575/2013;

    (32)

    ‧participation‧ means participation as defined in point (35) of Article 4(1) of Regulation (EU) No 575/2013;

    (33)

    ‧qualifying holding‧ means qualifying holding as defined in point (36) of Article 4(1) of Regulation (EU) No 575/2013;

    (34)

    ‧control‧ means control as defined in point (37) of Article 4(1) of Regulation (EU) No 575/2013;

    (35)

    ‧close links‧ means close links as defined in point (38) of Article 4(1) of Regulation (EU) No 575/2013;

    (36)

    ‧competent authority‧ means competent authority as defined in point (40) of Article 4(1) of Regulation (EU) No 575/2013;

    (37)

    ‧consolidating supervisor‧ means consolidating supervisor as defined in point (41) of Article 4(1) of Regulation (EU) No 575/2013;

    (38)

    ‧authorisation‧ means authorisation as defined in point (42) of Article 4(1) of Regulation (EU) No 575/2013;

    (39)

    ‧home Member State‧ means home Member State as defined in point (43) of Article 4(1) of Regulation (EU) No 575/2013;

    (40)

    ‧host Member State‧ means host Member State as defined in point (44) of Article 4(1) of Regulation (EU) No 575/2013;

    (41)

    ‧ESCB central banks‧ means ESCB central banks as defined in point (45) of Article 4(1) of Regulation (EU) No 575/2013;

    (42)

    ‧central banks‧ means central banks as defined in point (46) of Article 4(1) of Regulation (EU) No 575/2013;

    (43)

    ‧consolidated situation‧ means consolidated situation as defined in point (47) of Article 4(1) of Regulation (EU) No 575/2013;

    (44)

    ‧consolidated basis‧ means consolidated basis as defined in point (48) of Article 4(1) of Regulation (EU) No 575/2013;

    (45)

    ‧sub-consolidated basis‧ means sub-consolidated basis as defined in point (49) of Article 4(1) of Regulation (EU) No 575/2013;

    (46)

    ‧financial instrument‧ means financial instrument as defined in point (50) of Article 4(1) of Regulation (EU) No 575/2013;

    (47)

    ‧own funds‧ means own funds as defined in point (118) of Article 4(1) of Regulation (EU) No 575/2013;

    (48)

    ‧operational risk‧ means operational risk as defined in point (52) of Article 4(1) of Regulation (EU) No 575/2013;

    (49)

    ‧credit risk mitigation‧ means credit risk mitigation as defined in point (57) of Article 4(1) of Regulation (EU) No 575/2013;

    (50)

    ‧securitisation‧ means securitisation as defined in point (61) of Article 4(1) of Regulation (EU) No 575/2013;

    (51)

    ‧securitisation position‧ means securitisation position as defined in point (62) of Article 4(1) of Regulation (EU) No 575/2013;

    (52)

    ‧securitisation special purpose entity‧ means securitisation special purpose entity as defined in point (66) of Article 4(1) of Regulation (EU) No 575/2013;

    (53)

    ‧discretionary pension benefits‧ means discretionary pension benefits as defined in point (73) of Article 4(1) of Regulation (EU) No 575/2013;

    (54)

    ‧trading book‧ means trading as defined in point (86) of Article 4(1) of Regulation (EU) No 575/2013;

    (55)

    ‧regulated market‧ means regulated market as defined in point (92) of Article 4(1) of Regulation (EU) No 575/2013;

    (56)

    ‧leverage‧ means leverage as defined in point (93) of Article 4(1) of Regulation (EU) No 575/2013;

    (57)

    ‧risk of excessive leverage‧ means risk of excessive leverage as defined in point (94) of Article 4(1) of Regulation (EU) No 575/2013;

    (58)

    ‧external credit assessment institution‧ means external credit assessment institution as defined in point (98) of Article 4(1) of Regulation (EU) No 575/2013;

    (59)

    ‧internal approaches‧ means the internal ratings based approach referred to in Article 143(1), the internal models approach referred to in Article 221, the own estimates approach referred to in Article 225, the advanced measurement approaches referred to in Article 312(2), the internal models method referred to in Articles 283 and 363, and the internal assessment approach referred to in Article 259(3) of Regulation (EU) No 575/2013.

    2.   Where this Directive refers to the management body and, pursuant to national law, the managerial and supervisory functions of the management body are assigned to different bodies or different members within one body, the Member State shall identify the bodies or members of the management body responsible in accordance with its national law, unless otherwise specified by this Directive.

    TITLE II

    COMPETENT AUTHORITIES

    Article 4

    Designation and powers of the competent authorities

    1.   Member States shall designate competent authorities that carry out the functions and duties provided for in this Directive and in Regulation (EU) No 575/2013. They shall inform the Commission and EBA thereof, indicating any division of functions and duties.

    2.   Member States shall ensure that the competent authorities monitor the activities of institutions, and where applicable, of financial holding companies and mixed financial holding companies, so as to assess compliance with the requirements of this Directive and Regulation (EU) No 575/2013.

    3.   Member States shall ensure that appropriate measures are in place to enable the competent authorities to obtain the information needed to assess the compliance of institutions and, where applicable, of financial holding companies and mixed financial holding companies, with the requirements referred to in paragraph 2 and to investigate possible breaches of those requirements.

    4.   Member States shall ensure that the competent authorities have the expertise, resources, operational capacity, powers and independence necessary to carry out the functions relating to prudential supervision, investigations and penalties set out in this Directive and in Regulation (EU) No 575/2013.

    5.   Member States shall require that institutions provide the competent authorities of their home Member States with all the information necessary for the assessment of their compliance with the rules adopted in accordance with this Directive and Regulation (EU) No 575/2013. Member States shall also ensure that internal control mechanisms and administrative and accounting procedures of the institutions permit the checking of their compliance with such rules at all times.

    6.   Member States shall ensure that institutions register all their transactions and document systems and processes, which are subject to this Directive and Regulation (EU) No 575/2013 in such a manner that the competent authorities are able to check compliance with this Directive and Regulation (EU) No 575/2013 at all times.

    7.   Member States shall ensure that the functions of supervision pursuant to this Directive and to Regulation (EU) No 575/2013 and any other functions of the competent authorities are separate and independent from the functions relating to resolution. Member States shall inform the Commission and EBA thereof, indicating any division of duties.

    8.   Member States shall ensure that where authorities other than the competent authorities have the power of resolution, those other authorities cooperate closely and consult the competent authorities with regard to the preparation of resolution plans.

    Article 5

    Coordination within Member States

    Where Member States have more than one competent authority for the prudential supervision of credit institutions, investment firms and financial institutions, Member States shall take the requisite measures to organise coordination between such authorities.

    Article 6

    Cooperation within the European System of Financial Supervision

    In the exercise of their duties, the competent authorities shall take into account the convergence in respect of supervisory tools and supervisory practices in the application of the laws, regulations and administrative requirements adopted pursuant to this Directive and to Regulation (EU) No 575/2013. For that purpose, Member States shall ensure that:

    (a)

    the competent authorities, as parties to the European System of Financial Supervision (ESFS), cooperate with trust and full mutual respect, in particular when ensuring the flow of appropriate and reliable information between them and other parties to the ESFS, in accordance with the principle of sincere cooperation set out in Article 4(3) of the Treaty on European Union;

    (b)

    the competent authorities participate in the activities of EBA and, as appropriate, in the colleges of supervisors;

    (c)

    the competent authorities make every effort to comply with those guidelines and recommendations issued by EBA in accordance with Article 16 of Regulation (EU) No 1093/2010 and to respond to the warnings and recommendations issued by the ESRB pursuant to Article 16 of Regulation (EU) No 1092/2010;

    (d)

    the competent authorities cooperate closely with the ESRB;

    (e)

    national mandates conferred on the competent authorities do not inhibit the performance of their duties as members of EBA, of the ESRB, where appropriate, or under this Directive and under Regulation (EU) No 575/2013.

    Article 7

    Union dimension of supervision

    The competent authorities in each Member State shall, in the exercise of their general duties, duly consider the potential impact of their decisions on the stability of the financial system in the other Member States concerned and, in particular, in emergency situations, based on the information available at the relevant time.

    TITLE III

    REQUIREMENTS FOR ACCESS TO THE ACTIVITY OF CREDIT INSTITUTIONS

    CHAPTER 1

    General requirements for access to the activity of credit institutions

    Article 8

    Authorisation

    1.   Member States shall require credit institutions to obtain authorisation before commencing their activities. Without prejudice to Articles 10 to 14, they shall lay down the requirements for such authorisation and notify EBA.

    2.   EBA shall develop draft regulatory technical standards to specify:

    (a)

    the information to be provided to the competent authorities in the application for the authorisation of credit institutions, including the programme of operations provided for in Article 10;

    (b)

    the requirements applicable to shareholders and members with qualifying holdings pursuant to Article 14; and

    (c)

    obstacles which may prevent effective exercise of the supervisory functions of the competent authority, as referred to in Article 14.

    Power is delegated to the Commission to adopt the regulatory technical standards referred to in points (a), (b) and (c) of the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.

    3.   EBA shall develop draft implementing technical standards on standard forms, templates and procedures for the provision of the information referred to in point (a) of the first subparagraph of paragraph 2.

    Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph in accordance with Article 15 of Regulation (EU) No 1093/2010.

    4.   EBA shall submit the draft technical standards referred to in paragraphs 2 and 3 to the Commission by 31 December 2015.

    Article 9

    Prohibition against persons or undertakings other than credit institutions from carrying out the business of taking deposits or other repayable funds from the public

    1.   Member States shall prohibit persons or undertakings that are not credit institutions from carrying out the business of taking deposits or other repayable funds from the public.

    2.   Paragraph 1 shall not apply to the taking of deposits or other funds repayable by a Member State, or by a Member State's regional or local authorities, by public international bodies of which one or more Member States are members, or to cases expressly covered by national or Union law, provided that those activities are subject to regulations and controls intended to protect depositors and investors.

    Article 10

    Programme of operations and structural organisation

    Member States shall require applications for authorisation to be accompanied by a programme of operations setting out the types of business envisaged and the structural organisation of the credit institution.

    Article 11

    Economic needs

    Member States shall not require the application for authorisation to be examined in terms of the economic needs of the market.

    Article 12

    Initial capital

    1.   Without prejudice to other general conditions laid down in national law, the competent authorities shall refuse authorisation to commence the activity of a credit institution where a credit institution does not hold separate own funds or where its initial capital is less than EUR 5 million.

    2.   Initial capital shall comprise only one or more of the items referred to in Article 26(1)(a) to (e) of Regulation (EU) No 575/2013.

    3.   Member States may decide that credit institutions which do not fulfil the requirement to hold separate own funds and which were in existence on 15 December 1979 may continue to carry out their business. They may exempt such credit institutions from complying with the requirement contained in the first subparagraph of Article 13(1).

    4.   Member States may grant authorisation to particular categories of credit institutions the initial capital of which is less than that specified in paragraph 1, subject to the following conditions:

    (a)

    the initial capital is no less than EUR 1 million;

    (b)

    the Member States concerned notify the Commission and EBA of their reasons for exercising that option.

    Article 13

    Effective direction of the business and place of the head office

    1.   The competent authorities shall grant authorisation to commence the activity of a credit institution only where at least two persons effectively direct the business of the applicant credit institution.

    They shall refuse such authorisation if the members of the management body do not meet the requirements referred to in Article 91(1).

    2.   Each Member State shall require that:

    (a)

    a credit institution which is a legal person and which, under its national law, has a registered office, has its head office in the same Member State as its registered office;

    (b)

    a credit institution other than that referred to in point (a) has its head office in the Member State which granted it authorisation and in which it actually carries out its business.

    Article 14

    Shareholders and members

    1.   The competent authorities shall refuse authorisation to commence the activity of a credit institution unless a credit institution has informed them of the identities of its shareholders or members, whether direct or indirect, natural or legal persons, that have qualifying holdings and of the amounts of those holdings or, where there are no qualifying holdings, of the 20 largest shareholders or members.

    In determining whether the criteria for a qualifying holding are fulfilled, the voting rights referred to in Articles 9 and 10 of Directive 2004/109/EC of the European Parliament and of the Council of 15 December 2004 on the harmonisation of transparency requirements in relation to information about issuers whose securities are admitted to trading on a regulated market (20) and the conditions regarding aggregation thereof set out in Article 12(4) and (5) of that Directive, shall be taken into account.

    Member States shall not take into account voting rights or shares which institutions hold as a result of providing the underwriting of financial instruments or placing of financial instruments on a firm commitment basis included under point 6 of Section A of Annex I to Directive 2004/39/EC, provided that those rights are not exercised or otherwise used to intervene in the management of the issuer and are disposed of within one year of acquisition.

    2.   The competent authorities shall refuse authorisation to commence the activity of a credit institution if, taking into account the need to ensure the sound and prudent management of a credit institution, they are not satisfied as to the suitability of the shareholders or members, in particular where the criteria set out in Article 23(1) are not met. Article 23(2) and (3) and Article 24 shall apply.

    3.   Where close links exist between the credit institution and other natural or legal persons, competent authorities shall grant authorisation only if those links do not prevent the effective exercise of their supervisory functions.

    The competent authorities shall refuse authorisation to commence the activity of a credit institution where the laws, regulations or administrative provisions of a third country governing one or more natural or legal persons with which the credit institution has close links, or difficulties involved in the enforcement of those laws, regulations or administrative provisions, prevent the effective exercise of their supervisory functions.

    The competent authorities shall require credit institutions to provide them with the information they require to monitor compliance with the conditions referred to in this paragraph on an ongoing basis.

    Article 15

    Refusal of authorisation

    Where a competent authority refuses authorisation to commence the activity of a credit institution, it shall notify the applicant of the decision and the reasons therefor within six months of receipt of the application or, where the application is incomplete, within six months of receipt of the complete information required for the decision.

    A decision to grant or refuse authorisation shall, in any event, be taken within 12 months of the receipt of the application.

    Article 16

    Prior consultation of the competent authorities of other Member States

    1.   The competent authority shall, before granting authorisation to a credit institution, consult the competent authorities of another Member State where the credit institution is:

    (a)

    a subsidiary of a credit institution authorised in that other Member State;

    (b)

    a subsidiary of the parent undertaking of a credit institution authorised in that other Member State;

    (c)

    controlled by the same natural or legal persons as those who control a credit institution authorised in that other Member State.

    2.   The competent authority shall, before granting authorisation to a credit institution, consult the competent authority that is responsible for the supervision of insurance undertakings or investment firms in the Member State concerned where the credit institution is:

    (a)

    a subsidiary of an insurance undertaking or investment firm authorised in the Union;

    (b)

    a subsidiary of the parent undertaking of an insurance undertaking or investment firm authorised in the Union;

    (c)

    controlled by the same natural or legal persons as those who control an insurance undertaking or investment firm authorised in the Union.

    3.   The relevant competent authorities referred to in paragraphs 1 and 2 shall in particular consult each other when assessing the suitability of the shareholders and the reputation and experience of members of the management body involved in the management of another entity of the same group. They shall exchange any information regarding the suitability of shareholders and the reputation and experience of members of the management body which is of relevance for the granting of an authorisation and for the ongoing assessment of compliance with operating conditions.

    Article 17

    Branches of credit institutions authorised in another Member State

    Host Member States shall not require authorisation or endowment capital for branches of credit institutions authorised in other Member States. The establishment and supervision of such branches shall be effected in accordance with Article 35, Article 36(1), (2) and (3), Article 37, Articles 40 to 46, Article 49 and Articles 74 and 75.

    Article 18

    Withdrawal of authorisation

    The competent authorities may only withdraw the authorisation granted to a credit institution where such a credit institution:

    (a)

    does not make use of the authorisation within 12 months, expressly renounces the authorisation or has ceased to engage in business for more than six months, unless the Member State concerned has made provision for the authorisation to lapse in such cases;

    (b)

    has obtained the authorisation through false statements or any other irregular means;

    (c)

    no longer fulfils the conditions under which authorisation was granted;

    (d)

    no longer meets the prudential requirements set out in Parts Three, Four or Six of Regulation (EU) No 575/2013 or imposed under Article 104(1)(a) or Article 105 of this Directive or can no longer be relied on to fulfil its obligations towards its creditors, and, in particular, no longer provides security for the assets entrusted to it by its depositors;

    (e)

    falls within one of the other cases where national law provides for withdrawal of authorisation; or

    (f)

    commits one of the breaches referred to in Article 67(1).

    Article 19

    Name of credit institutions

    For the purposes of exercising their activities, credit institutions may, notwithstanding any provisions in the host Member State concerning the use of the words ‧bank‧, ‧savings bank‧ or other banking names, use throughout the territory of the Union the same name that they use in the Member State in which their head office is situated. In the event of there being any danger of confusion, the host Member State may, for the purposes of clarification, require that the name be accompanied by certain explanatory particulars.

    Article 20

    Notification of authorisation and withdrawal of authorisation

    1.   Competent authorities shall notify EBA of every authorisation granted under Article 8.

    2.   EBA shall publish on its website, and shall update regularly, a list of the names of all credit institutions that have been granted authorisation.

    3.   The consolidating supervisor shall provide the competent authorities concerned and EBA with all information regarding the group of credit institutions in accordance with Article 14(3), Article 74(1) and Article 109(2), in particular regarding the legal and organisational structure of the group and its governance.

    4.   The list referred to in paragraph 2 of this Article shall include the names of credit institutions that do not have the capital specified in Article 12(1) and shall identify those credit institutions as such.

    5.   The competent authorities shall notify EBA of each withdrawal of authorisation together with the reasons for such a withdrawal.

    Article 21

    Waiver for credit institutions permanently affiliated to a central body

    1.   The competent authorities may waive the requirements set out in Articles 10 and 12 and Article 13(1) of this Directive with regard to a credit institution referred to in Article 10 of Regulation (EU) No 575/2013 in accordance with the conditions set out therein.

    Member States may maintain and make use of existing national law regarding the application of such a waiver provided that it does not conflict with this Directive or with Regulation (EU) No 575/2013.

    2.   Where the competent authorities exercise a waiver referred to in paragraph 1, Articles 17, 33, 34 and 35, Article 36(1) to (3), Articles 39 to 46, Section II of Chapter 2 of Title VII and Chapter 4 of Title VII shall apply to the whole as constituted by the central body together with its affiliated institutions.

    CHAPTER 2

    Qualifying holding in a credit institution

    Article 22

    Notification and assessment of proposed acquisitions

    1.   Member States shall require any natural or legal person or such persons acting in concert (the "proposed acquirer"), who have taken a decision either to acquire, directly or indirectly, a qualifying holding in a credit institution or to further increase, directly or indirectly, such a qualifying holding in a credit institution as a result of which the proportion of the voting rights or of the capital held would reach or exceed 20 %, 30 % or 50 % or so that the credit institution would become its subsidiary (the "proposed acquisition"), to notify the competent authorities of the credit institution in which they are seeking to acquire or increase a qualifying holding in writing in advance of the acquisition, indicating the size of the intended holding and the relevant information, as specified in accordance with Article 23(4). Member States shall not be required to apply the 30 % threshold where, in accordance with Article 9(3)(a) of Directive 2004/109/EC, they apply a threshold of one-third.

    2.   The competent authorities shall acknowledge receipt of notification under paragraph 1 or of further information under paragraph 3 promptly and in any event within two working days following receipt in writing to the proposed acquirer.

    The competent authorities shall have a maximum of 60 working days as from the date of the written acknowledgement of receipt of the notification and all documents required by the Member State to be attached to the notification on the basis of the list referred to in Article 23(4) (the "assessment period"), to carry out the assessment provided for in Article 23(1) (the "assessment").

    The competent authorities shall inform the proposed acquirer of the date of the expiry of the assessment period at the time of acknowledging receipt.

    3.   The competent authorities may, during the assessment period if necessary, and no later than on the 50th working day of the assessment period, request further information that is necessary to complete the assessment. Such a request shall be made in writing and shall specify the additional information needed.

    For the period between the date of request for information by the competent authorities and the receipt of a response thereto by the proposed acquirer, the assessment period shall be suspended. The suspension shall not exceed 20 working days. Any further requests by the competent authorities for completion or clarification of the information shall be at their discretion but shall not result in a suspension of the assessment period.

    4.   The competent authorities may extend the suspension referred to in the second subparagraph of paragraph 3 up to 30 working days if the proposed acquirer is situated or regulated in a third country or is a natural or legal person not subject to supervision under this Directive or under Directives 2009/65/EC, 2009/138EC, or 2004/39/EC.

    5.   If the competent authorities decide to oppose the proposed acquisition, they shall, within two working days of completion of the assessment, and not exceeding the assessment period, inform the proposed acquirer in writing, providing the reasons. Subject to national law, an appropriate statement of the reasons for the decision may be made accessible to the public at the request of the proposed acquirer. This shall not prevent a Member State from allowing the competent authority to publish such information in the absence of a request by the proposed acquirer.

    6.   If the competent authorities do not oppose the proposed acquisition within the assessment period in writing, it shall be deemed to be approved.

    7.   The competent authorities may fix a maximum period for concluding the proposed acquisition and extend it where appropriate.

    8.   Member States shall not impose requirements for notification to, or approval by, the competent authorities of direct or indirect acquisitions of voting rights or capital that are more stringent than those set out in this Directive.

    9.   EBA shall develop draft implementing technical standards to establish common procedures, forms and templates for the consultation process between the relevant competent authorities as referred to in Article 24.

    EBA shall submit those draft implementing technical standards to the Commission by 31 December 2015.

    Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph in accordance with Article 15 of Regulation (EU) No 1093/2010.

    Article 23

    Assessment criteria

    1.   In assessing the notification provided for in Article 22(1) and the information referred to in Article 22(3), the competent authorities shall, in order to ensure the sound and prudent management of the credit institution in which an acquisition is proposed, and having regard to the likely influence of the proposed acquirer on that credit institution, assess the suitability of the proposed acquirer and the financial soundness of the proposed acquisition in accordance with the following criteria:

    (a)

    the reputation of the proposed acquirer;

    (b)

    the reputation, knowledge, skills and experience, as set out in Article 91(1), of any member of the management body and any member of senior management who will direct the business of the credit institution as a result of the proposed acquisition;

    (c)

    the financial soundness of the proposed acquirer, in particular in relation to the type of business pursued and envisaged in the credit institution in which the acquisition is proposed;

    (d)

    whether the credit institution will be able to comply and continue to comply with the prudential requirements based on this Directive and Regulation (EU) No 575/2013, and where applicable, other Union law, in particular Directives 2002/87/EC and 2009/110/EC, including whether the group of which it will become a part has a structure that makes it possible to exercise effective supervision, effectively exchange information among the competent authorities and determine the allocation of responsibilities among the competent authorities;

    (e)

    whether there are reasonable grounds to suspect that, in connection with the proposed acquisition, money laundering or terrorist financing within the meaning of Article 1 of Directive 2005/60/EC of the European Parliament and of the Council of 26 October 2005 on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing (21) is being or has been committed or attempted, or that the proposed acquisition could increase the risk thereof.

    2.   The competent authorities may oppose the proposed acquisition only if there are reasonable grounds for doing so on the basis of the criteria set out in paragraph 1 or if the information provided by the proposed acquirer is incomplete.

    3.   Member States shall neither impose any prior conditions in respect of the level of holding that must be acquired nor allow their competent authorities to examine the proposed acquisition in terms of the economic needs of the market.

    4.   Member States shall publish a list specifying the information that is necessary to carry out the assessment and that must be provided to the competent authorities at the time of notification referred to in Article 22(1). The information required shall be proportionate and adapted to the nature of the proposed acquirer and the proposed acquisition. Member States shall not require information that is not relevant for a prudential assessment.

    5.   Notwithstanding Article 22(2), (3) and (4), where two or more proposals to acquire or increase qualifying holdings in the same credit institution have been notified to the competent authority, the latter shall treat the proposed acquirers in a non-discriminatory manner.

    Article 24

    Cooperation between competent authorities

    1.   The relevant competent authorities shall fully consult each other when carrying out the assessment if the proposed acquirer is one of the following:

    (a)

    a credit institution, insurance undertaking, reinsurance undertaking, investment firm, or a management company within the meaning of Article 2(1)(b) of Directive 2009/65/EC ("UCITS management company") authorised in another Member State or in a sector other than that in which the acquisition is proposed;

    (b)

    the parent undertaking of a credit institution, insurance undertaking, reinsurance undertaking, investment firm or UCITS management company authorised in another Member State or in a sector other than that in which the acquisition is proposed;

    (c)

    a natural or legal person controlling a credit institution, insurance undertaking, reinsurance undertaking, investment firm or UCITS management company authorised in another Member State or in a sector other than that in which the acquisition is proposed.

    2.   The competent authorities shall, without undue delay, provide each other with any information which is essential or relevant for the assessment. In that regard, the competent authorities shall communicate to each other upon request all relevant information and shall communicate on their own initiative all essential information. A decision by the competent authority that has authorised the credit institution in which the acquisition is proposed shall indicate any views or reservations expressed by the competent authority responsible for the proposed acquirer.

    Article 25

    Notification in the case of a divestiture

    Member States shall require any natural or legal person who has taken a decision to dispose, directly or indirectly, of a qualifying holding in a credit institution to notify the competent authorities in writing in advance of the divestiture, indicating the size of the holding concerned. Such a person shall also notify the competent authorities if it has taken a decision to reduce its qualifying holding so that the proportion of the voting rights or of the capital held would fall below 20 %, 30 % or 50 % or so that the credit institution would cease to be its subsidiary. Member States shall not be required to apply the 30 % threshold where, in accordance with Article 9(3)(a) of Directive 2004/109/EC, they apply a threshold of one-third.

    Article 26

    Information obligations and penalties

    1.   Credit institutions shall, on becoming aware of any acquisitions or disposals of holdings in their capital that cause holdings to exceed or fall below one of the thresholds referred to in Article 22(1) and Article 25, inform the competent authorities of those acquisitions or disposals.

    Credit institutions admitted to trading on a regulated market shall, at least annually, inform the competent authorities of the names of shareholders and members possessing qualifying holdings and the sizes of such holdings as shown, for example, by the information received at the annual general meetings of shareholders and members or as a result of compliance with the regulations relating to companies admitted to trading on a regulated market.

    2.   Member States shall require that, where the influence exercised by the persons referred to in Article 22(1) is likely to operate to the detriment of the prudent and sound management of the institution, the competent authorities shall take appropriate measures to put an end to that situation. Such measures may consist in injunctions, penalties, subject to Articles 65 to 72, against members of the management body and managers, or the suspension of the exercise of the voting rights attached to the shares held by the shareholders or members of the credit institution in question.

    Similar measures shall apply to natural or legal persons who fail to comply with the obligation to provide prior information as set out in Article 22(1) and subject to Articles 65 to 72.

    If a holding is acquired despite opposition by the competent authorities, Member States shall, regardless of any other penalty to be adopted, provide either for exercise of the corresponding voting rights to be suspended, or for the nullity of votes cast or for the possibility of their annulment.

    Article 27

    Criteria for qualifying holdings

    In determining whether the criteria for a qualifying holding as referred to in Articles 22, 25 and 26 are fulfilled, the voting rights referred to in Articles 9, 10 and 11 of Directive 2004/109/EC and the conditions regarding aggregation thereof set out in Article 12(4) and (5) of that Directive, shall be taken into account.

    In determining whether the criteria for a qualifying holding as referred to in Article 26 are fulfilled, Member States shall not take into account voting rights or shares which institutions may hold as a result of providing the underwriting of financial instruments or placing of financial instruments on a firm commitment basis included under point 6 of Section A of Annex I to Directive 2004/39/EC, provided that those rights are not exercised or otherwise used to intervene in the management of the issuer and are disposed of within one year of acquisition.

    TITLE IV

    INITIAL CAPITAL OF INVESTMENT FIRMS

    Article 28

    Initial capital of investment firms

    1.   The initial capital of investment firms shall comprise only one or more of the items referred to in points (a) to (e) of Article 26(1) of Regulation (EU) No 575/2013.

    2.   All investment firms other than those referred to in Article 29 shall have initial capital of EUR 730 000.

    Article 29

    Initial capital of particular types of investment firms

    1.   An investment firm that does not deal in any financial instruments for its own account or underwrite issues of financial instruments on a firm commitment basis, but which holds client money or securities and which offers one or more of the following services, shall have initial capital of EUR 125 000:

    (a)

    the reception and transmission of investors' orders for financial instruments;

    (b)

    the execution of investors' orders for financial instruments;

    (c)

    the management of individual portfolios of investments in financial instruments.

    2.   The competent authorities may allow an investment firm which executes investors' orders for financial instruments to hold such instruments for its own account if the following conditions are met:

    (a)

    such positions arise only as a result of the firm's failure to match investors' orders precisely;

    (b)

    the total market value of all such positions is subject to a ceiling of 15 % of the firm's initial capital;

    (c)

    the firm meets the requirements set out in Articles 92 to 95 and Part Four of Regulation (EU) No 575/2013;

    (d)

    such positions are incidental and provisional in nature and strictly limited to the time required to carry out the transaction in question.

    3.   Member States may reduce the amount referred to in paragraph 1 to EUR 50 000 where a firm is not authorised to hold client money or securities, to deal for its own account, or to underwrite issues on a firm commitment basis.

    4.   The holding of non-trading-book positions in financial instruments in order to invest own funds shall not be considered as dealing for its own account in relation to the services set out in paragraph 1 or for the purposes of paragraph 3.

    Article 30

    Initial capital of local firms

    Local firms shall have initial capital of EUR 50 000 insofar as they benefit from the freedom of establishment or to provide services specified in Articles 31 and 32 of Directive 2004/39/EC.

    Article 31

    Coverage for firms not authorised to hold client money or securities

    1.   Coverage for the firms referred to in point (2)(c) of Article 4(1) of Regulation (EU) No 575/2013 shall take one of the following forms:

    (a)

    initial capital of EUR 50 000;

    (b)

    professional indemnity insurance covering the whole territory of the Union or some other comparable guarantee against liability arising from professional negligence, representing at least EUR 1 000 000 applying to each claim and in aggregate EUR 1 500 000 per annum for all claims;

    (c)

    a combination of initial capital and professional indemnity insurance in a form resulting in a level of coverage equivalent to that referred to in points (a) or (b).

    The Commission shall periodically review the amounts referred to in the first subparagraph.

    2.   If a firm referred to in point (2)(c) of Article 4(1) of Regulation (EU) No 575/2013 is also registered under Directive 2002/92/EC of the European Parliament and of the Council of 9 December 2002 on insurance mediation (22), it shall comply with Article 4(3) of that Directive and have coverage in one of the following forms:

    (a)

    initial capital of EUR 25 000;

    (b)

    professional indemnity insurance covering the whole territory of the Union or some other comparable guarantee against liability arising from professional negligence, representing at least EUR 500 000 applying to each claim and in aggregate EUR 750 000 per annum for all claims;

    (c)

    a combination of initial capital and professional indemnity insurance in a form resulting in a level of coverage equivalent to that referred to in points (a) or (b).

    Article 32

    Grandfathering provision

    1.   By way of derogation from Article 28(2), Article 29(1) and (3) and Article 30, Member States may continue authorising investment firms and firms covered by Article 30 which were in existence on or before 31 December 1995, the own funds of which are less than the initial capital levels specified for them in Article 28(2), Article 29(1) or (3) or Article 30.

    The own funds of such investment firms or firms shall not fall below the highest reference level calculated after 23 March 1993. That reference level shall be the average daily level of own funds calculated over a six-month period preceding the date of calculation. It shall be calculated every six months in respect of the corresponding preceding period.

    2.   If control of an investment firm or a firm covered by paragraph 1 is taken by a natural or legal person other than the person who controlled it on or before 31 December 1995, the own funds of that investment firm or firm shall attain at least the level specified for them in Article 28(2), Article 29(1) or (3), or Article 30, except in the case of a first transfer by inheritance made after 31 December 1995, subject to the approval of the competent authorities and for a period of not more than 10 years from the date of that transfer.

    3.   In the event of a merger of two or more investment firms or firms covered by Article 30, the own funds of the firm resulting from the merger need not attain the level specified in Article 28(2), Article 29(1) or (3) or Article 30. Nevertheless, during any period when the level specified in Article 28(2), Article 29(1) or (3) or Article 30 has not been attained, the own funds of the firm resulting from the merger shall not fall below the total own funds of the merged firms at the time of the merger.

    4.   The own funds of investment firms and firms covered by Article 30 shall not fall below the levels specified in Article 28(2), Article 29(1) or(3) or Article 30 and in paragraphs 1 and 3 of this Article.

    5.   Where competent authorities consider it necessary, in order to ensure the solvency of such investment firms and firms, that the requirements set out in paragraph 4 are met, paragraphs 1, 2 and 3 shall not apply.

    TITLE V

    PROVISIONS CONCERNING THE FREEDOM OF ESTABLISHMENT AND THE FREEDOM TO PROVIDE SERVICES

    CHAPTER 1

    General Principles

    Article 33

    Credit institutions

    Member States shall provide that the activities listed in Annex I may be carried out within their territories, in accordance with Article 35, Article 36(1), (2) and (3), Article 39(1) and (2) and Articles 40 to 46 either by establishing a branch or by providing services, by any credit institution authorised and supervised by the competent authorities of another Member State, provided that such activities are covered by the authorisation.

    Article 34

    Financial institutions

    1.   Member States shall provide that the activities listed in Annex I may be carried out within their territories, in accordance with Article 35, Article 36(1), (2) and (3), Article 39(1) and (2) and Articles 40 to 46, either by establishing a branch or by providing services, by any financial institution from another Member State, whether a subsidiary of a credit institution or the jointly owned subsidiary of two or more credit institutions, the memorandum and Articles of association of which permit the carrying out of those activities and which fulfils each of the following conditions:

    (a)

    the parent undertaking or undertakings are authorised as credit institutions in the Member State by the law of which the financial institution is governed;

    (b)

    the activities in question are actually carried out within the territory of the same Member State;

    (c)

    the parent undertaking or undertakings holds 90 % or more of the voting rights attaching to shares in the capital of the financial institution;

    (d)

    the parent undertaking or undertakings satisfies the competent authorities regarding the prudent management of the financial institution and has declared, with the consent of the relevant home Member State competent authorities, that they jointly and severally guarantee the commitments entered into by the financial institution;

    (e)

    the financial institution is effectively included, for the activities in question in particular, in the consolidated supervision of the parent undertaking, or of each of the parent undertakings, in accordance with Title VII, Chapter 3 of this Directive and Part One, Title II, Chapter 2 of Regulation (EU) No 575/2013, in particular for the purposes of the own funds requirements set out in Article 92 of that Regulation, for the control of large exposures provided for in Part Four of that Regulation and for the purposes of the limitation of holdings provided for in Articles 89 and 90 of that Regulation.

    The competent authorities of the home Member State shall check compliance with the conditions set out in the first subparagraph and shall supply the financial institution with a certificate of compliance which shall form part of the notification referred to in Articles 35 and 39.

    2.   If a financial institution as referred to in the first subparagraph of paragraph 1 ceases to fulfil any of the conditions imposed, the competent authorities of the home Member State shall notify the competent authorities of the host Member State and the activities carried out by that financial institution in the host Member State shall become subject to the law of the host Member State.

    3.   Paragraphs 1 and 2 shall apply accordingly to subsidiaries of a financial institution as referred to in the first subparagraph of paragraph 1.

    CHAPTER 2

    The right of establishment of credit institutions

    Article 35

    Notification requirement and interaction between competent authorities

    1.   A credit institution wishing to establish a branch within the territory of another Member State shall notify the competent authorities of its home Member State.

    2.   Member States shall require every credit institution wishing to establish a branch in another Member State to provide all the following information when effecting the notification referred to in paragraph 1:

    (a)

    the Member State within the territory of which it plans to establish a branch;

    (b)

    a programme of operations setting out, inter alia, the types of business envisaged and the structural organisation of the branch;

    (c)

    the address in the host Member State from which documents may be obtained;

    (d)

    the names of those to be responsible for the management of the branch.

    3.   Unless the competent authorities of the home Member State have reason to doubt the adequacy of the administrative structure or the financial situation of the credit institution, taking into account the activities envisaged, they shall, within three months of receipt of the information referred to in paragraph 2, communicate that information to the competent authorities of the host Member State and shall inform the credit institution accordingly.

    The home Member State's competent authorities shall also communicate the amount and composition of own funds and the sum of the own funds requirements under Article 92 of Regulation (EU) No 575/2013 of the credit institution.

    By way of derogation from the second subparagraph, in the case referred to in Article 34 the home Member State's competent authorities shall communicate the amount and composition of own funds of the financial institution and the total risk exposure amounts calculated in accordance with Article 92(3) and (4) of Regulation (EU) No 575/2013 of the credit institution which is its parent undertaking.

    4.   Where the competent authorities of the home Member State refuse to communicate the information referred to in paragraph 2 to the competent authorities of the host Member State, they shall give reasons for their refusal to the credit institution concerned within three months of receipt of all the information.

    That refusal or a failure to reply shall be subject to a right to apply to the courts in the home Member State.

    5.   EBA shall develop draft regulatory technical standards to specify the information to be notified in accordance with this Article.

    Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.

    6.   EBA shall develop draft implementing technical standards to establish standard forms, templates and procedures for such notification.

    Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph in accordance with Article 15 of Regulation (EU) No 1093/2010.

    7.   EBA shall submit the draft technical standards referred to in paragraphs 5 and 6 to the Commission by 1 January 2014.

    Article 36

    Commencement of activities

    1.   Before the branch of a credit institution commences its activities the competent authorities of the host Member State shall, within two months of receiving the information referred to in Article 35, prepare for the supervision of the credit institution in accordance with Chapter 4 and if necessary indicate the conditions under which, in the interests of the general good, those activities shall be carried out in the host Member State.

    2.   On receipt of a communication from the competent authorities of the host Member State, or in the event of the expiry of the period provided for in paragraph 1 without receipt of any communication from the latter, the branch may be established and may commence its activities.

    3.   In the event of a change in any of the information communicated pursuant to points (b), (c) or (d) of Article 35(2), a credit institution shall give written notice of the change in question to the competent authorities of the home and host Member States at least one month before making the change in order to enable the competent authorities of the home Member State to take a decision following a notification under Article 35, and the competent authorities of the host Member State to take a decision setting out the conditions for the change pursuant to paragraph 1 of this Article.

    4.   Branches which have commenced their activities, in accordance with the provisions in force in their host Member States, before 1 January 1993, shall be presumed to have been subject to the procedures set out in Article 35 and in paragraphs 1 and 2 of this Article. They shall be governed, from 1 January 1993, by paragraph 3 of this Article and by Articles 33 and 52 and Chapter 4.

    5.   EBA shall develop draft regulatory technical standards to specify the information to be notified in accordance with this Article.

    Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.

    6.   EBA shall develop draft implementing technical standards to establish standard forms, templates and procedures for such notification.

    Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph in accordance with Article 15 of Regulation (EU) No 1093/2010.

    7.   EBA shall submit the draft technical standards referred to in paragraphs 5 and 6 to the Commission by 1 January 2014.

    Article 37

    Information about refusals

    Member States shall inform the Commission and EBA of the number and type of cases in which there has been a refusal pursuant to Article 35 and Article 36(3).

    Article 38

    Aggregation of branches

    Any number of places of business set up in the same Member State by a credit institution with headquarters in another Member State shall be regarded as a single branch.

    CHAPTER 3

    Exercise of the freedom to provide services

    Article 39

    Notification procedure

    1.   Any credit institution wishing to exercise the freedom to provide services by carrying out its activities within the territory of another Member State for the first time shall notify the competent authorities of the home Member State of the activities on the list in Annex I which it intends to carry out.

    2.   The competent authorities of the home Member State shall, within one month of receipt of the notification provided for in paragraph 1, send that notification to the competent authorities of the host Member State.

    3.   This Article shall not affect rights acquired by credit institutions providing services before 1 January 1993.

    4.   EBA shall develop draft regulatory technical standards to specify the information to be notified in accordance with this Article.

    Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.

    5.   EBA shall develop draft implementing technical standards to establish standard forms, templates and procedures for such notification.

    Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph in accordance with Article 15 of Regulation (EU) No 1093/2010.

    6.   EBA shall submit the draft technical standards referred to in paragraphs 4 and 5 to the Commission by 1 January 2014.

    CHAPTER 4

    Powers of the competent authorities of the host Member State

    Article 40

    Reporting requirements

    The competent authorities of the host Member States may require that all credit institutions having branches within their territories shall report to them periodically on their activities in those host Member States.

    Such reports shall only be required for information or statistical purposes, for the application of Article 51(1), or for supervisory purposes in accordance with this Chapter. They shall be subject to professional secrecy requirements at least equivalent to those referred to in Article 53(1).

    The competent authorities of the host Member States may in particular require information from the credit institutions referred to in the first subparagraph in order to allow those competent authorities to assess whether a branch is significant in accordance with Article 51(1).

    Article 41

    Measures taken by the competent authorities of the home Member State in relation to activities carried out in the host Member State

    1.   Where the competent authorities of the host Member State on the basis of information received from the competent authorities of the home Member State under Article 50 ascertain that a credit institution having a branch or providing services within its territory fulfils one of the following conditions in relation to the activities carried out in that host Member State, they shall inform the competent authorities of the home Member State:

    (a)

    the credit institution does not comply with the national provisions transposing this Directive or with Regulation (EU) No 575/2013;

    (b)

    there is a material risk that the credit institution will not comply with the national provisions transposing this Directive or with Regulation (EU) No 575/2013.

    The competent authorities of the home Member State shall, without delay, take all appropriate measures to ensure that the credit institution concerned remedies its non-compliance or takes measures to avert the risk of non-compliance. The competent authorities of the home Member State shall communicate those measures to the competent authorities of the host Member State without delay.

    2.   Where the competent authorities of the host Member State consider that the competent authorities of the home Member State have not fulfilled their obligations or will not fulfil their obligations pursuant to the second subparagraph of paragraph 1, they may refer the matter to EBA and request its assistance in accordance with Article 19 of Regulation (EU) No 1093/2010. Where EBA acts in accordance with that Article, it shall take any decision under Article 19(3) of that Regulation within 24 hours. EBA may also assist the competent authorities in reaching an agreement on its own initiative in accordance with the second subparagraph of Article 19(1) of that Regulation.

    Article 42

    Reasons and communication

    Any measure taken pursuant to Article 41(1), or Article 43 or 44 involving penalties or restrictions on the exercise of the freedom to provide services or the freedom of establishment shall be properly reasoned and communicated to the credit institution concerned.

    Article 43

    Precautionary measures

    1.   Before following the procedure set out in Article 41, the competent authorities of the host Member State may, in emergency situations, pending measures by the competent authorities of the home Member State or reorganisation measures referred to in Article 3 of Directive 2001/24/EC, take any precautionary measures necessary to protect against financial instability that would seriously threaten the collective interests of depositors, investors and clients in the host Member State.

    2.   Any precautionary measures under paragraph 1 shall be proportionate to their purpose to protect against financial instability that would seriously threaten collective interests of depositors, investors and clients in the host Member State. Such precautionary measures may include a suspension of payment. They shall not result in a preference for the creditors of the credit institution in the host Member State over creditors in other Member States.

    3.   Any precautionary measure under paragraph 1 shall cease to have effect when the administrative or judicial authorities of the home Member State take reorganisation measures under Article 3 of Directive 2001/24/EC.

    4.   The competent authorities of the host Member State shall terminate precautionary measures where they consider those measures to have become obsolete under Article 41, unless they cease to have effect in accordance with paragraph 3 of this Article.

    5.   The Commission, EBA and the competent authorities of the other Member States concerned shall be informed of precautionary measures taken under paragraph 1 without undue delay.

    Where the competent authorities of the home Member State or of any other affected Member State object to measures taken by the competent authorities of the host Member State, they may refer the matter to EBA and request its assistance in accordance with Article 19 of Regulation (EU) No 1093/2010. Where EBA acts in accordance with that Article, it shall take any decision under Article 19(3) of that Regulation within 24 hours. EBA may also assist the competent authorities in reaching an agreement on its own initiative in accordance with the second subparagraph of Article 19(1) of that Regulation.

    Article 44

    Powers of host Member States

    Host Member States may, notwithstanding Articles 40 and 41, exercise the powers conferred on them under this Directive to take appropriate measures to prevent or to punish breaches committed within their territories of the rules they have adopted pursuant to this Directive or in the interests of the general good. This shall include the possibility of preventing offending credit institutions from initiating further transactions within their territories.

    Article 45

    Measures following withdrawal of authorisation

    In the event of withdrawal of authorisation, the competent authorities of the home Member State shall inform the competent authorities of the host Member State without delay. The competent authorities of the host Member State shall take appropriate measures to prevent the credit institution concerned from initiating further transactions within its territory and to safeguard the interests of depositors.

    Article 46

    Advertising

    Nothing in this Chapter shall prevent credit institutions with head offices in other Member States from advertising their services through all available means of communication in the host Member State, subject to any rules governing the form and the content of such advertising adopted in the interests of the general good.

    TITLE VI

    RELATIONS WITH THIRD COUNTRIES

    Article 47

    Notification in relation to third-country branches and conditions of access for credit institutions with such branches

    1.   Member States shall not apply to branches of credit institutions having their head office in a third country, when commencing or continuing to carry out their business, provisions which result in more favourable treatment than that accorded to branches of credit institutions having their head office in the Union.

    2.   The competent authorities shall notify the Commission, EBA and the European Banking Committee established by Commission Decision 2004/10/EC (23) of all authorisations for branches granted to credit institutions having their head office in a third country.

    3.   The Union may, through agreements concluded with one or more third countries, agree to apply provisions which accord to branches of a credit institution having its head office in a third country identical treatment throughout the territory of the Union.

    Article 48

    Cooperation with supervisory authorities of third countries regarding supervision on a consolidated basis

    1.   The Commission may submit proposals to the Council, either at the request of a Member State or on its own initiative, for the negotiation of agreements with one or more third countries regarding the means of exercising supervision on a consolidated basis over the following:

    (a)

    institutions the parent undertakings of which have their head offices in a third country;

    (b)

    institutions situated in third countries the parent undertakings of which, whether institutions, financial holding companies or mixed financial holding companies, have their head offices in the Union.

    2.   The agreements referred to in paragraph 1 shall, in particular, seek to ensure that:

    (a)

    the competent authorities of the Member States are able to obtain the information necessary for the supervision, on the basis of their consolidated financial situations, of institutions, financial holding companies and mixed financial holding companies situated in the Union which have as subsidiaries institutions or financial institutions situated in a third country, or holding participation therein;

    (b)

    the supervisory authorities of third countries are able to obtain the information necessary for the supervision of parent undertakings the head offices of which are situated within their territories and which have as subsidiaries institutions or financial institutions situated in one or more Member States or holding participation therein; and

    (c)

    EBA is able to obtain from the competent authorities of the Member States the information received from national authorities of third countries in accordance with Article 35 of Regulation (EU) No 1093/2010.

    3.   Without prejudice to Article 218 TFEU, the Commission shall, with the assistance of the European Banking Committee, examine the outcome of the negotiations referred to in paragraph 1 and the resulting situation.

    4.   EBA shall assist the Commission for the purposes of this Article in accordance with Article 33 of Regulation (EU) No 1093/2010.

    TITLE VII

    PRUDENTIAL SUPERVISION

    CHAPTER 1

    Principles of prudential supervision

    Section I

    Competence and duties of home and host Member States

    Article 49

    Competence of the competent authorities of the home and host Member States

    1.   The prudential supervision of an institution, including that of the activities it carries out in accordance with Articles 33 and 34, shall be the responsibility of the competent authorities of the home Member State, without prejudice to those provisions of this Directive which give responsibility to the competent authorities of the host Member State.

    2.   Paragraph 1 shall not prevent supervision on a consolidated basis.

    3.   Measures taken by the host Member State shall not allow discriminatory or restrictive treatment on the basis that an institution is authorised in another Member State.

    Article 50

    Collaboration concerning supervision

    1.   The competent authorities of the Member States concerned shall collaborate closely in order to supervise the activities of institutions operating, in particular through a branch, in one or more Member States other than that in which their head offices are situated. They shall supply one another with all information concerning the management and ownership of such institutions that is likely to facilitate their supervision and the examination of the conditions for their authorisation, and all information likely to facilitate the monitoring of institutions, in particular with regard to liquidity, solvency, deposit guarantee, the limiting of large exposures, other factors that may influence the systemic risk posed by the institution, administrative and accounting procedures and internal control mechanisms.

    2.   The competent authorities of the home Member State shall provide the competent authorities of host Member States immediately with any information and findings pertaining to liquidity supervision in accordance with Part Six of Regulation (EU) No 575/2013 and Title VII, Chapter 3 of this Directive of the activities performed by the institution through its branches, to the extent that such information and findings are relevant to the protection of depositors or investors in the host Member State.

    3.   The competent authorities of the home Member State shall inform the competent authorities of all host Member States immediately where liquidity stress occurs or can reasonably be expected to occur. That information shall also include details about the planning and implementation of a recovery plan and about any prudential supervision measures taken in that context.

    4.   The competent authorities of the home Member State shall communicate and explain upon request to the competent authorities of the host Member State how information and findings provided by the latter have been taken into account. Where, following communication of information and findings, the competent authorities of the host Member State maintain that no appropriate measures have been taken by the competent authorities of the home Member State, the competent authorities of the host Member State may, after informing the competent authorities of the home Member State and EBA, take appropriate measures to prevent further breaches in order to protect the interests of depositors, investors and others to whom services are provided or to protect the stability of the financial system.

    Where the competent authorities of the home Member State disagree with the measures to be taken by the competent authorities of the host Member State, they may refer the matter to EBA and request its assistance in accordance with Article 19 of Regulation (EU) No 1093/2010. Where EBA acts in accordance with that Article, it shall take any decision within one month.

    5.   The competent authorities may refer to EBA situations where a request for collaboration, in particular to exchange information, has been rejected or has not been acted upon within a reasonable time. Without prejudice to Article 258 TFEU, EBA may, in those situations, act in accordance with the powers conferred on it under Article 19 of Regulation (EU) No 1093/2010. EBA may also assist the competent authorities in reaching an agreement on the exchange of information under this Article on its own initiative in accordance with the second subparagraph of Article 19(1) of that Regulation.

    6.   EBA shall develop draft regulatory technical standards to specify the information referred to in this Article.

    Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.

    7.   EBA shall develop draft implementing technical standards to establish standard forms, templates and procedures for the information sharing requirements which are likely to facilitate the monitoring of institutions.

    Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph in accordance with Article 15 of Regulation (EU) No 1093/2010.

    8.   EBA shall submit the draft technical standards referred to in paragraphs 6 and 7 to the Commission by 1 January 2014.

    Article 51

    Significant branches

    1.   The competent authorities of a host Member State may make a request to the consolidating supervisor, where Article 112(1) applies, or to the competent authorities of the home Member State for a branch of an institution other than an investment firm subject to Article 95 of Regulation (EU) No 575/2013 to be considered as significant.

    That request shall provide reasons for considering the branch to be significant with particular regard to the following:

    (a)

    whether the market share of the branch in terms of deposits exceeds 2 % in the host Member State;

    (b)

    the likely impact of a suspension or closure of the operations of the institution on systemic liquidity and the payment, clearing and settlement systems in the host Member State;

    (c)

    the size and the importance of the branch in terms of number of clients within the context of the banking or financial system of the host Member State.

    The competent authorities of the home and host Member States, and, where Article 112(1) applies, the consolidating supervisor, shall do everything within their power to reach a joint decision on the designation of a branch as being significant.

    If no joint decision is reached within two months of receipt of a request under the first subparagraph, the competent authorities of the host Member State shall take their own decision within a further period of two months on whether the branch is significant. In taking their decision, the competent authorities of the host Member State shall take into account any views and reservations of the consolidating supervisor or the competent authorities of the home Member State.

    The decisions referred to in the third and fourth subparagraphs shall be set out in a document containing full reasons, shall be transmitted to the competent authorities concerned and shall be recognised as determinative and applied by the competent authorities in the Member States concerned.

    The designation of a branch as being significant shall not affect the rights and responsibilities of the competent authorities under this Directive.

    2.   The competent authorities of the home Member State shall communicate to the competent authorities of a host Member State where a significant branch is established the information referred to in Article 117(1)(c) and (d) and carry out the tasks referred to in Article 112(1)(c) in cooperation with the competent authorities of the host Member State.

    If a competent authority of a home Member State becomes aware of an emergency situation as referred to in Article 114(1), it shall alert without delay the authorities referred to in Article 58(4) and Article 59(1).

    The competent authorities of the home Member State shall communicate to the competent authorities of the host Member States where significant branches are established the results of the risk assessments of institutions with such branches referred to in Article 97 and, where applicable, Article 113(2). They shall also communicate decisions under Articles 104 and 105 in so far as those assessments and decisions are relevant to those branches.

    The competent authorities of the home Member States shall consult the competent authorities of the host Member States where significant branches are established about operational steps required by Article 86(11), where relevant for liquidity risks in the host Member State's currency.

    Where the competent authorities of the home Member State have not consulted the competent authorities of the host Member State, or where, following such consultation, the competent authorities of the host Member State maintain that operational steps required by Article 86(11) are not adequate, the competent authorities of the host Member State may refer the matter to EBA and request its assistance in accordance with Article 19 of Regulation (EU) No 1093/2010.

    3.   Where Article 116 does not apply, the competent authorities supervising an institution with significant branches in other Member States shall establish and chair a college of supervisors to facilitate the cooperation under paragraph 2 of this Article and under Article 50. The establishment and functioning of the college shall be based on written arrangements to be determined, after consulting the competent authorities concerned, by the competent authority of the home Member State. The competent authority of the home Member State shall decide which competent authorities participate in a meeting or in an activity of the college.

    The decision of the competent authority of the home Member State shall take account of the relevance of the supervisory activity to be planned or coordinated for those authorities, in particular the potential impact on the stability of the financial system in the Member States concerned referred to in Article 7 and the obligations referred to in paragraph 2 of this Article.

    The competent authority of the home Member State shall keep all members of the college fully informed, in advance, of the organisation of such meetings, the main issues to be discussed and the activities to be considered. The competent authority of the home Member State shall also keep all the members of the college fully informed, in a timely manner, of the actions taken in those meetings or the measures carried out.

    4.   EBA shall develop draft regulatory technical standards in order to specify general conditions for the functioning of colleges of supervisors.

    Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.

    5.   EBA shall develop draft implementing technical standards in order to determine the operational functioning of colleges of supervisors.

    Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph in accordance with Article 15 of Regulation (EU) No 1093/2010.

    6.   EBA shall submit the draft technical standards referred to in paragraphs 4 and 5 to the Commission by 31 December 2014.

    Article 52

    On-the-spot checking and inspection of branches established in another Member State

    1.   Host Member States shall provide that, where an institution authorised in another Member State carries out its activities through a branch, the competent authorities of the home Member State may, after having informed the competent authorities of the host Member State, carry out themselves or through the intermediary of persons they appoint for that purpose on-the-spot checks of the information referred to in Article 50 and inspections of such branches.

    2.   The competent authorities of the home Member State may also, for the purposes of the inspection of branches, have recourse to one of the other procedures set out in Article 118.

    3.   The competent authorities of the host Member State shall have the power to carry out, on a case-by-case basis, on-the-spot checks and inspections of the activities carried out by branches of institutions on their territory and require information from a branch about its activities and for supervisory purposes, where they consider it relevant for reasons of stability of the financial system in the host Member State. Before carrying out such checks and inspections, the competent authorities of the host Member State shall consult the competent authorities of the home Member State. After such checks and inspections, the competent authorities of the host Member State shall communicate to the competent authorities of the home Member State the information obtained and findings that are relevant for the risk assessment of the institution or the stability of the financial system in the host Member State. The competent authorities of the home Member State shall duly take into account that information and those findings in determining their supervisory examination programme referred to in Article 99, also having regard to the stability of the financial system in the host Member State.

    4.   The on-the-spot checks and inspections of branches shall be conducted in accordance with the law of the Member State where the check or inspection is carried out.

    Section II

    Exchange of information and professional secrecy

    Article 53

    Professional secrecy

    1.   Member States shall provide that all persons working for or who have worked for the competent authorities and auditors or experts acting on behalf of the competent authorities shall be bound by the obligation of professional secrecy.

    Confidential information which such persons, auditors or experts receive in the course of their duties may be disclosed only in summary or aggregate form, such that individual credit institutions cannot be identified, without prejudice to cases covered by criminal law.

    Nevertheless, where a credit institution has been declared bankrupt or is being compulsorily wound up, confidential information which does not concern third parties involved in attempts to rescue that credit institution may be disclosed in civil or commercial proceedings.

    2.   Paragraph 1 shall not prevent the competent authorities from exchanging information with each other or transmitting information to the ESRB, EBA, or the European Supervisory Authority (European Securities and Markets Authority) ("ESMA") established by Regulation (EU) No 1095/2010 of the European Parliament and of the Council (24) in accordance with this Directive, with Regulation (EU) No 575/2013, with other Directives applicable to credit institutions, with Article 15 of Regulation (EU) No 1092/2010, with Articles 31, 35 and 36 of Regulation (EU) No 1093/2010 and with Articles 31 and 36 of Regulation (EU) No 1095/2010. That information shall be subject to paragraph 1.

    3.   Paragraph 1 shall not prevent the competent authorities from publishing the outcome of stress tests carried out in accordance with Article 100 of this Directive or Article 32 of Regulation (EU) No 1093/2010 or from transmitting the outcome of stress tests to EBA for the purpose of the publication by EBA of the results of Union-wide stress tests.

    Article 54

    Use of confidential information

    Competent authorities receiving confidential information under Article 53 shall use it only in the course of their duties and only for any of the following purposes:

    (a)

    to check that the conditions governing access to the activity of credit institutions are met and to facilitate monitoring, on a non-consolidated or consolidated basis, of the conduct of such activity, especially with regard to the monitoring of liquidity, solvency, large exposures, and administrative and accounting procedures and internal control mechanisms;

    (b)

    to impose penalties;

    (c)

    in an appeal against a decision of the competent authority including court proceedings pursuant to Article 72;

    (d)

    in court proceedings initiated pursuant to special provisions provided for in Union law adopted in the field of credit institutions.

    Article 55

    Cooperation agreements

    Member States and EBA, in accordance with Article 33 of Regulation (EU) No 1093/2010, may conclude cooperation agreements, providing for exchanges of information, with the supervisory authorities of third countries or with authorities or bodies of third countries in accordance with Article 56 and Article 57(1) of this Directive only if the information disclosed is subject to a guarantee that professional secrecy requirements at least equivalent to those referred to in Article 53(1) of this Directive are complied with. Such exchange of information shall be for the purpose of performing the supervisory tasks of those authorities or bodies.

    Where the information originates in another Member State, it shall only be disclosed with the express agreement of the authorities which have disclosed it and, where appropriate, solely for the purposes for which those authorities gave their agreement.

    Article 56

    Exchange of information between authorities

    Article 53(1) and Article 54 shall not preclude the exchange of information between competent authorities within a Member State, between competent authorities in different Member States or between competent authorities and the following, in the discharge of their supervisory functions:

    (a)

    authorities entrusted with the public duty of supervising other financial sector entities and the authorities responsible for the supervision of financial markets;

    (b)

    authorities or bodies charged with responsibility for maintaining the stability of the financial system in Member States through the use of macroprudential rules;

    (c)

    reorganisation bodies or authorities aiming at protecting the stability of the financial system;

    (d)

    contractual or institutional protection schemes as referred to in Article 113(7) of Regulation (EU) No 575/2013;

    (e)

    bodies involved in the liquidation and bankruptcy of institutions and in other similar procedures;

    (f)

    persons responsible for carrying out statutory audits of the accounts of institutions, insurance undertakings and financial institutions.

    Article 53(1) and Article 54 shall not preclude the disclosure to bodies which administer deposit-guarantee schemes and investor compensation schemes of information necessary for the exercise of their functions.

    The information received shall in any event be subject to professional secrecy requirements at least equivalent to those referred to in Article 53(1).

    Article 57

    Exchange of information with oversight bodies

    1.   Notwithstanding Articles 53, 54 and 55, Member States may authorise exchange of information between the competent authorities and the authorities responsible for overseeing:

    (a)

    the bodies involved in the liquidation and bankruptcy of institutions and in other similar procedures;

    (b)

    contractual or institutional protection schemes as referred to in Article 113(7) of Regulation (EU) No 575/2013;

    (c)

    persons charged with carrying out statutory audits of the accounts of institutions, insurance undertakings and financial institutions.

    2.   In the cases referred to in paragraph 1, Member States shall require fulfilment of at least the following conditions:

    (a)

    that the information is exchanged for the purpose of performing the tasks referred to in paragraph 1;

    (b)

    that the information received is subject to professional secrecy requirements at least equivalent to those referred to in Article 53(1);

    (c)

    where the information originates in another Member State, that it is not disclosed without the express agreement of the competent authorities which have disclosed it and, where appropriate, solely for the purposes for which those authorities gave their agreement.

    3.   Notwithstanding Articles 53, 54 and 55, Member States may, with the aim of strengthening the stability and integrity of the financial system, authorise the exchange of information between competent authorities and the authorities or bodies responsible under law for the detection and investigation of breaches of company law.

    In such cases Member States shall require fulfilment of at least the following conditions:

    (a)

    that the information is exchanged for the purpose of detecting and investigating breaches of company law;

    (b)

    that the information received is subject to professional secrecy requirements at least equivalent to those referred to in Article 53(1);

    (c)

    where the information originates in another Member State, that it is not disclosed without the express agreement of the competent authorities which have disclosed it and, where appropriate, solely for the purposes for which those authorities gave their agreement.

    4.   Where the authorities or bodies referred to in paragraph 1 perform their task of detection or investigation with the aid, in view of their specific competence, of persons appointed for that purpose and not employed in the public sector, a Member State may extend the possibility of exchanging information provided for in the first subparagraph of paragraph 3 to such persons under the conditions specified in the second subparagraph of paragraph 3.

    5.   The competent authorities shall communicate to EBA the names of the authorities or bodies which may receive information pursuant to this Article.

    6.   In order to implement paragraph 4, the authorities or bodies referred to in paragraph 3 shall communicate to the competent authorities which have disclosed the information, the names and precise responsibilities of the persons to whom it is to be sent.

    Article 58

    Transmission of information concerning monetary, deposit protection, systemic and payment aspects

    1.   Nothing in this Chapter shall prevent a competent authority from transmitting information to the following for the purposes of their tasks:

    (a)

    ESCB central banks and other bodies with a similar function in their capacity as monetary authorities when the information is relevant for the exercise of their respective statutory tasks, including the conduct of monetary policy and related liquidity provision, oversight of payments, clearing and settlement systems and the safeguarding of stability of the financial system;

    (b)

    contractual or institutional protection schemes as referred to in Article 113(7) of Regulation (EU) No 575/2013;

    (c)

    where appropriate, other public authorities responsible for overseeing payment systems;

    (d)

    the ESRB, the European Supervisory Authority (European Insurance and Occupational Pensions Authority) ("EIOPA"), established by Regulation (EU) No 1094/2010 of the European Parliament and of the Council (25) and ESMA, where that information is relevant for the exercise of their tasks under Regulations (EU) No 1092/2010, (EU) No 1094/2010 or (EU) No 1095/2010.

    Member States shall take the appropriate measures to remove obstacles preventing competent authorities from transmitting information in accordance with the first subparagraph.

    2.   Nothing in this Chapter shall prevent the authorities or bodies referred to in paragraph 1 from communicating to the competent authorities such information as the competent authorities may need for the purposes of Article 54.

    3.   Information received in accordance with paragraphs 1 and 2 shall be subject to professional secrecy requirements at least equivalent to those referred to in Article 53(1).

    4.   Member States shall take the necessary measures to ensure that, in an emergency situation as referred to in Article 114(1), the competent authorities communicate, without delay, information to the ESCB central banks where that information is relevant for the exercise of their statutory tasks, including the conduct of monetary policy and related liquidity provision, the oversight of payments, clearing and settlement systems, and the safeguarding of the stability of the financial system, and to the ESRB where such information is relevant for the exercise of its statutory tasks.

    Article 59

    Transmission of information to other entities

    1.   Notwithstanding Article 53(1) and Article 54, Member States may, by virtue of provisions laid down in national law, authorise the disclosure of certain information to other departments of their central government administrations responsible for law on the supervision of institutions, financial institutions and insurance undertakings and to inspectors acting on behalf of those departments.

    However, such disclosures may be made only where necessary for reasons of prudential supervision, and prevention and resolution of failing institutions. Without prejudice to paragraph 2 of this Article, persons having access to the information shall be subject to professional secrecy requirements at least equivalent to those referred to in Article 53(1).

    In an emergency situation as referred to in Article 114(1), Member States shall allow competent authorities to disclose information which is relevant to the departments referred to in the first subparagraph of this paragraph in all Member States concerned.

    2.   Member States may authorise the disclosure of certain information relating to the prudential supervision of institutions to parliamentary enquiry committees in their Member State, courts of auditors in their Member State and other entities in charge of enquiries in their Member State, under the following conditions:

    (a)

    that the entities have a precise mandate under national law to investigate or scrutinise the actions of authorities responsible for the supervision of institutions or for laws on such supervision;

    (b)

    that the information is strictly necessary for fulfilling the mandate referred to in point (a);

    (c)

    the persons with access to the information are subject to professional secrecy requirements under national law at least equivalent to those referred to in Article 53(1);

    (d)

    where the information originates in another Member State that it is not disclosed without the express agreement of the competent authorities which have disclosed it and, solely for the purposes for which those authorities gave their agreement.

    To the extent that the disclosure of information relating to prudential supervision involves processing of personal data, any processing by the entities referred to in the first subparagraph shall comply with the applicable national laws transposing Directive 95/46/EC.

    Article 60

    Disclosure of information obtained by on-the-spot checks and inspections

    Member States shall ensure that information received under Article 52(3), Article 53(2) and Article 56 and information obtained by means of an on-the-spot check or inspection referred to in Article 52(1) and (2) shall not be disclosed under Article 59 save with the express consent of the competent authorities which disclosed the information or of the competent authorities of the Member State in which such an on-the-spot check or inspection was carried out.

    Article 61

    Disclosure of information concerning clearing and settlement services

    1.   Nothing in this Chapter shall prevent the competent authorities of a Member State from communicating the information referred to in Articles 53, 54 and 55 to a clearing house or other similar body recognised under national law for the provision of clearing or settlement services for one of their national markets if they consider that it is necessary to communicate the information in order to ensure the proper functioning of those bodies in relation to defaults or potential defaults by market participants. The information received shall be subject to professional secrecy requirements at least equivalent to those referred to in Article 53(1).

    2.   Member States shall, however, ensure that information received under Article 53(2) shall not be disclosed in the circumstances referred to in paragraph 1 without the express consent of the competent authorities, which have disclosed it.

    Article 62

    Processing of personal data

    The processing of personal data for the purposes of this Directive shall be carried out in accordance with Directive 95/46/EC and, where relevant, with Regulation (EC) No 45/2001.

    Section III

    Duty of persons responsible for the legal control of annual and consolidated accounts

    Article 63

    Duty of persons responsible for the legal control of annual and consolidated accounts

    1.   Member States shall provide that any person authorised in accordance with Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 on statutory audits of annual accounts and consolidated accounts (26) and performing in an institution the tasks described in Article 51 of Council Directive 78/660/EEC of 25 July 1978 on the annual accounts of certain types of companies (27), Article 37 of Council Directive 83/349/EEC of 13 June 1983 on consolidated accounts (28) Article 73 of Directive 2009/65/EC, or any other statutory task, shall at least have a duty to report promptly to the competent authorities any fact or decision concerning that institution of which that person has become aware while carrying out that task, which is liable to:

    (a)

    constitute a material breach of the laws, regulations or administrative provisions which lay down the conditions governing authorisation or which specifically govern pursuit of the activities of institutions;

    (b)

    affect the ongoing functioning of the institution;

    (c)

    lead to refusal to certify the accounts or to the expression of reservations.

    Member States shall provide at least that a person referred to in the first subparagraph shall also have a duty to report any fact or decision of which that person becomes aware in the course of carrying out a task as described in the first subparagraph in an undertaking having close links resulting from a control relationship with the institution within which he is carrying out that task.

    2.   The disclosure in good faith to the competent authorities, by persons authorised within the meaning of Directive 2006/43/EC, of any fact or decision referred to in paragraph 1 shall not constitute a breach of any restriction on disclosure of information imposed by contract or by any legislative, regulatory or administrative provision and shall not involve such persons in any liability. Such disclosure shall be made simultaneously to the management body of the institution unless there are compelling reasons not to do so.

    Section IV

    Supervisory powers, powers to impose penalties and right of appeal

    Article 64

    Supervisory powers and powers to impose penalties

    1.   Competent authorities shall be given all supervisory powers to intervene in the activity of institutions that are necessary for the exercise of their function, including in particular the right to withdraw an authorisation in accordance with Article 18, the powers required in accordance with Article 102 and the powers set out in Articles 104 and 105.

    2.   Competent authorities shall exercise their supervisory powers and their powers to impose penalties in accordance with this Directive and with national law, in any of the following ways:

    (a)

    directly;

    (b)

    in collaboration with other authorities;

    (c)

    under their responsibility by delegation to such authorities;

    (d)

    by application to the competent judicial authorities.

    Article 65

    Administrative penalties and other administrative measures

    1.   Without prejudice to the supervisory powers of competent authorities referred to in Article 64 and the right of Member States to provide for and impose criminal penalties, Member States shall lay down rules on administrative penalties and other administrative measures in respect of breaches of national provisions transposing this Directive and of Regulation (EU) No 575/2013 and shall take all measures necessary to ensure that they are implemented. Where Member States decide not to lay down rules for administrative penalties for breaches which are subject to national criminal law they shall communicate to the Commission the relevant criminal law provisions. The administrative penalties and other administrative measures shall be effective, proportionate and dissuasive.

    2.   Member States shall ensure that where the obligations referred to in paragraph 1 apply to institutions, financial holding companies and mixed financial holding companies in the event of a breach of national provisions transposing this Directive or of Regulation (EU) No 575/2013, penalties may be applied, subject to the conditions laid down in national law, to the members of the management body and to other natural persons who under national law are responsible for the breach.

    3.   Competent authorities shall have all information gathering and investigatory powers that are necessary for the exercise of their functions. Without prejudice to other relevant provisions laid down in this Directive and in Regulation (EU) No 575/2013 those powers shall include:

    (a)

    the power to require the following natural or legal persons to provide all information that is necessary in order to carry out the tasks of the competent authorities, including information to be provided at recurring intervals and in specified formats for supervisory and related statistical purposes:

    (i)

    institutions established in the Member State concerned;

    (ii)

    financial holding companies established in the Member State concerned;

    (iii)

    mixed financial holding companies established in the Member State concerned;

    (iv)

    mixed-activity holding companies established in the Member State concerned;

    (v)

    persons belonging to the entities referred to in points (i) to (iv);

    (vi)

    third parties to whom the entities referred to in points (i) to (iv) have outsourced operational functions or activities;

    (b)

    the power to conduct all necessary investigations of any person referred to in points (a)(i) to (vi) established or located in the Member State concerned where necessary to carry out the tasks of the competent authorities, including:

    (i)

    the right to require the submission of documents;

    (ii)

    to examine the books and records of the persons referred to in points(a)(i) to (vi) and take copies or extracts from such books and records;

    (iii)

    to obtain written or oral explanations from any person referred to in points (a) (i) to (vi) or their representatives or staff; and

    (iv)

    to interview any other person who consents to be interviewed for the purpose of collecting information relating to the subject matter of an investigation;

    (c)

    the power, subject to other conditions set out in Union law, to conduct all necessary inspections at the business premises of the legal persons referred to in points (a)(i) to (vi) and any other undertaking included in consolidated supervision where a competent authority is the consolidating supervisor, subject to the prior notification of the competent authorities concerned. If an inspection requires authorisation by a judicial authority under national law, such authorisation shall be applied for.

    Article 66

    Administrative penalties and other administrative measures for breaches of authorisation requirements and requirements for acquisitions of qualifying holdings

    1.   Member States shall ensure that their laws, regulations and administrative provisions provide for administrative penalties and other administrative measures at least in respect of:

    (a)

    carrying out the business of taking deposits or other repayable funds from the public without being a credit institution in breach of Article 9;

    (b)

    commencing activities as a credit institution without obtaining authorisation in breach of Article 9;

    (c)

    acquiring, directly or indirectly, a qualifying holding in a credit institution or further increasing, directly or indirectly, such a qualifying holding in a credit institution as a result of which the proportion of the voting rights or of the capital held would reach or exceed the thresholds referred to in Article 22(1) or so that the credit institution would become its subsidiary, without notifying in writing the competent authorities of the credit institution in which they are seeking to acquire or increase a qualifying holding, during the assessment period, or against the opposition of the competent authorities, in breach of Article 22(1);

    (d)

    disposing, directly or indirectly, of a qualifying holding in a credit institution or reducing a qualifying holding so that the proportion of the voting rights or of the capital held would fall below the thresholds referred to in Article 25 or so that the credit institution would cease to be a subsidiary, without notifying in writing the competent authorities.

    2.   Member States shall ensure that in the cases referred to in paragraph 1, the administrative penalties and other administrative measures that can be applied include at least the following:

    (a)

    a public statement which identifies the natural person, institution, financial holding company or mixed financial holding company responsible and the nature of the breach;

    (b)

    an order requiring the natural or legal person responsible to cease the conduct and to desist from a repetition of that conduct;

    (c)

    in the case of a legal person, administrative pecuniary penalties of up to 10 % of the total annual net turnover including the gross income consisting of interest receivable and similar income, income from shares and other variable or fixed-yield securities, and commissions or fees receivable in accordance with Article 316 of Regulation (EU) No 575/2013 of the undertaking in the preceding business year;

    (d)

    in the case of a natural person, administrative pecuniary penalties of up to EUR 5 000 000, or in the Member States whose currency is not the euro, the corresponding value in the national currency on 17 July 2013;

    (e)

    administrative pecuniary penalties of up to twice the amount of the benefit derived from the breach where that benefit can be determined;

    (f)

    suspension of the voting rights of the shareholder or shareholders held responsible for the breaches referred to in paragraph 1.

    Where the undertaking referred to in point (c) of the first subparagraph is a subsidiary of a parent undertaking, the relevant gross income shall be the gross income resulting from the consolidated account of the ultimate parent undertaking in the preceding business year.

    Article 67

    Other provisions

    1.   This Article shall apply at least in any of the following circumstances:

    (a)

    an institution has obtained an authorisation through false statements or any other irregular means;

    (b)

    an institution, on becoming aware of any acquisitions or disposals of holdings in their capital that cause holdings to exceed or fall below one of the thresholds referred to in Article 22(1) or Article 25, fails to inform the competent authorities of those acquisitions or disposals in breach of the first subparagraph of Article 26(1);

    (c)

    an institution listed on a regulated market as referred to in the list to be published by ESMA in accordance with Article 47 of Directive 2004/39/EC does not, at least annually, inform the competent authorities of the names of shareholders and members possessing qualifying holdings and the sizes of such holdings in breach of the second subparagraph of Article 26(1) of this Directive;

    (d)

    an institution fails to have in place governance arrangements required by the competent authorities in accordance with the national provisions transposing Article 74;

    (e)

    an institution fails to report information or provides incomplete or inaccurate information on compliance with the obligation to meet own funds requirements set out in Article 92 of Regulation (EU) No 575/2013 to the competent authorities in breach of Article 99(1) of that Regulation;

    (f)

    an institution fails to report or provides incomplete or inaccurate information to the competent authorities in relation to the data referred to in Article 101 of Regulation (EU) No 575/2013;

    (g)

    an institution fails to report information or provides incomplete or inaccurate information about a large exposure to the competent authorities in breach of Article 394(1) of Regulation (EU) No 575/2013;

    (h)

    an institution fails to report information or provides incomplete or inaccurate information on liquidity to the competent authorities in breach of Article 415(1) and (2) of Regulation (EU) No 575/2013;

    (i)

    an institution fails to report information or provides incomplete or inaccurate information on the leverage ratio to the competent authorities in breach of Article 430(1) of Regulation (EU) No 575/2013;

    (j)

    an institution repeatedly or persistently fails to hold liquid assets in breach of Article 412 of Regulation (EU) No 575/2013;

    (k)

    an institution incurs an exposure in excess of the limits set out in Article 395 of Regulation (EU) No 575/2013;

    (l)

    an institution is exposed to the credit risk of a securitisation position without satisfying the conditions set out in Article 405 of Regulation (EU) No 575/2013;

    (m)

    an institution fails to disclose information or provides incomplete or inaccurate information in breach of Article 431(1), (2) and (3) or Article 451(1) of Regulation (EU) No 575/2013;

    (n)

    an institution makes payments to holders of instruments included in the own funds of the institution in breach of Article 141 of this Directive or in cases where Articles 28, 51 or 63 of Regulation (EU) No 575/2013 prohibit such payments to holders of instruments included in own funds;

    (o)

    an institution is found liable for a serious breach of the national provisions adopted pursuant to Directive 2005/60/EC;

    (p)

    an institution allows one or more persons not complying with Article 91 to become or remain a member of the management body.

    2.   Member States shall ensure that in the cases referred to in paragraph 1, the administrative penalties and other administrative measures that can be applied include at least the following:

    (a)

    a public statement which identifies the natural person, institution, financial holding company or mixed financial holding company responsible and the nature of the breach;

    (b)

    an order requiring the natural or legal person responsible to cease the conduct and to desist from a repetition of that conduct;

    (c)

    in the case of an institution, withdrawal of the authorisation of the institution in accordance with Article 18;

    (d)

    subject to Article 65(2), a temporary ban against a member of the institution's management body or any other natural person, who is held responsible, from exercising functions in institutions;

    (e)

    in the case of a legal person, administrative pecuniary penalties of up to 10 % of the total annual net turnover including the gross income consisting of interest receivable and similar income, income from shares and other variable or fixed-yield securities, and commissions or fees receivable in accordance with Article 316 of Regulation (EU) No 575/2013 of the undertaking in the preceding business year;

    (f)

    in the case of a natural person, administrative pecuniary penalties of up to EUR 5 000 000, or in the Member States whose currency is not the euro, the corresponding value in the national currency on 17 July 2013;

    (g)

    administrative pecuniary penalties of up to twice the amount of the profits gained or losses avoided because of the breach where those can be determined.

    Where an undertaking referred to in point (e) of the first subparagraph is a subsidiary of a parent undertaking, the relevant gross income shall be the gross income resulting from the consolidated account of the ultimate parent undertaking in the preceding business year.

    Article 68

    Publication of administrative penalties

    1.   Member States shall ensure that the competent authorities publish on their official website at least any administrative penalties against which there is no appeal and which are imposed for breach of the national provisions transposing this Directive or of Regulation (EU) No 575/2013, including information on the type and nature of the breach and the identity of the natural or legal person on whom the penalty is imposed, without undue delay after that person is informed of those penalties.

    Where Member States permit publication of penalties against which there is an appeal, competent authorities shall, without undue delay, also publish on their official website information on the appeal status and outcome thereof.

    2.   Competent authorities shall publish the penalties on an anonymous basis, in a manner in accordance with national law, in any of the following circumstances:

    (a)

    where the penalty is imposed on a natural person and, following an obligatory prior assessment, publication of personal data is found to be disproportionate;

    (b)

    where publication would jeopardise the stability of financial markets or an ongoing criminal investigation;

    (c)

    where publication would cause, insofar as it can be determined, disproportionate damage to the institutions or natural persons involved.

    Alternatively, where the circumstances referred to in the first subparagraph are likely to cease within a reasonable period of time, publication under paragraph 1 may be postponed for such a period of time.

    3.   Competent authorities shall ensure that information published under paragraphs 1 or 2 remains on their official website at least five years. Personal data shall be retained on the official website of the competent authority only for the period necessary, in accordance with the applicable data protection rules.

    4.   By 18 July 2015 EBA shall submit a report to the Commission on the publication of penalties by Member States on an anonymous basis as provided for under paragraph 2, in particular where there have been significant divergences between Member States in this respect. In addition, EBA shall submit a report to the Commission on any significant divergences in the duration of publication of penalties under national law.

    Article 69

    Exchange of information on penalties and maintenance of a central database by EBA

    1.   Subject to the professional secrecy requirements referred to in Article 53(1), the competent authorities shall inform EBA of all administrative penalties, including all permanent prohibitions, imposed under Articles 65, 66 and 67 including any appeal in relation thereto and the outcome thereof. EBA shall maintain a central database of administrative penalties communicated to it solely for the purposes of exchanging information between competent authorities. That database shall be accessible to competent authorities only and it shall be updated on the basis of the information provided by competent authorities.

    2.   Where a competent authority assesses good repute for the purposes of Article 13(1), Article 16(3), Article 91(1) and Article 121, it shall consult the EBA database of administrative penalties. In the event of a change of status or a successful appeal, EBA shall delete or update relevant entries in the database on request by the competent authorities.

    3.   The competent authorities shall check, in accordance with national law, the existence of a relevant conviction in the criminal record of the person concerned. For those purposes, information shall be exchanged in accordance with Decision 2009/316/JHA and Framework Decision 2009/315/JHA as implemented in national law.

    4.   EBA shall maintain a website with links to each competent authority's publication of administrative penalties under Article 68 and shall show the time period for which each Member State publishes administrative penalties.

    Article 70

    Effective application of penalties and exercise of powers to impose penalties by competent authorities

    Member States shall ensure that when determining the type of administrative penalties or other administrative measures and the level of administrative pecuniary penalties, the competent authorities shall take into account all relevant circumstances, including, where appropriate:

    (a)

    the gravity and the duration of the breach;

    (b)

    the degree of responsibility of the natural or legal person responsible for the breach;

    (c)

    the financial strength of the natural or legal person responsible for the breach, as indicated, for example, by the total turnover of a legal person or the annual income of a natural person;

    (d)

    the importance of profits gained or losses avoided by the natural or legal person responsible for the breach, insofar as they can be determined;

    (e)

    the losses for third parties caused by the breach, insofar as they can be determined;

    (f)

    the level of cooperation of the natural or legal person responsible for the breach with the competent authority;

    (g)

    previous breaches by the natural or legal person responsible for the breach;

    (h)

    any potential systemic consequences of the breach.

    Article 71

    Reporting of breaches

    1.   Member States shall ensure that competent authorities establish effective and reliable mechanisms to encourage reporting of potential or actual breaches of national provisions transposing this Directive and of Regulation (EU) No 575/2013 to competent authorities.

    2.   The mechanisms referred to in paragraph 1 shall include at least:

    (a)

    specific procedures for the receipt of reports on breaches and their follow-up;

    (b)

    appropriate protection for employees of institutions who report breaches committed within the institution against retaliation, discrimination or other types of unfair treatment at a minimum;

    (c)

    protection of personal data concerning both the person who reports the breaches and the natural person who is allegedly responsible for a breach, in accordance with Directive 95/46/EC;

    (d)

    clear rules that ensure that confidentiality is guaranteed in all cases in relation to the person who reports the breaches committed within the institution, unless disclosure is required by national law in the context of further investigations or subsequent judicial proceedings.

    3.   Member States shall require institutions to have in place appropriate procedures for their employees to report breaches internally through a specific, independent and autonomous channel.

    Such a channel may also be provided through arrangements provided for by social partners. The same protection as referred to in points (b), (c) and (d) of paragraph 2 shall apply.

    Article 72

    Right of appeal

    Member States shall ensure that decisions and measures taken pursuant to laws, regulations and administrative provisions adopted in accordance with this Directive or to Regulation (EU) No 575/2013 are subject to a right of appeal. Member States shall also ensure that failure to take a decision within six months of submission of an application for authorisation which contains all the information required under the national provisions transposing this Directive, is subject to a right of appeal.

    CHAPTER 2

    Review Processes

    Section I

    Internal capital adequacy assessment process

    Article 73

    Internal Capital

    Institutions shall have in place sound, effective and comprehensive strategies and processes to assess and maintain on an ongoing basis the amounts, types and distribution of internal capital that they consider adequate to cover the nature and level of the risks to which they are or might be exposed.

    Those strategies and processes shall be subject to regular internal review to ensure that they remain comprehensive and proportionate to the nature, scale and complexity of the activities of the institution concerned.

    Section II

    Arrangements, processes and mechanisms of institutions

    Sub-Section 1

    General principles

    Article 74

    Internal governance and recovery and resolution plans

    1.   Institutions shall have robust governance arrangements, which include a clear organisational structure with well-defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks they are or might be exposed to, adequate internal control mechanisms, including sound administration and accounting procedures, and remuneration policies and practices that are consistent with and promote sound and effective risk management.

    2.   The arrangements, processes and mechanisms referred to in paragraph 1 shall be comprehensive and proportionate to the nature, scale and complexity of the risks inherent in the business model and the institution's activities. The technical criteria established in Articles 76 to 95 shall be taken into account.

    3.   EBA shall issue guidelines on the arrangements, processes and mechanisms referred to in paragraph 1, in accordance with paragraph 2.

    4.   Competent authorities shall ensure that recovery plans for the restoration of an institution's financial situation following a significant deterioration, and resolution plans are put in place. In accordance with the principle of proportionality, the requirements for an institution to draw up, maintain and update recovery plans and for the resolution authority, after consulting the competent authority, to prepare resolution plans, may be reduced if, after consulting the national macroprudential authority, competent authorities consider that the failure of a specific institution due, inter alia, to its size, to its business model, to its interconnectedness to other institutions, or to the financial system in general, will not have a negative effect on financial markets, on other institutions or on funding conditions.

    Institutions shall cooperate closely with resolution authorities and shall provide them with all information necessary for the preparation and drafting of viable resolution plans setting out options for the orderly resolution of the institutions in the case of failure, in accordance with the principle of proportionality.

    In accordance with Article 25 of Regulation (EU) No 1093/2010, EBA shall be entitled to participate in and contribute to the development and coordination of effective and consistent recovery and resolution plans.

    In that regard EBA shall be informed of, and shall be entitled to participate in, meetings relating to the development and coordination of recovery and resolution plans. Where any such meetings or activities take place, EBA shall be fully informed in advance of the organisation of such meetings, of the main issues to be discussed and of the activities to be considered.

    Article 75

    Oversight of remuneration policies

    1.   Competent authorities shall collect the information disclosed in accordance with the criteria for disclosure established in points (g), (h) and (i) of Article 450(1) of Regulation (EU) No 575/2013 and shall use it to benchmark remuneration trends and practices. The competent authorities shall provide EBA with that information.

    2.   EBA shall issue guidelines on sound remuneration policies which comply with the principles set out in Articles 92 to 95. The guidelines shall take into account the principles on sound remuneration policies set out in Commission Recommendation 2009/384/EC of 30 April 2009 on remuneration policies in the financial services sector (29).

    ESMA shall cooperate closely with EBA to develop guidelines on remuneration policies for categories of staff involved in the provision of investment services and activities within the meaning of point 2 of Article 4(1) of Directive 2004/39/EC.

    EBA shall use the information received from the competent authorities in accordance with paragraph 1 to benchmark remuneration trends and practices at Union level.

    3.   Competent authorities shall collect information on the number of natural persons per institution that are remunerated EUR 1 million or more per financial year, in pay brackets of EUR 1 million, including their job responsibilities, the business area involved and the main elements of salary, bonus, long-term award and pension contribution. That information shall be forwarded to EBA, which shall publish it on an aggregate home Member State basis in a common reporting format. EBA may elaborate guidelines to facilitate the implementation of this paragraph and ensure the consistency of the information collected.

    Sub-Section 2

    Technical criteria concerning the organisation and treatment of risks

    Article 76

    Treatment of risks

    1.   Member States shall ensure that the management body approves and periodically reviews the strategies and policies for taking up, managing, monitoring and mitigating the risks the institution is or might be exposed to, including those posed by the macroeconomic environment in which it operates in relation to the status of the business cycle.

    2.   Member States shall ensure that the management body devotes sufficient time to consideration of risk issues. The management body shall be actively involved in and ensure that adequate resources are allocated to the management of all material risks addressed in this Directive and in Regulation (EU) No 575/2013 as well as in the valuation of assets, the use of external credit ratings and internal models relating to those risks. The institution shall establish reporting lines to the management body that cover all material risks and risk management policies and changes thereof.

    3.   Member States shall ensure that institutions that are significant in terms of their size, internal organisation and the nature, scope and complexity of their activities establish a risk committee composed of members of the management body who do not perform any executive function in the institution concerned. Members of the risk committee shall have appropriate knowledge, skills and expertise to fully understand and monitor the risk strategy and the risk appetite of the institution.

    The risk committee shall advise the management body on the institution's overall current and future risk appetite and strategy and assist the management body in overseeing the implementation of that strategy by senior management. The management body shall retain overall responsibility for risks.

    The risk committee shall review whether prices of liabilities and assets offered to clients take fully into account the institution's business model and risk strategy. Where prices do not properly reflect risks in accordance with the business model and risk strategy, the risk committee shall present a remedy plan to the management body.

    Competent authorities may allow an institution which is not considered significant as referred to in the first subparagraph to combine the risk committee with the audit committee as referred to in Article 41 of Directive 2006/43/EC. Members of the combined committee shall have the knowledge, skills and expertise required for the risk committee and for the audit committee.

    4.   Member States shall ensure that the management body in its supervisory function and, where a risk committee has been established, the risk committee have adequate access to information on the risk situation of the institution and, if necessary and appropriate, to the risk management function and to external expert advice.

    The management body in its supervisory function and, where one has been established, the risk committee shall determine the nature, the amount, the format, and the frequency of the information on risk which it is to receive. In order to assist in the establishment of sound remuneration policies and practices, the risk committee shall, without prejudice to the tasks of the remuneration committee, examine whether incentives provided by the remuneration system take into consideration risk, capital, liquidity and the likelihood and timing of earnings.

    5.   Member States shall, in accordance with the proportionality requirement laid down in Article 7(2) of Commission Directive 2006/73/EC (30), ensure that institutions have a risk management function independent from the operational functions and which shall have sufficient authority, stature, resources and access to the management body.

    Member States shall ensure that the risk management function ensures that all material risks are identified, measured and properly reported. They shall ensure that the risk management function is actively involved in elaborating the institution's risk strategy and in all material risk management decisions and that it can deliver a complete view of the whole range of risks of the institution.

    Where necessary, Member States shall ensure that the risk management function can report directly to the management body in its supervisory function, independent from senior management, and can raise concerns and warn that body, where appropriate, where specific risk developments affect or may affect the institution, without prejudice to the responsibilities of the management body in its supervisory and/or managerial functions pursuant to this Directive and Regulation (EU) No 575/2013.

    The head of the risk management function shall be an independent senior manager with distinct responsibility for the risk management function. Where the nature, scale and complexity of the activities of the institution do not justify a specially appointed person, another senior person within the institution may fulfil that function, provided there is no conflict of interest.

    The head of the risk management function shall not be removed without prior approval of the management body in its supervisory function and shall be able to have direct access to the management body in its supervisory function where necessary.

    The application of this Directive shall be without prejudice to the application of Directive 2006/73/EC to investment firms.

    Article 77

    Internal Approaches for calculating own funds requirements

    1.   Competent authorities shall encourage institutions that are significant in terms of their size, internal organisation and the nature, scale and complexity of their activities to develop internal credit risk assessment capacity and to increase use of the internal ratings based approach for calculating own funds requirements for credit risk where their exposures are material in absolute terms and where they have at the same time a large number of material counterparties. This Article shall be without prejudice to the fulfilment of criteria laid down in Part Three, Title I, Chapter 3, Section 1 of Regulation (EU) No 575/2013.

    2.   Competent authorities shall, taking into account the nature, scale and complexity of institutions' activities, monitor that they do not solely or mechanistically rely on external credit ratings for assessing the creditworthiness of an entity or financial instrument.

    3.   Competent authorities shall encourage institutions, taking into account their size, internal organisation and the nature, scale and complexity of their activities, to develop internal specific risk assessment capacity and to increase use of internal models for calculating own funds requirements for specific risk of debt instruments in the trading book, together with internal models to calculate own funds requirements for default and migration risk where their exposures to specific risk are material in absolute terms and where they have a large number of material positions in debt instruments of different issuers.

    This Article shall be without prejudice to the fulfilment of the criteria laid down in Part Three, Title IV, Chapter 5, Sections 1 to 5, of Regulation (EU) No 575/2013.

    4.   EBA shall develop draft regulatory technical standards to further define the notion ‧exposures to specific risk which are material in absolute terms‧ referred to in the first subparagraph of paragraph 3 and the thresholds for large numbers of material counterparties and positions in debt instruments of different issuers.

    EBA shall submit those draft regulatory technical standards to the Commission by 1 January 2014.

    Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.

    Article 78

    Supervisory benchmarking of internal approaches for calculating own funds requirements

    1.   Competent authorities shall ensure that institutions permitted to use internal approaches for the calculation of risk weighted exposure amounts or own fund requirements except for operational risk report the results of the calculations of their internal approaches for their exposures or positions that are included in the benchmark portfolios. Institutions shall submit the results of their calculations, together with an explanation of the methodologies used to produce them, to the competent authorities at an appropriate frequency, and at least annually.

    2.   Competent authorities shall ensure that institutions submit the results of the calculations referred to in paragraph 1 in accordance with the template developed by EBA in accordance with paragraph 8 to the competent authorities and to EBA. Where competent authorities choose to develop specific portfolios, they shall do so in consultation with EBA and ensure that institutions report the results of the calculations separately from the results of the calculations for EBA portfolios.

    3.   Competent authorities shall, on the basis of the information submitted by institutions in accordance with paragraph 1, monitor the range of risk weighted exposure amounts or own funds requirements, as applicable, except for operational risk, for the exposures or transactions in the benchmark portfolio resulting from the internal approaches of those institutions. At least annually, competent authorities shall make an assessment of the quality of those approaches paying particular attention to:

    (a)

    those approaches that exhibit significant differences in own fund requirements for the same exposure;

    (b)

    approaches where there is particularly high or low diversity, and also where there is a significant and systematic under-estimation of own funds requirements.

    EBA shall produce a report to assist the competent authorities in the assessment of the quality of the internal approaches based on the information referred to in paragraph 2.

    4.   Where particular institutions diverge significantly from the majority of their peers or where there is little commonality in approach leading to a wide variance of results, competent authorities shall investigate the reasons therefor and, if it can be clearly identified that an institution's approach leads to an underestimation of own funds requirements which is not attributable to differences in the underlying risks of the exposures or positions, shall take corrective action.

    5.   The competent authorities shall ensure that their decisions on the appropriateness of corrective actions as referred to in paragraph 4 comply with the principle that such actions must maintain the objectives of an internal approach and therefore do not:

    (a)

    lead to standardisation or preferred methods;

    (b)

    create wrong incentives; or

    (c)

    cause herd behaviour.

    6.   EBA may issue guidelines and recommendations in accordance with Article 16 of Regulation (EU) No 1093/2010 where it considers them necessary on the basis of the information and assessments referred to in paragraphs 2 and 3 of this Article in order to improve supervisory practices or practices of institutions with regard to internal approaches.

    7.   EBA shall develop draft regulatory technical standards to specify:

    (a)

    the procedures for sharing assessments made in accordance with paragraph 3 between the competent authorities and with EBA;

    (b)

    the standards for the assessment made by competent authorities referred to in paragraph 3.

    EBA shall submit those draft regulatory technical standards to the Commission by 1 January 2014.

    Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.

    8.   EBA shall develop draft implementing technical standards to specify:

    (a)

    the template, the definitions and the IT-solutions to be applied in the Union for the reporting referred to in paragraph 2;

    (b)

    the benchmark portfolio or portfolios referred to in paragraph 1.

    EBA shall submit those draft implementing technical standards to the Commission by 1 January 2014.

    Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph in accordance with Article 15 of Regulation (EU) No 1093/2010.

    9.   The Commission shall, by 1 April 2015 and after consulting EBA, submit a report to the European Parliament and to the Council on the functioning of the benchmarking of internal models including the scope of the model. Where appropriate, the report shall be followed by a legislative proposal.

    Article 79

    Credit and counterparty risk

    Competent authorities shall ensure that:

    (a)

    credit-granting is based on sound and well-defined criteria and that the process for approving, amending, renewing, and re-financing credits is clearly established;

    (b)

    institutions have internal methodologies that enable them to assess the credit risk of exposures to individual obligors, securities or securitisation positions and credit risk at the portfolio level. In particular, internal methodologies shall not rely solely or mechanistically on external credit ratings. Where own funds requirements are based on a rating by an External Credit Assessment Institution (ECAI) or based on the fact that an exposure is unrated, this shall not exempt institutions from additionally considering other relevant information for assessing their allocation of internal capital;

    (c)

    the ongoing administration and monitoring of the various credit risk-bearing portfolios and exposures of institutions, including for identifying and managing problem credits and for making adequate value adjustments and provisions, is operated through effective systems;

    (d)

    diversification of credit portfolios is adequate given an institution's target markets and overall credit strategy.

    Article 80

    Residual risk

    Competent authorities shall ensure that the risk that recognised credit risk mitigation techniques used by institutions prove less effective than expected is addressed and controlled including by means of written policies and procedures.

    Article 81

    Concentration risk

    Competent authorities shall ensure that the concentration risk arising from exposures to each counterparty, including central counterparties, groups of connected counterparties, and counterparties in the same economic sector, geographic region or from the same activity or commodity, the application of credit risk mitigation techniques, and including in particular risks associated with large indirect credit exposures such as a single collateral issuer, is addressed and controlled including by means of written policies and procedures.

    Article 82

    Securitisation risk

    1.   Competent authorities shall ensure that the risks arising from securitisation transactions in relation to which the credit institutions are investor, originator or sponsor, including reputational risks, such as arise in relation to complex structures or products, are evaluated and addressed through appropriate policies and procedures, to ensure that the economic substance of the transaction is fully reflected in the risk assessment and management decisions.

    2.   Competent authorities shall ensure that liquidity plans to address the implications of both scheduled and early amortisation exist at institutions which are originators of revolving securitisation transactions involving early amortisation provisions.

    Article 83

    Market risk

    1.   Competent authorities shall ensure that policies and processes for the identification, measurement and management of all material sources and effects of market risks are implemented.

    2.   Where the short position falls due before the long position, competent authorities shall ensure that institutions also take measures against the risk of a shortage of liquidity.

    3.   The internal capital shall be adequate for material market risks that are not subject to an own funds requirement.

    Institutions, which have, in calculating own funds requirements for position risk in accordance with Part Three, Title IV, Chapter 2, of Regulation (EU) No 575/2013, netted off their positions in one or more of the equities constituting a stock-index against one or more positions in the stock-index future or other stock-index product shall have adequate internal capital to cover the basis risk of loss caused by the future's or other product's value not moving fully in line with that of its constituent equities. Institutions shall also have such adequate internal capital where they hold opposite positions in stock-index futures which are not identical in respect of either their maturity or their composition or both.

    Where using the treatment in Article 345 of Regulation (EU) No 575/2013, institutions shall ensure that they hold sufficient internal capital against the risk of loss which exists between the time of the initial commitment and the following working day.

    Article 84

    Interest risk arising from non-trading book activities

    Competent authorities shall ensure that institutions implement systems to identify, evaluate and manage the risk arising from potential changes in interest rates that affect an institution's non-trading activities.

    Article 85

    Operational risk

    1.   Competent authorities shall ensure that institutions implement policies and processes to evaluate and manage the exposure to operational risk, including model risk, and to cover low-frequency high-severity events. Institutions shall articulate what constitutes operational risk for the purposes of those policies and procedures.

    2.   Competent authorities shall ensure that contingency and business continuity plans are in place to ensure an institution's ability to operate on an ongoing basis and limit losses in the event of severe business disruption.

    Article 86

    Liquidity risk

    1.   Competent authorities shall ensure that institutions have robust strategies, policies, processes and systems for the identification, measurement, management and monitoring of liquidity risk over an appropriate set of time horizons, including intra-day, so as to ensure that institutions maintain adequate levels of liquidity buffers. Those strategies, policies, processes and systems shall be tailored to business lines, currencies, branches and legal entities and shall include adequate allocation mechanisms of liquidity costs, benefits and risks.

    2.   The strategies, policies, processes and systems referred to in paragraph 1 shall be proportionate to the complexity, risk profile, scope of operation of the institutions and risk tolerance set by the management body and reflect the institution's importance in each Member State in which it carries out business. Institutions shall communicate risk tolerance to all relevant business lines.

    3.   Competent authorities shall ensure that institutions, taking into account the nature, scale and complexity of their activities, have liquidity risk profiles that are consistent with and, not in excess of, those required for a well-functioning and robust system.

    Competent authorities shall monitor developments in relation to liquidity risk profiles, for example product design and volumes, risk management, funding policies and funding concentrations.

    Competent authorities shall take effective action where developments referred to in the second subparagraph may lead to individual institution or systemic instability.

    Competent authorities shall inform EBA about any actions carried out pursuant to the third subparagraph.

    EBA shall make recommendations where appropriate in accordance with Regulation (EU) No 1093/2010.

    4.   Competent authorities shall ensure that institutions develop methodologies for the identification, measurement, management and monitoring of funding positions. Those methodologies shall include the current and projected material cash-flows in and arising from assets, liabilities, off-balance-sheet items, including contingent liabilities and the possible impact of reputational risk.

    5.   Competent authorities shall ensure that institutions distinguish between pledged and unencumbered assets that are available at all times, in particular during emergency situations. They shall also ensure that institutions take into account the legal entity in which assets reside, the country where assets are legally recorded either in a register or in an account and their eligibility and shall monitor how assets can be mobilised in a timely manner.

    6.   Competent authorities shall ensure that institutions also have regard to existing legal, regulatory and operational limitations to potential transfers of liquidity and unencumbered assets amongst entities, both within and outside the European Economic Area.

    7.   Competent authorities shall ensure that institutions consider different liquidity risk mitigation tools, including a system of limits and liquidity buffers in order to be able to withstand a range of different stress events and an adequately diversified funding structure and access to funding sources. Those arrangements shall be reviewed regularly.

    8.   Competent authorities shall ensure that institutions consider alternative scenarios on liquidity positions and on risk mitigants and review the assumptions underlying decisions concerning the funding position at least annually. For those purposes, alternative scenarios shall address, in particular, off-balance sheet items and other contingent liabilities, including those of Securitisation Special Purpose Entities (SSPE) or other special purpose entities, as referred to in Regulation (EU) No 575/2013, in relation to which the institution acts as sponsor or provides material liquidity support.

    9.   Competent authorities shall ensure that institutions consider the potential impact of institution-specific, market-wide and combined alternative scenarios. Different time periods and varying degrees of stress conditions shall be considered.

    10.   Competent authorities shall ensure that institutions adjust their strategies, internal policies and limits on liquidity risk and develop effective contingency plans, taking into account the outcome of the alternative scenarios referred to in paragraph 8.

    11.   Competent authorities shall ensure that institutions have in place liquidity recovery plans setting out adequate strategies and proper implementation measures in order to address possible liquidity shortfalls, including in relation to branches established in another Member State. Competent authorities shall ensure that those plans are tested by the institutions at least annually, updated on the basis of the outcome of the alternative scenarios set out in paragraph 8, reported to and approved by senior management, so that internal policies and processes can be adjusted accordingly. Institutions shall take the necessary operational steps in advance to ensure that liquidity recovery plans can be implemented immediately. For credit institutions, such operational steps shall include holding collateral immediately available for central bank funding. This includes holding collateral where necessary in the currency of another Member State, or the currency of a third country to which the credit institution has exposures, and where operationally necessary within the territory of a host Member State or of a third country to whose currency it is exposed.

    Article 87

    Risk of excessive leverage

    1.   Competent authorities shall ensure that institutions have policies and processes in place for the identification, management and monitoring of the risk of excessive leverage. Indicators for the risk of excessive leverage shall include the leverage ratio determined in accordance with Article 429 of Regulation (EU) No 575/2013 and mismatches between assets and obligations.

    2.   Competent authorities shall ensure that institutions address the risk of excessive leverage in a precautionary manner by taking due account of potential increases in the risk of excessive leverage caused by reductions of the institution's own funds through expected or realised losses, depending on the applicable accounting rules. To that end, institutions shall be able to withstand a range of different stress events with respect to the risk of excessive leverage.

    Sub-Section 3

    Governance

    Article 88

    Governance arrangements

    1.   Member States shall ensure that the management body defines, oversees and is accountable for the implementation of the governance arrangements that ensure effective and prudent management of an institution, including the segregation of duties in the organisation and the prevention of conflicts of interest.

    Those arrangements shall comply with the following principles:

    (a)

    the management body must have the overall responsibility for the institution and approve and oversee the implementation of the institution's strategic objectives, risk strategy and internal governance;

    (b)

    the management body must ensure the integrity of the accounting and financial reporting systems, including financial and operational controls and compliance with the law and relevant standards;

    (c)

    the management body must oversee the process of disclosure and communications;

    (d)

    the management body must be responsible for providing effective oversight of senior management;

    (e)

    the chairman of the management body in its supervisory function of an institution must not exercise simultaneously the functions of a chief executive officer within the same institution, unless justified by the institution and authorised by competent authorities.

    Member States shall ensure that the management body monitors and periodically assesses the effectiveness of the institution's governance arrangements and takes appropriate steps to address any deficiencies.

    2.   Member States shall ensure that institutions which are significant in terms of their size, internal organisation and the nature, scope and complexity of their activities establish a nomination committee composed of members of the management body who do not perform any executive function in the institution concerned.

    The nomination committee shall:

    (a)

    identify and recommend, for the approval of the management body or for approval of the general meeting, candidates to fill management body vacancies, evaluate the balance of knowledge, skills, diversity and experience of the management body and prepare a description of the roles and capabilities for a particular appointment, and assess the time commitment expected.

    Furthermore, the nomination committee shall decide on a target for the representation of the underrepresented gender in the management body and prepare a policy on how to increase the number of the underrepresented gender in the management body in order to meet that target. The target, policy and its implementation shall be made public in accordance with Article 435(2)(c) of Regulation (EU) No 575/2013;

    (b)

    periodically, and at least annually, assess the structure, size, composition and performance of the management body and make recommendations to the management body with regard to any changes;

    (c)

    periodically, and at least annually, assess the knowledge, skills and experience of individual members of the management body and of the management body collectively, and report to the management body accordingly;

    (d)

    periodically review the policy of the management body for selection and appointment of senior management and make recommendations to the management body.

    In performing its duties, the nomination committee shall, to the extent possible and on an ongoing basis, take account of the need to ensure that the management body's decision making is not dominated by any one individual or small group of individuals in a manner that is detrimental to the interests of the institution as a whole.

    The nomination committee shall be able to use any forms of resources that it considers to be appropriate, including external advice, and shall receive appropriate funding to that effect.

    Where, under national law, the management body does not have any competence in the process of selection and appointment of any of its members, this paragraph shall not apply.

    Article 89

    Country-by-country reporting

    1.   From 1 January 2015 Member States shall require each institution to disclose annually, specifying, by Member State and by third country in which it has an establishment, the following information on a consolidated basis for the financial year:

    (a)

    name(s), nature of activities and geographical location;