Germany: Financial Sector Assessment Program-Detailed Assessment of Observance on the Basel Core Principles for Effective Banking Supervision

International Monetary Fund. Monetary and Capital Markets Department

doi:10.5089/9781475564617.002.A001

Germany

Financial Sector Assessment Program-Detailed Assessment of Observance on the Basel Core Principles for Effective Banking Supervision

Author: International Monetary Fund. Monetary and Capital Markets Department

Publication Date:: 29 Jun 2016

eISBN:: 9781475564617

Language:: English

Keywords:: ISCR; CR; risk management; business organization; risk profile; holding company; savings bank; credit risk; internal audit; risk assessment; banking group; beneficial owner; country risk

Download PDF (1.9 MB)

This paper provides assessment of the current state of the implementation of the Basel Core Principles for Effective Banking Supervision in Germany. Since the last Financial Sector Assessment Program (FSAP), German banking supervision has undergone profound changes, with approval of the Capital Requirements Regulation (CRR) and Directive (CRD IV), establishment of the European Banking Authority, and creation of the Single Supervisory Mechanism. The last FSAP (2011) found banking system supervision to be generally sound with some areas in need of improvement—although some of these issues have been addressed, others remain. While supervisory landscape in Germany evolves, it is crucial that supervisors communicate their expectations to banks and develop guidelines and regulations that can be used to substantiate enforceable measures.

Abstract

Summary and Main Findings¹

1. Since the last FSAP, German banking supervision has undergone profound changes, with the approval of the CRD IV and CRR framework, the establishment of the European Banking Authority (EBA) and the creation of the Single Supervisory Mechanism (SSM). The German legal framework has been amended to transpose CRD IV, and CRR and the regulatory technical standards developed by EBA and issued by the European Commission became directly applicable. Additionally, the ECB took over direct supervision of 21 of Germany’s largest banks, including one G-SIB.

2. The last FSAP (2011) found the banking system supervision to be generally sound with some areas in need of improvement—while some of these issues have been addressed, others remain. Recommendations were made for improvements to the framework for major acquisitions, capital adequacy assessment by the supervisors, risk management processes, capital definition, liquidity risk management, risk oversight, stress testing capabilities, and timely supervisory remedial action. More progress was made regarding strengthened resources and capacity for on- and off-site supervision of risks, more detailed guidance to banks on supervisory expectations regarding risk management, and establishment of internal ladder of actions to foster more timely and consistent supervisory response. Little or no progress was made on recommendations regarding the level of reporting to the MoF, related party exposures, country risk, and topics that depend mainly on the EU-wide framework, such as capital requirements, major acquisitions, and supervisory reporting.

3. The legal and regulatory framework is extensive; however, important gaps exist, which affect effectiveness of corporate governance and controls. While the KWG establishes fit-and-proper standards for supervisory and management board members; defines the oversight function of the supervisory board and the functions of the management board, in practice the focus of governance is placed on the management board. All risk functions report directly to the management board. As a result; the core function of corporate governance, which should be the responsibility of the oversight body (establish a risk culture, risk appetite, code of conduct, business plans) has been assigned to management, whose oversight by the supervisory board is very light. In particular, the independence of the internal audit and compliance is compromised as they report to the management board.

4. The establishment of the SSM has fundamentally changed the supervision of German banks, both large and small. For the SIs, day-to-day supervision is conducted by Joint Supervisory Teams (JSTs) led by ECB staff with sub-coordinators from BaFin and Bundesbank (and from countries where the bank has significant subsidiaries). The JSTs are composed by staff from supervisory agencies from all countries where banks have operations, therefore involving supervisors with vastly different backgrounds, supervisory cultures, and languages. The coordination and integration of these multinational teams present many operational and motivational challenges which will need to be addressed by the SSM in the long run. For the smaller German SIs, the shift from local supervision to the ECB supervision seems to have represented a deep change in terms of reporting, minimum level of engagement with supervisors, intrusiveness, and supervisory requirements – including capital add-on resulting from the SREP process. For larger SIs, which were already under intensive supervision before, the supervisory approach seems to benefit from better cross-country views and benchmarking, however on the other hand supervisory response seems to have been reduced given the complex decision making procedures in the ECB.

5. Over 1500 LSIs continue under the direct supervision of BaFin and Bundesbank, under general guidance of the ECB supervision. The ECB has designated some LSIs as High Priority for which enhanced supervisory monitoring and reporting have been adopted. The ECB is currently developing joint standards for different elements of the Supervisory Review Process to ensure elements of the SSM supervisory manual are applied to LSIs. The increased emphasis in reporting and SREP, in particular on assessment of credit risk valuation, is a welcome development. However, the increased reporting and monitoring might increase the need of resources for LSI supervision – authorities will need to balance the supervisory objectives to the resources needed for the supervision of very small entities.

6. LSIs supervision is therefore changing from a more qualitative and relationship-based approach to a more quantitative and SREP-based approach. BaFin and Bundesbank have traditionally put a great emphasis on processes for risk management and controls, counting on the work of external auditors for the verification of compliance with nearly all aspects of the BCP. Auditors present to the supervisors an extensive report that should cover all material risks according to the MaRisk framework,² and supervision conducts the risk assessment using this and other information available, obtained through on-site inspections, reports, and direct contact with banks. Nevertheless, this approach allows gaps, in particular regarding areas where little guidance exists, such as related party lending, country risk, concentration risk, and operational risk.

7. Two issues affect day-to-day functions of the ECB supervision: the ECB must execute much of its tasks according to national legislation, and all decisions need to be approved by ECB’s Governing Council, which creates a time-consuming and cumbersome supervisory decision making process. Every supervisory decision, after consideration and approval by the Supervisory Board, is submitted to ECB’s Governing Council for approval under a no-objection procedure. In addition, for LSIs and SIs alike, the ECB needs to comply with local legislation to execute many of its tasks. For instance, licensing applications must be filed with national authorities in compliance with national legislation, and then submitted for analysis and decision by the ECB. All fit-and-proper authorizations of SIs are assessed against national fit-and-proper criteria and then submitted to the ECB. Enforcement and sanctioning powers of the ECB are also largely based on what is available under national legislation, and although the ECB has some direct enforcement powers, it mostly needs to act by giving instructions to BaFin on measures to be taken under German legislation. It is crucial that decision making processes in ECB day to day supervision are streamlined to the extent possible so that timely supervisory response isn’t further hindered in this already inescapably complex legal framework.

8. While the supervisory landscape in Germany evolves, it is crucial that supervisors communicate their expectations to banks and develop guidelines and regulations that can be used to substantiate enforceable measures. All aspects that are not harmonized within the EU or on which EU or German regulatory is silent or provide only too general rules need to be developed into guidelines or regulations that can both inform the banks of supervisory expectations and substantiate legal action by the supervisors. In the German framework some of that is done through circulars, ordinances, and guidelines. SSM wide, it is important that the good practices and process engrained in the internal SSM procedures are made public in structured instruments which can help substantiate supervisory measures. This is particularly relevant in the case of guidance related to loan portfolio management (specifically providing bank management with guidance on when setting loan classification parameters and provisioning, collateral valuation considerations, and elements of effective credit risk management), concentration risk, country and transfer risk, related party risk, and operational risk.

A. Main findings

Responsibility, Objectives, Powers, Independence, Accountability (CPs 1–2)

The legal framework for banking supervision is well established by German laws and regulations, directly applicable EU regulation, and SSMR. While the division of responsibilities between BaFin and Bundesbank regarding LSIs supervision is well established, the framework for the SSM is evolving and there are still uncertainties regarding the specific operational roles of each agency in the new environment. These uncertainties reflect the complex legal and operational framework but do not to affect the overall understanding of responsibilities by the market or authorities. The three supervisory agencies enjoy operational independence, in the sense that there is no government or industry interference in individual supervisory decisions. However, there is potential for indirect influence of government and industry in the execution of BaFin’s supervisory objectives through the budget approval process and the mandatory approval of BaFin’s internal organization and structure by the MoF. Decision making process at the ECB is complex and does not foster effectiveness and timeliness of day-to-day supervisory decisions (although there are processes in place for emergency decisions).

Ownership, Licensing, and Structure (CPs 4–7)

9. The ECB is the licensing authority, who makes decisions on the basis of applicable German and EU laws. While criteria and procedures are well established, in general the financial suitability of shareholders is limited to the availability of the initial capital, and the assessment of the supervisory board does not play a relevant role in the licensing process, although assessors noted these elements are gradually being incorporated in the licensing process. In addition, there is no requirement for the bank to notify the supervisor when they become aware of events that may cause a significant shareholder to no longer be fit-and-proper. The review of fit-and-proper qualification would benefit from expanded requirements and standards. In that sense, the team welcomes the new guidelines issued by BaFin in January 2016, which emphasize the prudential importance of the professional qualification of the Board.

10. There is no need for prior supervisor approval of investments below a 10 percent threshold, other than investments in other German institutions (significant holdings regime). This may create situations where acquisitions occur that increase the risk to the banking group beyond management skills and have a negative impact on the group that greatly exceeds the amount of the investment. While the regulator requires higher capital or may be able to force the bank to unwind the investment, it is more prudent to require ex-ante review.

Methods of Ongoing Supervision (CPs 8–10)

11. The transition to the SSM for SIs has had many benefits, although some aspects of the supervision methodology still undergoing implementation. A lot has been achieved in a short space of time and the supervision framework lays the foundation for a risk-based approach with the SREP as the core element. Elements of the framework are still being implemented and will take time to mature and be applied consistently across banks.

12. The supervisory approach for LSIs is established but evolving and scope exists for greater verification of compliance with regulations to complement current activities. On-site examinations verify adherence with MaRisk and are undertaken by BBk and BaFin through testing and interviews of management. The MaRisk Inspection Guide used by LSI supervisors lays the foundation for a consistent examination process and the use of the external auditor is also a key aspect of the supervision architecture to confirm compliance. Annual meetings with the Management Board, analysis of the ICAAP, and the risk profile form core elements of a sound framework. However, much reliance is placed on the external audit long form report and while rich in detail, greater emphasis is needed to verify the reliability, accuracy, and integrity of the information used for risk assessments as inputs into a forward looking view of risk.

13. Supervisory reporting is not sufficiently granular to support off-site supervision. Not all data needs are covered by EBA ITS reporting. To fill the gaps, short-term exercises (STEs) and surveys are used, such as, e.g., concentration, liquidity, and IRRBB. While the data contributes to the risk assessment process, using peer group analysis and benchmarks is not systematic. Currently, supervisors are challenged by differences between reporting based on nGAAP and IFRS data which complicates systematic and consistent comparisons between different account treatments. Technical work is underway to address this issue. Timely and accurate data is fundamental to effective supervision and the issues with data identified by the assessment need to be addressed as a matter of priority.

Corrective and Sanctioning Powers of Supervisors (CP 11)

14. German law and SSMR provide a broad range of actions that can be taken by supervisors in their respective responsibilities. Direct enforcement powers and sanctions of ECB are limited; however, the ECB can make use of the enforcement and sanction powers available to BaFin. Assessors had access to evidence of such indirect actions, however the complex legal framework may make it operationally difficult and time consuming for ECB to impose enforcement actions. The actual use of formal powers by both BaFin and ECB in practice is not intensive.

Cooperation, Consolidated and Cross-Border Banking Supervision (CPs 3 – 12 – 13)

15. Collaboration and coordination framework with domestic and cross-border supervisors is highly developed. The EU has adopted a supervisory coordination process that is based on joint supervision through the SSM, colleges of supervisors led by the home country coordinator and signed MOUs with third country supervisors and nonbanking sector regulators.

16. A consolidated supervisory approach is in place at both the SI and LSI level. A detailed planning approach is in place through supervisory colleges and MOUs that result in a comprehensive review for the consolidated group. Additionally, ring-fencing powers are available to ensure that the group can be insulated from related companies that may adversely impact the group. Banking groups may be required to close reorganize to correct a non-transparent structure.

Corporate Governance (CP 14)

17. Currently, in Germany, the role of supervisory boards is weak and passive with most policy, and risk management duties and responsibilities placed on the management board. In the past few years there has been some evolution on supervisors’ focus on the supervisory board within the SREP process. A thematic review on Risk Governance has been conducted which resulted in recommendations addressed to banks aimed at making the supervisory board involvement more robust. Additionally, MaRisk is being amended and will include code of conduct requirements.

18. Supervisory guidance should clearly delineate that ultimate responsibility for establishing the risk culture, developing business plans and risk appetite statement rests with the supervisory board. The fit-and-proper process is streamlined for supervisory board members as are technical knowledge requirements. As established by KWG, the primary responsibility for internal controls, governance, business strategy, and internal audit is assigned to the management board.

Prudential Requirements, Regulatory Framework, Accounting and Disclosure (CPs 15–29)

19. While risk management standards are generally sound, the reporting line between the internal risk control function and the Supervisory Board should be strengthened. Reporting of risk management is through the Management Board and the CEO which is responsible for setting the business plan and risk taking. The risk function does not report directly to the Supervisory Board but to the Management Board and therefore the CEO. This approach may weaken the independence of the risk management function and the CRO to raise issues, as also highlighted by the SSM methodology. In particular, the reporting line to the management body (with supervisory and management function) was a topic assessed within the thematic review on Risk Governance and Risk Appetite. While banks had in place formal “whistle-blowing” processes, the structure may inhibit the independence of the CRO and the risk function to report weaknesses in the Risk Management Framework (RMF). This is further aggravated by the ex-post notification of removal of the CRO by the management board which is the prescribed minimum of MaRisk.

20. Banks are well capitalized and supervisors have the powers to impose additional requirements. The deviations of the EU capital framework in relation to the Basel standards regarding the definition of capital do not seem to be material for German banks in general, although some may be for specific banks (deduction of participation in insurance, for instance). Regarding the calculation of risk weighted assets, a few elements for which the RCAP found deviations may be significant for Germany, such as sovereign exposures under the permanent and temporary partial use, lower risk weights for covered bonds, and the counterparty credit risk framework. Assessors observed some cases where these deficiencies were being addressed by banks’ internal capital adequacy assessments and supervisory action, it is impossible to determine that that existing framework is not in general resulting in overstated CET1 ratios. Both ECB and BaFin can require banks to hold capital in excess of the minima under Pillar 2; however, the practice was not commonly used by German authorities. ECB as a supervisor has only concluded one SREP cycle, in which some banks were required to implement Pillar 2 add-ons. Leverage is specifically taken into account in the SSM SREP methodology, while for BaFin it is not yet systematically incorporated in the analysis.

21. Supervisors have not provided guidance on their expectations on loan portfolio management. For example, broad guidelines on general characteristics of various loan risk buckets; definitions of non- performing, restructured, forborne, and cured loans. Providing guidance that outlines supervisory expectations would aid managers and improve compatibility between banks. Granularity of data on credit portfolios is limited.

22. The role of the supervisors in loan classification and supervision in Germany primarily involves a review of policy and procedures. The focus of supervision is to provide bank management with considerations when setting loan classification parameters and provisioning such as items to consider for residential mortgages and commercial real estate classification triggers. Important are collateral valuation considerations; such as conservative valuations of realizable net values.

23. Loan classification and provisioning have been viewed as an accounting issue; however, supervisors recently conducted a thematic review of loan valuation and impairment. To implement a supervisory approach that asks supervision staff to review loan files and value loans and determine adequacy of provisions in a market where the practice was not present, ex-ante discussions with bankers and accountants should take place and supervisor expectations on loan valuation and provisioning communicated. It is also important to provide staff with training and support to be able to challenge management valuation of collateral or failure to rate an asset as impaired. The process of developing the capacity of supervisors to challenge bank management valuation of loans has started.

24. Market risk management standards are generally sound and supervisors take an active approach. MaRisk establish the requirements for banks to implement effective risk management frameworks to measure and manage market risk. For the larger more systemic and risk-oriented banks with a trading bias, greater supervisory intensiveness and intrusiveness takes place. Market risk has been a focus of the supervisors during 2014 and 2015. In addition; a targeted review of banks’ internal models will be carried out over several years. Supervisors periodically review banks to assess that their market risk management processes are consistent with the risk bearing capacity and the market risk management framework. Banks with the largest trading books are subject to enhanced focus (mostly SIs) and the remaining banks are on a normal cycle based upon their SREP score and risk profile. Assessors observed supervisory practices for both SIs and LSIs and verified compliance with this principle.

25. IRRBB has received a significant amount of the supervisor’s attention during the last several years and features as a key priority for both SIs and LSIs. Banks are required to measure, calculate, and report their exposure to IRRBB on a quarterly basis. Banks are also required to conduct regular stress testing using both standardized and bespoke scenarios, especially for those banks with more complex business models and optionality in the portfolio. Supervisors make an assessment of IRRBB through the SREP process and it is a key topic in discussions with bank senior management. The German authorities have also conducted short term data collection exercises in the last several years to deepen the understanding of the systems exposure.

26. Concentration risk and country risk are generally considered as part of credit risk. The definition of concentration risk is limited to credit exposures, and not in a broader sense including different types of exposures. The expectations of the supervisors with respect to concentration risk and country risk management are not clearly communicated to the banks. There is no requirement that all material concentrations to be regularly reviewed and reported to the bank’s supervisory board. Reporting and monitoring of country risk and concentrations can be improved, and their inclusion in banks’ stress tests specifically required.

27. The framework for transactions with related parties is weak, although the definition of related parties is wide and detailed. The framework covers loans in a broad definition that includes off-balance sheet exposures and leasing operations, albeit not dealings such as service contracts, asset purchases and sales, and construction contracts. Related party loans must be granted on market terms, but there is no requirement that individuals with conflict of interest are excluded from the whole process of granting and managing such exposures. There is no requirement that related party exposures are monitored and controlled separately and in aggregate. There is no regular reporting of exposures to related parties. Supervision of related party risk is mostly carried out by external auditors, whose analysis of related party risk is very limited. No limits on related party are imposed by laws, regulation, or the supervisor.

28. Supervisors have stepped up the frequency and intensity of interaction with credit institutions regarding their management of liquidity risk, contingency plans, and funding requirements. Supervisors have built-up in-depth understanding of liquidity funding risks at individual institutions. Supervisors periodically meet with treasury staff and receive monthly monitoring of LCR data. Funding plans and results of stress testing are reported and evaluated periodically. The LCR adopted in EU has a number of elements which are less stringent than the Basel agreed rule, most notably a wider definition of HQLA. German banks make use of the wider definition of HQLA mainly in covered bonds included as Level 1 assets. Guidance for assessing ILAAPs will be implemented for 2016 which will help strengthen the assessment of liquidity risk management as part of the SREP, which was under improvement at the time of the mission. To this regard, SSM issued a letter in the beginning of the year on Supervisory Expectations on ILAAP and harmonized information collection on ILAAP to enhance its analysis and integration in the SREP. Benchmarks for liquidity risk indicators will be developed during 2016.

29. While operational risk has undergone several enhancements since the time of the last FSAP, more attention is needed of ongoing monitoring of the effective implementation of operational risk management frameworks. The area of operational risk has undergone several enhancements since the time of the last FSAP, most notably in the strengthening of dedicated IT risk specialists that mainly conduct on-site examinations but also develop supervision approaches for IT risk more generally. This team has been successful at deepening the institutional knowledge of IT risks and vulnerabilities and identify where standards need to be raised. The most recent example is in the area of data centers where IT risk specialists have attended DR testing for several of the larger LSIs.

30. The independence of the internal audit and compliance is undermined as they report to the management board. The internal audit function, as an instrument of the management board, is under its direct control and has to report to management board members. The internal auditor can also be subject to the direct control of one management board member, who could be the chairperson. Additionally, the supervisory board is only informed ex-post of a replacement of the internal auditor, compliance officer, and risk officer.

31. Banking supervisors do not have legal power to access external auditors’ work papers. Although this is not an essential requirement, Germany chose to be assessed against the best international practices, and given the heavy reliance on external auditors for reviewing not only the reliability of financial statements but also reporting on whether the banks comply with all risk management guidelines, this gap should be addressed.

32. Overall, the AML/CFT framework appears strong, but some weaknesses remain, mainly in supervisory practices. BaFin has established a risk-based framework to discriminate banks’ risk profiles and exposure to risks from AML/CFT. The framework is designed to help identify those institutions where enhanced monitoring and attention is required. While the framework should help focus supervisory attention on the highest risk institutions, inputs into the process need to be refined to be fully risk-based. The framework is heavily reliant on the EA report to identify deficiencies or weaknesses in risk management. Ongoing monitoring of banks’ compliance with the regulations needs to be more systematic through the ongoing receipt of a range of inputs. Lastly, coverage of the banking sector through on-site examinations needs to be expanded.

Introduction and Methodology

A. Introduction

33. This assessment of the current state of the implementation of the Basel Core Principles for Effective Banking Supervision (BCP) in Germany has been completed as a part of the Financial Sector Assessment Program (FSAP) mission undertaken by the International Monetary Fund (IMF) during March of 2016 at the request of the German authorities. It reflects the regulatory and supervisory framework in place as of the date of the completion of the assessment. It is not intended to represent an analysis of the state of the banking sector or crisis management framework, which are addressed in other parts of the FSAP.

34. An assessment of the effectiveness of banking supervision requires a review of the legal framework, and detailed examination of the policies and practices of the institutions responsible for banking regulation and supervision. In line with the BCP methodology, the assessment focused on BaFin, Deutsche Bundesbank (BBk), and the European Central Bank as the joint supervisors of the banking system, and did not cover the specificities of regulation and supervision of other financial intermediaries. It is important to note, however, that to the extent that BaFin is a unified supervisor responsible for other entities of the financial sector, the assessment of banking supervision in Germany may provide a useful picture of current supervisory processes applicable to other financial institutions supervised by it.

B. Information and Methodology Used for Assessment

35. Germany requested to be assessed according to the Revised Core Principles (BCP) Methodology issued by the BCBS (Basel Committee of Banking Supervision) in September 2012. The current assessment was thus performed according to a revised content and methodological basis as compared with the previous BCP assessment carried out in 2011. It is important to note, for completeness’ sake, that the two assessments will not be directly comparable, as the revised BCP have a heightened focus on corporate governance and risk management and its practice by supervised institutions and its assessment by the supervisory authority, raising the bar to measure the effectiveness of a supervisory framework (see box for more information on the Revised BCP).

36. The German authorities chose to be assessed against the highest standards of supervision and regulation, choosing to be assessed and rated against both the Essential Criteria and the Additional Criteria. To assess compliance, the BCP Methodology uses a set of essential and additional assessment criteria for each principle. The essential criteria (EC) were usually the only elements on which to gauge full compliance with a Core Principle (CP). The additional criteria (AC) are recommended best practices against which the authorities of some more complex financial systems may agree to be assessed and rated. The assessment of compliance with each principle is made on a qualitative basis. A four-part grading system is used: compliant; largely compliant; materially noncompliant; and noncompliant. This is explained below in the detailed assessment section. The assessment of compliance with each CP is made on a qualitative basis to allow a judgment on whether the criteria are fulfilled in practice. Effective application of relevant laws and regulations is essential to provide indication that the criteria are met.

37. The assessment team reviewed the framework of laws, rules, and guidance and held extensive meetings with officials of BaFin, Bundesbank, and ECB Supervision, and additional meetings with auditing firms and banking sector participants. The authorities provided a self-assessment of the CPs rich in quality and comprehensiveness, as well as detailed responses to additional questionnaires, and facilitated access to supervisory documents and files, staff, and systems.

38. The team appreciated the very high quality of cooperation received from the authorities. The team extends its thanks to staff of the authorities who provided excellent cooperation, including extensive provision of documentation and access, at a time when staff was burdened by many initiatives related to the European and global regulatory changes, and still adapting to the new European supervisory framework.

39. The standards were evaluated in the context of the German financial system’s structure and complexity. The CPs must be capable of application to a wide range of jurisdictions whose banking sectors will inevitably include a broad spectrum of banks. To accommodate this breadth of application, a proportionate approach is adopted within the CP, both in terms of the expectations on supervisors for the discharge of their own functions and in terms of the standards that supervisors impose on banks. An assessment of a country against the CPs must, therefore, recognize that its supervisory practices should be commensurate with the complexity, interconnectedness, size, and risk profile and cross-border operation of the banks being supervised. In other words, the assessment must consider the context in which the supervisory practices are applied. The concept of proportionality underpins all assessment criteria. For these reasons, an assessment of one jurisdiction will not be directly comparable to that of another.

40. An assessment of compliance with the BCPs is not, and is not intended to be, an exact science. Reaching conclusions required judgments by the assessment team. The team assessed the supervisory and regulatory framework in the midst of great changes, and the assessment should reflect the transition phase in which it took place. Nevertheless, the assessment of the current legal and regulatory framework and supervisory practices against a common, agreed methodology should provide the supervisors of German banks with an internationally consistent measure of the quality of its banking supervision in relation to the CPs, which are internationally acknowledged as minimum standards, and point the way forward.

41. To determine the observation of each principle, the assessment has made use of five categories: compliant, largely compliant, materially noncompliant, noncompliant, and non-applicable. An assessment of “compliant” is given when all ECs and ACs are met without any significant deficiencies, including instances where the principle has been achieved by other means. A “largely compliant” assessment is given when there are only minor shortcomings, which do not raise serious concerns about the authorities’ ability to achieve the objective of the principle and there is clear intent to achieve full compliance with the principle within a prescribed period of time (for instance, the regulatory framework is agreed but has not yet been fully implemented). A principle is considered to be “materially noncompliant” in case of severe shortcomings, despite the existence of formal rules and procedures and there is evidence that supervision has clearly not been effective, the practical implementation is weak or that the shortcomings are sufficient to raise doubts about the authorities’ ability to achieve compliance. A principle is assessed “noncompliant” if it is not substantially implemented, several ECs and ACs are not complied with, or supervision is manifestly ineffective. Finally, a category of “non-applicable” is reserved for those cases that the criteria would not relate the country’s circumstances.

Box 1.

The 2012 Revised Core Principles

The revised BCPs reflect market and regulatory developments since the last revision, taking account of the lessons learned from the financial crisis in 2008/2009. These have also been informed by the experiences gained from FSAP assessments as well as recommendations issued by the G-20 and FSB, and take into account the importance now attached to: (i) greater supervisory intensity and allocation of adequate resources to deal effectively with systemically important banks; (ii) application of a system-wide, macro perspective to the microprudential supervision of banks to assist in identifying, analyzing and taking pre-emptive action to address systemic risk; (iii) the increasing focus on effective crisis preparation and management, recovery and resolution measures for reducing both the probability and impact of a bank failure; and (iv) fostering robust market discipline through sound supervisory practices in the areas of corporate governance, disclosure and transparency.

The revised BCPs strengthen the requirements for supervisors, the approaches to supervision and supervisors’ expectations of banks. The supervisors are now required to assess the risk profile of the banks not only in terms of the risks they run and the efficacy of their risk management, but also the risks they pose to the banking and the financial systems. In addition, supervisors need to consider how the macroeconomic environment, business trends, and the build-up and concentration of risk inside and outside the banking sector may affect the risk to which individual banks are exposed. While the BCP set out the powers that supervisors should have to address safety and soundness concerns, there is a heightened focus on the actual use of the powers, in a forward-looking approach through early intervention.

The number of principles has increased from 25 to 29. The number of essential criteria has expanded from 196 to 231. This includes the amalgamation of previous criteria (which means the contents are the same), and the introduction of 35 new essential criteria. In addition, for countries that may choose to be assessed against the additional criteria, there are 16 additional criteria.

While raising the bar for banking supervision, the Core Principles must be capable of application to a wide range of jurisdictions. The new methodology reinforces the concept of proportionality, both in terms of the expectations on supervisors and in terms of the standards that supervisors impose on banks. The proportionate approach allows assessments of banking supervision that are commensurate with the risk profile and systemic importance of a wide range of banks and banking systems.

Institutional and Market Structure—Overview³

42. The banking sector comprises three main “pillars,” private commercial banks, public savings banks, and cooperative banks. While the three-pillar structure has been fairly stable over the past decade, the German banking system has gone through a sustained period of consolidation.⁴ The number of banks has declined by about 100 compared with the time of the last FSAP, with consolidation mainly taking place at local savings and cooperative banks level.

43. The first pillar, private commercial banks, is composed of big banks, regional and other commercial banks as well as branches of foreign banks. While comparatively lower in the number of institutions, private commercial banks represent the largest segment of the banking sector by assets, accounting for 39.4 percent of the system in May 2015, slightly above the share in 2010. The “big banks” tend to operate with large branch networks, both domestically and internationally. They typically cover retail, corporate banking as well as investment banking business, and act as the principal banking partners of Germany’s major industrial enterprises.⁵ The regional and other commercial banks tend to be smaller in size and operate within a particular region, mainly focusing on credit to households and non-financial corporates, with deposits as the primary source of funding (Deutsche Bundesbank, 2015).

44. The second pillar, public savings banks, include both Landesbanken and savings banks (Sparkassen), covering about 27 percent of banking system assets. The savings banks operate under a regional principle, providing a range of banking services to households and small- and medium- enterprises (SMEs) in their own region. While competing with commercial banks, savings banks do not tend to compete with each other and they are mandated to provide public good and to support local economic development. Landesbanken, the central institution of the savings banks, have become increasingly involved in wholesale banking and capital market activities in recent years, in direct competition with commercial banks (Deutsche Bundesbank, 2015). While local savings banks weathered the 2008 financial crisis fairly well, partly due to their conservative business models and strong deposit base, some Landesbanken endured large losses as a result of their involvement in structured finance and derivative products. As a result, several Landesbanken were consolidated and merged after the crisis, with a resulting number of nine institutions in 2015.⁶

45. The third pillar, cooperative banks, includes more than 1,000 financial institutions, accounting for about 13.5 percent of the banking assets. Similar to savings banks, credit cooperatives are subject to a regional principle and operate under an extensive network of regional branches, with mutual guarantees. The cooperative banks are owned by their members, who tend to be their depositors and borrowers, and usually offer core banking services to their customers. The two regional institutions of credit cooperatives, DZ-Bank-AG and WGZ-Bank-AG, act as central institutions for cooperative banks, with the former also being a large commercial bank in Germany. The regional institutions of credit cooperatives play a more active role than the Landesbanken in redistributing liquidity among the affiliated institutions, operating chiefly in the interbank and capital markets (Deutsche Bundesbank, 2015).

46. The remaining twenty percent of the German banking sector comprises mortgage banks, building and loan associations and special purpose banks. Mortgage banks suffered losses during the financial crisis, and subsequently went through restructuring and resolution. Their asset size has declined to under five percent of the banking system in 2015.

47. Asset and liability structures of the German banking sector have been relatively stable since the last FSAP. On the asset side, banks mainly focus on lending to banks and non-banks, with the role of Landesbanken and mortgage banks decreasing over time. On the liability side, banks mainly obtain funding from three sources: liability to non-banks, liabilities to the MFI sector, and securitized debt, with liabilities to non-banks as the primary source of funding for Germany’s banking sector as a whole (42.5 percent in March 2015).

48. Banking supervision in Germany is conducted by three authorities: BaFin, Bundesbank, and, since 2014, also the ECB. The Single Supervisory Mechanism (SSM) – the banking supervision mechanism in place in the Euro Area Member States comprising the European Central Bank (ECB) and the national competent authorities (NCAs) – entered into operation on 4 November 2014. In the SSM, credit institutions are categorized as “significant” or “less significant”. The ECB directly supervises the SIs, which includes 21 banking groups in Germany. Among the SIs directly supervised by the ECB, one German bank (Deutsche Bank) is included in the Financial Stability Board list of Global Systemically Important Banks (G-SIBs) for 2016. The NCA – in the case of Germany, BaFin and Bundesbank supervise the LSIs, under the general oversight of the ECB. The institutions supervised by BaFin are divided into four groups: commercial banks (182), institutions belonging to the savings bank sector (425), institutions belonging to the cooperative sector (1,052), and other institutions (121). The group comprising commercial banks include major banks, private commercial banks, and subsidiaries of foreign banks. The savings bank sector comprises public-sector and independent savings banks together with the Landesbanken. In addition to the primary credit cooperatives, the cooperative sector also includes DZ Bank and WGZ Bank due to their financial ties. The group of other institutions comprises building societies (Bausparkassen), Pfandbrief banks, securities trading banks, and development banks operated by the federal government and the federal states. At the close of 2014, BaFin was supervising 12 private and 9 public sector building societies.

Preconditions for Effective Banking Supervision⁷

49. The macroeconomic environment has been favorable with regard to the performance of the German banking industry in recent years. It manifested itself especially in low borrower related credit risk and a low stock of nonperforming loans, particularly when compared to other European countries. Results of the Bank Lending Survey suggest that borrower related risk and the general macroeconomic situation did not alter lending policies in Germany to a large extent in recent years, however these factors had a sizeable impact at the peak of the financial crisis 2008 / 2009. With regard to the low interest rate environment banks active in the traditional banking business managed to keep their interest margins stable so far. At the same time, they have extended their balance sheets and maturity transformation risk. Nevertheless, if the low interest environment prevails the shrinking interest rate margin will force banks to look for alternative business opportunities potentially raising new and unknown risks for the respective banks.

50. The Financial Stability Act provides the legal framework for the Financial Stability Committee (FSC), Germany’s macroprudential institution. The Federal Ministry of Finance (MoF), the Federal Financial Supervisory Authority (BaFin) and the Bundesbank each have three voting representatives on the FSC, while the Federal Agency for Financial Market Stabilization (Bundesanstalt für Finanzmarktstabilisierung - FMSA) has one non-voting advisory member. The FSC discusses the factors that are key to financial stability, strengthens cooperation between the institutions represented on it, advises on the handling of warnings and recommendations issued by the ESRB and reports annually to the lower house of Parliament (the Bundestag) on the situation regarding the developments in financial stability as well as on its own activities. In particular, the FSC is able to issue warnings and recommendations to all public bodies in Germany in order to promptly combat any adverse developments which may cause risks to financial stability. As with the ESRB’s recommendations, the addressees of these recommendations must adhere to a “comply or explain” mechanism.

51. As the German credit market is dominated on the supply side by Sparkassen and Volks- und Raiffeisenbanken (co-operative banks) which typically conduct retail business and SMEs on the demand side, the credit culture can be assessed as a more traditional one where collateralization e.g., by mortgages prevails. However, more recently one can see the tendency of larger corporates, the typical clients of the bigger banks, to fund themselves directly on the capital market. This might be driven by an increased willingness of investors to take these risks while funding costs of larger banks went up due to rating downgrades.

52. Germany has a well-developed public infrastructure, including a comprehensive legal system covering in particular areas relevant for the banking system. These laws relate, e.g., to corporate law setting out the requirements regarding the setting up and winding down/liquidating of joint stock companies, limited companies, partnerships, cooperatives, etc., their internal governance structures, detailed accounting provisions as well as rules regarding mergers and acquisitions.

53. The financial sector regulation in Germany covers all relevant areas (banking, insurance, and securities). As a member state of the EU, large parts of the German framework are rooted in the transposition or implementation of EU directives and directly applicable EU regulations. Specific national rules exist where topics considered relevant are not regulated by EU law or where EU law leaves room for additional national rules. Furthermore, BaFin as an integrated supervisory authority is member of the European Supervisory Authorities (EBA, ESMA, and EIOPA). In this context, BaFin is obliged to cooperate with and support the work of the ESAs. This also includes the implementation of ESA guidelines and recommendations. The same applies to the cooperation of BaFin and ECB within the SSM.

54. Germany enjoys a system of independent external audits and comprehensive accounting principles and rules, which are contained in the German Commercial Code (HGB). All German public accountants are organized in the Chamber of Public Accountants (WPK), a corporation under public law. The requirements on the profession of a certified public accountant are stringent. The Auditor Oversight Commission (AOC), comprised entirely of persons independent from the profession, carries out public oversight on the Chamber of Public Accountants (WPK), and all auditors associated in the WPK.

55. In Germany terms and conditions of contracts in general are not regulated in supervisory law but in civil law. The Civil Code (Bürgerliches Gesetzbuch - BGB) for example sets legal framework for consumer credits including consumer protection regulations and the act on insurance contracts (Versicherungsvertragsgesetz - VVG) also stipulates consumer protection regulations. Recently the German legislator adopted a new law to improve the protection of retail investors (“Kleinanlegerschutzgesetz”). Moreover, BaFin supervises compliance of financial market players with consumer protecting provisions in supervisory laws, e.g., German Banking Act (Kreditwesengesetz – KWG), Insurance Supervision Act (Versicherungsaufsichts-gesetz – VAG), and Securities Trading Act (Wertpapierhandelsgesetz - WpHG).

56. On July 3, 2015 the Deposit Insurance Act (Einlagensicherungsgesetz - EinSiG) entered into force. Thus, Germany has transposed the European directive on deposit guarantee schemes (DGSD) into national law. Under the Directive, all credit institutions have to be allocated to a statutory guarantee scheme or an institutional protection scheme that is officially recognized as a deposit guarantee scheme. Customers of all institutions have a legal claim to compensation for their covered deposits up to an amount of € 100,000.

57. The German Act for Recovery and Resolution of Institutions and Financial Groups (SAG) spells out the different responsibilities and tools available in crisis management and for bank resolution which complement the powers and measures granted by the Banking Act (KWG). The Federal Agency for Financial Market Stabilization (FMSA) was appointed as resolution authority on a national level. The supervisory authority reviews and assesses the recovery plan in consultation with the Bundesbank. Banks that are deposit taking institutions as defined in section 1 (3d) first sentence KWG also have to be members of a deposit insurance scheme which further bolsters public confidence in the stability of the financial system. For further details, please refer to the Einlagensicherungsgesetz (EinSiG) that went into force on July 3, 2015 and amended the former Deposit Guarantee and Investor Compensation Act (EAEG).

58. The main legislation aimed at maintaining adequate flows of information to market participants as condition for effective market discipline is the German Corporate Governance Code (GCGC). Information on stock option programs and similar securities-based incentive systems of the company must be given either in the Corporate Governance Report, the Annual Financial Statements, the Consolidated Financial Statements or the compensation report. All material new facts made known to financial analysts and similar addressees must also be disclosed to the shareholders. Other disclosure provisions cover remuneration issues. According to Art. 450 CRR, SIs must disclose specific information regarding the remuneration policy and practices of the institution for those categories of staff whose professional activities have a material impact on its risk profile, such as information concerning the governance process, information on link between pay and performance, the most important design characteristics of the remuneration system, the ratios between fixed and variable remuneration, aggregate quantitative information on remuneration, and the number of individuals being remunerated EUR 1 million or more per financial year. This is complemented by HGB provisions which establish the disclosure of the total remuneration of every management board and the supervisory board member in fiscal year (salaries, profit sharing, options and other stock-based compensation, expense allowances, insurance charges, commissions, and fringe benefits of any kind) has to be part of the annex of the profit and loss account and the consolidated profit and loss account respectively.

59. Another tool to maintain effective market discipline is provided by the Securities Trading Act (Wertpapierhandelsgesetz - WpHG). WpHG requires listed companies to disclose immediately—i.e., ad hoc—facts about their company that are not public knowledge if such information has the potential to influence the price of the financial instrument and if it relates directly to the issuer. WpHG requires publicly traded companies to prepare annual financial statements and half-yearly financial reports as well as interim management statements. The annual financial statements and half-yearly financial reports of publicly traded companies must include a compliance statement by the company’s legal representatives.

Principle 1	Responsibilities, objectives and powers. An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups.⁸ A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorize banks, conduct ongoing supervision, address compliance with laws and undertake timely corrective actions to address safety and soundness concerns.⁹
Essential criteria
EC1	The responsibilities and objectives of each of the authorities involved in banking supervision¹⁰ are clearly defined in legislation and publicly disclosed. Where more than one authority is responsible for supervising the banking system, a credible and publicly available framework is in place to avoid regulatory and supervisory gaps.
Description and findings re EC1	In Germany there are three authorities with responsibilities regarding banking supervision: the ECB, BaFin and Deutsche Bundesbank (BBk). The European Central Bank (ECB), in cooperation with national authorities, is generally responsible for the supervision of credit institutions established in the participating EU Member States (the “participating Member States” are those whose currency is the euro or a Member State whose currency is not the euro but has established close cooperation with the ECB). Together, the ECB and the various national competent authorities (NCA) form the Single Supervisory Mechanism (SSM). The objectives and responsibilities of the SSM are defined in the SSM Regulation (Council Regulation (EU) No 1024/2013 of 15 October 2013 – SSMR) conferring “specific” tasks to the ECB relating to the prudential supervision (some tasks, such as the supervision of AML related issues, are not under the jurisdiction of ECB). The SSM Regulation is supplemented by the SSM Framework Regulation (Regulation (EU) No 468/2014 of 16 April 2014 – SSMFR) establishing the framework for cooperation within the SSM, which provides the legal basis for the operational arrangements related to the prudential tasks of the SSM. The respective tasks of the ECB and of the national authorities are listed in Articles 4, 5, and 6 of the SSM Regulation and further detailed in the SSMFR. Banks are qualified as significant (SI) or less significant (LSI) on the basis of defined criteria, mainly: their size, the importance for the economy of the Union or a specific Member State, the importance of their cross-border activities. SIs are under the direct supervision of the ECB. BaFin and Bundesbank assist the ECB in the performance of these tasks. Less significant institutions or banking groups (LSIs) are under the direct supervision of the BaFin and Bundesbank. For these LSIs, the ECB is responsible for exercising oversight over the functioning of the system. When necessary to ensure consistent application of supervisory standards, the ECB may, on its own initiative and after consulting with the NCAs (or upon request by a NCA), decide to exercise directly itself all relevant powers for one or more credit institutions, including in the case where financial assistance has been requested or received indirectly from the EFSF or the ESM. The ECB published its Guide to banking supervision, which aims at explaining to the public how the SSM functions and at giving guidance on the SSM’s supervisory practices. The responsibilities and objectives of the German authorities for the purpose of banking supervision are defined in sections 6 and 7 of the German Banking Act (Kreditwesengesetz – KWG). The Federal Financial Supervisory Authority (BaFin) exercises in cooperation with Bundesbank, supervision over banks according to KWG, the second level regulation enacted in connection with it, Regulation (EU) No 575/2013 (CRR) and legal acts enacted on the basis of the CRR and Directive 2013/36/EU (CRD IV). BaFin is the competent/designated authority for the application of Article 458 of CRR (macroprudential responsibilities) as well as the competent authority pursuant to Article 4 (1) of CRD IV. Bundesbank is also a competent entity pursuant to Article 4 (1) CRD IV within the scope of the functions assigned to it by section 7 KWG. BaFin and Bundesbank cooperate as stipulated in section 7 KWG. As far as national competent authorities participate in the SSM, BaFin and Bundesbank maintain their national distribution of tasks established in section 7 (1a) KWG. Additionally, BaFin, in consultation with Bundesbank, issued a Supervision Guideline which regulates the division of tasks of both authorities in detail. The agreement is designed to avoid duplication of work and ensure cost-effectiveness on the national level. Since the introduction of the SSM it is in a sense only applicable for the cooperation in supervision of LSIs. Under the guideline, the Bundesbank is assigned most of the operational tasks in banking supervision. In the ongoing monitoring process, the Bundesbank’s responsibilities include evaluating the documents, reports, annual accounts and auditors’ reports submitted by the institutions as well as regular inspections of banking operations. It holds both routine and ad hoc prudential discussions with the institutions (with BaFin). BaFin is responsible for all decisions and measures. Only in exceptional cases BaFin does audits/inspections of banking operations, either together with the Bundesbank or on its own.
EC 2	The primary objective of banking supervision is to promote the safety and soundness of banks and the banking system. If the banking supervisor is assigned broader responsibilities, these are subordinate to the primary objective and do not conflict with it.
Description and findings re EC2	Article 1 of the SSM Regulation states the objectives of the ECB in the performance of its supervisory tasks: “This Regulation confers on the ECB specific tasks concerning policies relating to the prudential supervision of credit institutions, with a view to contributing to the safety and soundness of credit institutions and the stability of the financial system within the Union and each Member State, with full regard and duty of care for the unity and integrity of the internal market based on equal treatment of credit institutions with a view to preventing regulatory arbitrage.” Article 25 of the SSM Regulation further specifies that, when carrying out its supervisory tasks, the ECB shall pursue only the objectives set by the SSM Regulation. The same provision also sets a framework in order to separate the supervisory function of the ECB from its monetary policy function. The purpose of this separation principle is to ensure that each function is strictly exercised in accordance with its respective objectives, therefore avoiding conflicts between these objectives. The separation principle covers, among other things, the separation of objectives, the separation of decision-making processes and tasks, including the organizational and procedural separation at the level of the Governing Council. In order to ensure full separation of objectives, the decisions taken by the ECB in the area of banking supervision are prepared by an independent Supervisory Board before being submitted to the Governing Council for final adoption, mainly under the “non-objection procedure” according to which the Governing Council is deemed to have adopted the decision unless it objects within a specific timeframe. Moreover, the ECB’s Rules of Procedure were amended to regulate organizational and procedural aspects related to the Supervisory Board and its interaction with the Governing Council. This included the rule that the Governing Council’s deliberations on supervisory matters would be kept strictly apart from those on other issues, with separate agendas and meetings. Additionally, as required under Article 25(5) of the SSM Regulation, a Mediation Panel was established by Regulation ECB/2014/26 of June 2, 2014 with a view to resolve differences of views expressed by the NCAs regarding an objection of the Governing Council to a draft decision by the Supervisory Board. On September 17, 2014 the ECB adopted a Decision on the implementation of separation between the monetary policy and supervision functions of the ECB (Decision ECB/2014/39). BaFin’s objectives are set down by law and are legally binding. As the competent administrative authority pursuant to section 6 (1) KWG, BaFin exercises supervision of institutions in accordance with the KWG. The primary objectives of banking supervision are summarized in section 6 (2) of the KWG: BaFin shall counteract undesirable developments that may endanger the safety of institutions’ assets, impair proper conduct of banking business or entail major disadvantages for the economy as a whole. BaFin is governed according to its Mission Statement whereas its highest priority is to seek to discharge its statutory mandate to the very best of its ability. Section 4 (1a) of the Act Establishing the Federal Financial Supervisory Authority, (Finanzdienstleistungsaufsichtsgesetz – FinDAG) also empowers BaFin with the legal task of collective consumer protection. The Bundesbank’s mandate for banking supervision follows from a mandate to safeguard financial stability, as laid down in the Act concerning the BBk (Gesetz über die Deutsche Bundesbank), as well as from the KWG, that highlights Bundesbank’s responsibilities for the ongoing monitoring of German institutions. As explained on the website of the Bundesbank, “owing to its business relationships with credit institutions, its local presence and its general proximity to the market, the Bundesbank has deep insights into the financial sector and knowledgeable staff qualified to deal with issues relating to the financial market and its stability.”
EC3	Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. The supervisor has the power to increase the prudential requirements for individual banks and banking groups based on their risk profile¹¹ and systemic importance.¹²
Description and findings re EC3	For regulatory powers of BaFin and ECB, see EC 4. In accordance with Article 4(1)(f) of the SSM Regulation, the ECB is competent to carry out supervisory reviews, including where appropriate in coordination with EBA, stress tests, in order to determine whether the arrangements, strategies, processes and mechanisms put in place by credit institutions and the own funds held by these institutions ensure a sound management and coverage of their risks. On the basis of that supervisory review, the ECB may impose on credit institutions specific measures from the list laid down in Articles 9-18 SSM Regulation, in CRR, as well as instruct NCAs to use their powers under national law (see CP 11). The outcome of the SREP is the basis for determining the capital and liquidity adequacy of the credit institution. There are specific supervisory powers directly available to ECB listed in Article 16 of the SSMR. If the bank does not meet the requirements of relevant EU law, is likely to breach these requirements within 12 months, or if, based on the SREP, the ECB determined that the arrangements, strategies, processes and mechanisms implemented by bank and the own funds and liquidity held by it do not ensure a sound management and coverage of its risks, the ECB has, inter alia, the following powers (applicable to both SIs and LSIs): to require the reinforcement of the arrangements, processes, mechanisms and strategies; to require institutions to present a plan to restore compliance with supervisory requirements and set a deadline for its implementation, including improvements to that plan regarding scope and deadline; to require institutions to apply a specific provisioning policy or treatment of assets in terms of own funds requirements; to restrict or limit the business, operations or network of institutions or to request the divestment of activities that pose excessive risks to the soundness of an institution; to require the reduction of the risk inherent in the activities, products and systems of institutions; to require institutions to limit variable remuneration as a percentage of net revenues when it is inconsistent with the maintenance of a sound capital base; to require institutions to use net profits to strengthen own funds; to restrict or prohibit distributions by the institution to shareholders, members or holders of Additional Tier 1 instruments where the prohibition does not constitute an event of default of the institution; and to impose additional or more frequent reporting requirements, including reporting on capital and liquidity positions. For institutions directly supervised by the German authorities, Article 92 CRR on own fund requirements applies. Further, in accordance with section 10 (3) KWG, BaFin may issue an order requiring an institution, group of institutions, financial holding group or mixed financial holding group to meet own funds requirements in respect of risks and risk elements not covered by Article 1 CRR which go beyond the own funds requirements pursuant to the CRR (see CP 16). In addition, and in accordance with section 10f KWG BaFin will order global systemically important institutions to maintain a capital buffer for global systemically important institutions (G-SII buffer) on a consolidated basis consisting of Common Equity Tier 1 capital. In accordance with section 10g KWG BaFin may order other systemically important institutions to maintain a capital buffer for other systemically important institutions (O-SII buffer) of up to 2.0 percent of the total risk exposure amount determined pursuant to Article 92 (3) CRR on a consolidated, sub-consolidated or individual basis consisting of Common Equity Tier 1 capital.
EC4	Banking laws, regulations and prudential standards are updated as necessary to ensure that they remain effective and relevant to changing industry and regulatory practices. These are subject to public consultation, as appropriate.
Description and findings re EC4	European legislation and regulation are updated and subject to public consultation. EBA technical standards and guidelines are also subject to the formal public consultations. ECB regulation and guidelines are also subject to public consultation. Since its adoption in 1961, the KWG has been regularly updated and amended in order to take into account developments in the banking industry and advancements in supervisory practices. Also, the supplementary regulations have been regularly updated, e.g., major amendments by the act transposing CRD IV into national law in 2013 or the BRRD in 2014 In accordance with Article 4(3) of the SSM Regulation, the ECB may adopt guidelines, recommendations and decisions. It may also adopt regulations. Before adopting a regulation, the ECB conducts open public consultations and analyses the potential related costs and benefits. So far, the ECB held public consultation on the following documents: Draft ECB Regulation on reporting of supervisory financial information; Draft ECB Regulation on supervisory fees; Draft ECB SSM Framework Regulation; Draft ECB Regulation on the exercise of options and discretions and draft ECB Guide on options and discretions available in Union law; and Draft ECB Guide on the approach for the recognition of institutional protection schemes for prudential purposes. BaFin is empowered to issue both prudential regulations and guidelines. Regulations are legally binding. In order to issue a regulation BaFin requires a specific mandate in the KWG or another supervisory law. This reservation follows from the principle that all legislation, in particular if it may affect basic rights, has to be issued by the legislative body (Parlamentsvorbehalt). Thus, binding regulatory acts issued by an executive body need at least a legal mandate in a parliamentary act which clearly determines the possible/allowed content of the regulation. Most mandates in the German banking act are primarily addressed at the Ministry of Finance (MoF) but allow for a sub-delegation to BaFin. The MoF has frequently made use of this option, delegating such authority (for instance, through the Regulation Concerning Reports and the Submission of Documentation under the Banking Act – AnzV). As a rule, regulations supplement individual sections of the KWG or other supervisory acts where additional provisions are required but are too detailed or too technical. Guidelines are generally non-binding, however, when they are published they document BaFin’s understanding of certain provisions and its respective administrative practice they have a binding effect on BaFin itself; the same applies to circulars, guidance, opinions. As guidelines are non-binding BaFin can issue them at its own discretion whenever it considers it necessary. Draft regulations and guidelines are publicly consulted. While public consultation is mandatory for regulations it is also customary for guidelines. As guidelines are non-binding, institutions cannot be forced to comply with them, however, as they often provide supplementary rules for legal provisions, non-compliance with the guideline can also indicate a breach of these provisions.
EC5	The supervisor has the power to: (a) have full access to banks’ and banking groups’ Boards, management, staff and records in order to review compliance with internal rules and limits as well as external laws and regulations; (b) review the overall activities of a banking group, both domestic and cross-border; and (c) Supervise the activities of foreign banks incorporated in its jurisdiction.
Description and findings re EC5	In accordance with Article 10 of the SSMR the ECB may require credit institutions, financial and mixed financial holding companies and mixed-activity holding companies, established in the SSM area all information that is necessary to its supervisory tasks, including information to be provided at recurring intervals and in specified formats for supervisory and related statistical purposes. The ECB may also request all information to persons belonging to these entities or third parties to whom those entities have outsourced functions or activities. In addition, pursuant to Article 11 of the SSM Regulation, the ECB may conduct all necessary investigations of any of these entities, persons or third parties, when those are established or located in the SSM area. To that end, the ECB is empowered to (i) require the submission of documents; (ii) examine the books and records of the persons involved and take copies or extracts; (iii) obtain written or oral explanations from any person or their representatives or staff; (iv) interview any other person who consents to be interviewed for the purpose of collecting information relating to the subject. The ECB may also conduct all necessary on-site inspections according to Article 12 of the SSMR, and may, for that purpose, enter any business premises and land of the legal persons subject to an investigation. Regarding the institutions directly supervised by the German authorities, sections 44 et seq. KWG grant BaFin and Bundesbank a number of information and audit rights which they can make use of at any time either routinely or for specific reasons. Although both institutions are entitled to information rights, the right to order audits by an administrative act is reserved exclusively to BaFin. According to section 44 (1) sentence 1 KWG, information and audit rights are directed to the institution itself as well as the members of its governing bodies and its employees. The institutions have to provide information and submit documents concerning all business activities. The authorization also extends to third persons and facilities that BaFin utilizes in the performance of its functions. The audit right includes enterprises to which an institution has out-sourced major operational units, and the holders of qualified participating interests are also required to provide information. This duty applies both to information relating to business activities and to the submission of documentation. Section 44 (2) KWG grants the supervisory authorities information rights vis-à-vis subordinated enterprises that are included in the banking supervisory consolidation, as well as financial holding companies. The ECB has direct supervisory competence in respect of significant groups comprising credit institutions, financial holding companies, mixed financial holding companies established in the SSM area, and branches in the SSM area of credit institutions established in the EU that are significant branches. However, the ECB has very limited powers to supervise the branches mentioned above, as it has a very limited capacity to request information from the bank in question and it cannot undertake on-site inspections of such EU branches (except in the context of a college under article 159 CRD IV). Similarly, non-EU banks establishing an affiliate in the SSM area are authorized by the ECB and supervised by the ECB when classified significant. Credit institutions from non-EU countries only establishing a branch or providing cross-border services in the Union remain supervised by BaFin (Recital 28 of the SSMR). For LSIs, BaFin will be responsible e.g., for cross-border inspections (section 8a (1) no. 2 KWG). The KWG contains a large number of reporting and submission requirements designed to enable BaFin and Bundesbank to judge the structure of institutions at group level.
EC6	When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardize the bank or the banking system, the supervisor has the power to: (a) take (and/or require a bank to take) timely corrective action; (b) impose a range of sanctions; (c) revoke the bank’s license; and (d) cooperate and collaborate with relevant authorities to achieve an orderly resolution of the bank, including triggering resolution where appropriate.
Description and findings re EC6	See EC 3 and CP 11. The ECB has available a range of possible measures to take corrective actions. Those tools include supervisory powers as well as administrative measures and administrative penalties. The assessment whether an institution “infringes or is likely to infringe in the near future” the applicable requirement is carried out by the ECB on the basis of the outcome of the SREP. The ECB has somewhat limited direct sanctioning power but can avail itself of the sanctioning powers available to German supervisors (see CP 11) The ECB also has the powers to withdraw the authorization for both SIs and LSIs. Resolution of SIs, since January 2016, involves the new European resolution authority, the Single Resolution Board (SRB). The resolution process is being initiated by the determination of an institution failing or likely to fail by the ECB and respective communication to the SRB and the determination by the SRB that the conditions for resolution are met. Other external stakeholders have to be informed as well (Art. 81 and 83 BRRD/section 138 and 140 SAG) such as relevant national resolution authorities, deposit guarantee scheme(s), the competent ministries, the European Systemic Risk Board (ESRB) and the designated national macro-prudential authority. Moreover, to support any resolution action(s) taken by the SRB/NRAs, the ECB coordinates supervisory tasks during the resolution stage and necessary follow-up actions, e.g., authorization of a bridge bank and withdrawal of license of the ‘old’ institution, where appropriate. Once a bank is in resolution and under the control of the SRB, there is a general obligation for the ECB to cooperate with all its requests. If an institution which is under direct supervision of BaFin violates legal requirements, or if its business is not conducted properly, BaFin has a series of measures aimed either at the institution itself, or at the managers of the institution. Material decisions regarding LSIs must be communicated to the ECB (Articles 97 and 98 SSMFR). All administrative penalties imposed on LSIs in connection with the exercise of supervisory tasks must be communicated to the ECB (Article 135 SSMFR). Violations of the KWG or other banking supervisory regulations can be subject to written admonition, a formal order in accordance with sections 6 (3) or 25 a (2) KWG to establish or restore a situation complying with the law, the imposition of a fine in accordance with section 56 KWG, the (partial) transfer of the powers incumbent upon the institution’s governing bodies to a special representative in accordance with section 45 c KWG or, as a last resort, the revocation of the institution’s license in accordance with section 35 (2) KWG (the actual revocation of license would be proposed by BaFin and decided by the ECB). In such cases, measures can also be taken against the managers in accordance with section 36 (2) KWG. Regarding cooperation and collaboration to achieve an orderly resolution, the German Recovery and Resolution Act (Sanierungs- und Abwicklungsgesetz, SAG) provides for certain powers as well as obligations for BaFin, respectively the ECB, as the competent supervisory authority. The competent authority is responsible for recovery planning (section 13 – 21 SAG) and the imposing of early intervention measures (section 36 SAG). Furthermore, the competent authority after hearing the resolution authority or the resolution authority after hearing the supervisory authority are able to decide that an institution is failing or likely to fail (section 62 (2) SAG). For resolution the Financial Market Stabilization Agency (Bundesanstalt für Finanzmarktstabilisierung – FMSA) acts as the national resolution authority according to section 3 SAG.
EC7	The supervisor has the power to review the activities of parent companies and of companies affiliated with parent companies to determine their impact on the safety and soundness of the bank and the banking group.
Description and findings re EC7	In accordance with Article 4(1)(g) of the SSMR, in relation to SIs, the ECB has the task to “carry out supervision on a consolidated basis over credit institutions’ parents established in one of the participating Member States, including over financial holding companies and mixed financial holding companies, and to participate in supervision on a consolidated basis, including in colleges of supervisors without prejudice to the participation of national competent authorities in those colleges as observers, in relation to parents not established in one of the participating Member State”. Similarly, the supervisory powers conferred on the ECB by Article 16 of the SSMR allow the ECB to require credit institutions as well as financial holding companies and mixed financial holding companies to take necessary measures. The KWG contains a large number of reporting and submission requirements designed to enable BaFin and Bundesbank to judge the structure of institutions as a whole at group level. One reason for refusing the license is that facts are known, which warrant the assumption that the institution is associated with other individuals or enterprises through corporate ties which impair the effective supervision of the institution (section 33 (2) no. 1 KWG). In accordance with section 24 (3a) sentence 2 KWG, financial holding companies must annually submit to BaFin and Bundesbank an aggregated report of subordinated institutions, financial enterprises and ancillary services undertakings. The establishment of, changes to or discontinuation of such participating interests or corporate relationships must be reported to BaFin and Bundesbank - section 24 (3a) sentence 4 KWG.
Assessment of Principle 1	Compliant
Comments	The legal framework for banking supervision is established by directly applicable EU regulation, German laws and regulations, and SSMR. All banks are subject to supervision and can be subject to individually determined prudential requirements based on their risk profile and systemic importance. While the division of responsibilities between BaFin and Bundesbank regarding LSIs supervision seems to be clear, the framework regarding supervision of SIs is still evolving and although the responsibilities of each authority are described in published laws and regulations there are still uncertainties regarding the specific operational roles and powers of each agency in the new environment and many questions need to be addressed in practice as they appear. These uncertainties reflect the complex legal and operational framework of the SSM, in particular on imposition of sanctions and enforcement actions, but do not seem to affect the overall understanding of responsibilities by the market or authorities. BaFin’s responsibilities regarding consumer protection have been recently expanded by the Retail Investor Protektion Act (Kleinanlegerschutzgesetz). Retail Investor Protection Act (Kleinanlegerschutzgesetz). While consumer protection duties are also related to banks, consumer protection staff and responsibilities are located in the securities and conduct supervision directorate, which has recently been restructured. These shifts may affect available resources for banking supervision. (see CP 2)
Principle 2	Independence, accountability, resourcing, and legal protection for supervisors. The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor.
Essential criteria
EC1	The operational independence, accountability and governance of the supervisor are prescribed in legislation and publicly disclosed. There is no government or industry interference that compromises the operational independence of the supervisor. The supervisor has full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision.
Description and findings re EC1	The ECB’s functional, institutional, and financial independence is defined in accordance with Article 130 of the Treaty on the Functioning of the European Union. The ECB’s independence extends to its supervisory tasks. Article 19 of the SSMR provides that “When carrying out the tasks conferred on it by this Regulation, the ECB and the national competent authorities acting within the SSM shall act independently. The Members of the Supervisory Board shall act independently and objectively in the interest of the Union as a whole and shall neither seek nor take instructions from the institutions or bodies from the Union, from any government of a Member State or from any other public or private body.” BaFin’s governance structure and inner office’s organization are defined in the FinDAG, the Rules of Internal Procedures (Geschäftsordnung), the Organizational Statute of BaFin (Organisationsstatut für die BaFin - OsBaFin) and the Articles of Association (Satzung der BaFin). According to section 1 FinDAG, BaFin operates as a legal person in the form of an institution of public law that is functionally and organizationally independent from the MoF. Pursuant to Article 19 SSMR the national competent authorities as well as the ECB acting within the SSM, shall act independently when carrying out the tasks conferred on the SSMR. As far as LSIs are affected, BaFin is subject to legal and supervisory control by the MoF as defined in section 2 FinDAG and further elaborated in the “Guidelines for the control of BaFin by the MoF” (Grundsätze für die Ausübung der Rechts- und Fachaufsicht des BMF über die BaFin 16.02.2010). For this control, MoF relies on information that is in the public domain, as well as on reports from BaFin on “internal organizational matters, significant events occurring in the exercise of financial services supervision and important topics in connection with activities at an international level”. More specifically, BaFin is to report to MoF on: (i) supervisory measures intended and introduced “that are of material importance in the exercise of supervision” (defining the term “matters of material importance” as “noteworthy events occurring at systemically important institutions and noteworthy developments on the major financial markets” as well as “extreme events occurring at smaller institutions”. (ii) contacts with foreign supervisory authorities and on the conclusion of cooperation agreements with foreign supervisory authorities; (iii) its advisory activities in connection with the development and support of supervisory systems outside Germany; and on (iv) topics discussed in and results of meetings of relevant European supervisory bodies and other international groups in which BaFin is represented. BaFin must also notify the MoF “if it becomes aware of possible threats to systemically important credit institutions, financial services institutions, investment funds or insurance undertakings under its supervision, of impeding disruptions on regulated stock exchanges and securities markets or other financial difficulties looming in the financial services field”; and of audits by the Federal Court of Audit (Bundesrechnungshof). In addition to the written reports, the Guidelines provide for technical discussions on various topics, as well of the exchange of specialized knowledge. Regulations issued by BaFin on the basis of the KWG are to be submitted to the MoF prior to publication, and the MoF needs to be informed prior to publication about any BaFin announcement and/or notice with regard to “their regulatory content and their impact on the institutions and undertakings under supervision”, as well as on BaFin’s annual report, press briefings, interviews and other publications. It should be noted that neither the KWG, nor the FinDAG or the Guidelines provide for any direct instruction rights for the MoF vis-à-vis BaFin; the Guidelines do not provide for an ex ante involvement in individual supervisory decisions and/or actions, nor for ex post powers to rescind decisions taken by BaFin. In practice, there is no evidence of MoF influencing day-to-day supervisory decisions of BaFin. The Bundesbank, as a national central bank in the Eurosystem, operates independently. In the performance of its banking supervision tasks, the Bundesbank is required to observe guidelines set forth by ECB or BaFin. Bundesbank’s independence as regards instructions from the Federal Government of Germany is explicitly confirmed in section 12 Bundesbank Act.
EC2	The process for the appointment and removal of the head(s) of the supervisory authority and members of its governing body is transparent. The head(s) of the supervisory authority is (are) appointed for a minimum term and is removed from office during his/her term only for reasons specified in law or if (s)he is not physically or mentally capable of carrying out the role or has been found guilty of misconduct. The reason(s) for removal is publicly disclosed.
Description and findings re EC2	According to article 283 of the European Treaty, the President, the Vice-President and the other members of the Executive Board of the ECB are appointed by the European Council, acting by a qualified majority, from among persons of recognized standing and professional experience in monetary or banking matters, on a recommendation from the Council, after it has consulted the European Parliament and the Governing Council of the ECB. Their term of office is eight years, not renewable. The Supervisory Board of the ECB is composed of a Chair, a Vice-Chair, four ECB representatives and one representative of each NCA, who can be accompanied by one representative of the NCB if the NCA is not the NCB (e.g., in Germany, BaFin and Bundesbank). The process for the appointment of the Chair and Vice-Chair of the Supervisory Board as well as of the four ECB representatives to the Supervisory Board is described in Article 26 of the SSMR, the ECB Rules of Procedure and Decision ECB ECB/2014/4 of 6 February 2014 on the appointment of representatives of the ECB to the Supervisory Board. The Chair is chosen on the basis of an open selection procedure from among individuals of recognized standing and experience in banking and financial matters and who are not members of the Governing Council. The Inter-Institutional Agreement with the European Parliament and the MoU with the Council provide that the ECB shall specify and make public the criteria for the selection of the Chair and describe arrangements for the involvement of the EP and Council in the procedures. The Vice Chair of the Supervisory Board is chosen from among the members of the Executive Board of the ECB. The Chair and Vice-Chair are proposed by the ECB to the European Parliament for approval, after a public hearing has been held by the relevant Parliament Committee. Following approval of the Parliament, the Council adopts an implementing decision appointing them. The four ECB representatives are appointed by the Governing Council, on a proposal from the Executive Board. The term of office of the Chair, the Vice-Chair and the four ECB representatives is 5 years, non-renewable. The Council may, following a proposal of the ECB which has been approved by the European Parliament, adopt a decision to remove the Chair from office, if he/she no longer fulfils the conditions required for the performance of his/her duties or has been guilty of serious misconduct. Under similar conditions, the Court of Justice of the EU may, on application by the Governing Council or the Executive Board, compulsorily retire the Vice-Chair from his/her function as member of the Executive Board. In such case, the Council may, following a proposal by the ECB, which has been approved by the European Parliament, to remove him/her as well from his/her office as Vice-Chair. Although the decisions are to be published, the disclosure of reasons for dismissal is not explicitly required. Regarding BaFin, the president and the chief executive directors of BaFin are appointed by the Federal President on proposal of the German Government according to section 9 FinDAG. The minimum term for the president and the chief executive directors generally lasts for eight years, in exceptional cases for a shorter term, but at least for five years. The process for removal of the head(s) of the supervisory authority and members of its governing body is set in section 9 paragraph 2 FinDAG. According to FinDAG, the official relationship shall end upon expiry of the term of office or upon the member being discharged. The Federal President shall discharge a member of the Executive Board upon his/her request or upon resolution of the Federal Government for good cause. Public disclosure of reasons for dismissal, however, is not required. Furthermore, there are no legal barriers to transferring the BaFin’s President and Executive Board members to other branches of the Federal government. Regarding Bundesbank, the President, the Deputy President and the four other members of the Executive Board of the Bundesbank are appointed by the President of the Federal Republic of Germany. The President, the Deputy President and one other member shall be nominated by the Federal Government; the other three members shall be nominated by the Bundesrat (i.e. the upper house of parliament representing the federal states) in agreement with the Federal Government, cf. section 7 (3) Bundesbank Act. The Bundesrat may forward a proposal for the nomination of the Deputy President to the Federal Government. The Federal Government and the Bundesrat shall consult the Executive Board with regard to their nominations. The members of the Executive Board shall be appointed for 8 years or in exceptional cases for a shorter term of office, but not for less than 5 years. The president of the Bundesbank may be relieved from office only if he no longer fulfils the conditions required for the performance of his duties or if he has been guilty of serious misconduct (Art 14.2. of the Statute of the European System of Central Banks and of the ECB). Although the decisions are to be published, the disclosure of reasons for dismissal is not explicitly required. According to Art. 130 TFEU and Art. 7 of the ESCB statute, a national central bank, including the Bundesbank, and the members of their decision-making bodies, shall not seek or take instructions from Union institutions, bodies, offices or agencies, from any government of a Member State or from any other body.
EC3	The supervisor publishes its objectives and is accountable through a transparent framework for the discharge of its duties in relation to those objectives.¹³
Description and findings re EC3	Article 1 of the SSMR clearly states the objectives of ECB’s banking supervision. As a European institution, the ECB is primarily accountable to the European Parliament and the European Council, as mentioned in Article 20 of the SSMR. The practical arrangements of this accountability are described in the Inter-institutional Agreement concluded with the European Parliament and in the Memorandum of Understanding with the European Council. For example, the Chair of the Supervisory Board participates in hearings in the European Parliament or in the Eurogroup, the ECB replies to questions by Members of the European Parliament (which are published on the ECB website) and the ECB publishes an annual report dedicated to the banking supervision tasks. The first one was published on March 31, 2015. Furthermore, the ECB has the duty to cooperate in case of any investigations by the European Parliament, and the operational efficiency of the management of the ECB while exercising its supervisory tasks may be examined by the European Court of Auditors (Article 20 of the SSMR). On top of this accountability towards European institutions, the SSMR (Article 21) caters for a number of possible interactions and reporting requirements from the SSM to national parliaments: the SSM annual report is transmitted simultaneously to the EP and NPs; Members of NPs can ask the ECB written questions in respect of its tasks and there is a possibility to invite the Chair or a Member of the Supervisory Board for an exchange of views in NPs regarding national SIs. Five of these exchanges of views in National Parliaments have taken place so far. BaFin is governed according to its Core Objectives and Mission Statement which are built and described out of its legally defined tasks whereas its highest priority is to seek to discharge its statutory mandate to the very best of its ability. BaFin’s objectives are published in its website. BaFin publishes an annual report of its activities, provides regular reporting to the MoF (see EC 2) and is subject to audits by the Federal Court of Audit (Bundesrechnungshof). As a central bank, the main mission behind all of the Bundesbank’s activities is to safeguard the stability of the general price level and the financial system. Therefore, banking supervision is a core business area for the Bundesbank. Here, the Bundesbank performs a key operational task by helping to secure a financially sound banking industry and, ultimately, the stability of the financial system. Bundesbank’s objectives in banking supervision are published, and it publishes an annual report which includes a summary of its supervisory activities.
EC4	The supervisor has effective internal governance and communication processes that enable supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. The governing body is structured to avoid any real or perceived conflicts of interest.
Description and findings re EC4	The internal governance of the ECB and the SSM are laid down in the SSMR, the SSMFR, the ECB Rules of Procedure and the Rules of Procedure of the Supervisory Board (in accordance with According to Art. 130 TFEU and Art. 7 of the ESCB statute). The internal (communication) processes are specified further in the SSM Supervisory Manual which has been approved by the Supervisory Board and is available to all ECB/SSM staff. In addition, there is a general obligation to exchange information within the SSM, as introduced by Article 21 of the SSMFR. Under the current framework (which does not foresee the delegation of decision-making power), all legally binding acts, including all supervisory decisions, need to be submitted to the Supervisory Board for approval and to the Governing Council for adoption on a non-objection basis. Consequently, both bodies are confronted with a very high number of supervisory decisions to be adopted, including many routine decisions. This structure has a considerable impact on the complexity and the duration of the decision-making process, and is particularly challenging if supervisory decisions need to be taken within defined legal deadlines. The timelines for decision-making reflect the procedural steps laid down in the legal framework. These timelines must be reasonable (i) to ensure a proper interaction between the ECB and NCAs, (ii) to allow the Supervisory Board and the Governing Council to properly review draft decisions and to take reasoned decisions and (iii) to respect the rights of the addressees of decisions. The ECB endeavors to streamline the decision-making process to the extent possible by adopting uncontroversial decisions by written procedure and by standardizing and simplifying the documentation to be submitted to the decision-making bodies. In addition, if need be, the timelines for decision-making are shortened to the extent possible or decisions are taken at teleconferences. To address emergency situations, the decision would likely be approved by the Supervisory Board in a teleconference, which may include the Governing Council or be held back-to-back with a Governing Council teleconference where the decision is adopted, and in this case this emergency process may also be combined with the postponement of the hearing after the adoption of a provisional decision (Article 31(4) of the SSM Framework Regulation). As regards the avoidance of conflicts of interests, Art. 7 of the ESCB statute applies to ECB decision making bodies. The Supervisory Board has adopted on November 12, 2014 its own Code of Conduct, which provides a general framework of high ethical standards which the members and the other participants in Supervisory Board meetings are to observe and to set up specific procedures to deal, among other things, with potential conflicts of interest. The Code requires Supervisory Board members to disclose in writing any situation that could cause or could be perceived as causing a conflict of interest (and consequently these members will not participate in any deliberation or vote in relation to that situation conflicts of interest). A high level Ethics Committee has been established to support and advise the Supervisory Board members in the application of the ethics rules. BaFin’s decision processes are explicitly determined and described in an internal supervisory manual whose provisions are directly binding for all BaFin employees. The internal procedures will be adjusted to incorporate new SSM processes. The Bundesbank employees act according to a corresponding internal supervisory manual. For emergency purposes, BaFin has developed a crisis management handbook that includes working, decision and information processes as well as their corresponding responsibilities. All BaFin-internal significant decisions are supposed to be taken in line with the (at least) four-eye principle. The internal rules of procedures (“GoBaFin”) provide for supervisory decisions to be taken at a level appropriate to the significance of the issue. In addition to that, BaFin’s governing body consists of five members (president and four chief executive directors) and its competences and decision rules are defined in the binding document “Rules of Procedures of the Executive Board of the Federal Financial Supervisory Authority” (“GoDirBaFin”), which include processes to avoid fraud or conflicts of interest. Bundesbank also has an internal Code of Conduct, and civil servants in Germany are subject to various requirements regarding conflict of interest and impartiality.
EC5	The supervisor and its staff have credibility based on their professionalism and integrity. There are rules on how to avoid conflicts of interest and on the appropriate use of information obtained through work, with sanctions in place if these are not followed.

Description and findings re EC5	The ECB’s revised Ethics Framework entered into force on January 1, 2015. It strengthens, in particular, the rules on avoiding conflicts of interest, as well as the rules on gifts and hospitality, private financial transactions and professional secrecy. It also establishes a Compliance and Governance Office, which advises all ECB staff and monitors compliance. The SSM adopted ethics rules to avoid conflicts of interests during the recruitment phase and during the ECB employment. Restrictions have been established to avoid conflicts of interest arising from subsequent occupational activities. To avoid the inappropriate use of information obtained through work, there are strict rules on private financial transactions. Staff are prohibited, even after their duties have ceased, from making unauthorized disclosure of any information that they have received in the performance of their duties. Disciplinary measures may be adopted in case of breach of professional duties, intentionally or by negligence. Rules on the acceptance of gifts for all civil servants are laid down in section 71 Bundesbeamtengesetz (BBG). For BaFin staff a code of conduct exists to prevent corruption (Dienstanweisung zur Korruptionsprävention). There is also a code of conduct governing share-dealing and investing in supervised companies (Dienstanweisung zur Überwachung der Mitarbeitergeschäfte). In addition, employees are required to be committed to the conscientious performance of their duties in accordance to section 1 of the Act on the Formal Obligation of Persons without Civil Servant Status (Verpflichtungsgesetz – VerpflG). Internal rules and regulations of the Bundesbank (Dienstbestimmungen – DB 1-11, Annex 17) provide rules of conduct for staff with regard to accepting benefits and gifts. These rules state that, as a general rule, Bundesbank staff members are not allowed to accept benefits and gifts in relation to an official function or official duty performed for the Bank. The internal rules and regulations also stipulate that Bank staff who, in the performance of their work or owing to their position at the Bank, have access to market-relevant information which is not yet general knowledge may not use this information to gain any economic benefit for themselves or third parties until this information has become generally available. Additionally, special internal rules contained in DB 1-11 section 38 govern conflicts of interest in relation to the salaried employment activities of a spouse or life partner for staff of the Banking and Financial Supervision Department. Staff of BaFin and the Bundesbank are liable for prosecution if they disclose confidential bank information to third parties without authorization.
EC6	The supervisor has adequate resources for the conduct of effective supervision and oversight. It is financed in a manner that does not undermine its autonomy or operational independence. This includes: (a) a budget that provides for staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the banks and banking groups supervised; (b) salary scales that allow it to attract and retain qualified staff; (c) the ability to commission external experts with the necessary professional skills and independence, and subject to necessary confidentiality restrictions to conduct supervisory tasks; (d) a budget and program for the regular training of staff; (e) a technology budget sufficient to equip its staff with the tools needed to supervise the banking industry and assess individual banks and banking groups; and (f) a travel budget that allows appropriate on-site work, effective cross-border cooperation and participation in domestic and international meetings of significant relevance (e.g., supervisory colleges).
Description and findings re EC6	The SSMR provides that the ECB must be able to dispose of adequate resources to carry out its supervisory tasks effectively. It further requires that these resources are to be financed via a supervisory fee that will be borne by the entities subject to the ECB’s supervision. In accordance with the ECB’s Rules of Procedure, the budgetary authority of the ECB is vested in its Governing Council. This body adopts the ECB’s annual budget, which encompasses the budgetary needs of the supervisory directorates, following a proposal put forward by the Executive Board of the ECB after consultation with the Chair and the Vice-Chair of the Supervisory Board. The Governing Council is assisted in matters related to the budget by the Budget Committee (BUCOM) consisting of members from all national central banks of the Eurosystem and the ECB. BUCOM evaluates the ECB’s reports on budget planning and monitoring and directly report to the Governing Council. The ECB’s annual expenditure comprises all the necessary expenses such as salaries and benefits, rent and buildings, consultancy, statistical services, IT services, business travel and training required. The original headcount for the ECB supervisory functions were estimated in 2013 on the basis of best efforts and assumptions when the organization was still in its start-up phase and only limited operational experience was available. After the SSM became operational, a clearer need for resources for some supervisory task was detected and the Governing Council approved new resources to be implemented over the next two years. The ECB’s salary and benefit structure has so far proven sufficiently attractive to hire and retain supervisory staff. The level of qualifications and experience is taken into account when determining the entry salary. The ECB can hire external consultants, who are subject to the same professional secrecy requirements as ECB staff. A dedicated SSM training curriculum has been developed. Training activities are centrally coordinated by the Task Force on Training and Development of the European System of Central Banks (ESCB) and are open to staff from all member institutions of the ESCB and NCAs. BaFin is entirely financed by levies and fees paid by the institutions it monitors (sections 14 to 16j FinDAG). BaFin receives no funding from the federal budget. BaFin also charges fees for certain official services in accordance with FinDAGKostV and on the basis of specially defined legal parameters. The annual budget of BaFin is drawn up by the Executive Board and presented to the Administrative Council, which has 17 voting members. The MoF appoints six members, who can be “stakeholders” or persons in positions in financial industry associations or supervised entities, or scientific experts. Prior to appointing a member, the MoF consults with the financial industry associations, which are entitled to recommend three of the six members. In addition, the Administrative Council has representatives from the MoF, the Ministry for Economic Affairs and Energy, and the Ministry of Justice and Consumer Protection. BaFin employed end of December 2014 about 2,535 staff members, of whom 72 percent are civil servants. In 2014, BaFin recruited 187 new staff members, mainly fully qualified lawyers and graduates of higher education institutions. Professionalism is rewarded by a system of bonuses and better professional opportunities within the legal frame for civil servants or the BBG. BaFin selects its staff through interviews and assessment centers. In order to promote skills, BaFin offers various in-house and external training opportunities. As at 31 December 2014 Bundesbank employed 1,301 staff members in the area of banking supervision, of whom 68.4 percent were civil servants. In 2014, Bundesbank recruited 70 new staff members in the area of banking supervision, mainly at graduate level (bachelor, master or comparable). Bundesbank selects its staff through interviews and assessment centers. Bundesbank as part of the federal public administration is bound to the provisions of the federal public service regulations. Hence, Bundesbank’s salary structure and career opportunities correspond with these regulations. The salary schemes are defined in the Civil Servants Remuneration Act (Bundesbesoldungsgesetz) for civil servants and in the respective collective agreements for public employees. An additional Legal Order regulating the legal relationships applying to Bundesbank staff (Bundesbankpersonalverordnung) stipulates a bank allowance and a performance bonus system based on the individual performance of staff members. The individual salary grade of staff members is based on the grading of the hold position which is mainly depending from the job requirements. Salaries at Bundesbank and BaFin are relatively low, and it is reportedly difficult to retain staff, especially those with highly technical skills, when the market is strong, in particular in the Frankfurt area. BaFin and Bundesbank salaries are also lower than ECB salaries. BaFin and Bundesbank design and offer training courses not only for their employees, but also for supervisory staff across Europe. They are founding members of the European Supervisory Education Initiative (ESE). In order to secure and further promote skills, BaFin and Bundesbank meets the training needs of its banking supervision staff with various in-house, ESCB-wide and external training opportunities (including ECS and FSI in Basel). Training budget calculation lies within the responsibility of each business unit or department. There is no indication for a shortage of funds in order to provide adequate training for banking supervision staff.
EC7	As part of their annual resource planning exercise, supervisors regularly take stock of existing skills and projected requirements over the short- and medium-term, taking into account relevant emerging supervisory practices. Supervisors review and implement measures to bridge any gaps in numbers and/or skill-sets identified.
Description and findings re EC7	See EC 6. The ECB benefits from the assistance of the NCAs and consequently from the skills and competences available at national level. The ECB has recently conducted a comprehensive assessment of the resource and skills requirements for the supervisory function. A dedicated training curriculum has been developed, and is to be reviewed annually. BaFin and Bundesbank regularly offer relevant trainings and other relevant activities to its employees. These trainings and activities are planned periodically based on competency requirements and adjusted to supervisory needs. Assessors had access to training plans aimed at bridging identified gaps in skills for emerging supervisory practices.
EC8	In determining supervisory programs and allocating resources, supervisors take into account the risk profile and systemic importance of individual banks and banking groups, and the different mitigation approaches available.
Description and findings re EC8	See CPs 8 and 9. The SSM defines a Supervisory Examination Program (SEP) for the institutions it supervises. As far as SIs are concerned, the responsibility for defining the SEP lies with the ECB since 4 November 2014, with the respective NCA contributing. The individual SEPs and the SSM consolidated SEP build upon the Supervisory Priorities for 2015, the SSM Supervisory Principles and the Supervisory Manual. Two complementary Consolidated SEPs have been developed in parallel: the SEP for the on-going supervision activities by the JSTs and the SEP for the on-site inspections and internal model investigations. The SEP is prepared in coordination with the NCAs and approved by the Supervisory Board. It translates the Supervisory Priorities into detailed activities that will be carried out and that go beyond the defined minimum engagement levels, taking into account the specific risk profile of each institution. Within the SEP for the on-going supervision, each SI is classified in each risk category according to a level of engagement (Intense, Enhanced, Standard or Basic) that depends on the risk score and its size and complexity. JSTs and NCAs are also strongly involved the drawing up of the SEPs for On Site Inspections and Internal Model Investigations. ECB Horizontal functions reviewed proposals by the JSTs, taking into account the resources available both in the ECB and in the NCAs. In relation to LSIs, the ECB also receives on annual basis information from NCAs with respect to their priorities and SEPs, while the final responsibility for the supervisory planning remains with the NCA. BaFin focuses on and allocates its resources on risk-profile and systemic importance measurements. These are expressed in its annual on-site inspection planning, and further resources are allocated based on risk-matrixes which include rules for the intensity of supervision determined via criteria like systemic importance and economic key performance indicators. In Germany, BaFin and Bundesbank jointly conduct the SREP. Under the basic division of labor, Bundesbank is responsible for the ongoing monitoring of credit institutions and prepares at least once a year a bank-by-bank risk assessment (“risk profile”) incorporating the results and evaluations from ongoing monitoring as well as on-site-inspections. Based this risk profile and other information, BaFin finalizes the risk profile and decides on supervisory measures accordingly. The supervisory process follows a cyclical pattern. In the regular annual individual risk assessment, a risk profile is generated and an annual SEP defined. The individual risk assessment can always be adjusted during the year, as well as the SEP, when new information becomes available. Criteria for minimum engagement levels include scope and complexity, overseas and interbank ties, market significance (or a relevant sub-segment of the market), and the institution’s overall risk situation. Intensive supervision is applied to institutions relevant to the stability of the financial system.
EC9	Laws provide protection to the supervisor and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The supervisor and its staff are adequately protected against the costs of defending their actions and/or omissions made while discharging their duties in good faith.
Description and findings re EC9	In accordance with Article 39 of the ESCB Statutes EU Protocol No 4), “The ECB shall enjoy in the territories of the Member States such privileges and immunities as are necessary for the performance of its tasks, under the conditions laid down in the Protocol on the privileges and immunities of the European Union”. Pursuant to Article 11(a) of the Protocol on the Privileges and Immunities of the European Union (Protocol no 7, which is part of the Treaty on the Functioning of the European Union), ECB staff are “immune from legal proceedings in respect of acts performed by them in their official capacity, including their words spoken or written. They shall continue to enjoy this immunity after they have ceased to hold office.” The ECB is however liable for its actions and is subject to judicial control by the European Court of Justice of the European Union. ECB decisions may be annulled by the Court of Justice. Actions may be brought by any legal or natural person, within a time limit of 2 months. According to Article 340 TFEU, the ECB shall make good any damage caused by it or by its servants in the performance of their duties. This is without prejudice to the liability of national competent authorities to make good any damage caused by them or by their servants in the performance of their duties in accordance with national legislation (Recital 61 of the SSM Regulation). There is no specific legal protection to BaFin or Bundesbank staff against lawsuits; however as civil servants exercising a public office they cannot individually be held liable for actions taken and/or omissions made while discharging their duties in good faith. The legal threshold for liability is high; under the German Civil Code (Burgerliches Gesetzbuch, BGB) liability can only be presumed if they “willfully or negligently commit a breach of official duty incumbent upon him against a third party”. Even in that case, Article 34 of the Constitution allocates liability of any person that is exercising a public office to the employing authority. As such, any liability attaches to BaFin/Bundesbank instead of individual supervisors. In case of gross negligence or willful intent, BaFin/Bundesbank may seek compensation from the employee.
Assessment of Principle 2	Largely compliant
Comments	The three supervisory agencies responsible for German banks enjoy operational independence, in the sense that there is no government or industry interference in individual supervisory decisions. Public disclosure of reasons for dismissal of the heads of the supervisory agencies, however, is not explicitly required. Legal protection and, in the case of BaFin and Bundesbank staff, the status of civil servants, further reduces the scope for regulatory capture. As mentioned in the 2011 FSAP, the reporting requirements currently defined by the Guidelines for the control of BaFin by the MoF, in particular the various ex-ante notifications, seem to go beyond the necessary for the oversight function and systemic stability responsibilities of the MoF. In addition, the fact the MoF is responsible for approving minutely all of BaFin’s organizational matters may indirectly affect the execution of supervisory priorities. For example, in its recent restructuring, the approval or not by the MoF of reorganizing resources to different sectors and topics (SIs, LSIs, consumer protection, AML, insurance, market conduct) would ultimately affect the constraints under which BaFin executes its supervisory responsibilities. In addition, while BaFin does not depend on government funding, its budget is approved by a committee composed of government and industry representatives, chosen by the MoF in consultation with the associations of supervised entities. Through the budget, this committee is also able to affect supervisory priorities – for instance, in the recent budget BaFin resources didn’t reflect increased responsibilities with consumer protection, and there might have been an underlying assumption that resources would be freed when supervisory authority for SIs was transferred to ECB (which has not been the case). In an environment where a sizeable proportion of banks are government owned, all attention should be made to preserve the reputation of the banking supervisor. Decision making process in the newly established SSM does not foster effectiveness and timeliness of supervisory decisions. The current framework does not foresee the delegation of decisions, even routine decisions which need to be taken on a daily basis by supervisory authorities. All legally binding acts need to be submitted to the Supervisory Board for approval and to the Governing Council for adoption. This has created a large impact not only on the processes within the ECB but also in BaFin and Bundesbank where new structures had to be created to support analysis of all draft decisions that are submitted to the Supervisory Board. In addition, although the ECB has sought to streamline and simplify processes to the extent possible, some of these decisions involve strict timelines which impose a very short turnaround time for NCAs to respond.
Principle 3	Cooperation and collaboration. Laws, regulations or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.¹⁴
Essential criteria
EC1	Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with all domestic authorities with responsibility for the safety and soundness of banks, other financial institutions and/or the stability of the financial system. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC1	An extensive framework of laws, regulations and collaboration agreements is in place in Germany to ensure appropriate cooperation/collaboration with relevant domestic authorities. BaFin is responsible for the supervision of banks, insurance and investment firms and collaborates closely with the Bundesbank which performs on-site activities at banks and investment firms. Section 7 of KWG establishes the division of responsibilities for BaFin and the Bundesbank including information exchanges. ECB is the home supervisory for SIs and participates in MOUs already signed by BaFin/BBk and has extensive collaboration through its membership of member states in the JSTs. The Financial Stability Commission (FSC) commenced operations in March, 2013, replacing the Standing Committee on Financial Market Stability. The purpose of the FSC is the macroprudential oversight of the German financial system. The FSC is composed of three representatives from the MoF, three from Bundesbank, three from BaFin and one representative from the Financial Market Stability Agency (FMSA) (no voting rights). The FSC meets quarterly. The European Systemic Risk Board (ESRB) was set up for the same purpose at the EU level in January 2011. The agencies involved have an established history of collaboration, particularly BaFin and the Bundesbank. BaFin, as part of the BMF also has regular exchanges with the MoF. All three entities are represented in the FSC.
EC2	Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with relevant foreign supervisors of banks and banking groups. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC2	CRD Article 6 establishes that NCAs should cooperate with the other authorities within the European System of Financial Supervision (ESFS). CRD Article 7 establishes that NCAs should consider the impact of their decisions on the financial stability of other EU members. CRD Article 50 establishes that NCAs should cooperate with each other supplying information on management and ownership of institutions, and all information that can facilitate supervision and monitoring. EBA drafted, and the EC issued, a regulatory standard (Regulation 524/2014) that specifies the information that NCAs must exchange with each other according to Article 50, in particular, covering the following areas: management and ownership; liquidity and supervisory findings; solvency; deposit guarantee schemes; limitation of large exposures; internal control mechanisms. The regulation introduced some additional areas where NCAs must exchange information, such as leverage, general non-compliance, supervisory measures and sanctions, and preparation for emergency situations. In addition, the EC issued an Implementing Regulation (Regulation 620/2014) that outlines operational procedures and sets out standard forms and templates for information sharing requirements, which are likely to facilitate the monitoring of institutions that operate through a branch or through the exercise of the freedom to provide services. The regulation sets out the procedures for information exchange during (i) going concern and (ii) liquidity stress situations and is supplemented by two annexes containing templates for the information exchange. The quantity and frequency of information to be provided is based on the proportionality principle, depending on whether a branch is deemed as significant. EBA RTS (Delegated Regulation (EEU) 2016/98) and ITS (Implementing Regulation (EU) 2016/99), approved in January 2016, specify the general conditions for the establishment and functioning of supervisory colleges, and establish important procedures to structure and facilitate the interaction and cooperation between the consolidating supervisor and the relevant competent authorities. In particular, they detail the conditions for the establishment and functioning of supervisory colleges, coordination and cooperation arrangements between competent authorities of cross-border banking groups and exchange of information necessary for performing key supervisory tasks in a joint and coordinated manner in both going concern and emergency situations. These standards aim at facilitating the interaction and cooperation between authorities at EU and global level, recognizing possible involvement of third-country supervisory authorities, and strengthening supervision of cross-border banking groups across the EU. The establishment of the SSM has consolidated the supervision of SIs and LSIs even further. The Supervisory Board of the SSM includes members of the ECB and one representative per competent authority of the participating member states. The joint supervisory teams (JST) include staff from both the ECB and the NCA that jointly undertake supervisory activities. BaFin/Bundesbank have completed a number of memorandums of understanding (MOU) with third countries to exchange information. According to Article 152 of the SSM Framework Regulation the ECB may participate in existing MOUs with the NCA or negotiate a new MOU. Third countries participate in supervisory colleges. ECB becomes automatic participant in SSM member NCAs’ MOUs, and is negotiating MOUs with non SSM NCAs that lack MOU with member NCAs. Cross-border exchange of information and collaboration is well established and is evidenced in the SREP documentation process and in participation in the supervisory colleges.
EC3	The supervisor may provide confidential information to another domestic authority or foreign supervisor but must take reasonable steps to determine that any confidential information so released will be used only for bank-specific or system-wide supervisory purposes and will be treated as confidential by the receiving party.
Description and findings re EC3	If the ECB/SSM determines that the institution is failing or likely to fail, or if the ECB receives such a determination from an institution itself, the ECB/SSM will have to notify, inter alia, the relevant resolution authorities: the resolution authority for the institution, the resolution authority of any branch of the entity. Likewise, before it makes a determination that an institution is failing or likely to fail, the SRB must first inform the ECB/SSM that it intends to make this determination, and allow the ECB 3 calendar days to make an assessment. In light of the above, the ECB and SRB have signed a MoU, which should ensure early and effective coordination and information sharing. Germany implemented the relevant articles of CRD in section 9 (1) KWG, which entitles BaFin (or the ECB, where it applies the national implementation of CRD IV) to share information with a foreign banking supervisory authority provided that the foreign supervisor will treat the information confidentially. Accordingly, section 9 (1) KWG sets forth that BaFin shall treat information obtained from foreign supervisory authorities confidential. BaFin will pass on information received from a foreign supervisory authority to Bundesbank to the extent that such information is necessary for the performance of the functions of Bundesbank as outlined in section 7 KWG on the basis that Bundesbank shall only use the information for lawful supervisory purposes and shall not disclose the information to any other person without the prior written consent of the foreign supervisory authority. The confidentiality obligation of section 9 KWG also applies to Bundesbank. This holds also true with regard to the exchange of information on the basis of institution-specific MoUs and Cooperation Agreements.
EC4	The supervisor receiving confidential information from other supervisors uses the confidential information for bank-specific or system-wide supervisory purposes only. The supervisor does not disclose confidential information received to third parties without the permission of the supervisor providing the information and is able to deny any demand (other than a court order or mandate from a legislative body) for confidential information in its possession. In the event that the supervisor is legally compelled to disclose confidential information it has received from another supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, the supervisor uses all reasonable means to resist such a demand or protect the confidentiality of the information.
Description and findings re EC4	Section 9 (1) KWG entitles BaFin to share information with a foreign banking supervisory authority provided that the foreign supervisor will treat the information confidentially. Accordingly, section 9 (1) KWG sets forth that BaFin shall treat information obtained from foreign supervisory authorities confidential. As BaFin’s employees are only entitled to share information in the cases set out in section 9 KWG, BaFin is able to deny any demand from other bodies than those set out in said provision. Information that originates in another country shall not be disclosed without the expressed agreement of the competent authorities which have disclosed it and solely for the purposes for which those authorities gave their consent (section 9 (1) sentence 8 KWG). The confidentiality obligation of section 9 KWG also applies to Bundesbank.
EC5	Processes are in place for the supervisor to support resolution authorities (e.g., central banks and finance ministries as appropriate) to undertake recovery and resolution planning and actions.
Description and findings re EC5	A well-developed legal framework and specialized institutions are in place for the management of possible recovery and resolution of banks. The SAG provides for the cooperation between BaFin and FMSA, in their capacity as competent supervisory authority and competent resolution authority for LSIs that do not fall in the remit of the SRB, such as the exchange of information (section 6 SAG). These legal duties are supplemented by a cooperation agreement between BaFin and FMSA defining principles and the appropriate processes for the cooperation and coordination with regard to recovery and resolution. The competent supervisory authority has to involve the resolution authority at an early stage where there is a potential gone-concern situation and shares all supervisory information that is relevant for resolution. The resolution authority has to consult with the supervisory authority on all matters falling within their competence that might have repercussions on the going-concern, in order to strike the right balance between supervisory and resolution objectives. The competent supervisory authority is responsible for recovery planning (Article 9 of the cooperation agreement; section 13 – 21 SAG) and the imposing of early intervention measures (section 36 SAG). Moreover, the competent authority provides the recovery plan to the resolution authority, in order to give the resolution authority, the opportunity to examine the recovery plan with a view to identifying any actions in the recovery plan which may adversely impact the resolvability of the institution and make recommendations to the competent authority with regard to those matters (section 15 (1) SAG). Furthermore, the resolution authority assesses, in consultation with the competent authority, the resolvability of each LSI that is not part of a group which is subject to consolidated supervision (article 11 of the cooperation agreement; section 57 – 60 SAG). In addition, the resolution authority, draws up a resolution plan in coordination with the competent authority, as well, for those institutions (Article 10 of the cooperation agreement; section 40 - 48 SAG). The resolution plan shall provide for the resolution actions which the resolution authority may take where the institution meets the conditions for resolution. To effectively fight a potential systemic threat resulting from the failure of an institution, the resolution authority can intervene when an institution is failing or likely to fail and additional conditions are met (Article 13 of the cooperation agreement, section 62 – 66 SAG). The competent supervisory authority after hearing the competent resolution authority or the competent resolution authority after hearing the competent supervisory authority are able to decide, that an institution is failing or likely to fail (Article 13 (1) of the cooperation agreement; section 62 (2) SAG).
Assessment of Principle 3	Compliant
Comments	Cooperation channels are highly developed and effective.
Principle 4	Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled.
Essential criteria
EC1	The term “bank” is clearly defined in laws or regulations.
Description and findings re EC1	At the European level, there is not definition of the term “bank”. CRR and CRD IV uses the term “credit institution,” which is defined as “an undertaking the business of which is to take deposits or other repayable funds from the public and to grant credits for its own account” (CRR Article 4.1 (1)). In Germany, the KWG defines the “banking business” by specifying the range of permitted activities to credit institutions. According to section 1 (1) sentence 1 KWG, credit institutions are enterprises which conduct banking business commercially or on a scale which requires a commercially organized business undertaking. As a criterion for determining whether banking business is conducted commercially, it is sufficient that there is an intention that the business should be conducted over a certain period of time and that the party conducting the business is doing so with the aim of making a profit. Section 1 (1) sentence 2 KWG provides a definitive list of what comprises banking business: besides the traditional activities of deposit business and lending business, the list includes discount business, principal broking services, safe custody business, guarantee business and underwriting business. A credit institution may in principle engage in all, several or single categories of banking business.

EC2	The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined either by supervisors, or in laws or regulations.
Description and findings re EC2	The types of activities that credit institutions can carry out are not exhaustively determined at the EU level, although the activities must include at least the taking deposits or other repayable funds from the public and granting credits for its own account. A bank license can only be granted if the proposed activities in which the applicant will be engaged at least fulfill the essential elements of the definition of credit institution in the CRR. This would mean that authorization to undertake the business of a credit institution is required if at least both activities 1 and 2 of CRD IV Annex I are included in its business plan (Taking deposits and other repayable funds; lending including, inter alia: consumer credit, credit agreements relating to immovable property, factoring, with or without recourse, financing of commercial transactions). CRD IV Recital 14 stipulates that “this Directive should not affect the application of national laws which provide for special supplementary authorizations permitting credit institutions to carry out specific activities or undertake specific kinds of operations.” In addition, CRD IV Annex I provides a list of activities that can be performed by credit institutions authorized in one of the member states without acquiring additional authorization from the host authorities (mutual recognition), although this does not restrict a Member State from allowing credit institutions to perform less or other activities in the jurisdiction. CRD IV Article 10 obliges Member States to require applications for authorization to be accompanied by a program of operations setting out the types of business envisaged and the structural organization of the credit institution. National law defines whether a credit institution is allowed to undertake activities other than the taking of deposits or other repayable funds from the public and the granting of credits for its own account. In Germany, in addition to the legal definition of banking business, section 1 (1a) KWG defines the financial services which provide the basis for qualifying as a financial services institution. Financial services comprise investment and contract broking, investment advice, operation of multilateral trading facility, placement business, portfolio management, proprietary trading, non-EEA deposit broking, foreign currency dealing, factoring, financial leasing, asset management and limited custody business. Here, too, the KWG gives a definitive list of those activities that require a license. There are specific rules concerning licensing for payment services and e-money businesses laid down in the Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz - ZAG). In the course of transposing the new E-Money Directive (2009/110/EC) into national legislation by April 30, 2011, rules concerning e-money business were transferred from the KWG into the ZAG. Conducting e-money business does no longer require a license as a credit institution but as an e-money issuer under ZAG. The procedure for authorization to take up the business of a credit institution as entrusted to the ECB applies to all activities allowed to credit institutions including activities subject to mutual recognition within the meaning of CRD IV Annex 1 as well as other regulated activities which under national law require authorization to undertake the business of a credit institution. SSMFR Article 78(5) makes clear that “the decision granting authorization shall cover the applicant’s activities as a credit institution as provided for in the relevant national law, without prejudice to any additional requirements for authorization under the relevant national law for activities other than the business of taking deposits or other repayable funds from the public and granting credit for its own account.”
EC3	The use of the word “bank” and any derivations such as “banking” in a name, including domain names, is limited to licensed and supervised institutions in all circumstances where the general public might otherwise be misled.
Description and findings re EC3	There are no EU level restrictions regarding the use of the word “bank” and any derivations. Such restrictions are placed at national level. CRD IV Article 19 provides that “for the purposes of exercising their activities, credit institutions may, notwithstanding any provisions in the host Member State concerning the use of the words ‘bank,’ ‘savings bank’ or other banking names, use throughout the territory of the Union the same name that they use in the Member State in which their head office is situated,” and “in the event of there being any danger of confusion, the host Member State may, for the purposes of clarification, require that the name be accompanied by certain explanatory particulars.” In Germany, under section 39 (1) KWG, the use of the term “bank” or “banker” or an expression that includes the word “bank” or “banker” in a firm name or as an addition thereto or to describe the object of the business or for advertising purposes is restricted to a)credit institutions that are in possession of a license under section 32 KWG or branches of enterprises when home state is a member state of the EEA; b) other enterprises which, on entry into force of the KWG, were using such a term legally under the existing regulations. The KWG also protects the use of terminology for certain types of credit institutions, i.e., “cooperative bank” [Volksbank], “savings bank” [Sparkasse], “building and loan association” [Bausparkasse] and “savings and loan bank” [Spar- und Darlehenskasse]. According to section 41 KWG, sections 39 and 40 KWG do not apply to enterprises that use the words “bank”, “banker,” or “savings bank” in a context which precludes the impression that they conduct banking business. The use of the word “bank” in domain names therefore is not specifically named in this context. The interpretation of whether the domain name may be used by enterprises may be a question of consumer protection. Nevertheless, assessors had access to a case where BaFin acted regarding domain names. Credit institutions, whose head office is located abroad, may, when operating in Germany, use the terms specified in section 39 (2) KWG and in section 40 KWG only if they are entitled to do so in their home country and provided that they add a reference to their home state when using such terms. References are not necessary in case of activities of enterprises or branches where the home state is a member state of the EEA. With regard to the restrictive and designated use of the word ‘bank’, no powers are conferred on the ECB. BaFin’s powers in this regard are conferred by KWG. Section 39 (3) KWG specifically grants BaFin the power to determine that enterprises may not use the terms specified in section 39 (1) KWG, if the nature and scope of the activities do not justify their use. According to section 42 KWG, BaFin decides in doubtful cases whether an enterprise is entitled to use the protected terms specified in sections 39 and 40.
EC4	The taking of deposits from the public is reserved for institutions that are licensed and subject to supervision as banks.¹⁵
Description and findings re EC4	CRD IV Article 9 stipulates that “Member States shall prohibit persons or undertakings that are not credit institutions from carrying out the business of taking deposits or other repayable funds from the public”. As explained in BCP 4 EC1, pursuant to CRD IV Article 8, Member States shall require credit institutions, whose business includes collecting deposits, to obtain authorization before commencing their activities. In Germany the KWG determines that deposit business, i.e., the acceptance of funds from others as deposits or of other repayable funds from the public, except the issuance of order and bearer notes, is, irrespective of whether or not interest is paid, is considered banking business according to section 1 (1) sentence 2 no. 1 KWG and therefore may only be conducted by a credit institution which is in possession of a written license. All authorizations for credit institutions to operate in the SSM participating Member States is granted by the ECB. The SIs will be under direct ECB supervision and the LSIs under direct supervision of BaFin and Bundesbank. The ECB has no power on enforcing the prohibition of the taking deposits or other repayable funds from the public by non-banks. BaFin has broad statutory powers to investigate in and to intervene with unauthorized banking business. These powers are laid down in section 37 and 44c KWG. Over and above that unauthorized banking business is in accordance with section 54 KWG punishable by fine or imprisonment of up to five years. Pursuant to section 44c (1) KWG, staff of BaFin and the Bundesbank are entitled to request information and documents from an undertaking, its governing bodies or a staff member where there is evidence to suggest that they conduct banking business or provide financial services without the authorization required pursuant to section 32 (1) sentence 1 of the KWG. To ascertain the nature and scale of the business or activity, staff of BaFin and the Bundesbank are also entitled to carry out inspections pursuant to section 44c (2) of the KWG on the premises of the undertaking operating without authorization as well as on the premises of the persons and undertakings obliged to provide information and submit documents pursuant to section 44c (1) of the KWG, or to search premises pursuant to section 44c (3) of the KWG. BaFin’s investigatory powers are also directed at persons and undertakings in relation to whom there is evidence to suggest that they are involved in the initiation, conclusion or settlement of banking business and provision of financial services under the Banking Act without authorization. Once the nature and scale of the business conducted without authorization has been ascertained, BaFin, in accordance with section 37 (1) of the KWG, can order the undertaking and the members of its governing bodies, as well as those involved, to cease business operations immediately and to settle this business promptly. If necessary, BaFin is also allowed to appoint a suitable person as liquidator. Since the operations of illicit financial undertakings are becoming increasingly internationalized in pursuing unauthorized business, BaFin cooperates not only with the Federal Office of Criminal Investigation and their Länder counterparts but also with the regulatory and criminal prosecution authorities of other member states of the European Economic Area and third countries.
EC5	The supervisor or licensing authority publishes or otherwise makes available a current list of licensed banks, including branches of foreign banks, operating within its jurisdiction in a way that is easily accessible to the public.
Description and findings re EC5	CRD IV Article 20(2) requires EBA to publish on its website, and update regularly, a list of the names of all credit institutions that have been granted authorization, although the frequency is not defined. This information is available under the Credit Institution Register of the EBA website, which contains names of (a) institutions set up in the member states, (b) branches of institutions established in EEA countries, and (c) branches of other foreign banks. The Credit Institution Register is updated on a real-time basis with notifications of newly licensed institutions or withdrawal of authorization by competent authorities. In accordance with SSMFR Article 49(1) and (2), the ECB publishes on its website a list with supervised institutions and supervised groups directly supervised by the ECB as well as a list of entities supervised by the NCAs. The ECB lists are updated regularly, based on the relevant decisions taken during the past period with regard to authorizations and the withdrawal or lapsing of authorizations, the decisions amending the significance with regard to the SIs (if a change occurred in the composition of the group) or the relevant notifications as received from the NCAs. BaFin maintains on its websites (“www.bafin.de”) in accordance with section 32 (5) KWG a current list of licensed banks and furthermore current lists of branch offices, branches of foreign institutions, representative offices and branches of EEA-OGAW-management companies which are updated every month. Branches established under the European passport are supervised by the supervisory authority of the home country and only on a limited basis by BaFin. If a foreign bank has various branches, these branches will be considered on single institution. Supervision of the branch office is carried out by BaFin.
Assessment of Principle 4	Compliant
Comments	Permissible activities are well defined in German legislation and the use of the word “bank.” While licensing is done by the ECB (see CP 5), it is BaFin which has the powers to investigate and prosecute the taking of deposits by non-authorized persons. Legislation doesn’t specifically cover the use of the term “bank” in domain names, but undue use can be investigated by BaFin. Assessors had access to several cases where the use of the term “bank” or similar by unlicensed institutions was investigated and sanctioned by BaFin, including for a domain name.
Principle 5	Licensing criteria. The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of Board members and senior management)¹⁶ of the bank and its wider group, and its strategic and operating plan, internal controls, risk management, and projected financial condition-(including capital base). Where the proposed owner or parent organization is a foreign bank, the prior consent of its home supervisor is obtained.
Essential criteria
EC1	The law identifies the authority responsible for granting and withdrawing a banking license. The licensing authority could be the banking supervisor or another competent authority. If the licensing authority and the supervisor are not the same, the supervisor has the right to have its views on each application considered, and its concerns addressed. In addition, the licensing authority provides the supervisor with any information that may be material to the supervision of the licensed bank. The supervisor imposes prudential conditions or limitations on the newly licensed bank, where appropriate.
Description and findings re EC1	CRDIV does not mandate which body/bodies are to be responsible for granting authorization. For SSM member countries, in accordance with SSMR Articles 4(1)(a) and 14, and SSMFR Article 78, the ECB is the exclusive competent authority for the authorization of credit institutions. In accordance with SSMR Articles 4(1)(a) and 14, and SSMFR Article 83, the ECB is also the exclusive competent authority for the withdrawal of the authorization. The ECB is also the competent authority for the supervision of significant banks (SSMR, Articles 4 and 6). The analysis of all license applications takes place initially at BaFin, and only viable applications are sent to ECB as a draft decision. ECB decisions are, therefore taken on the basis of applicable German law. Applications must be submitted to the BaFin in accordance with the requirements set out in relevant national law. If the applicant complies with all conditions of authorization, pursuant to Art. 14 (2) SSMR BaFin shall prepare a draft decision to propose to the ECB to grant the authorization. The draft decision is based on the prerequisites for granting a license mentioned in section 32 et seq. KWG, which implement Art. 8 et seq. CRD IV. It shall be deemed to be adopted by the ECB unless the ECB objects. For conditions for rejection, see EC 2. BaFin requires additional own funds of institutions at the commencement of business operations, usually at least during the first three years (section 10 (3) sentence 2 no. 6 KWG). In case of decision-taking on authorization with regard to a less significant institution (LSI) the licensing authority and the supervisor are not the same, as the ECB is the licensing authority and the BaFin the primary supervisor (Articles 4 (1)(a) and 6(4) SSMR). In this respect, the right for the supervisor to have its views on the application and its concerns addressed is secured by mechanism described above. (Article 14(2) SSMR and Article 76 SSMFR). The same applies for withdrawals if the initiative for the withdrawal was taken by BaFin. In case of a withdrawal of the authorization of a German LSI upon initiative of the ECB, the ECB must consult with BaFin, at least 25 working days before the date on which it plans to make the decision, in duly urgent cases reducible to 5 working days (Article 82 SSMFR). Article 6(2) SSMR underlines that the ECB and NCAs are subject to a duty of cooperation in good faith, and an obligation to exchange information (see CP 3). The current SSM approach for authorizations require that the ECB and BaFin share all relevant findings during the assessment of an application for an authorization. Therefore, any information that is with the ECB in its capacity of licensing authority which may be material to BaFin in its capacity of supervisory authority, is shared with the latter.
EC2	Laws or regulations give the licensing authority the power to set criteria for licensing banks. If the criteria are not fulfilled or if the information provided is inadequate, the licensing authority has the power to reject an application. If the licensing authority or-supervisor determines that the license was based on false information, the license can be revoked.
Description and findings re EC2	Relevant articles of CRD IV were transposed in Germany through the KWG, as described below. As the final decision on authorizations is based on BaFin’s draft proposal thereto, in practice the ECB actually applies licensing criteria as included in the German law. In Germany, Sections 32 et seq. KWG governs the licensing of institutions comprehensively. According to section 32 (1) sentence 1 KWG, anyone wishing to conduct one or more of the banking businesses listed in section 1 (1) sentence 2 KWG, or to provide one or more of the financial services listed in section 1 (1a) sentence 2 KWG in Germany requires a written license. Section 32 (1) sentence 2 KWG sets out in detail the particulars that the license application must contain. The reports and documents that must be submitted are specified in greater detail in section 14 AnzV. The ECB may make the granting of the license subject to conditions, consistent with the purpose of the KWG (section 32 (2) sentence 1 KWG). According to section 32 (2) sentence 2 KWG, the license may also be restricted to particular types of banking business or financial services. Before granting the license - respectively submitting the draft granting of the license to the ECB -, BaFin consults the deposit guarantee scheme appropriate to the institution (section 32 (3) KWG) and Bundesbank. An application for an authorization may be rejected by BaFin, according to the provisions of Section 33 KWG, and by the ECB. The ECB may only object to BaFin’s draft proposal to grant an authorization – and thus reject the authorization – where the conditions for the authorization set out in relevant EU law are not met (see SSMR Article 14(3)). Section 33 KWG governs the refusal of the license by BaFin. For these purposes, the KWG distinguishes between mandatory reasons for refusing the license (section 33 (1) sentence 1 KWG), where the license must be refused in all cases, and other reasons, where BaFin may refuse to grant the license (section 33 (2) KWG). The mandatory reasons include a) the resources for initial capital are not available in Germany, b) facts are known which suggest that an applicant or an executive board member is not trustworthy, c) facts are known which warrant the assumption that the holder of a qualified participating interest is not trustworthy or fails to satisfy the requirements of the sound and prudent management of the institution, d) facts are known which suggest that the proprietor or executive board member does not have the necessary professional qualifications, e) facts are known which suggest that an executive board member does not have sufficient time to perform tasks, f) the applicant will become subsidiary of a financial holding company or a mixed financial holding company and facts are known, which warrant the assumption that an executive board member of these companies is not trustworthy or does not have the professional qualifications necessary for managing the company, g) a credit institution does not have at least two full-time executive board members (principle of dual control), h) the institution has its head office or domicile outside Germany and/or is not prepared or not in a position to make the organizational arrangements necessary for the proper operation of the business, and i) the applicant is a subsidiary of a foreign credit institution and the foreign supervisory authority responsible for this credit institution has not given its consent to the establishment of the subsidiary. Section 33 (2) KWG, on the other hand, sets out the circumstances in which BaFin may refuse the license at its own discretion, after due consideration of the facts. For these purposes, it must exercise its discretion under the purpose of the powers vested in it and observe the statutory limits imposed upon its discretion according to section 40 of the Administrative Procedures Act (Verwaltungsverfahrensgesetz – VwVfG). This means that BaFin must base its decisions on objective criterion and a just and equitable balancing of the public interest and the interests of the institutions; in particular, it must observe the principles of practicality and proportionality. According to section 33 (2) sentence 1 KWG, BaFin may refuse the license if facts are known which warrant the assumption that effective supervision of the institution would be impaired. In particular, this would be the case if: a) the institution is associated with other individuals or enterprises in a corporate network or is closely linked to such a network which impairs effective supervision of the institution owing to the structure of the cross-shareholdings or to inadequate commercial transparency, b) effective supervision of the institution is impaired by the legal or administrative provisions of a non-EEA member state applicable to such individuals or enterprises, c) the institution is a subsidiary of an institution domiciled in a non-EEA member state that is not effectively supervised in its home country or whose competent authority is not prepared to cooperate satisfactorily with BaFin, d) the application (for the license) contains insufficient information or documents. A license may not be refused for any other reasons. The power to revoke an authorization found to have been granted based on false information or other irregular means is set out in CRD IV Article 18(b). If the ECB becomes aware of such, pursuant to SSMFR Article 82(1), it may thus withdraw the license. Section 35 (2) KWG, which governs the expiry and revocation of licenses, refers to the provisions of the VwVfG. A license, which represents an administrative act conferring a benefit within the meaning of section 48 (1) sentence 2 VwVfG, may be withdrawn only subject to the qualifications of section 48 (2) to (4) VwVfG. Of particular importance in this context is the fact that the beneficiary of the administrative act (the holder of the license) cannot invoke protection of confidence if he procured the administrative act through fraudulent misrepresentation, menaces or bribery or by providing information that was materially false or incomplete.
EC3	The criteria for issuing licenses are consistent with those applied in ongoing supervision.
Description and findings re EC3	Pursuant to CRD IV Article 18, one of the possible reasons for withdrawing the authorization is that the credit institution ‘no longer fulfils the conditions under which authorization was granted.’ As minimum requirements, the criteria that have to be met in order to be licensed must be met at any time. The license may be revoked if the criteria cease to be met. Accordingly, the conditions under which a license may be revoked also include all reasons for refusing the license in the first place (section 35 (2) no. 3 KWG). The ECB may withdraw the authorization in the cases set out in relevant Union law on its own initiative, following consultations with the NCA, or on a proposal from the NCA (SSMR Art 14(5)).
EC4	The licensing authority determines that the proposed legal, managerial, operational, and ownership structures of the bank and its wider group will not hinder effective supervision on both a solo and a consolidated basis.¹⁷ The licensing authority also determines, where appropriate, that these structures will not hinder effective implementation of corrective measures in the future.
Description and findings re EC4	See EC 2. A banking license can be refused if the institution’s structures hinder effective supervision (section 33 (2) sentences 1 and 2 KWG). Especially concerning the operational and ownership structures within a group, section 33 (2) sentence 2 no. 1 KWG authorizes BaFin to refuse the license, if an effective supervision of the institution on the solo as well as on the consolidated basis would be impaired due to the structure of the group. According to section 35 (2) no. 3 KWG, the supervisory authority may revoke a license, if it becomes aware of facts which would warrant refusal of authorization pursuant to section 33 (2) numbers 1 to 3 Furthermore, according to section 2b (1) KWG, a credit institution may not be operated in the form of sole proprietorship. This requirement is meant to ensure a clear distinction between the institution’s capital and the personal assets of the proprietor. Assessors reviewed files where issues were raised by the licensing authority and had to be addressed by the applicant prior to authorization.
EC5	The licensing authority identifies and determines the suitability of the bank’s major shareholders, including the ultimate beneficial owners, and others that may exert significant influence. It also assesses the transparency of the ownership structure, the sources of initial capital and the ability of shareholders to provide additional financial support, where needed.
Description and findings re EC5	Also see CP 6. According to CRD IV, major shareholders are qualifying holdings or the 20 largest shareholders in case there are no qualifying holdings. The suitability requirements themselves are very generally listed in article 23, which includes reputation, knowledge, skills and experience, and financial soundness. The ECB has developed guidance to all SSM members to assist in the assessment of the fit and proper criteria, which was still under discussion at the time of this assessment. Section 32 (1) sentence 2 nos. 6 a) to c) KWG, if qualified participating interests are held in the institution, the license application must provide the names of the holders of qualified participating interests, the amount of these participating interests and the data required to assess the trustworthiness of the holders or of the legal representatives or of the general partners. If these holders are required to draw up annual accounts, according to section 32 (1) sentence 2 no. 6, d) KWG, the license application must include the annual accounts for the last three financial years, together with audit reports compiled by independent external auditors. Furthermore, according to section 32 (1) sentence 2 no. 6, e) KWG, if these holders are part of a group, the license application must include particulars of the group structure and, if applicable, the consolidated group accounts for the last three financial years, together with auditor’s reports compiled by independent external auditors. If applicants or holders of qualified participating interests are members of groups, according to section 14 (5) AnzV in conjunction with section 11 no. 1 a) InhKontrollV, the license application must also describe the group structure, with an organizational chart of the group being attached. Where no qualified participating interests are held in the institution, the license application must provide the names of the up to 20 biggest shareholders. Furthermore, the license application must include any facts which indicate a close link between the institution and other natural persons or other enterprises (please refer to section 32 (1) sentence 2 no. 7 KWG). The existing reporting system makes it possible for BaFin to understand the ownership structures and to take appropriate measures as individual circumstances dictate. According to section 1 (9) KWG in conjunction with article 4 (1) no. 36 CRR, a qualified participating is also deemed to exist if a significant influence can be exercised on the management of the enterprise, in which a participating interest is held. In association with section 22 (1) no. 2 of the Securities Trading Act (Wertpapierhandelsgesetz - WpHG), the regulations concerning an acquisition of a qualified participation are applicable to the legitimate owner as well as to the beneficial owners. If the trustworthiness of holders of participating interests cannot be established beyond doubt, the doubts will count against them, i.e., – procedurally – the regulation legislates for a reversal of the normal burden of proof. BaFin calculates indirect qualified holdings up the chain for the purposes of assessing fitness and propriety, until the holding no longer meets the qualifying thresholds. Assessors saw cases when the authority required two or more shareholders, for example, to have their participation added up as to become a qualified holding due to evidence that they were acting in concert. BaFin requires only evidence that the necessary initial capital is available. In the case of qualified participating interests, section 33 (1) no. 3 in conjunction with section 2c (1b) sentence 1 no. 1 KWG stipulates that, within three months of receiving the complete reports, BaFin may prohibit the intended acquisition or increase in the qualified participating interest if facts are known which warrant the assumption that the funds used were obtained by criminal offences.
EC6	A minimum initial capital amount is stipulated for all banks.
Description and findings re EC6	CRD IV Article 12 sets out a minimum amount of EUR 5 million, and in some particular cases (mainly grandfathering of banks that had less than the threshold amount in 1992, paragraph 4) it might be of EUR 1 million. The initial capital must be held in the form of common equity tier 1 (this is via a cross reference to the CRR Article 26(1)(a)). The initial capital is a floor – a bank may not fall below the amount of EUR 5 million of CET1. In Germany, the initial capital for deposit-taking credit institutions is an amount equivalent to at least EUR 5 million; and for institutions which conduct only e-money business, EUR 1 million. In addition, minimum requirements are sometimes contained in separate special Acts. For example, a mortgage bank/ship mortgage bank may only be granted a license if the paid in original own funds amount to at least EUR 25 million according to section 2 (1) sentence 2 no. 1 Pfandbrief Act (Pfandbriefgesetz – PfandBG). If the resources required to conduct business, in particular adequate initial capital, are no longer available, the license may be revoked (section 35 (2) no. 3 KWG in conjunction with section 33 (1) sentence 1 no. 1 KWG).

EC7	The licensing authority, at authorization, evaluates the bank’s proposed Board members and senior management as to expertise and integrity (fit-and-proper test), and any potential for conflicts of interest. The fit-and-proper criteria include: (i) skills and experience in relevant financial operations commensurate with the intended activities of the bank; and (ii) no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold important positions in a bank.¹⁸ The licensing authority determines whether the bank’s Board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks.
Description and findings re EC7	See footnote to the CP. In Germany there is a two-Board structure, where the Supervisory Board exercises the oversight function and the Management Board the Executive function. For the purposes of the assessment therefore, “Board” will mean the oversight function, i.e., the Supervisory Board, and “senior management” will mean the executive function, i.e., the Management Board. Also see CP 14. Under section 32 (1) sentence 2 nos. 2 to 4 KWG, the license application must include the names of the executive board members (Geschäftsleiter), the information necessary for assessing the trustworthiness of the applicants including certificates of good conduct and information regarding their professional qualifications and experience. Under section 1 (2) KWG, executive board members are natural persons who are appointed by law, the articles of association or the partnership agreement to represent and manage the business of an institution organized in the form of a legal person or partnership. The information provided in the license application is used to assess whether the license has to be refused for mandatory reasons under section 33 (1) sentence 1 KWG. This is the case, for example, if facts are known which suggest that an applicant or executive board member is not trustworthy or that the proprietor or executive board member does not have the professional qualifications. A potential for conflicts of interest is of a particular importance concerning the judgment of a manager’s trustworthiness. Another mandatory reason for refusing the license is if a credit institution does not have at least two full-time executive board members. The requirements for the professional qualifications of the management board are specified in section 25c (1) KWG, which states that they must have the necessary professional qualifications, be trustworthy and dedicate sufficient time to performing their functions. A prerequisite for the professional qualifications is that they have adequate theoretical and practical knowledge of the business concerned and managerial experience. According to section 25c (1) sentence 3 KWG, a person will have the professional qualifications required if he/she can demonstrate a three-year record of working in management capacity at an institution of comparable size and type of business. It is mandatory that he/she should have carried external powers of representation and appropriate internal decision-making powers in the previous job. The job must also have involved the independent management of large organizational units (a major branch, a main department or the like). The areas the candidate was in charge of must have covered the main spectrum (most importantly, lending and securities business) of the whole banking business. Only for institutions with several executive board members, in exceptional cases candidates with specialist skills e.g., from the IT field are also accepted as executive board members, even though they do not have sufficient knowledge of lending and securities business. Furthermore, for the purposes of observing the principle of dual control, in practice great attention is paid to ensuring that a minimum of two executive board members fulfill these requirements. Requirements for Supervisory Board are not as strict. According to section 25(d), the members of the supervisory board must be trustworthy, have the necessary expertise to fulfill their function, and devote sufficient time to performing their duties. KWG does establish that “the supervisory board as a whole shall have the necessary knowledge, skills and experience to fulfill its control function as well as to assess and monitor the management board of the institution”. However, the collective knowledge of the supervisory board is not customarily assessed in the licensing process.
EC8	The licensing authority reviews the proposed strategic and operating plans of the bank. This includes determining that an appropriate system of corporate governance, risk management and internal controls, including those related to the detection and prevention of criminal activities, as well as the oversight of proposed outsourced functions, will be in place. The operational structure is required to reflect the scope and degree of sophistication of the proposed activities of the bank.¹⁹
Description and findings re EC8	According to section 32 (1) sentence 2 no. 5 KWG, the license application must include a viable business plan, which should include details of the nature of the institution’s proposed business, its organizational structure, risk management and internal control procedures. According to section 14 (7) AnzV, the business plan accompanying the application must contain the following information: a) the nature of the planned business, with a substantial indication of its future course; for this purpose, projected balance sheets and profit and loss accounts for the first three full financial years following commencement of operations must be submitted, b) a description of the organizational structure of the institution, with an organization chart attached showing, in particular, the respective responsibilities of the managers; the description must also state whether and where branches are to be established, c) a description of the institution’s planned internal monitoring procedures. According section 14 (2) sentence 2 AnzV, license applications must also be accompanied by certified photocopies of the formation documents, partnership agreement or articles of association and management’s proposed Internal Rules of Procedure. Section 25a KWG imposes special organizational requirements that institutions must meet. For example, according to section 25a (1) sentences 1 to 3 KWG, an institution must have in place suitable arrangements for managing, monitoring and controlling risks and compliance with the statutory provisions and appropriate arrangements by means of which the financial situation of the institution or group can be gauged with sufficient accuracy at all times. The bank must have a proper business organization, an appropriate internal control system and appropriate security precautions for electronic data processing (section 25a (1) sentence 3 KWG). The requirements also include, according to section 25a (1) sentence 6 no. 2 KWG, that the records of the business transactions permit full and unbroken monitoring by BaFin. Banks must also have in place safeguards to protect against money laundering and other fraudulent activities. If an institution intends to outsource operational areas to another enterprise, section 25b KWG applies. The outsourcing may impair neither the proper conduct of the business being carried on or the services being provided nor the manager’s ability to manage and monitor them nor BaFin’s right to audit and ability to monitor them. In particular, the institution must ensure by contractual means that it has the necessary powers to issue instructions to the external service provider in question and must include the outsourced areas in its internal monitoring procedures. BaFin has expanded upon the requirements of sections 25a and 25b KWG in the MaRisk.
EC9	The licensing authority reviews pro forma financial statements and projections of the proposed bank. This includes an assessment of the adequacy of the financial strength to support the proposed strategic plan as well as financial information on the principal shareholders of the bank.
Description and findings re EC9	When a license application is submitted, according to section 32 (1) sentence 2 no. 5 KWG it must include a viable business plan which, pursuant to section 14 (7) no. 1 AnzV, must set out the nature of proposed business, including well-founded details of its future development. Projected balance sheets and profit and loss accounts for the first three full financial years following commencement of operations must also be submitted. These documents form the basis for assessing the institution’s financial capacity. As evidence of the resources required to conduct business (section 32 (1) sentence 2 no. 1 KWG), according to section 14 (3) AnzV a confirmation by a deposit-taking credit institution domiciled in an EEA member state must be submitted to the effect that the initial capital has been paid up, is unencumbered by rights of third parties and is freely available to the managers. As part of licensing procedure, BaFin also obtains financial information on the bank’s principal shareholders via section 32 (1) sentence 2 no. 6 KWG.
EC10	In the case of foreign banks establishing a branch or subsidiary, before issuing a license, the host supervisor establishes that no objection (or a statement of no objection) from the home supervisor has been received. For cross-border banking operations in its country, the host supervisor determines whether the home supervisor practices global consolidated supervision.
Description and findings re EC10	Section 33 (1) sentence 1 no. 8 KWG stipulates that a license must be refused if the applicant is a subsidiary of a foreign credit institution and the foreign supervisory authority responsible for this credit institution has not given its consent to the establishment of the subsidiary. Licensing for subsidiaries (of EU or non EU institutions) is the responsibility of the ECB. According to section 53 (2a) KWG, this provision also applies to branches of an enterprise domiciled abroad. Pursuant to section 53d KWG, BaFin has to assess the appropriateness of supervision on a consolidated basis of a foreign supervisory authority of a non-EEA member state if a foreign institution wants establish a subsidiary or a branch in Germany in order to determine the adequate measures to ensure supervision on a consolidated basis according to the German standards. Authorization for branches is under the responsibility of BaFin In the case of branches of deposit taking credit institutions domiciled within the EEA plans about setting up a branch in Germany are forwarded to BaFin (and then to the ECB) by the competent authorities which can be regarded as approval (section 53b (1) KWG).
EC11	The licensing authority or supervisor has policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the license approval are being met.
Description and findings re EC11	There is no particular mention in laws or regulations of special monitoring mechanisms for new entrants. In BaFin, in the first years of their existence new institutions are subject to enhanced surveillance, and based on section 10 (3) sentence 2 no. 6 KWG, institutions are granted licenses subject to the condition that their solvency ratio should not fall below 12 percent in their first three financial years.
Assessment of Principle 5	Largely Compliant
Comments	The ECB, which is the licensing institution for new banks and for subsidiaries of foreign banks establishing in Germany, and BaFin, which is the licensing institution for branches of non-EEA banks, have available a clear set of criteria and are able to reject applications that not meet it. The analysis of all license applications takes place initially at BaFin, and only viable applications are sent to ECB as a draft decision. ECB decisions are, therefore taken on the basis of applicable German law. From the time of the start of the SSM to the time of the assessment, 9 licensing procedures for Germany had been initiated. BaFin analyses the ownership structure of applicants and assesses the suitability of shareholders through various documentation requirements. In general, financial suitability of shareholders is limited to the availability of the initial capital, the legal and regulatory framework do not foresee that an applicant can be denied for lack of financial capacity to provide additional capital, as required by EC5. Nevertheless, assessors had access to one case where a “no objection” was informed conditional to the shareholder demonstrating additional available capital for the initial three years. The assessment of the supervisory board does not play a relevant role in the licensing process; in particular, ensuring the professional qualification and collective knowledge of the supervisory board was not customarily assessed. BaFin issued in January 2016 new guidelines which emphasize the prudential importance of the professional qualification of the supervisory board. The assessors have reviewed samples of more recent licensing files at the ECB and observed there is a growing concern with the collective qualification of the board and with the availability of additional resources in the first years of the project; therefore it seems the deficiencies regarding this CP will reduce as these elements are increasingly incorporated in the routine licensing process.
Principle 6	Transfer of significant ownership. The supervisor²⁰ has the power to review, reject and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties.
Essential criteria
EC1	Laws or regulations contain clear definitions of “significant ownership” and “controlling interest.”
Description and findings re EC1	Under the KWG, a “significant holding” is a “qualifying holding” pursuant to Article 4 (1) of the CRR. Rules on significant ownerships, which third parties may hold in a given institution, i.e., relating to the controls exercised on the institution’s shareholders, are to be found, in particular, in section 1 (9), section 2c and section 44b KWG. According to section 290 of the German commercial code (HGB) a controlling interest of a parent always exists if a parent holds the majority of shareholder voting rights of another enterprise; has the right, related to another enterprise, of appointment or removal of the majority of the members of the administrative, management body or supervisory corporate body which controls the financial and business policy and simultaneously is a shareholder; has the right to exercise a controlling influence with regard to the financial and business policy by reason of a control agreement concluded with this enterprise or by reason of a provision of the statutes of this enterprise, or carries, in economic terms, the majority of risks and opportunities of an enterprise, which serves to achieve a narrowly confined and clearly defined objective of the parent (special purpose entity).
EC2	There are requirements to obtain supervisory approval or provide immediate notification of proposed changes that would result in a change in ownership, including beneficial ownership, or the exercise of voting rights over a particular threshold or change in controlling interest.
Description and findings re EC2	Section 2c of KWG transposes relevant CRD articles. CRD Article 22(8) requires ex-ante notification to BaFin and BBk and permits the supervisor to object to the acquisition. Article 22 (8) states that member states cannot impose notification or approval requirements which are more stringent than those in the CRD. Articles 22 and 25 of CRD IV address acquisitions, increases and divestitures of qualifying holdings. It is required that legal and natural persons wishing to acquire, directly or indirectly, a qualifying holding in a credit institution or to further increase, directly or indirectly, such a qualifying holding as a result of which the proportion of the voting rights or of the capital held would reach or exceed 20, 30, or 50 percent seek pre-approval from the supervisor. In determining ultimate beneficial owners (UBO), BaFin reviews ownership structure of acquirers and continues to trace until it identifies all qualifying holders. An example of a case was provided to assessors.
EC3	The supervisor has the power to reject any proposal for a change in significant ownership, including beneficial ownership, or controlling interest, or prevent the exercise of voting rights in respect of such investments to ensure that any change in significant ownership meets criteria comparable to those used for licensing banks. If the supervisor determines that the change in significant ownership was based on false information, the supervisor has the power to reject, modify or reverse the change in significant ownership.
Description and findings re EC3	Article 23(2) of CRD was transposed in Section 2c KWG and the Holder Control Regulation out the conditions under which an application may be rejected, namely if there are reasonable grounds for doing so on the basis of the criteria set out in Article 23(1) of CRD IV or if the information provided by the proposed acquirer is incomplete. The criteria are reputation, knowledge, skills and experience of senior management, financial soundness, group structure, compliance with prudential requirements, suspicion of money laundering activities or terrorist financing. Because Article 22(8) applies a maximum harmonization standard, only the criteria used in Article 23 may be used to assess a change in ownership. Hence, if the criteria used to assess an initial licensing application include elements that are not included in the standards set out in Article 23, then these additional criteria cannot be used as a basis for rejecting the proposed acquisition. Article 26(2) of CRD IV deals with the suspension of voting rights, the nullity of votes cast and the possibility of their annulment, in cases where the proposed investment was objected-to by the supervisor, as well as with the suspension of voting rights for acquirers having failed to comply with the notification requirements. An example of a case was provided where a significant holding was acquired without ex-ante notification. The acquirer was asked to submit the information required for review and when the acquisition was objected-to by BaFin, the shares were placed in a trust and the exercise of the voting rights was suspended. The shares were sold by the acquirer. In another case a proposed manager board member was initially rejected due to failure to report sanctioning by Bank of Italy in a prior position. The information was not disclosed in the application but was flagged upon review by ECB supervisory board. Ultimately he was approved due to expiration of the statute of limitations in Germany (five years) for the type of action taken by Bank of Italy. And the infraction was not considered significant by BaFin after discussing with Bank of Italy. Article 66(1) of CRD IV stipulates that Member States shall ensure that their laws, regulations and administrative provisions provide for administrative penalties and other administrative measures at least in respect of, inter alia, the acquisition, directly or indirectly, of a qualifying holding in a credit institution or a further increase, directly or indirectly, of such a qualifying holding as a result of which the proportion of the voting rights or of the capital held would reach or exceed the thresholds referred to in Article 22(1) of CRD IV or so that the credit institution would become its subsidiary, without notifying in writing the competent authorities of the credit institution in which they are seeking to acquire or increase a qualifying holding, during the assessment period, or against the opposition of the competent authorities, in breach of Article 22(1). The sanctions for such breach are described in Article 66(2) and include possible pecuniary penalties, order to cease the conduct and desist, suspension of voting rights. (See EC 5).
EC4	The supervisor obtains from banks, through periodic reporting or on-site examinations, the names and holdings of all significant shareholders or those that exert controlling influence, including the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership.
Description and findings re EC4	According to section 24 (1) no. 10 and (3c) KWG an institution is obliged to notify the competent authority (BaFin or ECB) and Bundesbank (and BaFin if the competent authority is the ECB) about the acquisition or disposal of a significant ownership in its own institution, the reaching, exceeding or falling below the thresholds for significant ownerships of 20 percent, 30 percent and 50 percent of the voting rights or capital, and the fact that the institution becomes or ceases to be the subsidiary of another undertaking, as soon as the forthcoming change in these participatory relationships comes to its attention. On an annual basis, institutions have to provide the name and address of any holder of a significant ownership in the reporting institution and in subordinated enterprises according to section 10a KWG that are domiciled abroad, as well as the amounts of these participating interests (section 24 (1a) no. 3 KWG). Section 44b (1) sentence 1 KWG in conjunction with section 44 (1) sentence 1 KWG stipulates that the proposed acquirer is obliged to provide information and present documentation to BaFin and Bundesbank and ECB on their request to supplement the information originally provided.
EC5	The supervisor has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisor.
Description and findings re EC5	BaFin has the power to nullify the acquisition by transferring the voting rights to a trustee according to section 2c (2) KWG. BaFin may commission the trustee to sell the shares insofar as they establish a significant ownership if the holder of the significant ownership does not provide BaFin with proof of a trustworthy buyer within an appropriate deadline set by BaFin (section 2c (2) sentences 1 to 3 KWG). Example of a relevant case was discussed with the mission.
EC6	Laws or regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest.
Description and findings re EC6	CRD IV remains silent on this issue. Article 22(8) deals with acquisitions and does not address on-going notification requirements applicable to all shareholders. At the country level, there are no specific laws or regulations stipulating that institutions must notify BaFin of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest. However, according to section 29 (3) sentence 1 KWG the external auditor has to inform BaFin and Bundesbank immediately about facts he learns in the course of his audit, which warrant the assumption that a holder of a significant ownership in an institution is not trustworthy.
Assessment of principle 6	Compliant
Comments	There is no requirement for the bank to notify the supervisor when they become aware of events that may cause a significant shareholder to no longer be fit-and-proper. However, the annual external audit reviews trustworthiness and a report to regulator is required on fit-and-proper deficiencies. Detailed fit-and-proper requirements have been issued in early 2016. Issues concerning this issue are incorporated into CP 5 rating.
Principle 7	Major acquisitions. The supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision.
Essential criteria
EC1	Laws or regulations clearly define: (a) what types and amounts (absolute and/or in relation to a bank’s capital) of acquisitions and investments need prior supervisory approval; and (b) cases for which notification after the acquisition or investment is sufficient. Such cases are primarily activities closely related to banking and where the investment is small relative to the bank’s capital.
Description and findings re EC1	The acquisition of a non-EU bank is not covered by the CRR or CRD. However, when German law provides for specific criteria or diligence requirements which are applicable in case of acquisitions by German banks, and if the acquiring banking group is a SI, the ECB may instruct BaFin to enforce such national requirements (Article 9(1) 3rd subparagraph of SSMR, e.g., section 12a KWG). The term institution covers credit and financial service institutions. The KWG contains no rule requiring a German credit institution to obtain prior approval of the competent authority (BaFin or ECB) before making acquisitions or investments. Section 24 (1) no. 13 KWG, however, requires institutions to notify the competent authority and Bundesbank immediately after the acquisition of a significant ownership in another enterprise or if the amount of such a significant ownership changes or if it has been disposed. Acquisitions or investments other than significant ownerships in institutions do not normally need to be specifically notified. BaFin and ECB will be informed through the audits of the annual accounts or its own special audits. Only in cases where the institution acquires a significant ownership in another German regulated entity, there is a requirement to notify BaFin and Bundesbank in advance. In these cases, the institution has to wait and see whether the competent supervisor or in the case of a SI ECB prohibits the acquisition within the timeframe set out in section 2c KWG, as the German transposition of Articles 22-27 of CRD IV before it can proceed. Even if there is no prior approval requirement ECB may withdraw the license pursuant to section 35 para 2 no. 3 in conjunction with section 33 para 2 KWG if—due to the acquisitions—the resulting corporate affiliations or structures hinders effective supervision. As stated above, in general there is no obligation for prior approval by the competent authority for major acquisitions or investments under German banking law, except for the acquisition of a significant ownership in a regulated entity. However, there are several provisions which ensure notification of the competent authority and the Bundesbank after such acquisitions or investments and which set limitations for such acquisitions or investments. Section 24 (1) no. 13 KWG requires institutions to notify the competent authority and Bundesbank immediately after the acquisition of a participating interest in another enterprise or if the amount of such a participating interest changes or if it has been disposed. In accordance with Article 89 (3) CRR, BaFin has decided by general decree in March 2013 that in cases of an acquisitions by a bank in an undertaking outside the financial sector for the purpose of calculating the capital requirements institutions have to apply a risk weight of 1,250 percent to the greater of either the amount of such significant ownerships in excess of 15 percent of the eligible capital of the institution or the total amount of such significant ownerships that combined exceed 60 percent of the eligible capital of the institution. According to section 12a (1) sentence 3 KWG, the institution, financial holding company or mixed financial holding company must notify BaFin and Bundesbank of the establishment, modification or discontinuation of a significant ownership or of corporate ties. This applies, however, only to acquisitions and ties with companies whose head office is located abroad and which become subordinated enterprises and hence part of the consolidated banking group, e.g., for the purposes of calculating capital adequacy or regarding the observance of large exposure limits.
EC2	Laws or regulations provide criteria by which to judge individual proposals
Description and findings re EC2	The acquisition of participating interest in other enterprises does not require a supervisory approval; the KWG does not contain any criteria for judging the individual proposals. Section 2c KWG sets out criteria for the prohibition of the acquisition of significant ownerships in an institution.
EC3	Consistent with the licensing requirements, among the objective criteria used by the supervisor there is that any new acquisitions and investments do not expose the bank to undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.²¹ The supervisor can prohibit banks from making major acquisitions/investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows deemed necessary for adequate consolidated supervision. The supervisor takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis.
Description and findings re EC3	Regarding investments in institutions, section 2c KWG allows supervisor to prohibit the acquisition of a significant ownership if it would create non-transparent structures and thus impede effective supervision. The provision applies, however, only to acquisitions in institutions domiciled in Germany and not on cross-border acquisitions by German institutions. Regarding investments in non-financial institutions, neither KWG nor CRR grant the competent authority the power to prohibit new acquisitions or investments by an institution as mentioned above.
EC4	The supervisor determines that the bank has, from the outset, adequate financial, managerial and organizational resources to handle the acquisition/investment.
Description and findings re EC4	As there are strict rules to cover risks with liable capital if the limits according to Article 89 of CRR are exceeded, a participating interest can only be acquired by institutions which have enough capital to cover this risk. In addition, section 25a KWG requires institutions to have an organizational structure and risk management adequate to its size, complexity and business structure on a single entity basis and on a group-wide basis. Any short comings can be adequately addressed (see previous EC).
EC5	The supervisor is aware of the risks that non-banking activities can pose to a banking group and has the means to take action to mitigate those risks. The supervisor considers the ability of the bank to manage these risks prior to permitting investment in non-banking activities.
Description and findings re EC5	Due to the compulsory notification of the acquisition of a participating interest in another enterprise (section 24 (1) no. 13 KWG) immediately after the acquisition, the competent authority (BaFin or ECB) is able to discuss the acquisition with the institution when considering the acquisition as problematic. However, there is no general legal possibility to prohibit the participation.
AC1	The supervisor reviews major acquisitions or investments by other entities in the banking group to determine that these do not expose the bank to any undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.²² Where necessary, the supervisor is able to effectively address the risks to the bank arising from such acquisitions or investments.
Description and findings re AC1	Section 24 (1) no. 13 KWG requires institutions to notify the competent authority (BaFin or ECB) and Bundesbank immediately after the acquisition of a participating interest in another enterprise or if the amount of such a participating interest changes or if it has been disposed. This requirement applies for direct participating interests as well as for indirect participating interests. According to section 25a KWG institutions are required to have an organizational structure and risk management adequate to its size, complexity and business structure on a single entity basis and on a group-wide basis. BaFin may take measures to ensure the integration in the risk management system (section 25a (2) sentence 2 KWG) to ensure the reduction of risks (section 45b KWG) or to stipulate higher capital charges (section 10 (3) No. 10 KWG).
Assessment of Principle 7	Materially Noncompliant
Comments	There is no need for prior supervisor approval of significant investments, other than investments in other German supervised institutions (significant holdings regime). This may create situations where acquisitions occur that increase the risk to the banking group due to financial products that exceed the bank’s risk appetite or managing ability having a negative impact for the group that greatly exceeds the size of the investment. While the regulator may be able to force the bank to unwind the investment, it is more prudent to ex-ante discuss the investment. For acquisition of EU banks, CP6 applies, that is, acquisition of a qualifying share in a bank is governed solely by requirements surrounding the change of shareholding of the target, therefore there is nothing in place to ensure that the relevant supervisor(s) (it may or may not be the same NCA for the target and acquirer) to consider whether the acquiring bank is capable of managing the absorption of the target. Even though the NCA responsible for the target undertaking will take a view on the suitability of the acquirer, this does not necessarily encompass a clear consideration of whether the acquirer has the capacity to manage and absorb the target. It is more likely that a careful consideration, from both sides of the transactions, will take place when the same authority is responsible for supervising both target and acquirer but it is not guaranteed in law. Investment by a bank in an undertaking outside the financial sector (in this case, financial sector includes activities ancillary to banking, and leasing, factoring, managing of trusts, and data processing) are governed, both in respect of type and amount, by Articles 89 to 91 of CRR. Neither approval nor pre-notification is required. The acquisition of a non-EU bank is not covered by the CRR or CRD or German law (except for the notification under art 24(1) of 13 KWG). For the acquisition of non-banks (in the EU or outside the EU except for other supervised German entities of the financial sector such as insurance companies), there is no requirement for authorization, or approval but for notification starting from a 10 percent threshold. At EU level, for acquisition of non-banks within the thresholds or above the thresholds, as long as the RW/deduction is observed, there are no criteria or requirement or risk assessment by the supervisor prior to the acquisition. There is no requirement of risk assessment at EU level for acquisition on non-EU banks.
Principle 8	Supervisory approach. An effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become non-viable.
Essential criteria
EC1	The supervisor uses a methodology for determining and assessing on an ongoing basis the nature, impact and scope of the risks: (a) which banks or banking groups are exposed to, including risks posed by entities in the wider group; and (b) which banks or banking groups present to the safety and soundness of the banking system The methodology addresses, among other things, the business focus, group structure, risk profile, internal control environment and the resolvability of banks, and permits relevant comparisons between banks. The frequency and intensity of supervision of banks and banking groups reflect the outcome of this analysis.
Description and findings re EC1	The main tool for assessing on an ongoing basis the nature, impact and scope of risks for German SIs is the SREP. The ECB as the competent authority for SIs is required to carry out a SREP and to take decisions for SIs. Within a group, this applies at the consolidated, sub-consolidated and single-entity levels unless an entity has been waived from supervision on an individual basis in accordance with Articles 7, 8, 10 of the CRR. In the case of a financial conglomerate, the SREP decisions also needs to take into account the outcome of the supplementary supervision as required by FICOD (see also CP12 for discussion of consolidated supervision and the responsibilities for consolidated supervision and supervision for individual entities, material entities and sub-consolidations between the wider group). The SSM SREP is a harmonized methodology developed along the lines of the EBA GL on SREP (Guideline on common procedures and methodologies for the supervisory review and evaluation process (EBA/GL/2014/13)). According to the framework, it is applied in a proportionate manner to institutions depending on the nature, scale, and complexity of their activities, and, when relevant, on their situation within a group, its overseas and interbank ties, its significance for the overall market or a relevant sub-segment of the market, and the institution’s overall risk situation, taking into account all relevant risks, its risk management processes and its capital and liquidity. The SREP methodology as applied to SIs relies on quantitative and qualitative analysis. It combines data and expert judgment following a principle of “constrained judgment”. The assessment of the risks which banks or banking groups present to the safety and soundness of the banking system is based on the clusters used by the JST to identify banks’ riskiness. The SREP framework is built around four key analytical modules: Business model analysis; Assessment of internal governance and institution-wide control arrangements; Assessment of risks to capital and adequacy of capital to cover these risks; and Assessment of risks to liquidity and adequacy of liquidity resources to cover these risks. The assessments performed for the four elements result in an overall SREP assessment, which underpins a wide range of possible supervisory actions, including the decisions on the institution’s capital (Pillar 2) or liquidity adequacy or other qualitative or quantitative measures. Regular monitoring of key indicators is used to identify material changes in the risk profile of an institution. The indicators are derived from ITS reporting based off FinRep and CoRep templates and Short Term Data exercises (STEs). Risk indicators are generated from the ITS and STE data and used on the SREP assessment. STE data exercises are used to complement COREP data for special purpose analytical processes. In addition to the risk indicators, JST members perform periodic analysis based on data reported. Assessors saw examples of two ongoing monitoring reports on credit risk and operational risk. Both examples demonstrated a forward looking analysis of risk that prompted follow-up with the institution. According to the framework, changes in risk profile should be reflected in the ratings methodology prescribed by the SREP framework scored on a scale of 1–4 (1 equating to ‘no discernible risk’ and 4 ‘high risk’) and one negative grade (F) for an institution that is failing or likely to fail (within the meaning of Article 32 BRRD. To assist with the scoring process, the SREP guidelines contain detailed descriptions to help with the assignment of a rating which is considered better practice and helps to achieve consistency of risk profiling. Although the newness of the SREP framework and that the JST has only had one cycle of conducting the SREP consistency of ratings has been enhanced to the extensive horizontal analysis carried out. The ECB is working hard to ensure consistency through training, etc. The frequency and intensity of supervisory activities is determined in large part by the outcome of the supervisory risk assessment including the risk assessment (RAS) and the SREP. SIs are assigned a minimum engagement level (MEL) and a supervisory examination program (SEP). The MEL prescribes the engagement with the SI (e.g., meetings, etc.) to be performed during the supervisory cycle whereas the SEP is a plan of on-site examinations for the next 12 months. Each of the four elements of the SREP are assigned a rating as well as an overall SREP score which underpins a wide range of possible supervisory actions, including the decisions on the institution’s capital or liquidity adequacy or other qualitative or quantitative measures. In addition to the SREP rating, the other key driver of supervisory activities is the strategic priorities of the ECB which are applied to all SIs directly supervised by the ECB. In this way the SEP for German SIs achieve a bottom up and top down approach to risk identification and analysis. Assessors saw evidence of a direct link between off-site supervision and follow up with the institution reflected in the SEP. There was less evidence to demonstrate that the SREP score had been adjusted during the supervisory cycle to reflect results of supervisory activity. From an operational perspective, a risk assessment system (RAS) supports JST’s day to day supervisory work. It is used for evaluating banks’ risk levels and controls, their business model, their internal governance, their capital adequacy and their liquidity adequacy on an ongoing basis. The assessment of an institution’s capital and liquidity needs is based on the outcome of the ongoing RAS, supplemented with a periodic more comprehensive review of the institution’s capital and liquid positions, in the light of the latter’s own assessments (ICAAP/ILAAP) taking into account normal and stressed conditions. According to the framework, new information is updated in the RAS and documented in the information management system (IMAS) on an ongoing basis. However, at least one a year, a SREP decision is undertaken. At the core of the SREP, the review and evaluation process has ten modules, including: Categorization of the institution and period review of this categorization Monitoring of key indicators Business model analysis Assessment of internal governance and institution-wide controls Assessment of risks to capital Assessment of risks to liquidity and funding Assessment of the adequacy of own funds Assessment of the institutions liquidity resources The overall SREP assessment Supervisory measures The SREP methodology includes instructions for the assessment of group-wide risks. Specifically, at the consolidated level, NCA should assess organizational and legal structure, effectiveness of group-wide MI, group RAS and effectiveness of group-wide risk management frameworks. The guidance for the JST to make this assessment is EBA ITS on joint decision on institution specific prudential requirements (EBA/ITS/2013/06). At the time of the field mission, the SREP methodology was in the process of being applied to material entities. While there was a sound knowledge of group-wide risks and frameworks a formal SREP for material entities within the group had not been consistently conducted for German SIs. Supervisors were well aware of the need for this approach and had included this in their plans for 2016. For the LSI sector, the risk assessment methodology is shared between the ECB (through the SSM), BaFin and the BBk. The ECB carries out its oversight tasks in line with Article 6 SSM Regulation and Part VII of the SSM Framework Regulation, following a proportionate, risk-based approach. Direct supervision of LSIs is conducted jointly by BaFin and BBk with periodic reporting to the ECB (through DGIII). BaFin and BBk apply established methodologies to identify and assess the risk profile of banks. Commencing in 2016, the BBk and BaFin will implement the SREP as part of their supervision framework based on the EBA SREP guideline. Discussions with BBk and BaFin confirmed that preparations had commenced to begin the process. BaFin and BBk will conduct the SREP jointly. Cooperation between the two institutions is governed by section 7 KWG. The Supervisory Guideline (Aufsichtsrichtlinie zur Durchführung und Qualitätssicherung der laufenden Überwachung der Kredit- und Finanzdienstleistungsinstitute durch die Deutsche BBk) specifies the cooperation between BaFin and BBk. Under the basic division of labor in the context of SREP, BBk is responsible for the ongoing monitoring of credit institutions and prepares at least once a year a bank-by-bank risk assessment (“risk profile”) incorporating the results and evaluations from ongoing monitoring as well as from on-site-inspections. BBk also suggests supervisory measures based on the assessment and based upon this BaFin decides on the finalization of the risk profile as well as on final sovereign supervisory measures accordingly. The supervisory process follows a cyclical pattern, the result of which is an annual risk assessment for each LSI. Nevertheless, the individual risk assessment can always be adjusted during the year if this is deemed necessary due to new information. Corresponding to the length of the supervisory process, supervisory planning is coordinated annually between ECB, BaFin and BBk. However, this involves only a rough plan of the following year’s supervisory activities, which can be adapted at any time to take new information into account. The overall risk assessment is based on (i) the evaluation and assessment of the institutions’ risks, (ii) on how an institution’s risk situation is internally assessed, and (iii) on its importance for financial stability. The risk profile forms the basis for deciding whether or not to take supervisory measures or implement any other of the responses available to BaFin and ECB. The supervisory planning process conducted on the basis of the risk profiles encompasses not only supervisors’ inspections but also meetings with the senior management, prioritizing the evaluation of external audit reports and, if necessary, setting audit priorities pursuant to section 30 KWG. Two features allow the risk profile to be a decisive instrument in planning and conducting supervisory measures: First, the risk matrix helps supervisors to deploy their resources efficiently and in a risk-oriented manner by helping to identify those institutions which, owing to their risk profile classification, represent a heightened risk to the stability of the financial sector (principle of proportionality). Second, risk profiling reveals those areas of institutions where weaknesses have either come to light or which cannot be judged owing to a lack of information. In both cases, the risk profiles show supervisors the areas to be specifically targeted for their actions. Intensive supervision, which consumes additional resources, is applied to institutions owing to their individual risk situation or where the type and scope of their business activities is relevant to the stability of the financial system. With the introduction of the SREP framework for LSIs, the assessment of ICAAP and governance will be structured according to the EBA guidelines. In the past, the ICAAP assessment had been conducted annually and is a well-established process. A new feature, however, will be the Pillar 2 decision at the end of the process. As before, meetings with the management Board will take place to discuss the results of the ICAAP assessment and other key risk issues. Assessors reviewed several example files of ICAAP assessments and results of the annual meeting with the management board which was demonstrated to be an effective process. The ongoing process of monitoring LSIs’ risk profile and risk to the banking system should place greater emphasis on verification of compliance with risk management and assessment of risk management. Currently, there is a reliance placed on results from the external audit report as opposed to first-hand verification by the BBk to make an assessment of a bank’s risk profile and risk to the banking system. Greater emphasis on first-hand verification will allow the supervisor an opportunity to detect emerging risks earlier and to make more accurate assessments of risk profile.
EC2	The supervisor has processes to understand the risk profile of banks and banking groups and employs a well-defined methodology to establish a forward-looking view of the profile. The nature of the supervisory work on each bank is based on the results of this analysis.
Description and findings re EC2	See also EC1. The EBA SREP guidelines establish a framework to assess the risk profile of banks and banking groups. The guideline is based on a forward-looking view of risk with a focus on business model analysis and strategy. The RAS framework includes key risk indicators which are submitted by banks on a quarterly basis and are intended to input into the overall assessment of risk and annual SREP. The ECB’s supervisory process starts with the planning of the regular supervisory activities, which are laid down in the SEP. The SEP covers the tasks and activities related to ongoing supervision and on-site missions, in line with available resources. Ongoing supervision can entail a range of potential activities aimed at checking compliance with prudential regulation and assessing the overall risk profile. For SIs, these tasks fall under the responsibility of the JSTs. In addition to ongoing supervision, it may be necessary to conduct in-depth reviews on certain topics by having a dedicated on-site mission (inspection or internal model investigation). The on-site inspections are typically carried out by an inspection team, which – while organizationally independent – works in close cooperation with the JST (see also EC9). On-site activities will typically result in supervisory measures (e.g., recommendations, requirements, decisions) aimed at the supervised credit institution. Final decisions are taken at the level of the Supervisory Board and the Governing Council. Supervisory activities and decisions are typically followed by a number of routine steps including communication to the credit institution, the hearing of the credit institution, the monitoring of compliance and, if necessary, enforcement and sanctioning. See below as a general overview of the process: The systemic importance of institutions is taken into account via a clustering approach which feeds into the MELs. According to the SSM framework, supervision ought to be risk-based and proportionate. This leads to different intensity and frequency of supervisory work for different institutions. At the same time, there is a need to ensure that a common set of core supervisory activities is systematically performed for any given SI. To achieve this goal and harmonize supervision across SIs, the Supervisory Priorities are translated into practical and simple guidelines addressed to JSTs in the form of MELs and are expressed in terms of activities, frequency and intensity. They take into account systemic impact of SIs and assessment of risks. They define the basic level of supervisory activity beyond which JSTs are expected to carry out additional activities in accordance with the principle of proportionality. Four categories of minimum engagement levels are defined: basic, standard, enhanced and intense. For each risk category, the MEL is driven by two inputs: the cluster of the SI and the score that has been assigned to the SI for a given risk category. The following matrix²³ is used to determine the MEL for each RAS category – see below. Through the segmentation in clusters, the impact of each SI on financial stability is taken into account. The biggest and most complex banks are in cluster 1, while the smallest and less complex banks are in cluster 5. MELs are implemented by individual risk category and the overall risk profile, which encompasses activities beyond one single risk category, such as meetings with the CEO. A set of supervisory activities has been defined for each risk category and classified in three broad categories: regular, thematic and additional. Regular activities refer to core supervisory activities that have to be performed every year irrespective of the economic environment. Thematic activities reflect specific focus areas of the Supervisory Priorities for a given year. Regular and thematic activities form the minimum set of activities to be performed by the SEP for each SI. Their proposed frequency varies according to the minimum engagement level. For instance, if the level of engagement for credit risk is intense for an SI, then the JST in charge should produce at least quarterly a monitoring report on credit risk. Activities deemed as additional are not included in minimum engagement levels. JSTs have discretion to decide on their frequency based on the institution’s risk profile. For SIs, the SREP assesses an institution’s viability at a 12-month horizon, in the medium term (3 to 5 years), and over the cycle. To do so, the ECB relies on a wide range of backward and forward-looking, quantitative and qualitative information, such as e.g., stress testing. From an operational perspective, the RAS supports JST’s day to day supervisory work. It is used for evaluating banks’ risk levels and controls, their business model, their internal governance, their capital adequacy and their liquidity adequacy on an ongoing basis. The assessment of an institution’s capital and liquidity needs is based on the outcome of the ongoing RAS, supplemented with a periodic more comprehensive review of the institution’s capital and liquid positions, in the light of the latter’s own assessments (ICAAP/ILAAP) taking into account normal and stressed conditions. To that purpose, supervisors challenge the ICAAP/ILAAP of the bank based on its own quantification (supervisory “proxies”) as well as supervisory stress tests (such as those conducted by the EBA or ECB’s comprehensive assessments). These various dimensions provide supervisors with both a static and forward-looking perspective on the bank. According to the framework, SIs regularly submit supervisory data (mainly FINREP and COREP). The data is compiled and will generate risk indicators. There is scope to increase the analysis of this data and to use the outputs of the analysis in the ongoing assessment of a bank’s business model. For example, comparisons of trends against business plans and against peer group data. Analysis of data should be strengthened with the development of a broader suite of peer group benchmarks which would allow JSTs to compare and contrast financial results against industry benchmarks and competitors. To date, the development and application of peer group benchmarks is a work in progress. JST staff confirmed that the development of this data will help understand the risk profile of banks and emerging risks. The on-going supervision that is conducted by the JST and supported by the ECB and NCAs’ horizontal divisions. With regard to providing a forward-looking assessment of an institution’s capital positions, the supervisor relies on an institution’s internal stress test, on the supervisor’s micro stress and sensitivity analysis, and on system-wide supervisory stress-tests when available. With respect to LSIs, the oversight activities focus especially on riskier and larger LSIs, while sectoral oversight captures the interconnections within the German LSI sector. The planning process for SIs and LSIs is a shared activity broadly structured along the three stages: (i) the individual risk profile, (ii) the importance of the institution for the stability of the financial markets, and (iii) the anticipated urgency of the need for individual cases to be dealt with. During the stage of strategic planning, BaFin and BBk jointly set up a supervisory strategy. The supervisory strategy defines those central risk areas that will form the focal point of supervision in the subsequent calendar year and is one of two central input factors for the further planning process. The other one is the individual risk profile of an institution (national RAS/SREP) that takes into account both the risk situation and the impact of a potential failure of a given institution. The subsequent operational planning is performed on an institution-specific level. The operational supervisory plans comprise a set of on- and off-site supervisory tools for the following year and together with the supervisory strategy form the overall supervisory plan for the respective institution. However, both the supervisory strategy as well as the institution specific plans are designed to allow enough flexibility to adapt to current developments and unexpected events (e.g., changes in the market environment or new regulatory requirements as well as potential unexpected individual incidents). On-site inspections are planned jointly by BaFin and BBk for the year ahead. The intensity of on-site inspections is also characterized by a risk-oriented approach, i.e. it depends on the size of the institution and on the nature, scale, complexity and risks of its business activities and follows the principle of proportionality. The intensity of on-site inspections is reflected in the frequency, duration, expertise and headcount of inspectors as well. On-site inspections are generally conducted by BBk and can focus on any of the risk management requirements that are laid down in Minimum requirements for risk management (Mindestanforderungen an das Risikomanagement - MaRisk), on the approval of internal models or on special topics as well (e.g., remuneration systems). External auditors carry out inspections that are not carried out by the BBk (e.g., due to capacity constraints or because of their specific nature). This particularly related to impairment reviews in the past. In the case of SIs in the sense of SSM-Regulation, on-site inspections are generally carried out at least once (up to several inspections) a year, for LSIs on-site inspections are subject to a minimum frequency of every 3 to 12 years. While the 12-year frequency for on-site inspections is only applied to a limited number of small/low risk LSIs, the length of time between on-site examinations is too long and should be reduced, notwithstanding the work conducted by the external auditor and the annual meeting with senior management (see also EC9 for a fuller discussion). The JST typically meets with management periodically as a way to keep apprised of development. Similarly, the BBk and BaFin meet at least annually with LSIs in a formal setting to discuss the risk profile, business strategy, new developments and supervisory concerns. Assessors confirmed this process to be working effectively.
EC3	The supervisor assesses banks’ and banking groups’ compliance with prudential regulations and other legal requirements.
Description and findings re EC3	In accordance with Article 4(1)(d) of the SSM Regulation, the ECB has to ensure that banks comply with the relevant Union law which impose requirements on credit institutions to have in place robust governance arrangements, including the fit-and-proper requirements for the persons responsible for the management of credit institutions, risk management processes, internal control mechanisms, remuneration policies and practices and effective internal capital adequacy assessment processes, including Internal Ratings Based models. According to the framework, the assessment of banks’ and banking groups’ compliance with prudential regulations and other legal requirements is made on a regular basis in the context of the SREP. In practice, the JST is engaging with SIs on an ongoing basis through regular meetings, on-site examinations, thematic reviews and through the receipt of information sources such as internal and external audit reports. Assessors saw evidence across a number of banks where the engagement with institutions at all layers of management, at the business unit level as well as risk and senior management took place. There was evidence to support strong engagement with banks during these meetings. For those LSIs that are small and with a low risk profile (measured by the RAS), the testing and verification for compliance with the regulations (MaRisk) is undertaken proportionally and on a cycle of approximately 5 - 10/12 years. For the larger more complex LSIs and, especially those with a higher risk profile, the frequency of testing and verification of compliance with regulations is intended to be conducted at least annually for a specific risk type (such as credit risk, market risk, liquidity, etc.). A key input into the assessment of compliance with MaRisk for LSIs is the annual external audit report which is submitted in parts over a period from January to late Spring (and consists of several volumes for the larger SIs).
EC4	The supervisor takes the macroeconomic environment into account in its risk assessment of banks and banking groups. The supervisor also takes into account cross-sectoral developments, for example in non-bank financial institutions, through frequent contact with their regulators.
Description and findings re EC4	For SIs Article 97 of CRD IV requires the competent authorities to evaluate the risks institutions are or might be exposed to, risks that an institution poses to the financial system, and risks revealed by stress-testing taking into account the nature, scale, and complexity of an institution’s activities. An institution’s internal arrangements are reviewed as part of the SREP and consist importantly of the ICAAP and the ILAAP. As part of the SREP, the JST analyzes results of a baseline scenario and a stressed scenario, which produce projections of its main balance sheet, profit and loss, and off-balance sheet items in view of the institution’s strategic plan, including the capitalized profit, dividends, share issues, subordinated capital issues, and capital charges in line with the expected business growth, changes in the Pillar 1 risk profile, other risks assessed in the ICAAP, regulatory changes, one-off transactions, etc. According to the framework, stress tests should be conducted as part of the ICAAP to identify those events or changes in the market conditions in which institutions operate that may adversely affect their future solvency. At least one comprehensive adverse scenario, reflecting severe but plausible adverse developments of the institution’s operating conditions should be used for capital planning. The assessment is intended to go deep into the underlying assumptions and the adequacy of the translation of these assumptions into stressed capital and risk projections over at least the upcoming 3 years. Furthermore, any embedded management actions should be scrutinized. The JST made an assessment of assumptions of the macro-economy in the process such as GDP, system credit growth, loan growth, asset quality etc. For example, assumptions included on economic growth, credit growth and profitability have an important impact on internal capital generation estimates and are explored and challenged by the JST with the SI. Moreover, the inclusion of strategic plans and macroeconomic conditions in business model analysis allow for the risk assessment by NCAs to include the broader macroeconomic environment in the assessment. Phase 3 of the RAS, for a given risk category - and for each of the related risk subcategories - JSTs consider (external) micro and macro risks. These risks generally affect multiple institutions and they are assessed in a forward-looking manner. Therefore, RAS Risk Level Phase 3 is the obvious place in the process to include macro-prudential factors as one of the components for the risk assessment of individual institutions. In addition to systemic risks, such assessment would also take into account in a forward-looking manner other risks related to a bank’s operating environment, such as, for example, sectoral risks, conduct risk or cybercrime. Macro factors are taken into account in accordance with the RAS structure which is grouped by risk categories (e.g., credit, market, operational, IRRBB, liquidity). If possible, the macro risks are also classified according to the sub-categories included in the RAS (credit risk currently includes the for example sub-categories non-financial institutions, country risk, and foreign exchange lending). In addition, there are risks that reflect another dimension: global/European (risks that could affect all banks and do not stem from a specific country or sector, e.g., cybercrime or reversal of the search for yield), cross-border sectoral (risk stemming from a specific sector, e.g., credit risk stemming from the global shipping sector), domestic country-wide (non-sectoral risks specific to a country, e.g., a credit-rating downgrade of the government of country Y) or domestic sectoral (sectoral risk in one country, e.g., deteriorating SME loans in country X). In the case of country and/or sector specific risks, JSTs need only assess those risks where the supervised bank has significant exposures. The Risk Analysis Division within the SSM is responsible for taking into account cross-sectoral developments through quantitative impact studies (that are not covered by the Methodology and Standards Development Division) and cross-sectional analysis of results, and institution-specific quantitative impact analysis of the macro-prudential policies that use micro-prudential instruments (which is generally the case). The Risk Analysis Division and the macro-prudential function cooperate closely by exchanging views on risks and vulnerabilities e.g., in regular meetings. The ECB has also established cooperation arrangements with other regulators—insurance and market regulators—to this regard please also refer to BCP 3. In terms of LSIs, the more tactical and cross-sectoral aspects of the coordination are considered in the BaFin Risk Committee (BaFin Risikokomitee), established in 2013. This Risk Committee addresses risks arising from a cross-sectoral perspective – both on a micro- and a macro-level and is responsible for connecting micro- and macro-supervision. Besides the banking supervision from BaFin and BBk, also the BaFin insurance as well as the BaFin securities supervision are represented in the BaFin Risk Committee). The BaFin Risk Committee also meets at least quarterly. In order to identify and analyze risks on the macro-level and to develop measures to deal with the risks BBk set up a separate financial stability department. This department monitors and encompasses both international and cross-sectoral aspects and is – together with banking supervision department – observer in the BaFin Risk Committee. The analyses of the Financial Stability Department, prepared in cooperation with BaFin, are basis for the discussions in the Financial Stability Committee (AFS). Finally, the representatives of the banking supervision of BaFin and BBk meet quarterly in the Committee on Ongoing Monitoring which is specifically concerned with aggregating macro-risk arising at the micro-level of banking supervision. Furthermore, the secretariat of the Committee on Ongoing Monitoring aggregates, evaluates, and analyses these risks on a regular basis. This Committee plays a key role in the aggregation of risk analysis at the overall system level as a way to help identify systemic risks and supervision priorities for all German banks. Currently the main priority areas include pressures on banks’ business models due to the low interest rate environment, strained earnings potential to internally generate capital and cyber resiliency. Assessors were able to verify that the outputs from this Committee are translated into supervisory actions and adjustment of the supervisory stance. For example, thematic reviews of IRRBB had been performed given many banks exposure to low rates and the impact on capital and earnings, data collections, and stress testing.
EC5	The supervisor, in conjunction with other relevant authorities, identifies, monitors and assesses the build-up of risks, trends and concentrations within and across the banking system as a whole. This includes, among other things, banks’ problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs). The supervisor incorporates this analysis into its assessment of banks and banking groups and addresses proactively any serious threat to the stability of the banking system. The supervisor communicates any significant trends or emerging risks identified to banks and to other relevant authorities with responsibilities for financial system stability.
Description and findings re EC5	In regards to the identification of systemic risk through the supervisory review process, Articles 64, 102, and 104 of the CRD provide the basis for relevant problems in banks and banking groups to be acted upon in a timely manner. Specifically, Article 64 provides for the powers to intervene in the activity of an institution. The framework for SIs obliges measures to be taken “at an early stage” to address relevant problems within an institution. Article 104 lists the exercise of relevant powers, including: hold additional own funds; compliance plans; application of specific provisioning; to limit types of business; require a reduction in risk inherent in activities; limit variable remuneration; allocate net profits to build capital buffers; prohibit interest payments to shareholders; impose more frequent reporting; hold additional liquidity; and require additional disclosures. The SREP process is crucial to identify common trends likely to affect all or part of German banks. In relation to German SIs, the process to identify risks is a combination of bottom up analysis of individual banks and strategic priorities across the ECB’s mandate. Moreover, in order to ensure consistency and identify common trends, horizontal analysis is integral to the SSM SREP methodology. These horizontal analyses are performed by the SSM’s horizontal function. Their results are communicated to the Supervisory Board which takes them into account in making final SREP decisions. The role of specialist teams (DGIV) which have the opportunity of seeing risks across large banks throughout in the system allows a cross-cutting identification and assessment of risks. The cooperation between the JSTs and the risk specialist departments is an effective mechanism to help identify the potential build-up of risks across the system. Assessors saw evidence that this process was working well. For example, thematic risk reviews have been conducted which focus on topics such as risks from the low interest rate environment, corporate governance and deterioration in asset classes, e.g., shipping. With respect to risks to financial stability detected through the supervisory review process, it is the role of the ESRB for the macro-prudential oversight of the financial system within the Union in order to contribute to the prevention or mitigation of systemic risks to financial stability in the Union that arise from developments within the financial system and taking into account macro-economic developments, so as to avoid periods of widespread financial distress. Only the ESRB has the power to issue recommendations. Internal committees of each the German authorities are established to assess risks relevant for the banking system as a whole. These groups are also in place to address these risks proactively and to communicate them. At the individual bank level, the risk profile comprises an evaluation of all risks relevant for an institution, its organization and internal control procedures and its risk-bearing capacity. BBk carries out a risk-oriented and forward-looking evaluation of all the information it has collected, taking into consideration all the risks arising from the institution’s business activity and its risk management in the risk profile. The risk profile will be compiled on the basis of the structure and evaluation system developed jointly by BaFin and BBk for this purpose. The Committee on Ongoing Supervision is a key group that analyzes risks to the banking system. This Committee meets on a quarterly basis and is represented by both BaFin and BBk. Analysis from the Committee is shared across the two agencies and identifies key strategic priorities for the supervision of banks. With the division of supervision responsibilities between SI and LSI there is a risk that system-wide risks are more difficult to identify and coordinate a subsequent response. The mission had presentations from both ECB and BaFin/BBk on the key strategic priorities in terms of supervision which, on substance, reflected the key supervision priorities for the German banking system. The mission acknowledges the role of DGIII of the SSM in terms of indirect supervision of LSIs as well as the function of the Ongoing Committee for Supervision (joint BaFin and BBk). While all efforts appear to be made to coordinate and share findings, there is risk that issues affecting the broader German banking system (LSIs + SIs) may go unnoticed under the radar.
EC6	Drawing on information provided by the bank and other national supervisors, the supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability where appropriate, having regard to the bank’s risk profile and systemic importance. When bank-specific barriers to orderly resolution are identified, the supervisor requires, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational and ownership structures, and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business.
Description and findings re EC6	The legal basis for supervisors to deal with resolvability of SIs lays in Articles 10, 11, 15, 16, 17, 18, 45 BRRD and Article 10(10) SRM Regulation. According to the EU legal framework for resolution planning (e.g., the SRM Regulation and BRRD), it is resolution authority and not the SSM that is responsible for resolution planning, including the assessment of the bank’s resolvability and the taking of measures to improve its resolvability. The legal framework does give the ECB, as the competent supervisory authority, a consultative role in the drawing up of resolution plans and in the assessment of resolvability. According to the framework, the ECB should cooperate with national resolution authorities and the SRB under the framework of the BRRD and the SRM Regulation for resolution planning. At the time of the mission, this process had not been fully developed and remained a work in progress. Assessors confirmed that recovery plans had been considered and in the case of several larger German banks actively discussed as part of supervisory/crisis management colleges and that, results of analysis of recovery plans of SIs directly supervised by the ECB had been shared with the SRB or the FSMA on a systematic basis. The obligation for the ECB to share systematically the outcome of recovery plans assessment has also been included in the MoU recently signed between the SRB and the ECB. There was no widespread evidence to demonstrate that where bank-specific barriers to orderly resolution were identified, the supervisor had engaged with banks to discuss business strategies, managerial, operational and ownership structures, and internal procedures. For approximately 1,600 LSIs, FMSA is the resolution authority (section 3 SAG) since 1 January 2015 including cross-border institutions that do not fall in the remit of the EU Single Resolution Board (SRB). The FMSA is responsible for developing resolution plans (section 40 to 48 SAG) and is the competent authority to conduct resolvability assessment for the purposes of the drawing up and later on updating of the resolution plans. The FSMA is also entitled to address or remove impediments to resolvability (section 57 to 60 SAG). According to its mandate, if FMSA determines during its assessment significant impediments to the resolvability of the institution, it notifies the relevant institution and the relevant competent authorities including BaFin as well as the EBA in writing. The institution has to propose appropriate measures to remove or at least address the impediments identified. FMSA in consultation with BaFin assesses whether the proposed measures are appropriate in order to remove or at least address the relevant impediments. Should FMSA find in its assessment that the proposed measures are suitable to remove or at least address the relevant impediments; FMSA will require the institution to implement them without delay. Otherwise, FMSA will require the institution to implement other alternative measures in order to eliminate or address the relevant impediments.
EC7	The supervisor has a clear framework or process for handling banks in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner.
Description and findings re EC7	The legal basis for handling SIs in times of stress are set out in Articles 97 and 107 CRD IV, Articles 27, 30, 32(1)(a), 81(3) BRRD and; Article 18(1) SRM Regulation (see also the recovery and resolution framework is described in BCP08 EC6). The crisis management framework of the SSM covers a number of phases depending on the specific situation of the SI ranging from preparatory activities in the ongoing supervision to involvement in decisions on resolution. However, during the resolution process, the main decision-makers are the resolution authorities (i.e. the SRB and the NRAs). Within this context, the SSM plays an advisory role and cooperates with NRAs/SRB on any necessary follow-up actions. Preparatory measures in the ongoing supervision include the assessment of recovery plans and the use of stress tests (see relevant BCPs). When the financial situation of an institution deteriorates, the ECB determines the appropriate supervisory action and steps up the supervisory activity for the institution. On the operational side, the ECB has designed an Emergency Action Plan that includes the operational steps for crisis management and crisis mitigation for SIs in the context of ECB/SSM crisis management framework. When the financial situation of an institution is deteriorating, the ECB follows a stylized escalation process. When deterioration is identified, the JST responds by determining the appropriate supervisory action and stepping up the supervisory activity for the institution. The ECB’s intermediate structures and horizontal divisions are informed about the deterioration in the risk profile. In particular, when the JST coordinator sees that the financial situation of a bank deteriorates materially either in a short period of time or gradually with a clear trend, the JST coordinator shall inform the head of the Crisis Management Division, while NCAs will be automatically involved through the JST. The Crisis Management Division, after consulting the JST and in cooperation with other horizontal functions, will develop a common set of early warning indicators and a traffic light approach to inform this procedure. Expert support is provided by the Crisis Management Division as regards both the analysis of the financial situation of the credit institution/banking group and the preparation of a draft decision proposal on remedial actions. In particular, the Crisis Management Division will share its knowledge and experience from other comparable situations and from its interaction and cooperation with the relevant crisis management functions of the NCAs. Before selecting the most appropriate intervention tools, the JST and the Crisis Management Division gather any analysis prepared by the ECBs Risk Analysis Division (DG MS IV) based on their monitoring of the whole SSM banking system (Risk Analysis Division). In a crisis situation, the JST coordinator and the head of the DG MS IV CMD may propose the establishment of an institution specific Crisis Management Team (IS CMT). The IS CMT acts as the central internal coordination body with respect to necessary institution-specific supervisory actions within the SSM to mitigate a crisis situation. It is also the central hub for information sharing and coordination of the ECB supervisory response. While it is not a formal decision making body, the IS CMT allocates concrete tasks and proposes draft decisions to be considered by the ECB decision making bodies, as well as monitors progress, effectiveness and efficiency of crisis management activities at the working level. Further, the IS CMT coordinates interactions with the institution in difficulty via the JST coordinator and relevant Banking Union NCAs. Cooperation with relevant representatives of NRAs and the SRB is then coordinated by CRM. The IS CMT is composed of representatives across the ECB. The SSM follows a specific decision-making procedure. This procedure respects the EU Treaty rules governing decision-making within the ECB, which assign decision-making powers exclusively to the Governing Council and the Executive Board. Under this decision-making procedure, one of the tasks of the Supervisory Board (SB) of the ECB is to propose ‘complete draft decisions’ to the Governing Council. It must be noted, however, that the Supervisory Board cannot take legally binding ECB decisions of its own initiative, nor can decision-making powers be delegated to it. In case of emergencies, the Chair of the Supervisory Board will convene a meeting of the Supervisory Board in time to take the necessary decisions, as appropriate also by means of teleconferencing by way of derogation from the general rules. The Supervisory Board is responsible for assessing all proposals for complete draft decisions submitted for approval through the Directorates General and to decide on the final proposal to be transmitted to the Governing Council. Then the decision is adopted by the Governing Council in the context of physical meeting, via conference call, or through written procedure. Approval can also occur tacitly in the sense that complete draft decisions proposed to the Governing Council are considered adopted where it does not object within a defined time period (“non-objection procedure”). Overall, in crisis or emergency situations, decision taking is speed up significantly via using a specific “fast-track” procedure. Where process steps are sequential, they are undertaken back-to-back. In the case of a cross-border banking group, the ECB, as the consolidating supervisor, plans and coordinates the supervisory activities (e.g., early intervention measures) within the college framework. Where appropriate, the ECB informs resolution authorities of any material deterioration in the financial soundness of an institution and of the implementation of early intervention measures (see Articles 27 and 30 of the BRRD). In line with Article 32(1)(a) of the BRRD and Article 18(1) of the SRM Regulation, the ECB coordinates consultation with SRB/NRAs on the determination of failing or likely to fail. Where a “failing or likely to fail” determination is taken, the ECB informs all relevant stakeholders (e.g., the SRB and the Commission in line with Art 18(1) of the SRM Regulation, other external stakeholders in line with Art. 81(3), e.g., the relevant deposit guarantee scheme(s), the competent ministries, etc.). The legal and regulatory framework for dealing with LSIs is distinct to that of SIs. The legal basis is established in SAG, entered into force on January 1, 2015. Prior to the SAG, early intervention powers were bestowed upon the BaFin. The purpose of the amendments to the framework is to establish specific recovery and resolution tools with FMSA as the designated as resolution authority. The SAG, The SAG supplements and strengthens the BaFin’s existing legal powers granted by the KWG for dealing with weak institutions. Moreover, it empowers the FMSA as the German resolution authority for applying a broad range of resolution tools and exercising specific resolution powers for less significant and cross-border institutions that do not fall in the remit of the SRB. The SAG also defines principles for the coordination and cooperation between BaFin, BBk and the FMSA, and for sharing information. These general principles are specified further in an inter-institutional arrangement between BaFin and FMSA, the so-called SAG-Kooperationsvereinbarung. Pursuant to the SAG, institutions have to prepare and regularly update recovery plans that identify credible measures to be taken by those institutions for the restoration of their financial position following a significant deterioration. LSIs are required to submit their plans to the BaFin and BBk for assessment. BaFin and BBk assess the plans, including the evaluation whether the plans are comprehensive and could feasibly restore an institution’s viability, , based on current legislation and relevant EBA standards (RTS and guidelines) and are also included in the ‘Mindestanforderungen an die Ausgestaltung von Sanierungsplänen’ (‘Minimum Requirements for the Design of Recovery Plans’ - MaSan), which are currently being updated and will be implemented by way of ordinance to give updated guidance, taking into account the systemic relevance of an institution. At BaFin a dedicated department, the so-called Gruppe R, has been established, that is in charge of performing these assessments both from a line supervisory and a horizontal function’s perspective. At BBk the assessment of the individual recovery plans is performed by line supervisors. BBk’s central office has established a horizontal function that supports the line supervisors and thereby ensures a consistent approach and quality of the recovery plan assessment. BBk’s central horizontal function and line supervisors work in close cooperation with Gruppe R of BaFin. Based on the joint assessment Gruppe R is in charge of taking corrective action where this is required to enhance the quality of the recovery planning and has been empowered accordingly. In addition, Gruppe R supports its colleagues at BaFin who are in charge of the ongoing supervision of individual institutions in the exercise of their line supervisory role in cases where a deteriorating financial situation of an individual institution triggers the need for implementing recovery measures. Gruppe R is also in charge of supporting the competent line supervisors in the exercise of early intervention measures should the implementation of existing recovery options by an institution prove to not be sufficient for preventing the latter from becoming likely to fail or failing. In this regard, section 46 KWG and section 36 SAG provide BaFin with a comprehensive set of regulatory powers, ranging from requiring the management body of the institution to implement measures set out in the recovery plan to a temporary closure of business (for further details concerning individual measures compare section 36 to 39 SAG). The SAG and the SAG-Kooperationsvereinbarung ensure that BaFin involves the FMSA at an early stage, and provides information when appropriate. This is of particular importance in the context of a fast deterioration of the financial situation of an institution. In addition to defining the segregation of tasks and the cooperation between BaFin and the FMSA, the SAG stipulates a number of obligations to inform and coordinate with external stakeholders, in particular with foreign supervisory and resolution authorities, and the relevant colleges (colleges of supervisors and resolution colleges). Is an institution likely to fail or failing despite the implementation of early intervention measures or should imposing early intervention measures not be a viable option as they are unlikely to prevent an institution from failing, it is the FMSA that has the competence for dealing with the failing for less significant and cross-border institutions that do not fall in the remit of the SRB. The determination that an institution is failing or likely to fail can be done either by the FMSA or BaFin after having consulted the other authority. The decision if the conditions for resolution are met as a whole is done by the FMSA. The FMSA is empowered to assess whether or not applying the specific resolution tools are preferable to resorting to normal insolvency proceedings. Resolution is ruled by the principle that shareholders and creditors shall bear losses to the same extent as in case of insolvency proceedings which would have been initiated as of the resolution order. Resolution tools pursuant to section 77 SAG encompass the bail-in of the shareholders and creditors of the failing institution, the sale of the business or shares of the institution under resolution, the setting up of a bridge institution, and the transfer of shares, assets and liabilities. The use of resolution tools and powers may disrupt the rights of shareholders and creditors. Thus, resolution action should be taken only where necessary in the public interest, in particular where liquidation under normal insolvency proceedings might jeopardize financial stability, interrupt the provision of critical functions, and affect the protection of depositors. Recent amendments to the regulatory framework are designed to reduce the likelihood of future crises and enhance the resilience of institutions, in particular through the strengthening of capital and liquidity buffers and by providing better tools for macro-prudential policies. The framework for handling problem banks entered into force on 1 January 2015 and has not yet been tested.
EC8	Where the supervisor becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw the matter to the attention of the responsible authority. Where the supervisor becomes aware of banks restructuring their activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this.
Description and findings re EC8	Where the ECB becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter or of banks restructuring their activities to avoid the regulatory perimeter, the SSM takes appropriate steps to draw the matter to the attention of the responsible authority. With specific reference to the authorization regime, the SSM expects that the institutions notify them by filing an authorization request when there is a change in the business activities. Moreover, changes in the bank’s portfolio, organization and activities aimed at avoiding the regulatory perimeter are identified through on-site inspections. For LSIs, supervisory action related to address the potential circumvention of the regulatory framework, as well as any other material supervisory procedures or draft supervisory decisions should, especially for riskier and larger LSIs, be notified to the ECB as part of its oversight function, pursuant to Article 6(5)(c) and 6(7)(c) of the SSM Regulation and Articles 97 and 98 of the SSM Framework Regulation. For LSIs, a credit institution may in general only conduct banking business as defined in section 1 (1) KWG with a written license from BaFin/ECB. The qualification as banking business and the necessity for a license depends on the type of business and its volume. Conducting banking business without having a banking license leads to criminal offence. When the supervisory authority becomes aware of banks restructuring their activities to avoid the regulatory perimeter, the supervisory authority takes appropriate steps to address this strictly within the limits set by law (rule of law).
Assessment of Principle 8	Largely compliant
Comments	Although in transition, new supervision methodologies have had positive benefits for the approach to supervision of German SIs. Examples include: a greater focus on quantitative analysis and application of a SREP process which is aligned with EBA guidelines. While a lot has been achieved, there are aspects of the framework which are still in the process of being fully implemented. The main elements of the supervision methodology - SREP, RAS and SEPs - are still in the process of being integrated to maintain forward looking risk profiles of SIs. Currently the main tool in use by the ECB is the annual SREP, from which derive most supervisory measures. The SREP process is performed once per year where the process is approximately 6 months from start to finish. More time will be needed for the supervision methodology to be fully implemented and the SREP score is used more dynamically in a way to reflect ongoing changes in risk profile and integrated with the RAS and SEPs. Application of the new supervision methodology for SIs should over time achieve a consistent, systematic and risk-based approach to supervision as a way to understand and assess risks to banks and banking systems. To date, much work has been achieved in implementing new approaches and the framework encourages a structured and comprehensive assessment. The approach for the LSI sector is largely established, but evolving. Examples include the introduction of the SREP and formalized Pillar 2 approach to determining capital add-ons at the completion of the SREP. BaFin/BBk supervision has typically been principles-based and is being strengthened. A significant part of the supervision approach revolved around qualitative discussions on issues/data from external audit reports and BBk on-site MaRisk inspections. Greater reliance on verification is needed and more time needs to be allocated in the ongoing analysis of supervisory reporting as a way to identify early potential emerging issues to allow the supervisor to be more forward looking and hence active at an earlier stage. To date, the SREP process has been mainly focused at the consolidated level and has not penetrated deep into the organizational structure. While there is a sound understanding of group structures generally, application of the SREP process across the group structure will help identify potential pockets of risk that deserve greater supervisory attention and incorporated into SEPs. For larger and more complex banks this is an important part of the assessment that will help drive a thorough analysis of risk and help identify where further documentation is needed to better inform of the risk assessment process. There is scope to increase the frequency of business model analysis for LSIs as part of the ongoing assessment of a bank’s risk profile. For example, comparisons of trends against business plans and against peer group data to allow supervisors to systematically compare and contrast financial results against industry benchmarks and competitors.
Principle 9	Supervisory techniques and tools. The supervisor uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of banks.
Essential criteria
EC1	The supervisor employs an appropriate mix of on-site²⁴ and off-site²⁵ supervision to evaluate the condition of banks and banking groups, their risk profile, internal control environment and the corrective measures necessary to address supervisory concerns. The specific mix between on-site and off-site supervision may be determined by the particular conditions and circumstances of the country and the bank. The supervisor regularly assesses the quality, effectiveness and integration of its on-site and off-site functions, and amends its approach, as needed.
Description and findings re EC1	The ECB is empowered: (i) to carry out off-site supervision in accordance with Article 4 of SSMR; (ii) to adopt supervisory measures in accordance with Article 16 of SSM Regulation; (iii) to carry out on-site inspections in accordance with Article 12 of SSM Regulation and Articles 143 to 146 of SSMFR. In application of the CRD and its national implementation, the ECB as the competent authority is required to carry out a SREP and to take decisions for significant institutions. Within a group, this applies at the consolidated, sub-consolidated and single-entity levels unless an entity has been waived from supervision on an individual basis in accordance with Articles 7, 8, 10 of the CRR. In a case of a financial conglomerate, the SREP decisions also needs to take into account the outcome of the supplementary supervision as required by FICOD (see also CP12 for a discussion of how responsibility for consolidated supervision and supervision for individual entities, material entities and sub-consolidations between the wider group are allocated). (see CP 12). The SSM SREP assessment is comprised of nine analytical modules: business model analysis; internal governance and controls; credit and counterparty risk; market risk; operational risk; IRRBB; capital adequacy; liquidity risk; and funding risk (see also CP8). The frequency of the assessment of all the elements of the SREP is dependent upon the categorization of a credit institution. That is, a full review of all nine constituent elements of the SREP will be updated during a full review. According to the framework, a complete review of all elements of the SREP will be performed at least annually for Category 1 institutions; at least every 2 years for Category 2; and at least every 3 years for Category 3 & 4 institutions (see SREP Guideline section 2.4). A summary of the overall SREP assessment should be performed at least annually for all institutions which will allow for a revision to the overall risk assessment process, notwithstanding a review of the constituent elements. The minimum level of ongoing engagement with senior bank management is a key aspect of the SREP framework and it is expected that supervisors maintain an ongoing dialogue. For Category 1 & 2 institutions engagement with senior management is ongoing and at least annual, whereas for Category 3 & 4 engagement is expected to be continuous and risk-based. Supervision activities are set out within the SREP guideline based on the following core activities: Monitoring of key indicators; Business model analysis; Assessment of internal governance and institution-wide controls; Assessment of risks to capital; and Assessment if risks to liquidity and funding. The SREP guideline contains a framework for the regular monitoring of key financial and non-financial indicators to support the SREP process. The off-site monitoring is designed to allow supervisors to monitor the financial condition and risk profile of institutions whereby changes in the indicators will prompt an update to the SREP assessment and lead to potential adjustments in the supervisory stance (e.g., more frequent on-site examinations as provided for in article 99 of the CRD). The SSM supervisory process starts with the planning of the regular supervisory activities, which is laid down in the Supervisory Examination Program (SEP). The SEP covers the tasks and activities related to off-site ongoing supervision and on-site missions, in line with available resources. Off-site supervision entails a number of activities that are conducted regularly or on an ad hoc basis and that are aimed at checking compliance with prudential regulation, assessing the risk profile and determining potential Supervisory Review and Evaluation Process (SREP) measures. For significant institutions within the SSM, these tasks fall under the responsibility of the JSTs. The assessors saw examples where off-site monitoring took place in line with the SEP which is maintained in IMAS. IMAS provides management with a detailed view of current and planned supervision activities. New activities are readily added to the SEP as a way to follow-up from results of off-site monitoring. Assessors saw several examples of periodic monitoring reports compiled by the JSTs which brought together results of on-site and off-site supervision. The process appeared to work effectively. In addition to ongoing supervision, the JSTs conduct in-depth reviews on certain topics by having a dedicated on-site mission (inspection or internal model investigation). The on-site inspections are typically carried out by an inspection team, which – while organizationally independent – works in close cooperation with the JST. From an operational perspective, a risk assessment system (RAS) supports JST’s day to day supervisory work. It is used for evaluating banks’ risk levels and controls, their business model, their internal governance, their capital adequacy and their liquidity adequacy on an ongoing basis. The assessment of an institution’s capital and liquidity needs is based on the outcome of the ongoing RAS, supplemented with a periodic more comprehensive review of the institution’s capital and liquid positions, in the light of the latter’s own assessments (ICAAP/ILAAP) taking into account normal and stressed conditions. The various supervisory activities typically result in supervisory measures (e.g., recommendations, requirements, decisions) aimed at the supervised credit institution. Final decisions are taken at the level of the Supervisory Board and the Governing Council. Supervisory activities and decisions are typically followed by a number of routine steps including communication to the credit institution, the hearing of the credit institution, the monitoring of compliance and, if necessary, enforcement and sanctioning. In the early stages of the establishment of the SSM and the JSTs, the primary objective of the supervisory process has been to build up knowledge of the institution. The JSTs in conjunction with the specialist divisions (DGIV) have worked hard with the German supervisory authorities to build this base knowledge and apply the SSM framework. A key part in the SEP has been sectoral themes aligned with a centralized priority setting process. The benefit of this approach is to ensure that identified priorities are uniformly and consistently followed up at each SI under the direct supervision of the ECB. Material reviewed by assessors demonstrated that this had been successful at identifying sectoral issues e.g., corporate governance. In relation to LSIs under the direct supervision of BaFin and BBk, the intensity of supervision is flexibly geared to both the supervised institution’s specific risk situation and the institutions’ systemic importance in the financial market, with supervision being intensified for institutions with a higher risk profile, i.e. the greater the institution’s inherent risk and the greater its risk for financial stability, the more attention it receives from supervisors. The supervisory strategy for LSIs is developed jointly by BaFin, BBk and ECB on an annual cycle, taking into account the macro-economic outlook for the near and middle future and the risks identified by the Committee on Ongoing Monitoring (Gremium laufende Aufsicht), as well as overarching supervisory aims and individual institutions’ supervisors’ recommendations. On the basis of the supervisory strategy, BaFin, BBk and ECB develop a supervisory schedule which mixes on- and off-site supervisory tools (e.g., analysis of audit reports, supervisory interviews and special audits carried out in accordance with section 44 KWG, as well as the setting of audit priorities pursuant to section 30 KWG). The ongoing monitoring of institutions - regularly performed by BBk’s Regional Offices (Hauptverwaltungen) - includes evaluating the documents submitted by institutions, auditors’ reports pursuant to section 26 KWG and the annual financial statements as well as performing and evaluating audits of banking operations with a view to assessing the adequacy of institutions’ capital and risk management procedures, as well as appraising audit findings. It is a mix of financial reporting and risk management information. The day-to-day supervision, BaFin, BBk and ECB is based on the analysis of the auditor’s reports, scrutiny of institutions’ regular returns and information acquired in other ways. All information sources are condensed in the risk profile of an institution (see also answers to Principle 8). The results of the risk profile, the supervisory strategy and the available supervisory resources form the basis for decisions on on-site inspections, always taking into account the principle of proportionality. BaFin and BBk have implemented a risk-oriented supervisory process for holistically monitoring LSIs’ risks. In line with the SREP’s principles-oriented approach, a close dialogue between supervisors and institutions, e.g., through meetings with the senior management and prudential supervisory inspections, is of major importance. The mission saw internal MI which demonstrated good coverage of German SIs in terms of on-site supervision activities across a range of risk types e.g., credit, market, IRRBB, market risk, models, corporate governance, business model. By comparison, about 15 percent of all LSIs are inspected (special audits) annually.
EC2	The supervisor has a coherent process for planning and executing on-site and off-site activities. There are policies and processes to ensure that such activities are conducted on a thorough and consistent basis with clear responsibilities, objectives and outputs, and that there is effective coordination and information sharing between the on-site and off-site functions.
Description and findings re EC2	The relevant articles of the CRD for planning and executing on-site and off-site activities for SIs are 97, 98 & 99 (See also EC1 and CP8). Specifically, Article 99 sets out the expectation for the SSM to adopt a supervisory examination program with a plan on what activities are to be undertaken, the resources required and the institutions subject to enhanced scrutiny (see paragraph 1). The EBA SREP guideline recommends a comprehensive framework for supervisory activities to support the SREP. For each of the nine constituent elements of the SREP, the EBA guideline sets out the topics to be assessed and detailed instructions for what to take into consideration when performing the assessment. For example, when performing an assessment of a credit intuition’s business model and strategy, the SSM guideline includes general considerations that the supervisor should be aware of such as the ability of the credit institution to generate acceptable returns over a 12-month period (section 4.1). Within the general considerations is a step by step process for conducting a business model assessment which includes: preliminary assessment; identification of the areas of focus; assessment of the business environment; quantitative analysis of the current business model; qualitative analysis of the current business model; analysis of the forward looking strategy and financial plans; assessment of the business model viability; assessment of the sustainability of the strategy; identification of key vulnerabilities; and summarizing of the findings and scoring. The instructions for the business model analysis are illustrative of the depth of detail contained within each of the nine SREP elements. This level of detail helps to strengthen the on-site planning process and execution of on-site supervision activities. EBA’s ITS on the joint decisions on institution-specific prudential requirements (as provided for in Article 113 of the CRD) includes instructions on the timetable and step-by-step processes for the joint decision to be undertaken. The framework contributes to the consistency of the planning and the necessary actions needs to arrive at a joint decision. The process for planning and executing on-site and off-site activities is defined internally at the ECB. The JST sets up an individual SEP for the significant institution it supervises. The SEP defines the supervisory activities for off-site on-going supervision, on-site inspections and internal model investigations to be carried at the supervised significant institution over a predetermined time horizon (typically one year for the off-site on-going activities and 6 months for the on-site inspections and internal model investigations). The SEPs must be aligned with the determined Supervisory Priorities and follow the principles of risk-based approach and proportionality. This is accomplished through the establishment of minimum engagement levels (See EC 1) upon which the JSTs build the SEP for its significant institution, adding the necessary activities to address the particularities and specificities of the supervised group or credit institution, taking into account the available resources. Following unforeseen developments, amendments to the individual SEP throughout the year are possible. Assessors saw evidence of the SEP being adjusted throughout the cycle to reflect information gathered and results of off-site analysis. The SEP may be subject to ex post reviews by departments of DG IV (for horizontal consistency), although primarily it is the responsibility of management and staff of operating units to ensure permanent compliance with the internal procedures. Based on the available input and evidence, draft SEPs are formulated in detail by the JSTs for each significant institution. In practice, the overall calendar of the supervisory activities regarding on-going supervision, on-site inspections and internal model investigations is defined in a horizontal way. The JST also takes into account information provided by non-SSM competent authorities for other entities within the group, in particular in cases where the consolidated supervision of the group in question is the responsibility of an EEA home supervisor. All these activities, except in exceptional cases, are undertaken to comply with the minimum engagement level defined in the strategic planning process by the Planning and Coordination of SEP Division. The activities have to be prioritized to allow for a replacement buffer for possible ad hoc needs. The SEP is discussed in the core JST. The individual SEP proposal should be associated with a first evaluation of the allocation of tasks and needed resources, including an estimation of the number of resources to be requested for on-site inspection teams and the specialized expertise functions (e.g., specialists on risk analysis or internal models). These additional resources may be supplied by the ECB or from the NCAs horizontal functions. JSTs need to clear their draft SEPs with their ECB intermediate structures and senior management (i.e. Heads of Division and Directors General) before submitting them to the Planning and Coordination of SEP Division. This process step may include feedback on and revision of individual SEPs. In addition, there is a dialogue between the ECB and NCA senior management which provides input to the establishment of the SEP, especially with regard to diverging views not yet resolved by the core JST. The individual SEPs are submitted to the Planning and Coordination Division, which will perform a final check for compliance with the minimum engagement levels and consistency across similar significant institutions. This may result in some adjustments to the original individual SEPs to be discussed and agreed with the respective JSTs. The Planning and Coordination Division will then translate the proposals of the individual SEPs into a single consolidated SEP. At this point, the Centralized on-site inspections and Internal Models Divisions will also perform content quality checks on the requests for on-site inspections and internal model investigations. This may result in some adjustments to the individual SEPs to be discussed and agreed with the respective JSTs. The draft consolidated SEP will be consolidated accordingly. The ECB horizontal Divisions liaise with their counterparties in the NCAs to plan the on-site inspections and internal model investigations to be performed, taking into account the “prioritized demand” for missions required by the JSTs and the availability of resources and to carry them out in the ECB, NCAs, and if necessary, external providers. This process may require some amendments to the individual SEPs to be discussed and agreed with the respective JSTs. The draft consolidated SEP will be consolidated accordingly. The on-site inspections and internal model investigations resulting from this step (selected missions to be approved by the supervisory board and carried out during the next half year) must be confirmed by the Heads of Division, Senior Management of DGMS I, DGMS II and DGMS IV and the NCAs. The planning process is concluded with a meeting (or alternative form of contact) of the Head of the Planning and Coordination Division, other HDs/Senior Management involved and the ECB intermediate structures in charge of DGs MS I, II and IV. The purpose of this meeting (or alternative form of contact) is to settle any remaining issues relating to conflicting plans or resource constraints regarding the draft integrated SEP. This may be achieved by reprioritizing, rescheduling or cancelling certain activities or by requesting the allocation of additional resources from NCAs. The Planning and Coordination Division will finalize the consolidated SEP with the support of the on-site inspections and internal model Divisions. The consolidated SEP, with separate details for each significant institution, is submitted for information to the Supervisory Board. The list of on-site inspections and internal model investigations included in the consolidated SEP, with separate details for each significant institution, is submitted for approval to the Supervisory Board and the Governing Council will be invited to adopt it under the non-objection procedure. Its approval (including potential changes) is notified to the JST coordinators and NCAs. In order to ensure a pragmatic implementation of the on-site program, the optimal use of available resources and a fast adaptation to new priorities, proposals for adjustments of the approved list may be submitted on a monthly basis to the Supervisory Board. Such adjustments may include changes to previously approved missions as well as new missions to be carried out. The SEPs are implemented by the JSTs, the on-site inspections and the internal model investigation teams, with the support of the Planning and Coordination Division and other Horizontal Divisions involved, according to the defined schedules. A monitoring process is established, encompassing checks on the SEPs’ adoption and implementation. The Planning and Coordination Division, in close cooperation with the Centralized On-Site Inspections and Internal Models Divisions, monitors the execution of the program semi-annually. On this basis, the JST coordinators, the Centralized On-site Inspections and Internal Models Divisions cooperate with the Planning and Coordination of SEP Division also on the implementation of the SEPs, providing information on any possible issues that could prevent the fulfillment of the planned tasks (e.g., limited capacity, a change in priorities, sudden events to be taken into account, etc.), so that back-up measures can be devised. The Planning and Coordination Division may take action to ensure that SEPs are implemented, coordinating with the JSTs, the Centralized On-Site Inspections and Internal Models Divisions and the NCAs any necessary adjustments to the SEPs. For LSIs (indirect ECB supervision) an on-site examination schedule is proposed by BBk and finalized in cooperation between BaFin and BBk. In order to ensure that supervision proceeds in a coordinated and risk-based fashion, BBk proposes by October 31 of each year the supervision schedule for the following year built on the supervisory strategy and based on the judgments in the risk profile. BBk will draw up a list of main priorities based on (i) the individual risk profile, (ii) the importance of the institution for the stability of the financial markets, and (iii) the anticipated urgency of the need for individual cases to be dealt with. This schedule is reviewed by BaFin. BaFin also adjusts these proposals due to knowledge of potentially overlapping activities (audits planed by other parts of BaFin, e.g., AML, or by the relevant DGS) or in consideration of the individual audit cycles of institutions dependent on their size and complexity. The on-site examination schedule is jointly finalized by December 15 of each year. The audits are in principle conducted by BBk staff, in special cases by audit firms. BaFin staff joins a mission as the case may be. Assessors saw evidence to demonstrate that the planning process works effectively. The risk-based supervision schedule forms a fundamental result of as well as input for the SREP. The supervision schedule will include, in particular, the analysis of audit reports, supervisory interviews and special audits carried out in accordance with section 44 KWG, as well as, if necessary, the setting of audit priorities pursuant to section 30 KWG. The Supervisory Guideline (Aufsichtsrichtlinie zur Durchführung und Qualitätssicherung der laufenden Überwachung der Kredit- und Finanzdienstleistungsinstitute durch die BBk) describes the coordination between BaFin and BBk with regard to the ongoing monitoring and forward-looking supervision of the institutions. The planning process for on-site activities follows a pre-defined format. Since November 2014, ECB is part of this process. For institutions under direct supervision of ECB (significant institutions), the JSTs (consist of members of BaFin, BBk, ECB and other NCAs) request on a bi-annual basis and in accordance with the supervision schedule missions to be conducted during the next twelve and accordingly six months. The staffing of all missions follows the prioritization of all inspection requests. The final plan is approved by the ECBs Supervisory Board and Governing Council.
EC3	The supervisor uses a variety of information to regularly review and assess the safety and soundness of banks, the evaluation of material risks, and the identification of necessary corrective actions and supervisory actions. This includes information, such as prudential reports, statistical returns, information on a bank’s related entities, and publicly available information. The supervisor determines that information provided by banks is reliable²⁶ and obtains, as necessary, additional information on the banks and their related entities.
Description and findings re EC3	The relevant Articles in the CRD include 73, 97, 98 and 99. In addition, in accordance with Article 10 of the SSM Regulation, the ECB has the power to require institutions and parent undertakings to provide all information that is necessary in order to carry out its supervisory tasks. In performing the SREP assessment for SIs, the JST uses the EBA guideline and instructions for the assessment to include various types of information from many sources. Examples of the types of information include: key macroeconomic variables; indicators of the competitive landscape; overall trends in markets that may impact profitability; stress testing outcomes; external audit reports; and ratings agency reports. The framework suggests the need for qualitative and quantitative types of information to assess risk, and the sources are internally from within the credit institution and publicly available information such as public filings, management disclosures to the market and market analysis. According to the framework, the planning and execution of the SREP should take these inputs into account. The SSM SREP guideline specifies the need for ongoing monitoring of an institutions’ risk profile through on-site and off-site activities. Off-site sources of information include prudential returns which are reviewed on at least a quarterly basis as well as other key indicators (both qualitative and quantitative). Quantitative data are of particular importance to foster consistency and comparability. Key sources of quantitative information include: i) risk indicators based on FINREP and COREP data (available on a consolidated level since mid-2014); ii) risk indicators from sources other than FINREP/COREP; iii) indicators on economic and market conditions (GDP, sector NPL, market volatility etc.); iv) other regulatory data, not harmonized (central credit register, etc.); v) a bank’s internal estimates (ICAAP, ILAAP, stress tests, internal reports); vi) financial statements, Pillar 3; vii) peer group indicators; viii) supervisory stress test results. Other inputs include: market views (external ratings, investors’ quantitative analyses, etc.), supervisory findings (inspection reports, meeting reports, etc.), institutions’ internal documents (ICAAPs/ILAAPs, financial statements, board memos, organizational charts, internal audit reports, whistle-blower reports etc.). The SREP framework includes a minimum engagement model whereby the supervisor should communicate with senior bank management as a way to assess risk and make a risk assessment (see also EC1). The need for ongoing monitoring within the SREP framework provides the basis for supervisors to request and assess a range of information on a regular basis. The receipt of regulatory reporting is a key input into the ongoing monitoring of changes in bank risk profile. Information submitted by banks on a periodic basis – ranging from monthly (liquidity) to quarterly (balance sheet, risk and P&L) through FINREP and COREP provide the basis for supervisors to perform analysis (see also EC10). For LSIs, a range of qualitative and quantitative information is used in the assessment of safety and soundness of banks. The analysis is performed on at least annually and the RAS is updated accordingly. The inputs into the assessment are complemented with frequent contact with LSI senior management. The on-site inspection cycle for LSIs ranges from one year to 12 years. Notwithstanding BaFin’s and BBk’s annual meeting with management, a 12-year on-site inspection cycle for even the lowest risk and smallest LSIs is too long and should be shortened. While it is acknowledged that the external auditor will perform an audit, a shorter cycle is warranted.
EC4	The supervisor uses a variety of tools to regularly review and assess the safety and soundness of banks and the banking system, such as: a) analysis of financial statements and accounts; b) business model analysis; c) horizontal peer reviews; d) review of the outcome of stress tests undertaken by the bank; and e) analysis of corporate governance, including risk management and internal control systems. The supervisor communicates its findings to the bank as appropriate and requires the bank to take action to mitigate any particular vulnerabilities that have the potential to affect its safety and soundness. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC4	The SSM SREP is the main tool to regularly review and assess the safety and soundness of SI and the banking system. It is a harmonized methodology applied to all SIs under the supervision of the SSM and developed along the lines of the EBA GL on SREP. It is applied in a proportionate manner to institutions depending on the nature, scale, and complexity of their activities, and, when relevant, on their situation within a group. Within a group, this applies at the consolidated, sub-consolidated and single-entity levels unless an entity has been waived from supervision on an individual basis in accordance with Articles 7, 8, 10 of the CRR. In a case of a financial conglomerate, the SREP decisions also needs to take into account the outcome of the supplementary supervision as required by FICOD. See CP 8. The SSM SREP methodology combines data and expert judgment following a principle of “constrained judgment”, with a view to ensuring that the SREP decision fits best with an institution’s risk profile while also ensuring consistency and accountability across the SSM. The SSM SREP is built on four elements: business model and profitability assessment; internal governance and risk management assessment; A risk-by-risk assessment of risks to capital: A risk-by-risk assessment of risks to liquidity and funding: The assessments performed for the four elements result in an overall SREP assessment, which underpins a wide range of possible supervisory actions, including the decisions on the institution’s capital or liquidity adequacy or other qualitative or quantitative measures. Assessors saw evidence to demonstrate that the SREP score followed the four elements according to the framework. Addressing the individual aspects of this EC in relation to SIs: (a) The analysis of financial statements and accounts for SIs is conducted as part of the SREP and by the JST on an ongoing basis and assessors confirmed this process works according to the framework. Regulatory reporting is submitted quarterly via through FINREP. For SIs reporting on the basis of German GAAP instead of IFRS a reporting framework has been introduced on a solo basis since March 2014 and on consolidated basis since September 2014. For more detailed information, please see Principle 27. (b) Business model analysis is carried out as part of Element 1 of the SREP, as mentioned above. The assessment of an institution’s business model is split into two parts: i) its business model viability (or the institution’s ability to generate an acceptable return over the next 12 months); ii) its business model sustainability (i.e. its ability to generate an acceptable return over 3 years and over a full business/economic cycle). Business model analysis may also give rise to targeted horizontal analysis on an ad hoc basis. (c) Horizontal peer review is an essential part of the SSM supervisory approach to SIs and SREP. The JSTs adjust the overall score based on: i) their knowledge of the bank, ii) peer comparisons, iii) the macro environment under which the institution operates, iv) its capital/ liquidity planning and v) the SSM risk tolerance. The consolidated annual accounts of at least the past three years, and the most recent monthly/quarterly management reports for the current year budget (including year-to-date realization) are used. All available information from FINREP and COREP, data and indicators available in IMAS as well as SNL data will form the starting point of the analysis. These data should be used to understand how the following main risk indicators have developed over time and how their current levels and volatility compare to the peer group. The SSM also relies on peer review in the context of targeted horizontal analysis. (d) With regard to stress tests undertaken by SIs, JSTs assess the institution’s capacity to cover its capital needs from a forward-looking perspective, assuming stressed economic and financial developments. This is done using a wide range of information sources, including the institution’s internal stressed projections, SSM’s stressed supervisory proxies, and the outcome of supervisory (bottom-up and/or top-down) stress-tests when available. The analysis and assessments by JSTs are performed and documented in IMAS on an ongoing basis. The results of routine analysis are communicated to SIs on a regular basis during ongoing meetings with all relevant bank management and Board where necessary. Results of on-site examinations are communicated to SIs during a closing meeting immediately after the completion of the field work and at a later stage in writing after having complied with the SSM’s decision-making procedures. For LSIs, the basis for the use of the tools to review and assess bank is laid down in the KWG and MaRisk, in particular regarding (b) and (d) of the above list. Addressing the criteria individually: (a) Supervisors review and analyze regulatory reporting and other financial information on an ongoing basis. (b) To assess the economic sustainability of a business model BaFin and BBk take into account the objectives defined by the institutions and the related measures as well as internal and external factors and future developments. For example, possible critical developments have to be analyzed, which could result from important sources of earnings divided into products or business lines. Moreover, it is assessed, how the business strategy and the corresponding earnings targets could be realized under tolerable risk conditions. In coordination with the ECB, the analysis of LSI’s business models uses an ECB analytical tool which focuses on: e.g., distribution of assets, non-performing exposures, earnings (and planned earnings) per division and the business environment (e.g., macroeconomic environment, competitive landscape. The quantitative part is an automated rating of profitability based on three indicators: Return on Assets, Cost-Income-Ratio and Recurring Earnings Ratio. The automated rating score is fit in a matrix with thresholds with regard to risk appetite. This score can be adjusted by the supervisor’s expert judgment which takes into account other balance sheet indicators, earnings and costs, liquidity profile, and risk appetite, and also qualitative aspects like internal and external key indicators, areas of competitive advantage, risk management capabilities and strategies into account. With regard to significant institutions, the business model analysis is done in 2015’s SREP. For LSIs, the work of adapting the SI-methodology, taking into account the principle of proportionality, goes on. (c) Horizontal peer reviews are used by BaFin and BBk to assess current rectified market developments. For example, the effects of the prevailing low-interest-rate environment are being examined via peer review for all LSIs. Other examples include the analysis of the deposit market is being comparatively reviewed on a quarterly basis for all German banks. (d) Institutions have to carry out appropriate internal stress tests (see MaRisk AT 4.3.3). According to the regulations these tests shall be done regularly and event driven. These tests are not limited to balance sheet assets but should also cover off-balance-sheet entities and tests are required to be carried out at the firm-wide level of the institution. BaFin and BBk scrutinize the institutions’ internal exercises by analyzing the quantitative methods which are used (such as models, methodological assumptions, data and scenarios) as well as the processes (such as whether the management board indeed uses stress testing for monitoring and decision-making processes). As internal stress testing exercises are from a supervisory perspective also seen as vital parts of a qualitative risk management, reverse stress tests are required which identify events that could jeopardize the institution’s viability (see MaRisk AT 4.3.3). (e) Regarding the review and assessment and analysis respectively of corporate governance, including risk management and internal control systems, please refer to the further explanations under principles 14 and 15. With regards to communication of findings with LSIs, this process is ongoing throughout the supervisory cycle and depends on a bank’s risk profile and relevance. As regards individual banks any identified shortcomings are communicated accordingly to the respective bank either in written form or orally during supervisory interviews. In principal, BBk conducts supervisory routine meetings with each bank on a yearly basis as part of its ongoing surveillance process. The aims of these supervisory meetings are twofold: gathering information from the banks’ general management and providing feedback of the result of the surveillance process potentially combined with explaining supervisory expectations. Following the well-known risk management cycle each supervisory action normally results in new information triggering a supervisory judgment that leads to a feedback (measure) to the relevant bank.
EC5	The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and mitigate any emerging risks across banks and to the banking system as a whole, potentially including conducting supervisory stress tests (on individual banks or system-wide). The supervisor communicates its findings as appropriate to either banks or the industry and requires banks to take action to mitigate any particular vulnerabilities that have the potential to affect the stability of the banking system, where appropriate. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC5	The relevant articles within the CRD include 97-98 100 and 133. The SREP framework sets out the risk factors to be assessed as part of the supervisory review, the topics to be included, and the supervisory measures to be implemented based on the identification of risk. The framework includes risks to the bank as well as risks to the system as required for in Article 97 (see paragraph 1(b) and Article 99 paragraph 2(b)). Article 133 refers to the requirement to maintain a systemic risk buffer for the financial sector in order to prevent and mitigate long term non-cyclical systemic or macro-prudential risks not covered by CRR. In terms of the identification and assessment of emerging risks throughout the EU-area, one of the responsibilities of the EBA is to ensure the orderly functioning and integrity of financial markets and the stability of the financial system in the EU. To this end, the EBA is mandated to monitor and assess market developments as well as to identify trends, potential risks and vulnerabilities stemming from the micro-prudential level. One of the primary supervisory tools to conduct such an analysis is the EU-wide stress test exercise. The EBA Regulation gives the Authority powers to initiate and coordinate the EU-wide stress tests, in cooperation with the European Systemic Risk Board (ESRB). The aim of such tests is to assess the resilience of financial institutions to adverse market developments, as well as to contribute to the overall assessment of systemic risk in the EU financial system. Furthermore, the EBA Guidelines on common procedures and methodologies for SREP contains specifics for the use of stress testing as an input into the supervisory assessment process for individual credit institutions. Article 100 CRD IV requires the NCA to carry out as appropriate at least annually supervisory stress tests on supervised institutions. The article also recommends that common methodologies should be used when conducting annual stress testing exercises. In terms of industry-wide stress testing programs, EBA Regulation Article 32 - Union-wide stress testing – satisfies this EC. The SREP framework also contains instructions for the link between supervisory and macro-prudential measures (see 10.7). Building upon this work, the SSM’s specific horizontal risk analysis function is in charge of supporting other ECB SSM operating units (such as other DGs, horizontal divisions and JSTs) by providing up-to-date information on current risks and vulnerabilities affecting the SSM; conducting regular in-depth risk analysis and broader micro-prudential analysis and research on the banking sector; identifying on a timely basis trends, developments and emerging risks affecting multiple banks for further supervisory review and action. Furthermore, the SSM methodologies for SREP contain specifics for the use of stress testing as an input into the supervisory assessment process for individual credit institutions. In particular, in the Element 3 – Assessment of risks to capital –, the JST assesses, among the others, the institution’s capacity to cover its capital needs from a forward-looking perspective, assuming stressed economic and financial developments. This is done using a wide range of information sources, including the institution’s internal stressed projections, SSM’s stressed supervisory proxies, and the outcome of supervisory (bottom-up and/or top-down) stress-tests when available. The assessments of these features contribute to the overall SREP assessment, which underpins a wide range of possible supervisory actions, including the decisions on the institution’s capital or liquidity adequacy or other qualitative or quantitative measures. There is a direct link between the supervisory assessment, the necessary supervisory measures, and the SEP. Moreover, comprehensive assessments – including assets quality review and stress tests– are performed on new significant institutions or periodically if deemed appropriate. For LSIs, the relevant articles can be found in the Supervisory Guideline and the KWG. BaFin collaborates with BBk to determine the risk classification of individual banks. The Supervisory Guideline states that BBk will conduct annual prudential discussions with institutions once the annual accounts documents have been analyzed. Assessors reviewed files which demonstrated the annual meeting with the management body incorporated results of off-site and on-site activities, ICAAP and stress testing. Subject to prior consultation with BaFin, these discussions may also include the remediation of deficiencies found for which formal administrative action does not appear necessary. BaFin will be given the opportunity to take part in these interviews. A memo of the discussion shall be prepared and sent to BaFin. In addition to these routine meetings, both BaFin and BBk may conduct ad-hoc prudential meetings at any time; this will especially be the case for problematic or systemically relevant banks (please refer to articles 4 et seq. Supervisory Guideline). BaFin and BBk will give each other the opportunity to participate. In any event, they will inform each other of the outcome of the prudential meetings. The frequency of the direct contacts for ad-hoc prudential meetings with the representatives of the institutions – usually conducted by BBk – varies greatly. The factors affecting the frequency of ad-hoc prudential meetings include, in particular, the complexity of their business and the possible need to impose supervisory measures. Routine meetings with the senior management are mainly intended as a tool for regular discussion of business developments and the risk situation as well as the institutions’ general business situation on the basis of the evaluated annual financial statements. They can also serve to rectify deficiencies for which further supervisory measures do not appear to be necessary. An element of the routine talks is also to explain the strengths-weaknesses analysis, which banking supervisors establish based on the risk profile. Ad-hoc meetings focus on issues or topics, which require particular attention from supervisors following major developments at the institution. Supervisors’ focus on qualitative aspects means that a much greater role is being given to active dialogue between institutions and supervisors. In addition, BaFin has the right according to section 44 KWG to send representatives to and address shareholders’ meetings, general meetings or partners’ meetings, as well as meetings of the supervisory bodies of institutions. Supervisory stress tests are conducted both at a national level by BaFin and BBk and at a supra-national level together with EBA and ECB. From a micro-prudential perspective, BaFin and BBk conduct various bottom-up and top-down stress tests on various risk categories for large, as well as medium-sized and smaller banks. Furthermore, the largest German banks participate in the EU-wide banking exercise initiated by the EBA and coordinated by BaFin and BBk together with the ECB. The financial stability department of BBk is conducting regularly and on an ad-hoc basis macro-prudential stress tests for the German banking sector, aiming at the identification of potential vulnerabilities and their quantitative assessment. The results are shared with other BBk departments and BaFin, respecting confidentiality requirements.
EC6	The supervisor evaluates the work of the bank’s internal audit function, and determines whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk.
Description and findings re EC6	The SREP framework provides the basis for the JST to evaluate the work of the IA function within the supervisory assessment. Furthermore, the SREP guideline sets out the use of IA reports as an input into the assessment. The SREP framework provides guidance for supervisors to assess the functionality of the IA function to assess whether: The institution conducts internal audits of the credit risk management framework; Internal audit covers the main themes of credit risk measurement and controls across the institution; and The internal audit function is effective in determining adherence to the internal policies and relevant regulations and addressing any deviations. According to the SREP framework, IA functionality is to be verified by supervisors and its findings should be used as an input to the assessment of each constituent element of the SREP (e.g., capital, liquidity, credit, etc.). The use of IA findings is emphasized specifically in relation to the business model analysis and assessing internal governance and institution-wide controls. The work of the internal audit function is evaluated within the Element 2 – Internal governance and risk management of the SREP (also see BCP 26). The internal audit reports are key sources of qualitative information to perform SREP assessments. In addition, internal audit function may be subject to on-site inspection to obtain assurance that the Internal Audit Function meets the generally accepted principles on internal audit with respect to governance, status and organization, scope of activity and internal audit life cycle. On the basis of the assessment of the internal audit function carried out during the SREP and on-site inspection, JSTs determine whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk. While a review of the work of the internal auditor the extent of verification of internal audit was not widespread. For LSIs the relevant articles can be found in the KWG and MaRisk. BaFin and BBk place special emphasis on the performance of internal auditing: compliance with the guidelines is part of the (external) audit of the annual financial statement and subject to on-site examination performed by audit teams of BBk. Inter alia, supervisors consider the findings of the abovementioned audits while compiling the overall risk assessment for each institution (“risk profile”). The work of the internal audit function is also of great importance for the ongoing supervisory process. Internal Audit reports have to be made available, on request, to the External auditors of the annual accounts, auditors commissioned by BaFin, and to BaFin and Deutsche BBk. Since May 2009, BaFin and BBk expect systemically important banks to submit audit reports on a regular basis. Moreover, the direct dialogue with institutions’ internal audit function is of importance for supervisory purposes.
EC7	The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s Board, non-executive Board members and senior and middle management (including heads of individual business units and control functions) to develop an understanding of and assess matters such as strategy, group structure, corporate governance, performance, capital adequacy, liquidity, asset quality, risk management systems and internal controls. Where necessary, the supervisor challenges the bank’s Board and senior management on the assumptions made in setting strategies and business models.
Description and findings re EC7	For German SIs, the supervisor maintains considerably more contact and directs its main attention to the Management Board as opposed to the Supervisory Board (see also CP14). The assessment of governance is a key element of the SREP and the SREP guidelines recommend a minimum engagement with the bank, including with the banks’ management body (Board) and senior management. The frequency of engagement/dialogue with the managing body and senior management will depend upon the Category of bank whereby Cat 1 & 2 banks will have ongoing engagement as prescribed by the framework, whereas Cat 3 banks will have risk-based engagement and Cat 4 will have engagement at last every three years. Material reviewed by the assessors confirmed that the JSTs had made good effort to maintain contact with the Management Board and senior management throughout the supervisory cycle discussing a range of topics relevant to the individual institution (capital, liquidity, credit quality) as well as sectoral themes (earnings capacity, the low interest rate environment). Where the supervisor is conducting an assessment of a material risk element within the SREP, the framework prescribes engagement with the senior management and managing body during this process. The assessment of all SREP elements across the supervisory cycle will facilitate contact with senior management to develop an understanding of all aspects of a bank’s strategy, policies and processes, corporate governance, capital, liquidity, funding, Pillar 1 risks etc. The JSTs made use of EBA’s guideline on internal governance (GL44) and the SREP framework and supervisory manual. Meetings are held between the senior members of the JST with senior bank management/or risk managers to discuss the bank’s condition, its strategic and operational perspectives, governance issues and the business policies (also with reference to specific sectors), with particular regard to risk management, capital and organizational safeguards related to risks, and internal controls. JSTs may challenge the adequacy of the bank’s strategies and business model and request further information from the Board and senior management. Where appropriate, JSTs may also participate to Board meetings. Meetings are also held with mid-level management and are technical and operational in nature focusing on areas, such as risk management methodologies, self-assessment of capital adequacy, and the control systems. In relation to LSIs, the BBk – at least annually - holds routine meetings with the management board of the individual banks regarding their risk profile and comprehensively explain opinions and views of various areas (Supervisory Guideline, Article 13 (2)). The aim is to act in a preventive supervisory manner, to suggest areas of improvements and to communicate strengths and weaknesses of the institution. The risk profile aims to align supervisory practices with the identified risks of the supervised banks. At the same time, supervisory practices become more transparent if supervision reflects its views of the banks concerned. In addition, the discussion of the strengths and weaknesses of the banks is required under Basel II. The institutions acknowledge that the supervisory assessment is neither to be published nor to be used for promotional purposes. The process is well established for banks and the nature and scope of the meetings was evidenced to be effective.
EC8	The supervisor communicates to the bank the findings of its on- and off-site supervisory analyses in a timely manner by means of written reports or through discussions or meetings with the bank’s management. The supervisor meets with the bank’s senior management and the Board to discuss the results of supervisory examinations and the external audits, as appropriate. The supervisor also meets separately with the bank’s independent Board members, as necessary.
Description and findings re EC8	See also EC7. The JSTs meet with senior management of the bank including CEOs, CROs, CFOS and other senior staff. Periodic meetings will be conducted with the Chair of the Supervisory Board and Chair persons of the Board Risk Committee and Board Audit Committee. The nature of the discussion is typically to share the JSTs risk assessment, to follow up priority issues and to communicate findings from on-site examinations. As mentioned in EC7, a top-level meeting is held with heads of the supervisory and/or management and/or risk managers of the SI to discuss the bank’s condition, its strategic and operational perspectives, governance issues and the business policies (also with reference to specific sectors), with particular regard to risk management, capital and organizational safeguards related to risks, and internal controls. JSTs may challenge the adequacy of the bank’s strategies and business model and request further information from the Board and senior management. Material reviewed by the assessors showed that the meetings with the Management Board were an effective mechanism at gaining assurance that the Management Board was effective in overseeing the risk management of the institution. Where appropriate, JSTs may also participate to Board meetings but this is less frequent. Meetings are also held with mid-level management and are technical and operational in nature focusing on areas, such as risk management methodologies, self-assessment of capital adequacy, and the control systems. The supervisors of LSIs – according to section 7 KWG notably BBk – at least annually hold routine meetings with the management board of the individual banks regarding their risk profile and comprehensively explain opinions and views of various areas (Supervisory Guideline, Article 13 (2)). The aim is to act in a preventive supervisory manner, to suggest areas of improvements and to communicate strengths and weaknesses of the institution. The risk profile aims to align supervisory practices with the identified risks of the supervised banks (see also EC7).
EC9	The supervisor undertakes appropriate and timely follow-up to check that banks have addressed supervisory concerns or implemented requirements communicated to them. This includes early escalation to the appropriate level of the supervisory authority and to the bank’s Board if action points are not addressed in an adequate or timely manner.
Description and findings re EC9	It is the responsibility of the JSTs to decide how to monitor (including reporting) remediation of findings from on-site examinations for SIs. If an SI does not comply with a supervisory measure, the JSTs have to consider taking additional action against the credit institution. The JSTs have a wide range of possible responses that can be initiated. They range from informal notifications to the credit institutions, or the use of additional supervisory powers, to enforcement measures or even sanctions, depending on the nature of the original supervisory measure and the extent of the non-compliance. The follow up typically involved specific meetings with the SI’s management, or follow-up inspections to monitor the implementation activities of the credit institution, however in practice follow up inspections to verify that findings had been remediated had not been performed. If the SI does not start implementing remedial measures, the JST refers the case to the Enforcement and Sanctions Division if it considers that an enforcement measure is needed or that there is reason to suspect that a breach has been committed. No such examples existed. BBk assigns four grades for results from LSI on-site examinations - F1 (low priority) to F4 (high priority). The results from the on-site are communicated to the institution through the head of mission (potentially together with BaFin). The final examination report is then submitted to BaFin describing in detail the findings and that remedial action is needed to fill shortcomings (the report does not however recommend how the deficiencies should be remediated). The BaFin will then make a decision in terms of how to communicate the findings to the institution. Typically, a final report of examination findings is communicated to the institution approximately four weeks from receiving the report from the BBk. Evidence from the mission confirmed this process was working effectively. The LSIs required to respond to the examination report including how it will remediate the deficiencies and the timeframe for action. A status report will also be provided to the BaFin until the deficiencies are closed. It was evidenced that F4 findings were taken very seriously by both BaFin and the credit institutions and a review of several files showed that credit institutions implemented prompt and appropriate action to fill gaps in risk management identified through on-site examinations. In cases where an institution did not comply with the legal or implemented requirements the BaFin had exercised its powers using a “ladder of action”. The time taken to conduct follow-up on-site examinations to verify that findings graded F1 to F3 had been remediated was approximately three years which assessors viewed as too long. However, the EA long form report does include an evaluation as to whether management had addressed findings from the on-site examination. Nonetheless, greater emphasis should be given to confirming banks management’s actions to address on-site findings.
EC10	The supervisor requires banks to notify it in advance of any substantive changes in their activities, structure and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements.
Description and findings re EC10	See also BCP 4 to 7 in regards to the notification framework associated with change in ownership, significant holdings, acquisitions and mergers). The relevant legal framework can be found in the KWG and is further specified in the Reports Regulation AnzV and the Holder Control Regulation (InhKontrollV). Banks send notifications both to BaFin and BBk. They have to notify about every important aspect of their business as soon as it occurs. This section of KWG is understood to include any material development in business conditions as required in the EC. In practice, banks do make the supervisor aware of changes in financial and risk conditions. In addition, banks have to report about essential aspects (e.g., qualified holdings and own funds quota) once a year. The reporting requirements are stipulated especially in section 24 et seq. and 2c of the KWG. These requirements are substantiated in the AnzV and respectively the InhKontrollV. Additional reporting requirements can be found in part eight of the CRR, for banks in the scope of the regulation. The notifications have to be provided by the bank without undue delay. Banks are not obliged to report their own breaches of legal requirements, as this would be contrary to fundamental rights. However, according to section 29 KWG certified public accountants have to identify abidance of specific laws (especially those of the KWG) in the process of the examination of the annual fiscal statement of the bank. While there are established notification rules in relation to a change in ownership/significant interest or a merger/acquisition, there is no such requirement for a credit institution to advise the supervisor of a breach of a prudential requirement. While there is no compulsion for the institution to advise the supervisor, banks typically ensure that supervisors are made aware of their business activities which include changes in strategy, new products, significant events and material adverse developments (especially those that will attract media attention). While there were examples where credit institutions had made efforts to keep the supervisor apprised of developments there were also instances where this was not the case. In the absence of formal notification requirements for breaches, the breach may not be notified to the supervisor until the external audit report.
EC11	The supervisor may make use of independent third parties, such as auditors, provided there is a clear and detailed mandate for the work. However, the supervisor cannot outsource its prudential responsibilities to third parties. When using third parties, the supervisor assesses whether the output can be relied upon to the degree intended and takes into consideration the biases that may influence third parties.
Description and findings re EC11	In relation to SIs, as a general rule the on-site work will be performed by staff from the ECB in coordination with the German supervisory authorities. The ECB, BaFin and BBk conduct an annual planning exercise after the SEPs have been completed for the next twelve months (timing approximately October) with a six monthly status update. The delivery of on-site examinations is tracked by a weekly report that allows management to monitor progress against the plan and adjust resources accordingly. This process allows both the ECB and the German supervisory authorities to plan resources ahead. Nonetheless, where resource pressures exist external parties can and do get tapped to assist in the delivery of on-site examinations. The ECB has concluded a framework agreement with six audit firms for the appointment of external auditors to on-site inspection or internal model investigations missions. External consultants may participate to on-site inspection and internal model investigation missions in case there is a lack of appropriate resources within the inspection team, following the SSM’s internal guidelines. To ensure that the responsibility is not outsourced, external consultants can only participate as team members and cannot act as Head of the on-site examination. Prior to the appointment of the external consultants, the head of mission provides a sound rationale, which is adequately approved, for the need of external consultants and a description of the expected tasks and outputs to be produced. To ensure the independence of the external provider, the audit firm must provide the ECB with some background information about its relationship with the inspected entity as well as its self-assessment about the potential existence of a conflict of interest. During the on-site inspection, external consultants perform the same tasks than SSM staff, and apply the SSM methodology under the supervision and as per requirements of the head of mission. Their presence is transparently communicated to the inspected institution. The process was shown to be closely scrutinized so as to ensure the integrity of the process and that the output can be relied upon to delivery equivalent results. To date, the overwhelming majority of on-site examinations are delivered by ECB and representatives from the BBk and BaFin for SIs. In relation to LSIs, a greater reliance on third party experts – mainly the external audit profession – is used to delivery on-site examinations.
EC12	The supervisor has an adequate information system which facilitates the processing, monitoring and analysis of prudential information. The system aids the identification of areas requiring follow-up action.
Description and findings re EC12	Directorate General Information Systems provides, maintains and develops the information and communications systems necessary for the SSM to carry out its tasks. This includes the provision of information governance and security. The unit is also responsible for providing support services for end users as well as quality, supplier and license management. DG Statistics ensures the availability of reliable and accurate supervisory data across the SSM for supervision and statistics purposes. The data is made available to end users according to the SSM Information Security Policies and IT system entitlements. DG Statistics checks the completeness and data accuracy of each report received as well as the presentation of the information in order to ensure that different rapporteurs use the same format (allowing for data consistency and making historical or sector-wide analysis easier). In addition, it monitors compliance with the submission deadline for each report. The data check by DG statistics is an automated validation process of built in rules for data checks. On the issues of erroneous data, missing data or reports and failures to meet submission deadlines, DG Statistics liaises closely with the rapporteurs as well as with the NCAs. It keeps track of all its requests to the rapporteurs in order to be sure to have received a satisfactory reply to each of them. In cases where, after a certain predetermined period of time (as set out in the reporting schedules), no response is received, DG Statistics sends a reminder to the rapporteur concerned. Thereafter, it ensures that the database contains always the last and most correct version of the reports; history data is kept in the database but should be clearly marked as such. The Directorate General informs in due course the end users whenever new updates of supervisory data are available. The IMAS system provides an integrated supervisory tool facilitating the analysis of prudential data, the prioritization and monitoring of tasks, as well as the performance of SREP (see also CP8). The BBk provides adequate information systems to interface with all German credit institutions to report prudential information. The system includes automated triggers and manual processes to detect areas of follow up action (see also CP10). The Committee on Ongoing Monitoring is responsible for summarizing, processing, and analyzing prudential information. It identifies the major risks for the banking sector as a whole and summarizes the most recent information in a risk profile. The risk profile also contains the current actions taken to mitigate the risks and thus allows identifying areas with potential need for action. The last change to prudential information systems took place in 2011.
Additional criteria
AC1	The supervisor has a framework for periodic independent review, for example by an internal audit function or third party assessor, of the adequacy and effectiveness of the range of its available supervisory tools and their use, and makes changes as appropriate.
Description and findings re AC1	SSM supervisory activities are performed under the ECB internal control framework which relies on a three-line-of-defense model. It is the responsibility of the ECB’s operational management to establish appropriate systems of internal controls. For instance, a Supervisory Quality Assurance Division (SQA) has been set up in order to provide regular feedbacks to SSM managers on the quality of their supervisory output in terms of consistency and effectiveness. The SQA Division operates by means of desk reviews, interviews with stakeholders and factual checks and analysis. Once a year the SQA issue a lessons learnt report discussed by the Supervisory Board who may decide on further actions. In addition to the SQA, the ECB Directorate Internal Audit (D/IA) provides independent and objective assurance and consulting services designed to add value and to improve the ECB’s operations. D/IA acts as third, independent line of defense within the ECB governance framework. In doing so, D/IA helps the ECB in accomplishing its objectives by bringing a systematic disciplined approach to evaluate and improve the effectiveness and efficiency of risk management, control and governance processes. All activities, operations and processes of the ECB may be subject to internal auditing. Moreover, D/IA coordinates and performs audit work under the umbrella of the Internal Auditors Committee (IAC). The scope of the IAC covers the performance of the Eurosystem/ESCB and SSM tasks and activities as defined in the Statute of the ESCB and the ECB and in the SSM Regulation including their enabling processes and risks associated with them, and/or activities decided by the Executive Board, Governing Council or General Council. As regard to third party assessors, the EU Commission as well as the European Court of Auditors are entitled to review SSM operations with a specific focus on operational efficiency. All of BaFin’s and BBk’s supervisory units are subject to regular quality assurance by a separate quality assurance section within the supervisory unit and audits performed by its internal audit department. The internal audit departments of BaFin and BBk and the IAC in SSM composition provide independent, objective assurance and consulting services designed to add value and to improve the performance of supervisory tasks and activities, respectively. In doing so, they assist in accomplishing the respective objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Prior to the implementation of the SSM, the internal audit departments of BaFin and BBk performed regular audits covering all areas of banking supervision. Since November 4, 2014, the IAC in SSM composition has become responsible for SSM-related audit work. The first IAC audit is planned for late 2015. Additional audit service is provided by the German Federal Court of Auditors - Bundesrechnungshof (BRH). The BRH examines as an independent body of government, the financial management of all federal authorities. The BRH audits BaFin’s and BBk’s accounts annually regarding banking supervision and all other national tasks BaFin and BBk are entrusted with.
Assessment of Principle 9	Largely compliant
Comments	Overall supervisors of German banks take an active approach to using supervisory tools. The supervisory manual and associated frameworks provide a sound basis for supervisors to perform comprehensive risk assessments using a mix of on-site and off-site supervision activities. Annual risk assessments and the SREP process allow for the results of off-site and on-site supervision to be integrated and combined for form a single overall view of all material risks and the necessary measures. Supervision manuals are detailed and help guide the risk assessment process in a systematic way. On-site examinations were demonstrated to be an effective tool to focus on deficiencies in risk management. There are, however, gaps in the approach for off-site that need to be attended to. For LSI off-site supervision, there is an undue reliance on the work of the external auditor and while the annual EA report contains a significant amount of detail, a greater use of other inputs to off-site supervision is needed in the risk assessment process. In the early phase of the new supervision framework for SIs, activities have been heavily influenced by thematic priorities reflecting cross-cutting issues set by a centralized division. This process ensures consistency in SEPs, which should help drive a consistent approach to strategic priorities across all German SIs. However, this comes at the expense of activities identified from a bottom up analysis of an institutions’ risk profile. A more balanced approach to between thematic and bottom up supervision priorities is warranted. The results of on-site examinations for SIs are not ranked in degree of severity. While there is a clear process for the communication of findings at the conclusion of the examination process, the ultimate communication to the bank does not prioritize findings from high priority to low. As a result, it is not always clear for banks the prioritization of actions to address on-site findings. A ladder of severity will help ensure management and supervisory boards are able to prioritize remedial action according to severity of on-site findings. Greater attention needs to be paid to confirming that banks have appropriately addressed findings from on-site examinations. There is a solid process in place to ensure banks report periodically remedial measures to address deficiencies identified as part of the on-site examination and assessors reviewed many examples where this process was working. Nonetheless, more emphasis should be placed on verifying that remedial actions address shortcomings identified during the on-site. This is especially needed given that for LSIs the specific action to remediate findings from the on-site is not prescribed by BaFin/BBk but instead is left to the institution to determine. Currently the results of the bank’s remediation of on-site findings will typically not be evaluated in detail until the next follow up examination which has a frequency of 3-12 years. For German credit institutions, the supervisor maintains considerably more contact and directs its main attention to the Management Board as opposed to the Supervisory Board (see also CP14). As a result, there was limited evidence to demonstrate that the supervisor effectively challenged the bank’s Supervisory Board on the assumptions made in setting strategies and business models. The role in setting the strategy and business model in the German banking system rests with the Management Board and the Supervisory Board is not expected to be involved in this directly. Banks are not obliged to report their own breaches of legal requirements. Swifter notification of breaches may help alert the supervisor at an earlier stage and enable action earlier (EC10).
Principle 10	Supervisory reporting. The supervisor collects, reviews and analyses prudential reports and statistical returns²⁷ from banks on both a solo and a consolidated basis, and independently verifies these reports through either on-site examinations or use of external experts.
Essential criteria
EC1	The supervisor has the power²⁸ to require banks to submit information, on both a solo and a consolidated basis, on their financial condition, performance, and risks, on demand and at regular intervals. These reports provide information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector, geography and currency), asset quality, loan loss provisioning, related party transactions, interest rate risk, and market risk.
Description and findings re EC1	All German banks are obliged to prepare and submit information on their financial position and risk level. The major reports are financial reports (FINREP) and capital adequacy reports (COREP) under the ITS on supervisory reporting and CRR. Those reports provide information on such matters as capital adequacy, liquidity, Pillar 1 risks, balance sheet and P&L, off-balance sheet items, large exposures, asset quality, related party transactions, etc. The data are reported on both a solo and/or consolidated basis as required in the EU Implementing Technical Standard (ITS) on reporting. (For reference see also http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0680&from=EN). Reporting is obtained both on a consolidated (prudential) and solo level. The perimeter of the entities included in the prudential scope of consolidation is defined in the CRR (Chapter 2, “Prudential consolidation”) and is applied to all institutions supervised by SSM. The ITS on supervisory reporting together with the Regulation (EU) 2015/534 provide harmonized reporting requirements for all SSM institutions. The EU harmonized supervisory reporting for SIs covers the following areas: - Solvency/COREP (quarterly) - Financial information/FINREP (quarterly with some templates semi-annually or annually) - Large exposures (quarterly) - Losses from immovable property (semi-annually) - Leverage ratio (quarterly) - Liquidity (monthly) - Asset encumbrance (quarterly) - Supervisory benchmarking (annually) As part of the ITS on Reporting, institutions also need to report the 10 largest exposures to institutions and the 10 largest exposures to unregulated financial entities, with identification of counterparty and maturity buckets. These reports are filed quarterly beginning March 31st, 2014. The frequency of collection and analysis of information from banks can be adjusted depending upon the risk profile and systemic importance of the bank as per the CRD (Article 104 paragraph 1(j)) and as suggested within the EBA SREP guideline when performing the supervisory review (see Table 1). Data needs of the SSM not addressed by the EBA ITS on Supervisory Reporting might be covered via additional data collections or Short Term Exercises (STEs). The JSTs demonstrated frequent use of STE data to augment routine reporting submitted by SIs. For example, requests in 2015 include interest rate in the banking book, sovereign risk and liquidity among others. The ECB may also request, on an ad hoc or continuous basis, information from the national competent authorities for the performance of its tasks (see Art 10 and 6(5) of the SSMR). Reporting frequency of STEs varies depending on the type of data: monthly (liquidity); quarterly and semi-annual or annual for some individual templates. While routine reporting of the complete suite of regulatory returns is required on a quarterly basis, the frequency can be more often where deemed necessary. No such examples of SIs on enhanced reporting at this juncture. Also as part of the ITS on Reporting, institutions need to report the items integrating the LCR (liquidity coverage ratio) and the NSFR (net stable funding ratio). JSTs use the routine regulatory reporting in the ongoing supervision processes. ITS data is used to generate key risk indicators as inputs into Phase 1 of the SREP risk assessment process. The data is also transposed into a summary of key financial and risk information (so called ID cards) which are used to provide senior management with a snap-shot of bank key risk indicators. In respect of LSIs under the immediate supervision from German supervisory authorities, all institutions subject to Article 4 of Regulation (EC) No 1606/2002 have to report financial information. Germany has defined different reporting requirements which are anchored in the KWG. All institutions at solo level as well as institutions using the German GAAP - HGB at consolidated level must submit financial information to Bundesbank after the end of each calendar quarter, which is forwarded to BaFin including an assessment by BBk if required (section 25 (1) KWG). The financial information comprises in particular the profit/loss data since the last annual accounts statement (including planning data for profit/loss) and has to be submitted to German supervisors by all required institutions on a quarterly basis (Section 3 (1) of the FinaRisikoAV). For CRR institutions the report of the balance sheet information submitted by institutions to Bundesbank according to the “Monthly balance sheet statistics” meet this requirement (section 4 (2) FinaRisikoAV) so there is no additional reporting requirement for CRR institutions concerning balance sheet positions. The Monthly balance sheet statistics serve as an information basis originally for monetary purposes and are conform to the supervisory information needs in this respect. This financial reporting does not contain information on the institution’s ICAAP (“risk bearing capacity concepts”). This reporting requirement is addressed in chapter 3 of the FinaRisikoAV (sections 8 to 12 FinaRisikoAV). According to section 4 FinaRisikoV the reporting on financial information contains mainly the current and the planned profit and loss statement and further risk sensitive measures such as data on loan quality. In addition, section 25 (2) KWG requires the consolidated enterprise of groups within the meaning of section 10a KWG to submit aggregated financial information accordingly. Monthly returns in respect of the adequacy of liquidity for payment purposes are submitted in accordance with section 11 KWG in conjunction with section 11 (Liquidity Ordinance Liquiditätsverordnung (LiqV). Additionally, the reporting connected to the national German liquidity standard (LiqV, i.e. Liquiditätsverordnung) remains in place until the full introduction of the LCR (binding minimum standard at 100 percent in 2018). This reporting is also required at a monthly basis. More complex institutions do also report their net liquidity position over several time buckets up to one year on a monthly basis. This report includes information on sources and prices of funding as well as available central bank eligible and ineligible collateral. Since January 2014 the details of this obligation are laid down in the new Financial Information Regulation (Finanzinformationenverordnung - FinaV; since January 2015 amended as Finanz- und Risikotragfähigkeitsinformationenverordnung – FinaRisikoV) which replaced the Monthly Returns Regulation (MonAwV) and the Aggregated Monthly Returns Regulation (Zusammengefasste Monatsausweisverordnung - ZuMonAwV). Furthermore, according to section 25 (1) KWG, institutions must submit once a year information about the internal capital adequacy (risk bearing capacity) to Bundesbank, which is forwarded to BaFin including an assessment by Bundesbank. The details of this obligation are laid down in the FinaRisikoV. The aim of this report is to obtain regularly and uniformly structured information about the internal methods and processes the institution uses to manage their capital adequacy. Pursuant to section 2 FinaRisikoV the report provides statements concerning the profit and loss account from the end of the last financial year and the statement of assets and liabilities of the last reporting period. According to section 44 KWG BaFin and Bundesbank can require an institution to provide information on all business related affairs. This includes the possibility to request ad-hoc reports on specific risks as warranted. In addition, according to section 24 (3b) KWG BaFin and Bundesbank can implement additional notification and reporting requirements, in particular with regard to gaining a better insight into the economic situation of the institution. This means, all institutions using IFRS have to report FINREP data. In case, an institution uses national GAAP, the NCA can decide if these institutions additionally have to report FINREP data (Article 99 section 6 CRR). In Germany, all institutions using national GAAP (HGB) have to report their financial information according to the FinaRisikoV. The scope and periodicity is the same for all institutions. All banks report solo in German GAAP and for those that are consolidated using IFRS.
EC2	The supervisor provides reporting instructions that clearly describe the accounting standards to be used in preparing supervisory reports. Such standards are based on accounting principles and rules that are widely accepted internationally.
Description and findings re EC2	According to the CRR (Article 99(2)), FINREP reporting templates for supervisory purposes are required to be based on the IFRS at the consolidated level (see EC1) in case the supervised group institution is subject to IFRS reporting pursuant to Regulation (EC) 1606/2002 or applies IFRS for supervisory reporting pursuant to Article 24(2) of Regulation (EU) No 575/2013. At the solo level, reporting can be based on local GAAP and national discretion can be exercised to require IFRS for solo reporting of FINREP. Reporting instructions are included in Commission Implementing Regulation (EU) No 680/2014 and contains detailed instructions for the submission of supervisory reporting. Specifically, in relation to SIs, FINREP reporting is based on IFRS and adapted also for German GAAP. ECB Regulation 2015/13 extends the harmonized regular reporting of financial information to the consolidated reports of banks under national accounting frameworks, as well as to solo reports, e.g., for supervised entities that are no groups. The Regulation does not affect the accounting standards applied by supervised groups and entities in their consolidated or annual accounts, nor does it change the accounting standards applied to supervisory reporting. The Regulation uses templates designed by the EBA and forming part for the Implementing Regulation (EU) 680/2014. In particular, there are dedicated national GAAP reporting templates that harmonize the reporting of entities under these accounting standards while respecting their differences vis-à-vis IFRS. In addition, the ECB is collaborating with the NCAs to provide national GAAP banks’ further guidance to facilitate their reporting. Reporting instructions for LSIs are not laid down by the German banking supervisors. Rather, the HGB contains comprehensive recognition criteria and valuation principles for use in the preparation of annual accounts for corporations, as well as supplementary regulations for credit institutions and financial services institutions (sections 340 et seq. HGB). Furthermore, the HGB contains precise details on how the balance sheet and profit and loss account should be presented. The Regulation Governing the Financial Statements of Credit Institutions and Financial Services Institutions (Verordnung über die Rechnungslegung der Kreditinstitute und Finanzdienstleistungsinstitute – RechKredV), which was drafted by BaFin and approved by the Federal Ministry of Justice and Consumer Protection, specifies the annual financial reporting requirements of financial institutions and contains further provisions, which comply with the EU Bank Accounts Directive (EC 86/635) as well as with the fourth and seventh EC Accounts Directives (EC 78/660 and EC 83/349); updating of HGB according to the new EU Accounting Directive (RL 2013/34/EU) has been done in July 2015. Pursuant to regulation (EC) No 1606/2002 or section 315a (2) HGB, a parent institution may be required to draw up its consolidated annual accounts in accordance with the IFRS. Where a parent institution is not required to apply the IFRS to the consolidated accounts, it has the option to do so (section 315a (3) HGB). If the consolidated accounts are set up in accordance with the IFRS, the regulations of the HGB concerning the annual accounts of corporations are only applied within the scope of section 315 (1) HGB. The German Accounting Standards laid down in HGB has prudence among its guiding principle and therefore anchored on conservatism (see also EC27). Examples include the strict limitation to the fair valuation of financial instruments and the use of hidden reserves. Supervisory instructions are the ITS on reporting and national instructions e.g., the regulation FinaRisikoV (see also EC1) which clearly describe the accounting standards to be used. Supervisory reporting requirements are based on the valuations of the respective accounting standards.
EC3	The supervisor requires banks to have sound governance structures and control processes for methodologies that produce valuations. The measurement of fair values maximizes the use of relevant and reliable inputs and is consistently applied for risk management and reporting purposes. The valuation framework and control procedures are subject to adequate independent validation and verification, either internally or by an external expert. The supervisor assesses whether the valuation used for regulatory purposes is reliable and prudent. Where the supervisor determines that valuations are not sufficiently prudent, the supervisor requires the bank to make adjustments to its reporting for capital adequacy or regulatory reporting purposes.
Description and findings re EC3	In relation to SIs, Article 24 of the CRR specifies that the valuation of assets and off-balance sheet items shall be effected in accordance with the applicable accounting framework. Article 76 of the CRD requires that the management body will devote sufficient time to the consideration of risk issues as well as the valuation of assets, the use of external credit ratings and internal models relating to those risks (see paragraph 2). The CRD provides the legal basis for governance arrangements and control processes for valuation of assets. The measurement of fair values and valuation rules are also determined on the grounds of IFRS requirements (IAS 39, IFRS 13). Specifically, in relation to internal approaches, Article 78 of the CRD requires that, at least annually, supervisors of SIs to assess the consistency and comparability in risk-weighted assets (RWA) produced by internal modeling approaches (except for operational risk). The governance arrangements for the submission of regulatory reporting will depend upon the size and complexity of the credit institution, but typically the sign off will be head of department within the bank’s finance division. At least annually, regulatory reporting is tabled to the board. While this occurs in practice, it is not required as part of MaRisk. EBA Technical Standards (EBA/RTS/2015/01) provide supervisors with a benchmarking tool to enable the JST to compare the outputs of banks’ models. The ITS specify the benchmarking portfolios as well as the templates, definitions and IT solutions that should be applied in the benchmarking exercise for market and credit risk. The RTS for prudential valuation (EBA/RTS/2014/06/rev1) establishes approaches for prudential valuation adjustments as required by the CRR for traded instruments (simplified and core approaches) The valuation framework and control procedures are subject to adequate independent validation and verification, mainly through the SIs internal audit function and external auditors. JSTs routinely receive reports from IA as well as meetings with IA regarding ongoing audit work. Furthermore, the external auditor is required to conduct an assessment of the data systems that input into the regulatory reporting. The JST will become aware of deficiencies in control procedures via these two channels. EU-wide legislation fails to cover the capacity for the supervisor to require a bank to make adjustments to its reporting for capital adequacy or regulatory reporting if valuations are deemed not sufficiently prudent. However, article 16.2.a) of SSMR allows the ECB to require institutions to hold own funds in excess of the capital requirements laid down in the acts referred to in the first subparagraph of Article 4.3 related to elements of risks and risks not covered by the relevant Union acts. To date, on-site examinations have not been conducted that test the veracity of data systems used to report regulatory data. Furthermore, supervisors do not routinely assess whether the valuation used for regulatory purposes is reliable and prudent. In regards to LSIs, (and for certain SIs as well), the annual accounts are based on nGAAP which mainly follow a cost accounting approach. The data is prepared in accordance with the Principles of Proper Accounting (Grundsätze ordnungsgemäßer Buchführung – GoB) according to section 243 (1) HGB. Additionally, the annual account of corporations must, in compliance with the GoB, present a true and fair view of the net worth, financial position and results of the company. If the annual accounts do not show a true and fair view due to special circumstances, additional disclosures are required in the notes (section 264 (2) sentence 2 HGB). This requirement also applies to all banks, regardless of the legal form under which they operate (section 340a HGB). The basic GoB are codified in the HGB, among those are the “historical cost principle”, the “item-by-item valuation principle”, the “realization principle,” the “imparity principle” and the “prudence principle” (sections 252 et seq. HGB). As a general rule, the recognition of unrealized profits is prohibited. However, for financial years starting 2010, institutions have to show financial instruments held for trading at fair value, after taking into account an adequate deduction for risk (section 340e (3) HGB). The deduction for risk must reflect the probability that some of the gains may not be realizable. In addition, every financial year an amount of at least 10 percent of the net trading profits has to be booked into the “fund for general banking risks” (section 340g HGB) and to be shown separately. These amounts may only be reversed in order to account for net trading losses or in case they exceed 50 percent of the average net trading profits of the previous five years (section 340e (4) HGB). The notes must include information about assumptions with regard to the calculation of the fair values and categories and volume of the financial instruments concerned including conditions that may have impact on cash flows. Together, these rules intend for only distributable profits can be disclosed (after expenses – including provisioning – have been deducted). According to Section 252 HGB validation shall be done annually for individual institutions. Furthermore, trading book positions subject to market risk shall be valued daily (MaRisk BTR 2.2.2). Banking book positions subject to market risk shall be valued at least once a quarter (MaRisk BTR 2.3.1). When auditing the annual accounts or interim accounts, the auditor examines the institution’s financial situation and determines in particular whether the institution has fulfilled the regulatory requirements (section 29 KWG). In addition to that, according to MaRisk BT 2.3.1, the scope of internal audits also covers the risk management and risk control processes, including the valuation framework of the institution and its practical use. BaFin and Bundesbank conduct routine on-site examinations of LSI’s to test the veracity of information systems and control procedures associated with supervisory reporting (see section 44 KWG). The examinations will select a sample of supervisory reports and check whether the data reconciles with the accounts.
EC4	The supervisor collects and analyses information from banks at a frequency commensurate with the nature of the information requested, and the risk profile and systemic importance of the bank.
Description and findings re EC4	See also EC1. The frequency of collection and analysis of information from SIs can be adjusted depending upon the risk profile and systemic importance of the bank as per the CRD (Article 104 paragraph 1(j)) and as suggested within the EBA SREP guideline when performing the supervisory review (see Table 1). ITS data and data collected through short term exercises (STEs) feed into ongoing supervision and importantly the SREP process which occurs throughout the supervisory cycle. The data is a key input into the first two phases of the assessment of the four elements of the SREP decision. The data is also automatically populated into a two-page high level summary of the SI’s financial and risk position that is used for reporting to senior management. The regular reporting requirements for LSIs contain standard reporting days or standard reporting periods. These are commensurate with the nature, significance and availability (i.e. annual accounts) of such data. Generally, these provisions apply to all institutions. In special cases (e.g., high risks, significant institutions, etc.) supervisors may request further information. CRR institutions (other than significant institutions) have to submit the information required under to the EU harmonized supervisory reporting framework according to the frequencies as described above. National supervisory reporting is conducted on a quarterly frequency; while a more comprehensive analysis such as through the ICAAP process is annual. Throughout the supervisory cycle the Bundesbank will conduct regular in-depth analysis of specific risk areas of LSIs including NPLs, LEs and IRRBB. CRR institutions have to submit information on their balance sheet positions on a monthly basis (according to “Monthly balance sheet statistics”). Other institutions than CRR institutions have to submit that information on a quarterly basis (according to FinaRisikoAV). Information on institution-internal ICAAP (risk bearing capacity information) has to be submitted in general on yearly basis (according FinaRisikoAV, section 8 to 12). Institutions which are subject to direct supervision of ECB (SSM institutions) or other institutions with the potential to pose a systemic risk have to submit this information twice a year.
EC5	In order to make meaningful comparisons between banks and banking groups, the supervisor collects data from all banks and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates (stock data) and periods (flow data).
Description and findings re EC5	The EBA publishes a set of papers for benchmarking the internal approaches that EU institutions use to calculate own-funds requirements for credit and market risk exposures (see also EBA assessment comparing capital requirements for IRB banks in EU). JSTs readily use cohort benchmarks as a way to identify outliers and peer group averages to inform and enrich analysis of supervisory reporting. The population of SIs supervised by the ECB allows for cross-border comparisons. In order to ensure comparability between banks with different year-ends, SIs adjust their financial information based on their accounting year-end which deviates from the calendar year so that reporting of financial information is done every three, six or twelve months from their accounting year-end, (according to art 2 of Commission Implementing Regulation (EU) No 680/2014). To strengthen the analysis of credit risk for German banks, the Bundesbank maintains a central credit register (CCR). According to section 14 KWG lenders (credit institutions including foreign subsidiaries and branches, financial services and insurance companies) have to report loans to an individual counterparty or a group of connected counterparties of EUR 1 million or more (large loans) to the CCR quarterly. This report includes information about the client (i.e. identifiers, geographical and sectoral, group of connected counterparties) and credit data (on-/off-balance, provisions, collaterals, probability of default, code of default etc.). The CCR collates all reporting and performs quality checks for the total indebtedness of an individual counterparty or a group of connected counterparties. The information derived from the reports on large loans are regularly analyzed by the Bundesbank especially for banking supervision and financial stability reasons (for example to analyze the exposure of a credit institution or to give an indication how a sovereign debt crisis effects lenders or groups of lenders). In addition, there is a feedback loop, which returns the total indebtedness of an individual counterparty or a group of connected counterparties to all involved lenders. Apart from this, an institution has to report to the Bundesbank all large exposures (as a part of the European common reporting) to an individual counterparty or group of connected clients exceeding the threshold of 10 percent of its eligible capital. The CCR has to deliver these reports to the ECB. This enables the supervisors to review this specific type of concentration risk within a bank’s portfolio on a harmonized level (see also CP17).
EC6	The supervisor has the power to request and receive any relevant information from banks, as well as any entities in the wider group, irrespective of their activities, where the supervisor believes that it is material to the condition of the bank or banking group, or to the assessment of the risks of the bank or banking group or is needed to support resolution planning. This includes internal management information.
Description and findings re EC6	See also EC1. In relation to SIs, banking groups are requested to provide supervisory reports on the basis of their consolidated situation following Article 11(1) CRR. Regarding consolidated reports of financial holding companies or mixed financial holding companies the credit institution controlled by the financial holding company is requested to report at the highest level of consolidation for the whole group following Art 11(3) CRR. In this way the financial position of the consolidated group—including unregulated subsidiaries—is reported and made available for analysis. Information for the wider banking group is included in the risk assessment for the purpose of due transparency of these institutions’ group structure, as well as within the scope of group solvency information on affiliates being subject to the EBA ITS on Reporting. In relation to LSIs, according to section 44 (1) sentence 1 and section 44 (2) sentence 1 KWG, German banking supervisors can request that an institution submit all relevant documentation regarding the credit institution. In principle, German banking supervisors can make use of the formal request for information provided for under section 44 KWG at any time in order to obtain up-to-date information. However, often the request is triggered by auditor’s report findings, reports filed in accordance with section 29 (3) or section 24 (1) no. 4 KWG, newspaper reports, etc. The formal request for information may be intended to elicit one-off comments. According to section 24 (3b) KWG BaFin and Bundesbank may also impose additional notifications and reporting requirements on institutions or certain types or categories of institutions, in particular in order to obtain more deep insight into developments in the institutions’ final situation, into their principles or proper management or into the abilities of members of the institution’s governing bodies where it is necessary to fulfill the tasks of BaFin and the Bundesbank. These provisions include information regarding the wider banking group and the German supervisory authorities demonstrated evidence where such information had been requested and submitted by LSIs for analysis. Regarding the support of resolution planning by the respective institution or group, section 42 and 46 of the SAG defines the cooperation and contribution requirements for the banks. This also includes the provision of any information and analyses needed by the resolution authority for the preparation and implementation of the resolution plan. BaFin and Bundesbank together with FMSA are required to review whether some or all of the information which is to be forwarded is already available. If such information is available, the BaFin and the Bundesbank will provide it to FMSA.
EC7	The supervisor has the power to access²⁹ all bank records for the furtherance of supervisory work. The supervisor also has similar access to the bank’s Board, management and staff, when required.
Description and findings re EC7	See also EC6. Article 11 of the SSMR allows the ECB to examine the books and records and take copies or extracts from such books and records; and “obtain written or oral explanations from any person referred to in Article 10(1) or their representatives or staff”. The (legal and natural) persons referred to in Article 10(1) are the following: (a) credit institutions established in the participating Member States; (b) financial holding companies established in the participating Member States; (c) mixed financial holding companies established in the participating Member States; (d) mixed-activity holding companies established in the participating Member States; (e) persons belonging to the entities referred to in points (a) to (d); (f) third parties to whom the entities referred to in points (a) to (d) have outsourced functions or activities. The corresponding legal powers of BaFin and Bundesbank are derived from sections 44 et seq. KWG. They apply in connection with individual institutions, institutions which form part of a group, and holders of qualified participating interests. According to section 44 (1) 3 KWG BaFin’s staff, the staff of the Bundesbank as well as any other person BaFin uses in performing the inspections are allowed to enter and inspect the business premises of the institution, the external service providers and the subordinated undertakings during ordinary office and business hours. Institutions and acting persons in institutions must show all documents and have to provide BaFin and Bundesbank with all information they need to conduct their supervision. BaFin can also send representatives to the general meetings and to the meetings of the supervisory board. In addition, section 24c KWG gives BaFin automated access to the customer account information of individuals and institutions to perform its prudential functions under the KWG or the Money Laundering Act, in particular with respect to unauthorized banking business and financial services.
EC8	The supervisor has a means of enforcing compliance with the requirement that the information be submitted on a timely and accurate basis. The supervisor determines the appropriate level of the bank’s senior management is responsible for the accuracy of supervisory returns, imposes sanctions for misreporting and persistent errors, and requires that inaccurate information be amended.
Description and findings re EC8	The relevant legal basis for enforcement of supervisory reporting standards for SIs is found in the CRD. Article 76 of the CRD assigns responsibility to bank senior management for the accuracy of supervisory reporting (see also EC3). Article 67 paragraphs (e) to (m) establish the capacity for the competent authority to enforce compliance with the requirement that information submitted for regulatory purposes is accurately and timely. Regarding timeliness, the remittance dates to the ECB are specified, with different deadlines according to the nature of the reporting entity. SIs directly supervised by ECB have an earlier remittance date than LSIs. Regarding accuracy of data, NCAs monitor and ensure the quality and reliability of the data made available to the ECB, by applying the validation rules specified in Annex XV of Implementing Regulation (EU) No 680/2014 applying data quality checks defined by the ECB in cooperation with the German supervisory authorities. The coordination between the agencies was demonstrated to work well where timely submission of data existed. Delayed reporting was promptly followed up with the credit institution and quality checks were flagged with the ECB in relation to SIs. Directly applicable EU law (cfr. CRR Articles 99(1), 101, 349(1), 415(1) and (2), 430 (1)) imposes reporting obligations on the institutions within its scope. The ECB is entitled to impose both pecuniary sanctions and enforcement measures on SIs for breaches of those obligations. Pursuant to Article 18(1) SSMR, the ECB has the exclusive competence to open infringement proceedings against and impose administrative pecuniary penalties on SIs as concerns breaches of directly applicable EU law. The ECB may also, pursuant to Article 18(5) SSMR, request NCAs to open proceedings in order to impose (i) non-pecuniary penalties on SIs and (ii) sanctions against natural persons belonging to these entities. For enforcement and sanctions available to the ECB, see CP 1 and CP 11. To date, no examples can be provided of cases where the penalties have been applied to supervised entities for not providing reporting in time or with insufficient data quality. The legal basis for enforcement of reporting obligations for LSIs is set out in KWG. According to section 25a KWG an institution shall have in place a proper business organization which ensures compliance with the legal provisions to be observed by the institution. If institutions are in breach of reporting requirements BaFin can impose pecuniary sanctions against the institution itself or against the acting natural person. Section 56 (6) KWG sets out the respective maximum amounts for the penalties that can be imposed for the sanctions listed in Section 56 (1) to (5) KWG. See CP 1 and CP 11. Recently a fine of in total Euro 3,000 had been imposed against an institution for acting twice negligently contrary to Article 396 CRR in connection with section 56 (5) No. 19 KWG. Regarding the amount of the fine, within the legal framework BaFin has discretion in determining the penalty. This discretion is guided in particular by section 17 of the Administrative Offences Act (Ordnungswidrigkeitengesetz – OWiG) which stipulates that the penalty should be based on the relevance of the offence and the case against the offender. Another aspect is whether the offence has been committed premeditatedly or negligently. In addition, the economic situation of the offender has to be taken into account. If the institution acts persistently against the provisions of the KWG, as e. g. the notification requirements, or other binding regulations or issued orders BaFin can also hold responsible the senior management for these breaches and may demand the removal of the responsible senior managers (see section 36 (1) KWG).”
EC9	The supervisor utilizes policies and procedures to determine the validity and integrity of supervisory information. This includes a program for the periodic verification of supervisory returns by means either of the supervisor’s own staff or of external experts.³⁰
Description and findings re EC9	The ITS reporting framework developed by the EBA includes binding validation rules and the Data Point Model ensures consistent application of the requirements. According to article 140(4) of the SSMFR, “the ECB shall organize the processes relating to collection and quality review of data reported by supervised entities subject to, and in compliance with, relevant Union law and EBA implementing technical standards.” The Supervisory Statistics Division within the ECB checks the completeness and data accuracy of each report received as well as the presentation of the information in order to ensure a common format among the different rapporteurs (allowing data consistency and easing historical or sector-wide analysis). Automated processes are in place to ensure a sound and efficient follow-up of the reports and the function maintains close cooperation with the German supervisory authorities which are the first receivers of prudential reporting by credit institutions and which perform the first data quality check. Once the data is received by the ECB the Supervisory Statistics Division uploads all the data into a dedicated database. The function is responsible for keeping and updating the database on a continuous basis. On the issues of erroneous data, missing data or reports and breaches of submission deadlines, the Supervisory Statistics Division closely liaises with the rapporteurs as well as with the German authorities. It keeps track of all its requests to the rapporteurs in order to be sure to have received a satisfactory reply for each of them. In case where, after a certain predetermined period of time (as set in the reporting schedules), no response is received, the Supervisory Statistics Division sends a reminder to the concerned rapporteur. Thereafter, the Supervisory Statistics Division ensures that the database contains always the last and most correct version of the reports; history data is kept in the database but should be clearly indicated. The Supervisory Statistics Division informs in due course the end users whenever new updates of supervisory data are available. In cases where the function receives an amendment to a report that has already been released, it informs the end users and provides them with an updated version of the report as soon as possible. The Supervisory Statistics Division maintains SSM Reporting Instructions and provides the end users with technical support and on requesting data and statistics – for example to instruct others on how use the database and how to look for specific information. Members of this function also maintain good knowledge of the different types of reports and the information contained therein so as to be able to advise the end users which reports and/or what kind of data is useful to perform the tasks/analyses they have been asked for. The Supervisory Statistics Division creates regular supervisory statistics for the end users. Supervisory reporting for LSIs is based on electronic processing of the data submitted by banks. The verification and validation of banks supervisory reports are laid down in CRR is granted on a harmonized basis following the provisions of the ITS on Reporting. The residual national supervisory reports not applicable under ITS on Reporting also undergo automated internal processes to confirm completeness and accuracy. Validity and integrity of supervisory reports is in general checked by external auditors in course of the audit of the annual accounts in accordance to the Auditors’ Report Regulation, Prüfberichteverordnung (PrüfbV). The requirements of the PrüfbV in conjunction with section 29 KWG ensure that all items deemed to be relevant by German banking supervisors are audited as part of the audit of the annual accounts. In accordance with section 19 PrüfbV, this includes checking that the reports issued by the institutions are complete, accurate and timely. Any infringements ascertained must be noted in the auditor’s report. Furthermore, additional material checks are done on a manually basis by off-site supervision. Assessors saw evidence that the manual checks were undertaken on a sample of banks as part of the off-site analysis of supervisory reporting.
EC10	The supervisor clearly defines and documents the roles and responsibilities of external experts,³¹ including the scope of the work, when they are appointed to conduct supervisory tasks. The supervisor assesses the suitability of experts for the designated task(s) and the quality of the work and takes into consideration conflicts of interest that could influence the output/recommendations by external experts. External experts may be utilized for routine validation or to examine specific aspects of banks’ operations.
Description and findings re EC10	In the cases where external experts are required to support the ECB in carrying out its prudential supervisory tasks, including the direct supervision of SIs, the rules followed are those that apply generally within the ECB. The ECB initiates the tender process by means of a contract notice published in the Official Journal of the European Union with highly-qualified external providers. The aim is to have the appropriate expertise and resources available when required, including at short notice, to assist the ECB’s head of supervisory assignments. The selection process is conducted in compliance with ECB Decisions (for example Decision ECB/2007/5 for the 2015 process), laying down the Rules on Procurement. The publication is followed by a selection and an award phase. The roles and responsibilities of external experts contracted to undertake part of the supervisory tasks are covered clearly in KWG (section 29). Furthermore, the Auditor’s Regulation includes such stipulations as to the individuals’ probity and fitness to undertake such functions on behalf of the supervisor.
EC11	The supervisor requires that external experts bring to its attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes.
Description and findings re EC11	Section 29 (3) KWG contains the auditor’s reporting and explanation duties in the course of the audit. According to the provisions of this section, the auditor must inform the German banking supervisors immediately of facts which might warrant the qualification or withholding of the certificate of audit, jeopardize the existence of the institution or seriously impair its development which constitute a major infringement of the provisions relating to the institution’s approval criteria or the pursuit of business under the KWG, or which indicate that the senior managers have severely infringed the law, the articles of association or the partnership agreement. BaFin and Bundesbank also have the right to request that the auditor explains the auditor’s report to them, and communicate any other facts which have come to his or her attention in the course of the audit and which suggest that the business of the institution has not been conducted properly. In addition to the auditor’s duties set out in section 29 (3) KWG, and in particular the duty to inform BaFin and Bundesbank immediately of any significant findings, German banking supervisors can contact auditors at any time in order to exchange information.
EC12	The supervisor has a process in place to periodically review the information collected to determine that it satisfies a supervisory need.
Description and findings re EC12	SSM is represented in the relevant bodies responsible for the establishment of reporting requirements. SSM is continuously assessing data needs of supervisors and adjusting data requirements accordingly. ECB Regulation 2015/534 on reporting of supervisory financial information and additional ad hoc data collection exercises that aim to fulfill data needs for supervisory tasks (e.g., for the SREP) are the relevant examples for this activity. The German supervisory authorities monitor on a continuous basis the quality of supervisory data and other information against a bank’s business model and risk profile. If this information is not adequate, there is the possibility to require ad hoc information needs by specific requests pursuant to section 44 para 1 KWG. The German supervisory authorities most recently enhanced the suite of reporting analytics in 2011 and have in place processes to periodically review the data sets. With reference to EBA ITS data the periodical review is done by the German NCA based on reporting requirements as set at EBA level for reporting institutions. With regard to national reporting the German supervisor developed FinaRisikoV as a result of a periodical review taking into account the supervisory need for adjusted reporting including the assessment if data are still relevant. It will also continue to periodically review national reporting in the future via the national meetings (“fora”) including supervisors and in several cases banks’ associations.
Assessment re Principle 10	Materially Non-Compliant
Comments	The requirements associated with supervisory reporting are now predominantly governed by a harmonized EU regime. However, the application of regulatory data requirements (FINREP/CoRep) is not uniform, resulting in circumstances where some banks do not report a comprehensive suite of data for off-site analysis based on common definitions. Assessors identified several instances where the lack of granular data inhibited the effectiveness of off-site supervision, which was a finding from the previous FSAP and has not been sufficiently remedied. Credit institutions report using both nGAAP and IFRS where the differences, in some instances, can be material. The main differences between accounting treatments are generally known and understood by the supervisor and work-arounds are implemented to deal with this situation. Nonetheless, the existence of different accounting treatments makes comparisons between banks and risk positions difficult and the identification of outliers more complex. Mapping of financial reporting from German GAAP to IFRS goes some way to addressing this issue. ECB Regulation 2015/13 extends the harmonized regular reporting of financial information to the consolidated reports of banks under national accounting frameworks, as well as to solo reports, e.g., for supervised entities that are no groups. The Regulation does not affect the accounting standards applied by supervised groups and entities in their consolidated or annual accounts, nor does it change the accounting standards applied to supervisory reporting. The Regulation uses templates designed by the EBA and forming part for the Implementing Regulation (EU) 680/2014. In particular, there are dedicated national GAAP reporting templates that harmonize the reporting of entities under these accounting standards while respecting their differences vis-à-vis IFRS. In addition, the ECB is collaborating with the NCAs to provide national GAAP banks’ further guidance to facilitate their reporting. Analysis of regulatory data is hampered by a lack of granular data. While FinRep and CoRep are harmonized standards more detailed risk information is needed to support the off-site supervision process and make in-depth analysis. Examples include related party exposures, credit risk, operational risk loss data, market risk and liquidity. Gaps in regulatory data are often supplemented by short term data exercises/surveys which the supervisors making use of these options. For example, supervisors are making increased use of requests for management information from the banks they supervise to obtain the data they need to perform their analysis. Assessors confirmed this process was working. However, this workaround does not facilitate a structured approach to peer group analysis, development of time series data and standardized analytical processes based on similar data sets. The clearest example of lack of granular data is in regard to credit risk i.e. authorities do not get loan loss data for portfolios, segmentation of past due loans by portfolio and time bucket, restructured loans, and forborne loans. Greater segmentation of the data such as multiple time buckets and by portfolio would allow more detailed analysis of portfolio quality and help to identify early trends and deterioration. For operational risk, only the operational risk capital figure is routinely reported. A more systematic and structured approach to the development and use of industry and peer group benchmarks is needed as a way to strengthen off-site supervision. The breadth and depth of supervisory data to support effective off-site supervision needs to be expanded. There is a need to perform more system-wide monitoring of trends through the development of more systematic peer group benchmarks that will help sectoral analysis and identification of systemic risks. The extent of verification of the accuracy of supervisory data needs attention. Currently the accuracy checks are performed in the case of ITS measures mainly through the design and application of automatic triggers which validates data at the time of submission e.g., reconciliation of related data points, pre-defined triggers and sensitivities. Apart from data quality assurance work routinely performed at NCA and ECB level (through the Supervisory Statistics Division) supervisors are also responsible to report data quality issues they encounter in their work. For this purpose, the “Supervisory Data Issues Tracker” (a ticketing software) has been set up which allows all data users to register data quality issues. Those tickets are then automatically routed to the Supervisory Statistics Division at the ECB which will investigate the issues and follow-up with NCAs, who in turn will request banks to resubmit data in case of reporting errors. One concrete example where this process is applied is the quarterly ID-Cards update, where individual bank factsheets are updated and finalized by JSTs and then provided to Supervisory Board members for information. Greater emphasis on manual analysis of supervisory data to test and assess accuracy as an input into the overall supervisory process is needed. Supervisory practices to assess whether valuations are prudent were not demonstrated as a routine task of the supervisor based on ITS reporting procedures. Supervisors have so far accordingly tended not to focus on the prudence of valuations in their assessment of banks and as a result valuation adjustments by the supervisor could not be evidenced.
Principle 11	Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking license or to recommend its revocation.
Essential criteria
EC1	The supervisor raises supervisory concerns with the bank’s management or, where appropriate, the bank’s Board, at an early stage, and requires that these concerns be addressed in a timely manner. Where the supervisor requires the bank to take significant corrective actions, these are addressed in a written document to the bank’s Board. The supervisor requires the bank to submit regular written progress reports and checks that corrective actions are completed satisfactorily. The supervisor follows through conclusively and in a timely manner on matters that are identified.
Description and findings re EC1	See CP 1 EC 3. The ECB is empowered to require banks, financial holding companies or mixed financial holding companies to take necessary measures. Currently the main tool in use by the ECB is the annual SREP, from which derive most supervisory measures. ECB supervisory decisions, as defined in Article 2(26) SSMFR, must be adopted following the provisions set forth in Article 22 SSMR and Articles 25 et seqq. SSMFR. The ECB notifies as a rule supervisory decisions in writing. According to Article 35 SSMFR, the ECB’s supervisory decisions can be notified to the persons authorized to represent the SI. Before making use of supervisory powers, the ECB may consider if the problems can be addressed in another way, in particular in the form non-binding routine or ad hoc requests, letters, statements, meetings with the management of the credit institution or a letter of intervention. If a SI does not comply with the ECB’s recommendations or the relevance of the problem identified or deficiency so requires, the process will involve a formal supervisory measure, which implies a decision by the Supervisory Board and the Governing Council. The follow-up of the decisions may be based either on periodical/ad hoc reports only, or through a closer interaction with the SI, which may include follow-up inspections. The ECB may also impose an enforcement measure to compel the SI to quickly restore compliance, or a sanction, to punish the infringement. The decisions on enforcement measures and sanctions are taken by the Supervisory Board and the Governing Council. For LSIs, any material supervisory procedures or draft supervisory decisions should be notified to the ECB. If BaFin has indications of upcoming difficulties or negative developments, it has various possibilities of supervisory actions, which will depend on the nature and gravity of the problem, e.g., the breach of regulatory minimum requirements or non-compliance with organizational requirements. Administrative orders are as a rule issued in written form, and are addressed to the management board - the supervisory board of the bank is informed by copy. Due to section 44 (1) KWG BaFin has the power to request information from the institutions or order on-site inspections to check that the institution complies with the legal requirements. In cases of corrective actions BaFin combines supervisory measures regularly with the duty to submit regular progress reports as well as with deadlines by which the institution has to restore compliance with the supervisory requirements. Where appropriate, the institution’s success can also be verified by way of an on-site inspection.
EC2	The supervisor has available³² an appropriate range of supervisory tools for use when, in the supervisor’s judgment, a bank is not complying with laws, regulations or supervisory actions, is engaged in unsafe or unsound practices or in activities that could pose risks to the bank or the banking system, or when the interests of depositors are otherwise threatened.
Description and findings re EC2	See EC 1. The powers of the ECB are laid down in Chapter III of SSMR (Articles 9 to 18). Apart from the supervisory powers listed in Article 16(2) SSMR the ECB can directly exercise powers conferred on the national authorities by national law transposing Union law directives – the KWG, in the case of Germany. It can also require BaFin, to the extent necessary, and by way of instructions, to make use of their powers, under and in accordance with the conditions of national law, where the SSMR does not confer such powers on the ECB. The assessors had access to files when this was the case. The ECB can act in two different ways to address shortcomings: a) Informal dialogue with the credit institution (or operational acts), which do not require a Supervisory Board and Governing Council decision and is not legally binding.; and b) formal supervisory measures, which require decisions by the Supervisory Board and the Governing Council. These powers include, amongst others, the power to draw up an action program and a timetable for its implementation, to replace one or more managers, to request the management to convene a shareholders’ meeting and to appoint a special manager (EC4). For BaFin, most supervisory powers set out in the KWG contain specific conditions for their application or aim at specific actions, and have the objective of rectifying shortcomings and restoring compliance with regulatory requirements or at averting dangers by restricting the institution’s business and/or tightening regulatory requirements. BaFin uses its discretion when deciding when and how to act taking into account the particular circumstances of each individual breach. In order to facilitate this process for the staff of BaFin an internal guideline regarding the application of supervisory measures has been compiled (“ladder of actions”) which also guides the user through several escalation levels to the ultima ratio of revoking the license or issuing a transfer order (BaFin has retained the power to withdraw authorizations of non-CRR institutions, while revocation of banking licenses of both SIs and LSIs is now under the competence of the ECB). The powers are executed as administrative acts. More specifically, if an institution does not have a sound business organization according to section 25a KWG, BaFin must request the institution to comply with higher capital requirements (section 10 (3) sentence 2 no. 10 KWG). In cases of organizational weaknesses BaFin may also request the institution to take risk reducing measures or not to engage in certain types of business (section 25a (2) sentence 2-4, 45b (1) KWG). If an institution is in breach of its individual combined capital buffer ratio or would be in breach if it conducted the intended distributions or dividend payments BaFin can require the institution to increase its own funds, decide on authorization of the institution’s capital conservation plan or limit on distributions and payments (section 10(6)-(8) KWG). The general provision in section 6 (3) KWG entitles BaFin to issue orders to institutions and their managers to avoid an unsound administration of business that is not complying with laws, regulations or supervisory decisions and to counteract undesirable developments that may endanger the safety of the assets entrusted to the bank, or that could impair the proper conduct of banking business or financial services. If institutions or natural persons act contrary to any of section 56 KWG provisions a fine can also be applicable. Violations of the provisions in sections 54-55b KWG may also qualify as criminal offences. Furthermore, any intentional or (gross) negligent breaches of the provisions listed in section 56 KWG can be sanctioned with fines. Administrative acts may be contested by an objection or an appeal, but these have no postponing effect.
EC3	The supervisor has the power to act where a bank falls below established regulatory threshold requirements, including prescribed regulatory ratios or measurements. The supervisor also has the power to intervene at an early stage to require a bank to take action to prevent it from reaching its regulatory threshold requirements. The supervisor has a range of options to address such scenarios.
Description and findings re EC3	See CP 1 EC 3 on the powers granted to ECB by Article 16 SSMR. These powers are available not only when the institution is breaching requirements but also when the ECB has evidence that the bank is likely to breach the requirements within the next 12 months; or when, based on the SREP, the ECB considers that the arrangements, strategies, processes and mechanisms implemented by the credit institution and the own funds and liquidity held by it do not ensure a sound management and coverage of its risks. When the institution is in breach of the minimum own funds or liquidity requirements BaFin can take one of the following measures set out in section 45 (2) KWG: Prohibit or limit withdrawals by shareholders or distribution of profits Prohibit or restrict accounting measures that aim at balancing an existing annual deficit or show a profit Prohibit or limit payments on profit-related own funds instruments Prohibit or limit the granting of loans within the meaning of section 19 (1) KWG (which includes derivatives, guarantees and other off-balance sheet items) Order measures to reduce risks arising from certain types of activities and products or through the use of certain systems Order the limitation or cancellation of the planned annual total amount for variable remuneration Cancel or limit payment of variable remuneration Order to set up a restructuring plan and regularly report on the progress of its implementation Order the implementation of one or more options set out in a recovery plan pursuant to section 13 SAG In cases when institutions are likely to breach minimum own funds and/or liquidity requirements in the foreseeable future BaFin may require the institution to improve the level of own funds and/or liquidity as set out in section 45 (1) KWG (see EC 4). BaFin has also the power to increase the regulatory requirements as set out in section 10 (3) KWG by requiring additional own funds above the minimum requirements set out in the CRR to address any risk or risk element that is not yet covered by Article 1 CRR. To ensure an institution’s lasting liquidity BaFin can increase the liquidity requirements as set out in section 11 (2)-(4) KWG. To address the overall situation BaFin may also appoint a special representative and entrust him/her with the performance of activities at an institution and assign him/her the requisite powers as set out in section 45c KWG. In cases of danger to the safety of the assets entrusted to an institution BaFin may take the temporary measures set out in section 46 KWG to avert this danger (see EC 4).
EC4	The supervisor has available a broad range of possible measures to address, at an early stage, such scenarios as described in essential criterion 2 above. These measures include the ability to require a bank to take timely corrective action or to impose sanctions expeditiously. In practice, the range of measures is applied in accordance with the gravity of a situation. The supervisor provides clear prudential objectives or sets out the actions to be taken, which may include restricting the current activities of the bank, imposing more stringent prudential limits and requirements, withholding approval of new activities or acquisitions, restricting or suspending payments to shareholders or share repurchases, restricting asset transfers, barring individuals from the banking sector, replacing or restricting the powers of managers, Board members or controlling owners, facilitating a takeover by or merger with a healthier institution, providing for the interim management of the bank, and revoking or recommending the revocation of the banking license.
Description and findings re EC4	See CP 1 EC 3 on the powers granted to ECB by Article 16 SSM for SIs. Under Article 14 (5) SSMR the ECB also has the powers to withdraw the authorization. The ECB can also impose sanctions. The allocation of sanctioning tasks between the ECB and the NCAs vis-à-vis SIs depends on three main elements: (i) type of regulation allegedly infringed (i.e. directly applicable Union law, national law implementing Directives, ECB decisions or regulations, national law relating to tasks not conferred on the ECB); (ii) entity to be penalized (i.e., supervised entity or natural person); (iii) sanction to be imposed (i.e., pecuniary or non-pecuniary). In general, the ECB can only apply non-pecuniary sanctions and sanction natural persons through an NCA. For Germany, in practice there are few powers directly available to ECB as the powers available to BaFin are not determined as enforcement under CRDIV but as administrative measures under the VwVfG. The table below summarizes the allocation of sanctioning powers between the NCA and ECB based on the nature of the infringement:
ECB / NCA SANCTIONING POWERS
Infringement / Sanction		Significant Supervised Entities (SSE)
Infringement / Sanction		Entities	Natural persons
Directly applicable	Pecuniary	ECB (Art. 18.1 SSMR)
EU law	Non-pecuniary	NCA (only at ECB request) (Art. 18.5 SSMR)
National law implementing EU Directives	Pecuniary
National law implementing EU Directives	Non-pecuniary
ECB regulations and decisions	Pecuniary	ECB (Art. 18.7 SSMR)
	Non-pecuniary	NCA (only at ECB request) (Art. 18.5 and 18.7 SSMR)*
National law: non-ECB tasks	Pecuniary	NCA
National law: non-ECB tasks	Non-pecuniary	NCA
EC5	The supervisor applies sanctions not only to the bank but, when and if necessary, also to management and/or the Board, or individuals therein.
Description and findings re EC5	See EC 4. Pursuant to recital 53 and Article 18 (1) SSM-R, the ECB may impose sanctions only on legal entities (SIs), but has not the power to directly impose sanctions on natural persons. The ECB may require BaFin to open proceedings. In that case, BaFin may impose sanctions to natural persons belonging to SIs only at ECB request (Article 134 SSMFR). BaFin may also ask the ECB to request them to open proceedings to impose a sanction on natural persons belonging to a SI. In addition, the ECB has the competence pursuant to Article 16 (2) (m) SSMR remove by way of supervisory measure at any time members from the management body of SIs who do not fulfill the fit-and-proper requirement. Based on section 36 KWG, BaFin can by way of supervisory measure demand the dismissal of executive board managers and of members of the supervisory board or prohibit them from further acting in their positions. According to section 45c KWG BaFin may by way of supervisory measure also appoint a special representative in order to replace members of the management or supervisory board. Section 56 KWG provides for the option of imposing fines on the institution itself or any natural person responsible for intentional or reckless breaches of the provisions of the KWG listed, or of orders issued by BaFin.3
EC6	The supervisor has the power to take corrective actions, including ring-fencing of the bank from the actions of parent companies, subsidiaries, parallel-owned banking structures and other related entities in matters that could impair the safety and soundness of the bank or the banking system.
Description and findings re EC6	See EC 4. The ECB as the competent authority for significant institutions can also make use of the existing national structural powers (indirectly exercised by way of instructions pursuant to Article 9(1)3 SSMR). In the case of Germany, if there is a danger that the institution is no longer able to discharge its obligations to its creditors or if there are grounds for suspecting that an effective supervision of the institution is not possible Section 46 KWG empowers BaFin to take any measure appropriate to avert the risks. In particular, it may issue the measures set out in the (non-exhaustive) list of section 46 (1) sentence 2 KWG such as issuing instructions for the management, prohibiting or restricting the acceptance of deposits, funds or securities of customers and the granting of loans, prohibiting proprietors and managing directors from carrying out their activities, or limiting the performance of these activities. According to section 46 (1) sentence 3 and 4 KWG, BaFin may also ban or restrict disadvantageous payments to affiliated undertakings or setting of conditions for such payments if these payments adversely affect the financial situation of the institution. In urgent cases BaFin may also issue a ban on sales and payments, close the institution for the business with customers and prohibit the acceptance of payments which are not intended to settle debts owed to the institution, except in cases where the full settlement of claims is warranted by the competent compensations or deposit guarantee scheme. Assessors saw evidence of ring-fencing action.
EC7	The supervisor cooperates and collaborates with relevant authorities in deciding when and how to effect the orderly resolution of a problem bank situation (which could include closure, or assisting in restructuring, or merger with a stronger institution).
Description and findings re EC7	The legal framework for crisis management and bank resolution for SIs was very recently established under BRRD and SRMR. The framework defines in detail the cooperation arrangements between the ECB and the SRB/NRAs during the resolution process. If the ECB/SSM determines that the institution is failing or likely to fail, or if the ECB/SSM receives such a determination from an institution itself, the ECB/SSM must notify, inter alia, the relevant resolution authorities: the resolution authority for the institution, the resolution authority of any branch of the entity. Likewise, before it makes a determination that an institution is failing or likely to fail, the SRB must first inform the ECB/SSM that it intends to make this determination, and allow the ECB 3 calendar days to make an assessment. The ECB and SRB have signed a Memorandum of Understanding, which should ensure early and effective coordination and information sharing. At the resolution stage, the BRRD envisages certain tasks to be performed by the supervisor. The ECB will perform these tasks in accordance with the national transposition of the BRRD – in the case of Germany, the SAG. For example, in case a bridge institution is set up by the resolution authority, it may submit a request for a temporary exemption of the conditions for authorization. In these cases, the ECB/SSM would grant authorization and it could become the competent authority for the bridge bank. With regard to LSIs, if an institution or group runs into severe problems which cannot be solved via early interventions measures or if such measures cannot mitigate the problems the competent authority, i.e. BaFin together with Bundesbank, makes the assessment that the institution is failing or likely to fail and informs the resolution authority about the decision. FMSA may also make an assessment that an institution is failing or likely to fail as the competent resolution authority for LSIs that do not fall in the remit of the SRB after January 1, 2016. In sum, the determination that an institution is failing or likely, can be either done by FMSA after hearing the supervisory authority or by the supervisory authority after hearing the FMSA.
Additional criteria
AC1	Laws or regulations guard against the supervisor unduly delaying appropriate corrective actions.
Description and findings re AC1	In Germany, there are neither banking supervisory nor general administrative law regulations applying to incriminating administrative acts, which expressly state that BaFin must take certain measures within a certain period.
AC2	When taking formal corrective action in relation to a bank, the supervisor informs the supervisor of non-bank related financial entities of its actions and, where appropriate, coordinates its actions with them.
Description and findings re AC2	There is no provision for the ECB to communicate with BaFin when taking formal corrective action against a bank which has non-bank related financial entities supervised by BaFin. However, as BaFin is an integrated supervisory authority for all regulated financial sector entities and sits at the Supervisory Board at the ECB, who approves all supervisory measures, it will be informed. In addition, BaFin has members in the JSTs, who are responsible for the liaison and communication of material issues. The ECB is encouraged, however, to develop protocols for communication with supervisor of non-bank entities in order to coordinate actions, since not all NCAs are integrated supervisors.
Assessment re principle 11	Largely compliant
Comments	German law and SSMR provide a broad range of actions that can be taken by supervisors in their respective responsibilities. Direct enforcement powers and sanctions of ECB are limited; however, the ECB can make use of the enforcement and sanction powers available to BaFin. Assessors had access to evidence of such indirect actions, where ECB instructed BaFin to apply local enforcement and sanctioning powers according the national legislation. Assessors note the complex legal framework may make it operationally difficult and time consuming for ECB to impose enforcement actions and sanctions in some countries, where some powers may not be available, and assessments in other SSM member countries may reach diverse conclusions regarding enforcement and sanctions. At the time of this mission, considering the recent establishment of the SSM, the ECB had not directly applied any sanction or enforcement action; therefore, assessors were not able to verify effectiveness in practice. In Germany, actions by BaFin (on its own initiative or at the initiative of the ECB) can be appealed but such appeals do not have a suspension effect. While BaFin seems to have adequate set of supervisory tools at its disposal, the assessors note that the actual use of these formal powers in practice is not intensive, suggesting a light touch in the enforcement area. BaFin has traditionally, and by requirement of German Constitution, always used first the mildest of all comparable measures, so it often does not reach the stage where formal actions are taken, and few banks reach thresholds were mandatory action is warranted. In response to recommendations in the last FSAP, in order to provide clarity and consistency in the progressive application of supervisory actions, BaFin has detailed “ladders” of action that assist in the decision which measure to take in which situation and at what stage. There are no laws or regulations that guard against BaFin or ECB unduly delaying appropriate corrective actions.
Principle 12	Consolidated supervision. An essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide.³³
Essential criteria
EC1	The supervisor understands the overall structure of the banking group and is familiar with all the material activities (including non-banking activities) conducted by entities in the wider group, both domestic and cross-border. The supervisor understands and assesses how group-wide risks are managed and takes action when risks arising from the banking group and other entities in the wider group, in particular contagion and reputation risks, may jeopardize the safety and soundness of the bank and the banking system.
Description and findings re EC1	The ECB is the competent authority required to carry out a SREP and to take decisions for significant institutions. Within a group, this supervision is applied at the consolidated, sub-consolidated and single-entity levels unless an entity has been waived from supervision on an individual basis in accordance with Articles 7, 8, 10 of the CRR. In the case of a financial conglomerate, the SREP decisions also need to take into account the outcome of the supplementary supervision as required by FICOD. (SM Ch. 7 para 2.) This means that the supervisor must understand both the group-wide view as well as gain an understanding of all material activities conducted by the various entities within the group. In order to achieve this and in case supervision has not been waived, the ECB carries out a SREP. When it concerns the consolidated supervision, in general: Supervision at the consolidated level is carried out by the JST with a high degree of involvement of ECB staff. Solo/sub-consolidated supervision of SSM parent companies, banking subsidiaries and significant branches follows the same supervisory model as consolidated supervision, but with a greater involvement of the local JST members. For solo/sub-consolidated supervision of subsidiaries and branches established in non-participating Member States, the model based on supervisory colleges set out in CRD applies. For solo/sub-consolidated supervision of subsidiaries and branches established in third countries (outside the EU), the model is based on MoUs, and if possible on colleges as set out in CRD. If the parent entity is established in a non-euro Member State or third country, the JSTs conduct sub-consolidated/solo supervision on the entities established in the SSM participating Member-States. For all significant institutions within the SSM, the JSTs conduct the SREP in accordance with the SSM methodology, and ensure compliance with the requirements of CRD IV and the CRR. The interaction between consolidated and sub-consolidated/single entity supervision is mainly relevant for large cross-border credit institutions. The model adopted by the SSM is designed for those credit institutions but, in principle, can also apply to smaller cross-border groups. For unconsolidated and consolidated supervision, a matrix model applies under which NCA staff remain employed in their own institutions, although for the fulfillment of the JST tasks, a reporting line exists with the JST coordinator, who is consequently in a position to give instructions to all JST members for the purpose of internal coordination. In addition, sub-coordinators can be used to efficiently manage the JST and to facilitate cooperation with the NCAs. Consolidated supervision is at the center of the SSM supervision. The JST coordinator refers to ECB delegated experts and NCA experts directly. He or she can, on his or her own initiative, also mandate the sub-coordinator of the parent company with the management of specific tasks. The core JST also plays a role in consolidated supervision and refers to information exchange and organization of work. It reviews the consolidated assessment, taking into account the results of the analysis at national level, and acts as a first level of mediation in case of conflict between NCAs or between NCAs and the ECB. The respective sub-coordinator, as the competent organizational manager for the parent-company NCA staff in the JST, is involved in discussions on strategic issues related to the supervisory program. The JST coordinator liaises with him or her on important supervisory decisions, such as SREP decisions. The experts working on consolidated supervision are ECB supervisors, supervisors from the previously responsible authority for the parent company, and supervisors responsible for material subsidiaries. In order to successfully avoid competing teams and potential overlap between ECB and NCA supervisors, they are organized as one cross-border team. Regarding solo and sub-consolidated supervision – notwithstanding the JST coordinators’ right to have direct contact with the employees working in sub-consolidated or single entity supervision at national level – the role of the sub-coordinators is more prominent. Together with their team, they play the main role in the preparation of the necessary supervisory activities. In the case of the parent entity and material subsidiaries, the teams can be supported by ECB staff also working at national level. In addition, risks arising from participation in entities included in the consolidation but not supervised as credit institutions by the SSM (i.e. supervised by other authorities such as insurance supervisors or not supervised at all) are to be considered as well. In the case of a financial conglomerate, established on the basis of the FiCOD criteria, the SREP should include the potential impact of non-banking activities on the banking part of the group, its risk profile of the group, its profitability, and its capital and liquidity position, and assess the situation at the conglomerate level. During the assessment, JSTs would need to understand the risks from non-banking activities (e.g., Underwriting risk and the mitigation of this risk are specific to insurance entities), and the mechanisms through which these activities could affect the institution part of the conglomerate. This assessment, and the issuance of any requirements arising from it, takes place at the end of the process. The conglomerate approach takes into account the different sector regulations. In cases where a mixed financial holding company is subject to equivalent provisions under CRD IV and under FICOD there is the option to apply only the provisions of FICOD to the mixed financial holding company. Decisions will have to be taken on a case-by-case basis. As a consequence of having separate regulatory requirements for each sector, groups may have separate risk databases for banking, insurance and other activities. Some consolidation of risks is, however, performed at group level and is presented in groups’ internal risk dashboards. In order to carry out its role of coordinator, the ECB may receive the conglomerate’s data from the supervised banking entity. If banking, non-banking and other risks are managed in a fully integrated manner by the supervised institution, the information provided may be used in the assessment. The ECB may also receive information from the competent insurance supervisors. FICOD provides indeed that the competent authorities responsible for the supervision of regulated entities in a financial conglomerate and the competent authority appointed as the coordinator should provide one another with any information which is essential or relevant for the exercise of the other authorities’ supervisory tasks under the sectoral rules and FICOD. The proper allocation of supervisory work between the “central” parent/group and the “local” subsidiary/sub-consolidated level requires, as a precondition, a thorough awareness of the group’s structure, business model(s) and operational features. Mapping the group’s perimeter includes, as a minimum, the following: a) Degree of relevance of the subsidiary/sub-consolidated group: “Relevance” indicates the importance that a given subsidiary/sub-consolidated group has within the significant group it belongs to. There are different quantitative indicators deemed suitable to measure “relevance”, such as percentage of total assets, income contribution, contribution to the consolidated capital requirements, risks, etc. Qualitative information may be considered as well, as in the case where a local subsidiary manages an important production process or business area within the group (e.g., subsidiaries managing the credit card business or the custodian bank function) or develops complex activities. b) Degree of significance of the subsidiary/sub-consolidated group: “Significance” indicates the importance that a given subsidiary/sub-consolidated group holds in the local market, for example in terms of market share of loans, deposits, etc. As is the case for the relevance criterion, significance may also be assessed on the basis of qualitative information; for example, a subsidiary may be considered locally significant if it manages a “core” infrastructure in the local payment system. c) Degree of centralization/decentralization of strategy, business, operations, risk governance and controls Institutions’ organization structures exhibit different degrees of centralization or decentralization. Situations may exist where the parent company plays a considerable role in setting strategies, providing binding business guidelines, managing and controlling risks, and providing operational and support services (e.g., IT, accounting, back-up and central processing services, etc.). On the other hand, there are cases where the local subsidiaries/sub-consolidated entities enjoy greater autonomy when following the guidelines and principles issued by the parent company. Therefore, knowing the degree of centralization opted for is of key importance in defining the supervisory model to be adopted on a solo basis. d) Level of perceived risk The level of risk of the subsidiary/sub-consolidated group being assessed has to be taken into account in defining the intensity of supervision, based on the principle that entities deemed to be particularly risky within cross-border groups can have potentially destabilizing effects – at least on a reputational level – on the group as a whole. The mapping allows for the identification of two subsets of subsidiaries/sub-consolidated groups: (i) Those which are significant and/or relevant and/or more autonomous and/or riskier (material subsidiaries). This subset of entities warrants a level of supervisory intensity comparable to that applied at the consolidated level; (ii) The remaining entities (non-material subsidiaries), for which the supervisory intensity may be lower. The mapping, to be performed along the aforementioned dimensions, is the JST’s responsibility supported by DG MS IV and NCAs where needed. An annual review of the mapping is carried out by the JST coordinator, who requests updates from the NCAs. With regard to the assessment of business model viability indicators on consolidated level: The objective of this part of the supervisory process is to assess the viability of the current business model by means of a quantitative analysis of several risk indicators at the consolidated level, and a comparison to peers. Taken together, these and other indicators should give the analyst a full picture of the real and concrete strategy pursued from the bank and the key metrics regarding profitability at the consolidated level. The consolidated annual accounts of at least the past three years, and the most recent monthly/quarterly management reports for the current year budget (including year-to-date realization) should be used. All available information from FINREP and COREP, data and indicators available in IMAS as well as SNL data will form the starting point of the analysis. At the consolidated level, the analyst should focus on how the following points develop over time and how this compares to the relevant peer group. A bank should be able to provide detailed bottom-up forecasts of performance for the short-to-medium term (one to three years) and, at least, top-down forecasts for the longer term (two to five years). The assumptions used by the bank to generate forecasts for key drivers should be identified and understood. These are usually found in the bank’s strategic assessment and planning documents and Board papers/documents regarding strategic and financial planning. It is necessary to distinguish between assumptions applied at the consolidated level and assumptions applied to business lines. With regard to the supervision of financial conglomerates: Additional objectives have been established with regard to cross-sector supervision, which requires specific institutional arrangements (including at the national level when there is distinct sector supervision). Within the EU, cooperation among sector supervisors is governed by the FICOD. This supplementary supervision is understood as supervision that does not substitute the sectorial supervision but builds on it and addresses those risks that stem from the activities of a group in the other financial sectors. Supplementary supervision addresses the “Five Cs”: Capital adequacy at group level (i.e. avoidance of “double gearing” across the sectors); Contagion (i.e. supervising intra-group transactions); Concentration (i.e. supervising risk concentration across business lines); Conflict of interest (i.e. the issues with respect to corporate governance); Complexity. The KWG contains a number of reporting requirements designed to enable BaFin, Bundesbank and ECB to judge the structure of institutions at group level. The documentation submitted has to contain detailed information about significant holdings. According to section 2c KWG, persons wishing to acquire or to increase a significant ownership in an institution have to notify BaFin and Bundesbank. According to Art. 4 (1) (1) CRR BaFin may oppose an acquisition due to supervisory concerns. Furthermore, BaFin, and Bundesbank are kept informed on a continual basis of any developments or changes in the structure of the group by a number of notification requirements: In accordance with section 26 (3) KWG, institutions that produce consolidated annual accounts or a group management report must submit these documents to BaFin and Bundesbank without delay. This also applies to auditor’s reports prepared by an auditor of the group. In accordance with section 24 KWG, German banking supervisors must be informed without delay of the following: 1. Ad-hoc notifications of changes in the structure of an institution’s participating interests: the acquisition or termination of a significant ownership in its own institution as well as the reaching, overshooting or undershooting of the thresholds for significant ownerships of 20 percent, 30 percent and 50 percent of voting rights or capital – passive participating interests (section 24 (1) no. 10 KWG); the fact that the institution becomes or ceases to be the subsidiary of another enterprise (section 24 (1) no. 10 KWG); the existence of, change in or termination of a close link to a natural person or an enterprise (section 24 (1) no. 12 KWG); the acquisition and termination of significant ownerships in other enterprises, and changes in the amount of the significant ownerships (section 24 (1) no. 13 KWG); the intention to merge with another institution (section 24 (2) KWG). the establishment, relocation and closure of a branch in a non-EEA state and the commencement and termination of the provision of cross-border services without establishing a branch (section 24 (1) no. 6 KWG); 2. Annual notifications according to section 24 (1a) KWG: the institution’s close link to a natural person or an enterprise; the institution’s significant ownerships in other enterprises; the name and address of any holder of a significant ownership in the reporting institution and in the enterprises subordinated to it as described in section 10a KWG that are domiciled abroad, as well as the amounts of these significant ownerships; the number of its domestic branches; the modified balance sheet capital ratio based on the approved annual accounts; the classification as a significant institution pursuant to section 17 of the Remuneration Ordinance for Institutions (Institutsvergütungsverordnung) of 16 December 2013 (Federal Law Gazette I page 4270) as well as a change in this classification; if the institution is a CRR institution, the information that is required by the European Banking Authority to compare remuneration trends and practices within the meaning of Article 75 (1) CRD IV in conjunction with Article 450 (1) letters (g) and (h) CRR as last amended, and; if the institution is a CRR institution, the information pertaining to senior managers and members of staff that earn total annual remuneration of at least €1 million within the meaning of Article 75 (1) CRD IV in conjunction with Article 450 (1) letter (i) CRR as last amended that the European Banking Authority requires for publishing aggregate information. In addition, in accordance with section 24 (3) sentence 1 no. 2 KWG, the managers of an institution shall report to BaFin and Bundesbank without delay the acquisition and termination of a direct participating interest in an enterprise, as well as any changes in the amount of such a participating interest. In accordance with section 24 (3a) sentence 2 KWG, financial holding companies must annually submit to BaFin and Bundesbank an aggregated report of subsidiaries, financial enterprises and ancillary services undertakings. In accordance with section 24 (3a) sentence 3 KWG, BaFin shall transmit a list of these to the competent authorities in other EEA states and to the European Commission. The establishment of, changes to or discontinuation of such participating interests or corporate relationships must be reported to BaFin and Bundesbank without delay in accordance with section 24 (3a) sentence 4 KWG. Additionally, institutions face regulation and reporting requirements on a consolidated basis. This includes solvency regulation, large exposure regulation, adequacy of risk management systems on a consolidated level and outsourcing requirements. Additionally, for systemic relevant institutions, further reporting on a consolidated level (e.g., earnings situation, solvency) is required. BaFin requirements concerning group-wide risks, section 25c (4b) no. 1 KWG states that the management board of a parent undertaking shall ensure that the group has in place a group-wide business strategy geared to the group’s sustainable development and a group-wide risk strategy that is consistent therewith. As a minimum, the management board shall ensure that the strategic orientation of the undertakings belonging to the group is aligned with the group-wide business and risk strategies. Section 25a (1) KWG requires an appropriate risk management of institutions both on a solo and group level, which are further specified in the MaRisk. Section 4.5 MaRisk exclusively deals with group management aspects; other sections also touch the group dimension. The basic principle is that a parent undertaking has to manage all its material risks regardless of where they arise or if the entity is a financial operation. Finally, BaFin benefits from being an integrated supervisor providing the possibility to have in-house dialogues about the different facets of a banking group or a conglomerate. Such a dialogue is institutionalized in an annual conference of all relevant supervisors for a banking group/conglomerate (banking, insurance securities market, anti-money laundering, consumer protection) held at BaFin where prudential findings and plans are exchanged to learn from each other and complement single views to a common picture. The mission reviewed documentation on the planning and supervisory process for a financial conglomerate with a significant insurance subsidiary, asset manager and building society. The process determines the capital adequacy for the conglomerate. An estimate of risk bearing capacity (RBC) and capital adequacy requirements (CAR) is calculated for each sector. An overall RBC and CAR is estimated for the conglomerate. The supervisory assessment assigns risk ratings to each risk category for the consolidated entity and solo subsidiaries. Deficiencies in the group included market risk processing, internal controls and monitoring. There was no model in the conglomerate to evaluate individual risk, only on an aggregate level. Results are discussed at the college of supervisors and supervisory scope agreed-to.
EC2	The supervisor imposes prudential standards and collects and analyses financial and other information on a consolidated basis for the banking group, covering areas such as capital adequacy, liquidity, large exposures, and exposures to related parties, lending limits and group structure.
Description and findings re EC2	Prudential standards established by the CRR/CRD are imposed at consolidated, sub-consolidated and individual basis. In particular: a) ‘consolidated situation’ means the situation that results from applying the requirements of this Regulation in accordance with Part One, Title II, Chapter 2 to an institution as if that institution formed, together with one or more other entities, a single institution b) ‘sub-consolidated basis’ means on the basis of the consolidated situation of a parent institution, financial holding company or mixed financial holding company, excluding a sub-group of entities, or on the basis of the consolidated situation of a parent institution, financial holding company or mixed financial holding company that is not the ultimate parent institution, financial holding company or mixed financial holding company CRR articles 11, 13, 14 state that parts 2 (Own Funds), 3 (Capital requirements), 4 (Large Exposures), 5 (Exposures to Transferred Risk), 6 (Liquidity), 7 (Leverage) and 8 (Disclosure) are to be complied with on consolidated basis. As regards large exposures, Article 11 (1) CRR stipulates that parent institutions in a member state of the EU shall comply, to the extent and in the manner prescribed in Article 18 CRR, with the large exposures obligations laid down in Part Four of the CRR on the basis of their consolidated situation. According to Article 11 (1) CRR, the parent undertakings and their subsidiaries set up a proper organizational structure and appropriate internal control mechanisms in order to ensure that the data required for consolidation are duly processed and forwarded. In particular, they ensure that subsidiaries which are not subject to the CRR implement arrangements, processes and mechanisms to ensure a proper consolidation. With respect to parent financial holding companies, Article 11 (2) CRR stipulates that institutions controlled by a parent financial holding company or a parent mixed financial holding company in a member state of the EU shall comply, to the extent and in the manner prescribed in Article 18 CRR, with the large exposure obligations laid down in Part Four of the CRR on the basis of the consolidated situation of that financial holding company or mixed financial holding company. CRR article 6 states that parts 2 (Own Funds), 3 (Capital requirements), 4 (Large Exposures), 5 (Exposures to Transferred Risk), 6 (Liquidity), 7 (Leverage) and 8 (Disclosure) are to be complied with on individual basis, unless waivers under Article 7, 8 or 10 apply. CRR provisions on reporting in Articles 99-100 (reporting on own funds on consolidated basis based on accounting standards), 394 (large exposures), 415-416 (liquidity), 430 (leverage) as specified by the EBA’s ITS on reporting (Commission Implementing Regulation (EU) No 680/2014) impose that information shall be reported on both solo and consolidated basis, unless a waiver from reporting on solo basis under articles 7, 8 or 10 applies. ECB Regulation (EU) 2015/534 of 17 March 2015 on reporting of supervisory financial information. The regulation lays down the requirements regarding reporting on supervisory financial information to be submitted to national competent authorities (NCAs) and the ECB by supervised banks. This reporting includes information on balance sheet items such as financial assets, non-performing exposures and financial liabilities as well as on income and expenses such as impairment due to credit losses. The supervisor collects and analyses information on a consolidated basis for the banking group covering various business areas. When assessing this information for the banking group, the Supervisor ‘maps’ several components. This model used is complemented by a detailed centrally coordinated planning process which defines the supervisory priorities and the level of involvement of the JSTs, the ECB staff and the level of assistance provided by the NCA within the JSTs for all major supervisory tasks to be carried out. Please refer to EC1 for further details. Part 1 Title II Chapter 2 section 3 CRR in conjunction with section 10a KWG sets out the scope of supervisory consolidation under BaFin supervision. Depending on the legal structure of the parent, this provision differentiates between groups of institutions, financial holding groups and mixed financial holding groups. A group of institutions consists of an institution domiciled in Germany with subsidiaries that are themselves institutions, financial institutions and ancillary services undertakings if at least one subsidiary is an institution or financial institution. A (mixed) financial holding group consists of a (mixed) financial holding company domiciled in Germany with subsidiaries that are institutions, financial institutions and ancillary services undertakings, if at least one of these is a credit institution (see Article 4 (1) 1 CRR) or investment firm (See Article 4 (1) 2 CRR) domiciled in Germany and subordinated to the financial holding company as a subsidiary. A (mixed) financial holding group does not exist if the (mixed) financial holding company itself is subordinated to an institution of that kind domiciled in Germany or to a (mixed) financial holding company domiciled in Germany. The parent of the group is responsible for ascertaining the information necessary at group level and ensuring that the requirements of the KWG are observed at group level. The KWG sanctions the failure of the super-ordinated enterprise to meet its obligations by requiring the deduction of the book value of the entity concerned from the own funds of the parent. In addition to the documents to be submitted by institutions in line with the general reporting requirements set out in section 24 KWG, in accordance with section 25 (2) sentence 1 KWG, a parent company shall submit an aggregated quarterly return (aggregated financial information) to Bundesbank. Through the colleges of supervisors significant information is shared on organizational structures, financial conditions and supervisory concerns. The process was demonstrated to the mission.
EC3	The supervisor reviews whether the oversight of a bank’s foreign operations by management (of the parent bank or head office and, where relevant, the holding company) is adequate having regard to their risk profile and systemic importance and there is no hindrance in host countries for the parent bank to have access to all the material information from their foreign branches and subsidiaries. The supervisor also determines that banks’ policies and processes require the local management of any cross-border operations to have the necessary expertise to manage those operations in a safe and sound manner, and in compliance with supervisory and regulatory requirements. The home supervisor takes into account the effectiveness of supervision conducted in the host countries in which its banks have material operations.
Description and findings re EC3	As detailed in the previous ECs the ECB has implemented a group-wide supervisory approach when assessing the legal entities. The supervisor gathers all information necessary such as information concerning the risk management and internal governance on a group-wide level, while risk category specific areas are covered by the related methodological documents on the individual risk categories. As part of supervisory process, the BaFin provides supervisory reports to ECB on a regular basis on the operations of SIs, including bank-specific analysis. The results from those assessments feed into the reliability assessment conducted for capital and liquidity determination. BaFin takes into account the effectiveness of supervision conducted in the host countries in which its banks have material operations. (Please refer to EC 4). As part of the SREP and the conduct of consolidated supervision and supervisory colleges, the SSM achieves an overall view of how a group’s cross-border activities are managed and whether risk management deficiencies are present. BaFin/Bundesbank regularly review the appropriateness of the institution’s and the group’s risk management either off-site or via on-site inspections (regularly carried out by the BBk). The latter is usually carried out pursuant to section 44 KWG, and includes cross-border inspections. The BBk regularly visits London, New York. In case of inadequate risk management, BaFin has several supervisory tools according to section 45b KWG including measures to reduce risks or orders to reduce the aggregate large exposure limit of a group or to limit the business activities of an institution’s branch in a non-EEA state.
EC4	The home supervisor visits the foreign offices periodically, the location and frequency being determined by the risk profile and systemic importance of the foreign operation. The supervisor meets the host supervisors during these visits. The supervisor has a policy for assessing whether it needs to conduct on-site examinations of a bank’s foreign operations, or require additional reporting, and has the power and resources to take those steps as and when appropriate.
Description and findings re EC4	The legal basis for on-site inspections conducted by the ECB is in Article 12 SSM Regulation which is flanked by the provisions of the Title 5 of the SSM Framework Regulation. It empowers the ECB in para. 1, based on a respective ECB decision, to conduct all necessary on-site inspections at the business premises of the legal persons referred to in Article 10(1) SSM Regulation and any other undertaking included in supervision on a consolidated basis where the ECB is the consolidating supervisor in accordance with point (g) of Article 4(1) SSM Regulation. Colleges of supervisors are vehicles for cooperation and coordination among the authorities responsible for and involved in the supervision of the different components of cross-border banking groups. This provides a framework for the supervisors and competent authorities to carry out the tasks referred to in CRD IV. The roles that the ECB may have in supervisory colleges for significant banking groups are: Home supervisor for colleges where the ECB is the consolidating supervisor and which include supervisors from non-participating Member States (European colleges) or from countries outside the EU (international colleges); Host supervisor for colleges where the consolidating supervisor is from a non-participating Member State (or a country outside the EU). Where the ECB is the consolidating home supervisor, the JST coordinator acts as chair of the college, both in European and international colleges. The EBA Technical standards and Guidelines on supervisory colleges provide the basic framework for the functioning of the college, once adopted by the Commission. In this respect, the JST has to establish a cooperation and coordination agreement for the functioning of supervisory colleges that reflects its role as the competent authority within the SSM. If necessary, support from the Supervisory Policies Division, Crisis Management Division and DG L/SLA can be provided. In cases where the consolidating supervisor is not in a participating Member State, the rules on participation to colleges are those laid down in article 10 of the SSM Frame-work Regulation: a) if the supervised entities in participating Member States are all SIs, the ECB shall participate in the college of supervisors as a member, while the NCAs shall be entitled to participate in the same college as observers; b) If the supervised entities in participating Member States are all less LSIs, the NCAs shall participate in the college of supervisors as members; c) If the supervised entities in participating Member States are both LSI and SI, the ECB and the NCAs shall participate in the college of supervisors as members. The NCAs of the participating Member States where the SIs are established shall be entitled to participate in the college of supervisors as observers. However, the ultimate decision on the participation of an NCA lies with the competent authority chairing the college. The overall SREP assessment and decision are shared with the host supervisors in the colleges. Another form of supervision of cross-border banking groups is achieved through bilateral cooperation between either the ECB or NCA and a supervisory authority outside the SSM. Such a cooperation requires specific arrangements specifically regarding LSIs; these can be bank-specific; cover a wider range of supervised authorities; they can include issues such as the exchange of information, the possibility of carrying out on-site inspections, internal model approval, etc. Some of them can be issue-specific, like the exchange of information on Global Systemically Important Financial Institutions (G-SIFIs) under the Senior Supervisors Group (SSG). The need for bilateral cooperation can extend to the area of tasks not conferred upon the ECB by the SSM Regulation. As envisaged in Recital 29 of the SSM Regulation, the ECB should cooperate, as appropriate, fully with the national authorities which are competent to ensure a high level of consumer protection and the fight against money laundering. According to section 8 (3) KWG, BaFin cooperates with the other competent authorities within the EEA. The cooperation includes the exchange of information which is necessary for supervisory purposes. The identification of the group structure of all major credit institutions in a group is considered essential information which can materially influence the assessment of the financial soundness of the institution and shall, therefore, be communicated on the supervisor’s own initiative. According to section 8e KWG, BaFin or the ECB in case of significant institutions establishes colleges of supervisors. As part of the ongoing supervision German banking supervisors conduct inspections on cross-border establishments which are included in the consolidation. These inspections according to section 44 (3) KWG in particular focus on risk management aspects as well as the accuracy of the data supplied for the consolidation pursuant to section 10a (4) to (7), section 25 (2) and (3) and Articles 11 to 17 CRR as last amended, insofar as this is both necessary to enable BaFin to perform its functions and permissible under the laws of the other state. This shall also apply to subsidiaries domiciled outside Germany which are not included in the consolidation. The BBk regularly visits New York, London and Singapore and have scheduled visits for New York and London in 2016. Other jurisdictions are visited as warranted by risks analyzed during colleges.
EC5	The supervisor reviews the main activities of parent companies, and of companies affiliated with the parent companies, that have a material impact on the safety and soundness of the bank and the banking group, and takes appropriate supervisory action.
Description and findings re EC5	SSM framework requires supervisors to review activities of companies affiliated with parent companies which may have an impact on the safety and soundness of the group only in the case these are classified as “institutions,” i.e. have investment firm or credit institution license. Otherwise, such assessment may be done based on national law. As described in ECs 1, 3 and 4, the ECB has the authority and responsibility to understand and assess the risks of cross-border and subsidiaries. For further information on the supervision of non-banking activities within a financial conglomerate see EC2. For cooperation and more on the supervision on parent companies see CP8 EC5 and EC8. As part of the ongoing supervision German banking supervisors may require information or conduct audits in accordance with section 44 (1) KWG. In addition to the direct rights of German banking supervisors to receive information and conduct audits in accordance with section 44 (1) and (1a) KWG, section 44 (2) and (3) KWG also grants them the right to request information from and perform audits on subsidiary enterprises within the meaning of Part 1 Title II Chapter 2 section 3 CRR in conjunction with section 10a KWG, both domestic and cross-border, as well as financial holding companies at the head of a financial holding group and mixed financial holding companies at the head of a mixed financial holding group and members of a governing body of such enterprises. These regulations also apply to subsidiaries not included in consolidation. In particular, this is to ascertain whether consolidation may be required. Ring-fencing may be applied to the members of a mixed financial company and banking groups on an accounting consolidation sphere. Outward transactions may be limited also. KWG, section 46.
EC6	The supervisor limits the range of activities the consolidated group may conduct and the locations in which activities can be conducted (including the closing of foreign offices) if it determines that: a) the safety and soundness of the bank and banking group is compromised because the activities expose the bank or banking group to excessive risk and/or are not properly managed; b) the supervision by other supervisors is not adequate relative to the risks the activities present; and/or c) the exercise of effective supervision on a consolidated basis is hindered.
Description and findings re EC6	See CP 1 and CP 11 on supervisory powers. The ECB can restrict or limit the business, operations or network of institutions or request the divestment of activities that pose excessive risks to the soundness of an institution and require the reduction of the risk inherent in the activities, products and systems of institutions. In addition, the ECB has the power to grant authorization to take up the business as credit institution (licensing); if the applicable national law allows, when issuing the decision the ECB can limit the range of activities that are conducted and the locations in which they can be conducted within the consolidated group and of individual institutions. The aim of such assessment is to ensure that applying entities meet the relevant requirements, in particular on governance, conduct of business, prudential requirements and the business model, and fulfill the applicable national requirements. It consists of a detailed review and evaluation of the information in the application and other documentation requested by the NCA. Another power of authorization the ECB has regards the use as a remedial measure. An authorization may be withdrawn by the ECB on its own initiative (or on basis of a proposal from the NCA of the participating Member State where the credit institution is established) (SM Ch. 5 para 92). The range of activities groups of institutions or financial holding groups conduct depends on the type of license the individual group entities hold. As long as they do not violate these bounds and adhere to the respective supervisory and prudential rules, BaFin has no explicit supervisory powers to limit the group’s activities or the locations in which they can be conducted. BaFin/ECB will, be informed if a German institution intends to take up business abroad and will object if this could encumber the supervision on a consolidated level. The same applies if a foreign investor intends to acquire a significant ownership in a German institution. Section 25a (2) sentence 2 KWG gives BaFin the right to issue instructions to institutions which are suited and necessary to set up / restore a proper business organization. Such instructions could, theoretically, also refer to the termination of activities or business lines which are not properly managed. If the supervision of representative offices and legally dependent branches by the institution itself is not adequate to the risks the respective office presents, BaFin/ECB may issue orders according to section 25a (2) sentence 2 KWG requiring the institution to implement adequate arrangements for managing, monitoring and controlling these risks or if this appears not possible to close the office. Apart from that, section 45b KWG allows BaFin to decree that the institution has to take risk reducing measures which could also include terminating or in-sourcing certain activities. Section 45b KWG also allows implementing a prior supervisory approval requirement for the establishment of further branches or prohibiting or limiting the conduct of certain activities. Similar competences are contained in other provisions dealing with breaches of structural prudential rules or the treatment of institutions in economic difficulties. All rules also apply at group level. However, German credit institutions are generally free to establish operations anywhere, i.e. they are permitted to operate representative offices, legally dependent branches or legally independent subsidiaries in any other country. In terms of legally independent subsidiaries, BaFin/ECB is authorized by section 12a (2) KWG to prohibit the continuation of the participating interest or of the corporate ties if the super-ordinated enterprise does not receive the information required to fulfill the obligations stipulated by sections 10a, 13 (3), 25 (1) KWG or legislative decrees according to sections 10 (1) sentence 1 KWG or 13 (1) sentence 1 KWG as well as obligations stipulated by articles 11 - 17 of CRR. Furthermore, where a branch domiciled in a third country does not have a proper business organization, is not able to provide the information required to assess its business organization or its integration in the organization of the institution, is not properly supervised in the third country or the competent authority of the third country is not willing to cooperate with BaFin/ECB, BaFin/ECB is empowered to limit the business activities of the branch or to decree its closure and resolution, see Section 45b (2) sentence 2 KWG. If a credit institution or an investment firm domiciled in another EEA member state, which has established a branch in Germany or is exercising its freedom to provide financial services, is not observing its obligations set out in section 53b (3) KWG, and neither the institution nor its competent home authority remedy the shortcoming or if the measures are not sufficient, BaFin/ECB may take the necessary measures, which can include prohibiting new business within Germany. Where German institutions are subsidiaries of an institution in a third country without provisions for the consolidated supervision equivalent to the rules applying in the EEA / set out in the KWG, BaFin/ECB can determine the German subsidiary as the parent institution for the purposes of consolidated supervision (section 53d (1) KWG). As long as an institution does not violate the license conditions, and the respective supervisory and prudential rules, BaFin has no explicit supervisory powers to limit the group’s activities or the locations in which they can be conducted. BaFin/ECB will opine if a German institution intends to take up business abroad and will object if this could encumber the supervision on a consolidated level. The same applies if a foreign investor intends to acquire a significant ownership in a German institution. Section 25a (2) sentence 2 KWG gives BaFin the right to issue instructions to institutions to set up / restore a proper business organization. Such instructions could, also refer to the termination of activities or business lines which are not properly managed. If the supervision of representative offices and legally dependent branches by the institution itself is not adequate to the risks the respective office presents, BaFin/ECB may issue orders according to section 25a (2) sentence 2 KWG requiring the institution to implement adequate arrangements for managing, monitoring and controlling these risks or if this appears not possible to close the office. Apart from that, section 45b KWG allows BaFin to decree that the institution has to take risk reducing measures which could also include terminating or in-sourcing certain activities. Section 45b KWG also allows implementing a prior supervisory approval requirement for the establishment of further branches or prohibiting or limiting the conduct of certain activities. Similar competences are contained in other provisions dealing with breaches of structural prudential rules or the treatment of institutions in economic difficulties. All rules also apply at group level. However, German credit institutions are generally free to establish operations anywhere, i.e. they are permitted to operate representative offices, legally dependent branches or legally independent subsidiaries in any other country. In terms of legally independent subsidiaries, BaFin/ECB is authorized by section 12a (2) KWG to prohibit the continuation of the participating interest or of the corporate ties if the parent enterprise does not receive the information required to fulfill the obligations stipulated by sections 10a, 13 (3), 25 (1) KWG or legislative decrees according to sections 10 (1) sentence 1 KWG or 13 (1) sentence 1 KWG as well as obligations stipulated by articles 11 - 17 of CRR. Furthermore, where a branch domiciled in a third country does not have a proper business organization, is not able to provide the information required to assess its business organization or its integration in the organization of the institution, is not properly supervised in the third country or the competent authority of the third country is not willing to cooperate with BaFin/ECB, BaFin/ECB is empowered to limit the business activities of the branch or to decree its closure and resolution, see section 45b (2) sentence 2 KWG. If a credit institution or an investment firm domiciled in another EEA member state, which has established a branch in Germany or is exercising its freedom to provide financial services, is not observing its obligations set out in section 53b (3) KWG, and neither the institution nor its competent home authority remedy the shortcoming or if the measures are not sufficient, BaFin/ECB may take the necessary measures, which can include prohibiting new business within Germany. Where German institutions are subsidiaries of an institution in a third country without provisions for the consolidated supervision equivalent to the rules applying in the EEA / set out in the KWG, BaFin/ECB can determine the German subsidiary as the parent institution for the purposes of consolidated supervision (section 53d (1) KWG). Supervisors can ring-fence all consolidated entities.
EC7	In addition to supervising on a consolidated basis, the responsible supervisor supervises individual banks in the group. The responsible supervisor supervises each bank on a standalone basis and understands its relationship with other members of the group.³⁴
Description and findings re EC7	See CPs 8 and 9. In addition to supervising on a consolidated basis, the supervision also takes place on individual level in the group in order to gain a better understanding the group dimension. Within the SREP, the various assessments are performed at different frequencies, defined as a result of the SREP in the SEP (minimum engagement levels) are scoped by the SEP for each individual institution. Supervision takes place on a bank-by-bank SEP basis. Based on the available input and macro evidence, draft SEPs are formulated in detail by the JSTs for each significant institution. In practice, the macro-calendar of the supervisory activities regarding on-going supervision, on-site inspections and internal model investigations is defined. The JST also takes into account information provided by competent authorities for other entities within the group, in particular in cases where the consolidated supervision of the group in question is the responsibility of an EEA home supervisor. All these activities, except in exceptional cases, are undertaken to comply with the minimum engagement level defined in the strategic planning process by the Planning and Coordination of SEP Division. The activities have to be prioritized to allow for a replacement buffer for possible ad hoc needs. The SEP is discussed in the core JST. According to the general principles stated in Part 1 Title II Chapter 1 of CRR institutions shall comply with the obligations laid down in Parts Two to Five and Eight of the CRR on an individual basis. The legal basis for the changes of the supervisory measures and sanctions is Art. 64 et seq. CRD IV. CRD IV was transposed into German law by the CRD IV Transposition Act (CRD IV-Umsetzungsgesetz) which entered into force on January 1, 2014. As part of the ongoing supervision section 44 (1) sentence 1 KWG grants German banking supervisors the right to request information and conduct audits on solo level. Additionally, section 44 (1) sentence 2 to 4 KWG grants them the right to conduct on-site inspections on solo level. The information and inspection rights according to section 44 (1) KWG also apply on group level. However, the powers are limited to monitoring the accuracy of the information or data transmitted that is necessary for supervision on a consolidated basis, or that is to be transmitted in the quarterly returns (please refer to the answer to Essential Criterion 5).
Additional criteria
AC1	For countries which allow corporate ownership of banks, the supervisor has the power to establish and enforce fit-and-proper standards for owners and senior management of parent companies.
Description and findings re AC1	Significant ownership in banks by non-banks and corporates are permitted under the conditions set out by section 2c KWG. According to section 44b KWG, the holder of a significant ownership is subject to the same obligation to provide information and documents to the supervisor as the institution itself. Moreover, the KWG contains a number of indirect requirements for the owner of the institution or the holder of a significant ownership. If these persons or their statutory representatives fail to meet these requirements, BaFin/ECB can either deny the institution’s license in the first place, revoke it at a later stage or prohibit a later acquisition of a significant ownership.
Assessment of Principle 12	Compliant
Comments	Supervisors have the authority to conduct consolidated supervision and this was displayed to the assessors during reviews and presentations of the supervisory process. All relevant issues are considered and information is available to draw conclusions on a consolidated basis and the legal framework permits collection of needed information. Examples of cases where ring-fencing was applied were demonstrated.
Principle 13	Home-host relationships. Home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisors require the local operations of foreign banks to be conducted to the same standards as those required of domestic banks.
Essential criteria
EC1	The home supervisor establishes bank-specific supervisory colleges for banking groups with material cross-border operations to enhance its effective oversight, taking into account the risk profile and systemic importance of the banking group and the corresponding needs of its supervisors. In its broadest sense, the host supervisor who has a relevant subsidiary or a significant branch in its jurisdiction and who, therefore, has a shared interest in the effective supervisory oversight of the banking group, is included in the college. The structure of the college reflects the nature of the banking group and the needs of its supervisors.
Description and findings re EC1	See CP 12. Within the SSM, the ECB is exclusively competent for carrying out the supervisory tasks of Article 4 Regulation 2013/1024/EU for SIs. Rather than establishing colleges of supervisors, the joint supervision of SIs is being exercised in JSTs. According to Article 3 SSM Framework Regulation, each JST is comprised of staff members from the ECB and from the NCAs including National Central Banks (NCBs) where the NCA is not a central bank but cooperates with the NCB in the supervision based on national law. With regard to subsidiaries of SI’s located outside the SSM, the ECB establishes colleges of supervisors in order to facilitate the exchange of information, to coordinate the supervisory activities and to ensure a consistent application of the prudential requirements. The ECB chairs the college of supervisors as consolidating supervisor. In this case, BaFin and Bundesbank participate in the colleges as observers (Article 9(1) SSM Framework Regulation). The supervisory college tasks are performed at least on an annual basis. The decision on the college membership or observer status of authorities is based on a mapping exercise, which is performed on the basis of Article 3 of EBA/RTS/2014/16. The mapping exercise identifies the entities (subsidiaries, branches, other financial sector entities) of a cross-border banking group and it determines and notes the significance of these entities for the local markets and the group. EBA is invited as college member by default. On the basis of Article 4 of EBA/RTS/2014/16, the competent authorities responsible for the supervision of subsidiaries of an EU parent institution or of an EU parent financial holding company or of an EU parent mixed financial holding company and the competent authorities of host Member States where significant branches as referred to in Article 51 of Directive 2013/36/EU are established as well as ESCB central banks of Member States that are involved in accordance with their national law in the prudential supervision of the legal entities, but which are not competent authorities can participate in the colleges as members. Competent authorities of host EU Member States where non-significant branches are established, so-called third country supervisory authorities (from countries which are not EU Member States) and other relevant authorities may be invited to participate in the colleges as observers. After identification of possible college members and observers, the ECB invites the potential members and observers. College members discuss and agree on the scope and level of involvement of observers, if any, in the college. The framework of observers’ participation in college is recorded in the written coordination and cooperation arrangements. Colleges are structured depending on the size of the banking group and its activities. All college members and observers are attending a General College, which is the basic form of college. If needed, other possible college structures besides the General College are the Core College (no third-country supervisors, supervisors of the most important group entities attending), the Crisis Management Group and Cross Border Stability Groups (see BCP 13 EC05), Resolution Colleges (not yet in place) as well as subgroups depending on the specific needs (for instance, Liquidity Subgroup). The establishment and the functioning of supervisory colleges are elaborated in written cooperation and coordination arrangements (WCCA), which, among other issues, specify arrangements for information exchange and cover observers’ participation in the college. The ECB establishes regular cooperation with college members that can take the form of meetings (at least annually) or other activities. Where the ECB acts as host supervisor, it participates in the college as a member. Depending on the ultimate decision of the home supervisor, the JST’s NCAs participate as observers. BaFin as NCA in cooperation with Bundesbank remains responsible for college-activities that concern LSIs. According to Article 8 (3) KWG, BaFin and Bundesbank shall cooperate with the relevant EEA authorities as well as the EBA and ESMA when supervising cross-border institutions. In cases where the BaFin is home supervisor of an EEA institution or host supervisor of an EEA institution, it transfers the relevant data to the responsible authorities. They exchange with them all relevant and fundamental information which may affect the assessment of an institution’s financial situation in the EEA state in question. Information to be exchanged comprises inter alia information on liquidity difficulties or trustworthiness and professional qualifications of persons entrusted with the management of an institution or holders of significant holdings. According to section 8e KWG, colleges of supervisors have been established. As described in Article 8e (1) and (2) KWG, information exchange between college members (home and host supervisors) is one task of the colleges. College members have to guarantee the confidentiality level of Title VII Chapter I Section II. Section 9 (1) sentence 4 no. 9 KWG provides that information can be exchanged with competent authorities in EEA member states and third countries when working together in colleges of supervisors established according to the new section 8e KWG. BaFin and Bundesbank cooperate closely under this section. Regarding third countries, the relevant provisions are Article 53 c and d KWG, which establishes the principle of host supervision and gives BaFin the respective competencies.
EC2	Home and host supervisors share appropriate information on a timely basis in line with their respective roles and responsibilities, both bilaterally and through colleges. This includes information both on the material risks and risk management practices of the banking group³⁵ and on the supervisors’ assessments of the safety and soundness of the relevant entity under their jurisdiction. Informal or formal arrangements (such as memoranda of understanding) are in place to enable the exchange of confidential information.
Description and findings re EC2	See CP 3 and EC 1. Commission Delegated Regulation (EU) 2016/98 or Commission Implementing Regulation (EU) 2016/99 on information exchange between home and host competent authorities specify the kind of information that supervisory authorities are required to share, including: information on capital requirements for credit, market, operational and settlement risks and on additional own fund requirements (i.e. Pillar 2 add-ons) for all other risks and elements of risk; information on institutions’ violations of requirements on internal control mechanism, including risk management, risk control and internal audit. Commission Delegated Regulation (EU) 2016/98 sets the information exchange for performing group risk assessments and reaching joint decisions, including on the assessment of inherent individual risks and risk management and controls (art. 10). It also requires that the information exchanged be adequate, accurate and timely. EBA Guidelines on common procedures and methodologies for SREP require competent authorities to discuss and coordinate - within the framework of supervisory colleges – the outcomes of their assessments, including SREP scores assigned to various elements, and the overall SREP assessment and overall SREP score at consolidated and entity level, focusing on the risks that are identified as material for the respective entities. Article 48 of CRD IV entitles the European Commission to draft proposal (to be then submitted to the European Council) for the negotiation of agreements with one or more third (i.e. non-EU) countries regarding the means of exercising supervision on a consolidated basis, in particular to ensure adequate exchange of information.
EC3	Home and host supervisors coordinate and plan supervisory activities or undertake collaborative work if common areas of interest are identified in order to improve the effectiveness and efficiency of supervision of cross-border banking groups.
Description and findings re EC3	See CP 3 and EC 1. Commission Delegated Regulation (EU) 2016/98 and Commission Implementing Regulation (EU) 2019/99 contain provisions on information exchange and coordination between the consolidating supervisor and college members for a number of tasks: for performing group risk assessments and reaching joint decisions; with regard to the ongoing review of the permission to use internal approaches and non-material extensions or changes in internal models; on early warning signs, potential risks and vulnerabilities; with regard to noncompliance and sanctions; for the assessment of the group recovery plan; for the assessment of the group recovery plan; and with regard to group financial support agreements.
EC4	The home supervisor develops an agreed communication strategy with the relevant host supervisors. The scope and nature of the strategy reflects the risk profile and systemic importance of the cross-border operations of the bank or banking group. Home and host supervisors also agree on the communication of views and outcomes of joint activities and college meetings to banks, where appropriate, to ensure consistency of messages on group-wide issues.
Description and findings re EC4	See CP 3. Commission Implementing Regulation (EU) 2016/99 establishes a number of requirements in terms of communication between the college members and with the supervised entities; in particular, they require that: written coordination and cooperation arrangements include a description of the communication policy of the consolidating supervisor and the members of the college with the EU parent undertaking and with the group entities; the communication with the institution and its branches shall be organized according to the supervisory responsibilities of the consolidating competent authority and the members of the college (art. 28); in general, the consolidating supervisor shall be responsible for communicating, including requesting information, to the EU parent undertaking, while the members of the college shall be responsible for communicating, including requesting information, with the EU institutions and EU branches under their supervisory remit; the members of supervisory colleges ensure that any external communication is done in a coordinated way and covers elements which are agreed ex ante. Commission Delegated Regulation (EU) 2016/98 also regulates the coordination of external communication in an emergency situation (art. 22, 37). Article 48 of CRD IV entitles the European Commission to submit proposals to the European Council for the negotiation of agreements with one or more third (i.e. non-EU) countries regarding the means of exercising supervision on a consolidated basis, in particular to ensure adequate exchange of information. BaFin and Bundesbank have agreed with many other foreign supervising authorities on information sharing and exchange in bilateral and multilateral memoranda of understanding according to the Core Principles of Effective Banking Supervision of the Basel Committee.
EC5	Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities, develops a framework for cross-border crisis cooperation and coordination among the relevant home and host authorities. The relevant authorities share information on crisis preparations from an early stage in a way that does not materially compromise the prospect of a successful resolution and subject to the application of rules on confidentiality.
Description and findings re EC5	KWG) and SAG provide a comprehensive framework for cross-border crisis cooperation and coordination, as required by the relevant European directives, CRD IV and the Bank Recovery and Resolution Directive (Directive 2014/59/EU, BRRD. Pursuant to sections 6, 7 and 9 KWG and 138 SAG, BaFin is both empowered and required to share information on crisis preparation and to effectively cooperate with other relevant authorities including the European Banking Authority (EBA). According to section 138 (2) SAG BaFin has to inform the resolution authority in case of imposing crisis preparation or early intervention measures immediately. If the supervisory authority or resolution authority concludes that an institution or an entity of a group is failing or likely to fail, they have to inform BaFin, Bundesbank and FMSA, the relevant deposit guarantee scheme, the group-level supervisory authority (including the consolidating supervisor), the group-level resolution authorities (including the resolution authority of Member States where the consolidating supervisory authority is located), the Financial Stability Committee and the European Systemic Risk Board immediately. As in case of other aspects of home host relationships, supervisory colleges and/or resolution colleges play a key role in this regard. The SAG provides for colleges, in which the home and host supervisors of cross-border banking groups share information of crisis preparation, especially effective handling of crisis situations. For this the SAG envisages the establishment of resolution colleges (section 156 SAG). The specific procedures for the planning and coordination of supervisory activities in preparation for and during emergency situations, including the minimum set of information to be exchanged during an emergency situation, are laid out in written coordination and cooperation arrangements (WCCA) for each supervisory college. Please note that these WCCA are currently being negotiated with the college members of SI for which the ECB is either a host or a home supervisor. These WCCA also include provisions regarding the framework for providing coordinated input to the resolution college. Such a framework addresses, inter alia, the group resolution plans, the assessment of the group resolvability, powers to address or remove impediments to the group resolvability, as set out in Directive 2014/59/EU.

EC6	Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities and relevant host authorities, develops a group resolution plan. The relevant authorities share any information necessary for the development and maintenance of a credible resolution plan. Supervisors also alert and consult relevant authorities and supervisors (both home and host) promptly when taking any recovery and resolution measures.
Description and findings re EC6	The KWG and SAG provide a comprehensive framework for cross-border crisis cooperation and coordination, as required by the relevant European directives, CRD IV and the BRRD. Pursuant to sections 6, 7 and 9 KWG and 138 SAG, BaFin is both empowered and required to share information on crisis preparation and to effectively cooperate with other relevant authorities including the EBA. According to section 138 (2) SAG BaFin has to inform the resolution authority in case of imposing crisis preparation or early intervention measures immediately. If the supervisory authority concludes that an institution or an entity of a group is failing or likely to fail, they have to inform BaFin, Bundesbank and FMSA, the relevant deposit guarantee scheme, the group-level supervisory authority (including the consolidating supervisor), the group-level resolution authorities (including the resolution authority of Member States where the consolidating supervisory authority is located), the FSC and the European Systemic Risk Board immediately. In all cases confidentiality must be ensured. As in case of other aspects of home host relationships, supervisory colleges and/or resolution colleges play a key role in this regard. The SAG provides for colleges, in wh

Topics

Countries

Series

About

Resources