A. Main Findings

Responsibility, Objectives, Powers, Independence, Accountability (CPs 1–2)

11. The SSM has established a clear allocation of responsibilities for the supervision of Euro Area credit institutions between the ECB and the NCAs in participating Member States. However, the legal underpinnings of the SSM are complex. The ECB has a broad range of powers provided for in the CRR and the SSM Regulation (SSMR) and can apply the powers set out in CRD IV as transposed into national legislation, but the EU legislation also makes a considerable number of options and discretions available to either the NCAs or the Member States. The ECB has harmonized a range of options and discretions granted to NCAs in the SSM, but harmonization of options granted to Member States would require changes in EU law.

12. The SSM legislative framework, reflecting the uneven coverage of national laws, leaves the ECB facing gaps and asymmetries in its supervisory powers. For example, the ECB does not have supervisory powers that apply to all significant forms of credit intermediation in the Euro Area. In particular, investment firms undertaking “bank like” business in the Euro Area are subject to many of the same regulations as banks, including for capital and liquidity, but are currently supervised nationally even when they are of significant size and very active in cross-border business. The European Commission’s proposals for an extensive revision of EU law related to prudential supervision provide an opportunity to remedy this. In addition, Euro Area branches of non-EU or EEA banks are not subject to authorization or supervision by the ECB, nor to CRD IV/CRR (and related EBA standards and guidelines). The regulatory and supervisory framework applicable to such third-country branches needs to be harmonized.

13. The independence of the ECB’s banking supervision function is enshrined in law, and the ECB performs its supervisory tasks in an operationally independent manner. Decisionmaking processes are complex and time-consuming. A substantial volume of routine supervisory decisions requires Governing Council approval. However, a new delegation framework, which truncates decision-making for certain routine decisions at the level of ECB Senior Manager, has considerably shortened timetables, and further delegation of decisions is under discussion.

14. The aggregate resources available to ECB banking supervision to supervise SIs are variable and largely beyond its control. With its Supervisory Examination Programme (SEP), the ECB has a well-structured process for determining and prioritizing its resource needs, but it has only limited control over the levels and allocation of NCA staff dedicated to the supervision of SIs, or over their suitability and performance. Since NCA staff are generally not committed full-time to SI supervision, their availability at any particular point cannot always be assured. The ECB has experienced varying levels of cooperation from NCAs in making up supervisory teams, but collaboration is improving for offsite supervision.

Ownership, Licensing, and Structure (CPs 4–7)

15. EU legislation, as transposed into national laws, protects the special status of credit institutions, with the necessary powers residing in most cases with NCAs. The ECB is the licensing authority for credit institutions in the Euro Area, but the NCAs are fully integrated in the authorization process and authorization decisions are taken on the basis of applicable national laws, which are not fully harmonized. The legal framework, though fragmented, and various supporting the EBA, EBA/European Securities and Market Authority (ESMA), and ECB guidance provide a comprehensive basis for supervisory assessments of applications for authorization. As discussed above, the ECB does not have authority to authorize and supervise Euro Area branches of non-EU or EEA banks, or investment firms undertaking “bank like” activities in the Euro Area. These gaps in the regulatory perimeter raise concerns about regulatory and supervisory arbitrage and, in the case of large investment firms, can pose increased financial stability risks. The gaps can only be closed through legislative changes.

16. The SSM legislative framework establishes a clear basis for approving acquisitions or disposals of qualifying holdings in a credit institution by the ECB, the competent authority in this area. As with authorizations, the NCAs are fully integrated in the approval process, which is supported by recent EBA/ESMA/European Insurance and Occupational Pension Authority (EIOPA) joint guidelines and ECB internal rules and detailed procedures. However, there are no specific EU requirements for credit institutions to notify the supervisor as soon as they become aware of any material information that may negatively affect the suitability of a major shareholder, while notification requirements in national law are not consistent.

17. In contrast, EU law does not provide an adequate or consistent supervisory regime for major acquisitions by a credit institution. Some national laws require the approval of acquisitions in third countries by the relevant NCA, and the ECB has confirmed that it is competent to decide on such approvals. However, there are no explicit requirements in EU law on the acquisition of holdings in credit institutions outside the EU, nor are there harmonized assessment criteria at EU level, including whether acquisitions expose the credit institution to undue risks or hinder effective supervision. While the ECB may impose higher capital requirements or even require disinvestment in the case of an unsound acquisition, it cannot require ex ante review and approval. The ECB is seeking amendments to EU law that include a clear reference to additional supervisory powers in relation to material acquisitions in third countries.

Methods of Ongoing Supervision (CPs 8–10)

18. The fundamentals of the ECB’s methodological framework for supervision are sound. The main elements of the supervision methodology—SREP, risk assessment system (RAS), and SEP—are firmly in place. The methodology has been refined through the experience gained since its initial launch in 2015. This process of continual assessment and improvement should continue as the SREP, RAS, and SEP mature over time. The greater emphasis on quantitative analysis is consistent with the EBA’s SREP guidance. The SREP is a forward-looking risk-based assessment of individual banks and banking groups, proportionate to their systemic importance. The ECB’s supervisory approach identifies risks within banks and the banking system. The ECB, in conjunction with the Single Resolution Board (SRB) and NRBs, is a key participant in the Euro Area’s early intervention and resolution framework.

19. ECB banking supervision uses a mix of offsite analysis and onsite inspections that focus on both horizontal risk themes and vertical assessments of institution-specific risks. The techniques and tools to implement the supervisory approach appear to be appropriately designed, as evidenced by the (confidential) SSM Supervisory Manual and Appendices. The SEPs and onsite inspections also appear to be appropriately calibrated according to institutions’ risk profiles, including systemic importance, and the ECB’s supervisory resources. Further refinements in methodology and technique should be adopted as the ECB gains additional experience over time.

20. The assessors recommend that ECB banking supervision be more transparent about its supervisory approach and techniques. The ECB’s draft guide to onsite inspections and internal model investigations is a good primer for public consumption, and the ECB’s practice of publishing guides on important supervisory topics should be continued. In the same vein, a condensed version of the SSM Supervisory Manual was published in March 2018, after the assessors’ onsite visit. The published manual removed much of the detail on internal processes and methodologies. Such transparency may help credit institutions comply with the ECB’s expectations and assure the public that the SSM operates under well-designed supervisory processes.

21. Supervisory reporting at EU level is not sufficiently granular to adequately support offsite supervision, while “maximum harmonization” does not allow sufficient flexibility and agility.¹ Not all data needs are covered by reporting under the EBA’s implementing technical standards (ITS). The ECB complements the information collected via ITS through Short-term Exercises (STE) data collections and surveys, which cover fundamentally some of the data needs for SREP (e.g., assets and liabilities by repricing date, interest rate risk in the banking book (IRRBB), concentration, liquidity, and operational risk). Timely and accurate data is fundamental to effective supervision. While STE reporting and surveys give the ECB some flexibility in addressing its data needs, the process for amending and augmenting the EU-wide harmonized supervisory reporting based on the ITS is lengthy and cumbersome and should be streamlined and expedited. While focusing mainly on statistical requirements for the moment, the European System of Central Banks (ESCB) initiatives related the Banks’ Integrated Reporting Dictionary (BIRD) and the Integrated Reporting Framework (IReF) may contribute to ensuring harmonization of reporting while allowing for more flexibility in its uses.

Corrective and Sanctioning Powers of Supervisors (CP 11)

22. ECB banking supervision adopts a progressive remedial process to address unsafe and unsound practices. The ECB uses the SREP methodology and its SEP to identify unsafe or unsound practices at an early stage. Ongoing supervision identifies issues, and recommends specific corrective actions within defined time periods, informally and in writing. Written communications from the JSTs are “operational acts,” which carry significant moral suasion weight even though they are not legally binding. Matters are escalated to the Supervisory Board for a formal decision if an SI does not comply with an operational act. That decision is legally binding and enforceable, as noncompliance constitutes a breach subject to sanctions. Article 16.2 of the SSMR lists a broad range of powers, which the ECB uses, regarding both affirmative obligations and significant consequences to correct deficiencies.

23. The legal framework for enforcement and sanctions, however, is complex and fragmented, and contains substantive and procedural gaps that should be addressed. The complex legal enforcement framework may make it operationally difficult and time-consuming for the ECB to impose formal enforcement actions and sanctions in some countries, in particular where such powers are not available under national laws. The ECB’s direct enforcement and sanctions powers are limited. The ECB can make use of the powers available to NCAs, but there is a lack of harmonization in the scope of and approach to the enforcement of sanctions between the ECB and the NCAs. The ECB may impose sanctions only on legal entities; it does not have the power to directly impose sanctions on natural persons. While the ECB has effectively used its authorities under Article 16.2 to effect necessary remedial measures at SIs, express authority to impose non-pecuniary sanctions, such as enforceable administrative “cease and desist” orders with affirmative covenants, would provide an additional supervisory tool that could be used in appropriate circumstances.

Cooperation, Consolidated, and Cross-Border Banking Supervision (CPs 3, 12–13)

24. ECB banking supervision has an extensive and effective framework for cooperation and collaboration. Within the SSM, the framework is inherent in the various structures and elements of cooperation between ECB banking supervision and the Euro Area NCAs, starting from the Supervisory Board. Outside the SSM, ECB banking supervision has been seeking to build on the highly developed communication channels it inherited from the NCAs under “step in” arrangements. Nevertheless, the ECB’s progress in finalizing Memoranda of Understanding (MoUs) with third-country authorities has been slower than expected, although the absence of formal arrangements has not precluded effective working relationships with key authorities. The ECB-led supervisory colleges appear to serve their intended purpose. The assessment of recovery plans, early intervention measures, and the overall planning of supervisory responses of home and host authorities in preparation for and during emergency situations is performed in a coordinated way through the colleges. The SSM’s preparations for Brexit from a banking supervision viewpoint have involved heightened interaction with other supervisory authorities.

25. The ECB does not have the authority to review activities of certain affiliates and parent companies that are unsupervised entities, and there are no specific legal requirements authorizing the ECB or NCAs to prohibit shell banks or the continued operation of shell banks. The activities of companies affiliated with parent companies may have an impact on the safety and soundness of the banking group. Where such powers are not provided under national law, this gap may hinder the ECB’s ability to assess potential material impact on safety and soundness, and to take appropriate supervisory action. Another layer of complexity is that, while the ECB is lead supervisor for some conglomerates under the Financial Conglomerates Directive (FICOD), mixed financial holding companies are not included in the definition of conglomerates. This may imply a constrained capacity to identify related parties or nonfinancial entities that may impact on the conglomerate, and to include them within the supervisory perimeter. In addition, while the ECB will not authorize shell banks that only serve as a booking office, there is no clear mandate to prohibit shell banks or to limit the use of foreign branches as mere booking offices.

Corporate Governance (CP 14)

26. SIs operate under a corporate governance legal structure that is governed by disparate national law requirements supplemented by EBA guidelines and ECB explanatory guides. The ECB uses its supervisory process to identify weaknesses in management bodies and to recommend and effect changes. The ECB’s thematic review of governance and risk appetite provided a horizontal baseline view of industry practice and focused supervision on internal governance, and resulted in recommendations and actions addressed to banks aimed at making supervisory board involvement more robust. The ECB has defined processes for making required fit-and-proper determinations of management body members; however, its dependence on national law for these determinations makes the process very complex, time consuming, and not fully harmonized. The ECB also should be granted greater legal discretion to object to persons whose prior work experience and relationships may have made them not fully independent from management. Internal governance standards for financial conglomerates could be enhanced beyond the general risk considerations outlined in the SSM Supervisory Manual.

Prudential Requirements, Regulatory Framework, Accounting, and Disclosure (CPs 15–28)

27. ECB banking supervisors have learned to overcome the hurdles of a fragmented regulatory framework by correctly adopting an extensive interpretation of their role in ensuring the sound management and coverage of risks by banks. However, a more complete and harmonized regulatory framework on risk management would mitigate unnecessary distractions caused by the need to deal with an incomplete and heterogeneous set of rules. It would also facilitate the banks’ understanding of supervisory expectations and improve the quality of the supervisory dialogue.

28. Deviations of the EU capital framework from international standards are material, though the ECB has the powers to impose additional requirements. The Basel Committee’s Regulatory Consistency Assessment Program (RCAP) assessment found that, in the calculation of risk-weighted assets, some deviations may be significant: these deviations related, for example, to sovereign exposures under the permanent and temporary partial use of the standardized approach, lower risk weights for covered bonds, treatment of participation in insurance, and the counterparty credit risk (CCR) framework. Some of these deficiencies are addressed by banks’ internal capital adequacy assessments and supervisory action under the SREP process. The ECB can require banks to hold capital in excess of the minima under Pillar 2. The ECB’s Regulation and Guide on National Options and Discretions attempts to harmonize the exercise of some capital-related options and discretions although material deviations exist, for example, in the capital treatment of insurance interests. Overall, deviations cited in the RCAP continue to exist.

29. Supervisory activity on problems assets and provisioning in the SSM has progressed significantly since the recent issue of the ECB’s guidance to banks on NPLs. The guidance strengthens the SSM’s ability to tackle the long-term issue of extremely high NPL ratios in certain banks. The guidance sets supervisory expectations for how the NPL issue should be addressed by banks in terms of governance, operations, classification (of forbearance and nonperforming status), provisioning, write-off, and collateral valuation. Banks with a high level of NPLs are requested to define an NPL strategy and are subject to ad hoc reporting requests. The follow-up and monitoring of banks’ NPL reduction plans is intense and it is producing positive results in terms of banks’ increased proactivity in addressing their issues.

30. The NPL guidance fills a number of gaps in the EU-wide framework, but its impact is uncertain. Because of its non-binding nature, the guidance cannot override national provisions on the same topics, where these are contained in laws or regulations.²

31. The European Commission has clarified the ECB’s power to require banks to apply specific adjustments (deductions, filters, or similar measures) where the accounting treatment applied by the bank is considered not prudent from a supervisory perspective. An explicit granting of these powers in EU law would represent an even firmer legal basis. The ECB must now make use of this power to foster the convergence of banks’ provisions towards more realistic levels, so as to reduce the high levels of legacy NPLs. However, the ECB still lacks explicit power to require banks to classify an exposure as NPL when it does not fully meet all the conditions to be considered defaulted. The ECB should introduce explicit supervisory expectations for NPL provisioning and write-offs.

32. Onsite review of problem loans and provisioning relies on a structured methodology that includes detailed indications on credit file reviews, but it suffers from limited resources. The level of onsite attention to problem assets has improved. New statistical procedures that extrapolate results from loan files samples will be employed soon. The limited number of ECB inspectors constrains their direct participation in onsite missions, thus requiring substantial support (and effort) from NCA inspectors. Stretched onsite resources across the SSM could weaken the capacity to maintain pressure on the banks for decisive action on NPLs.

33. Market risk management standards are generally sound and supervisors take an active approach. The larger, more systemic, and risk-oriented banks with a trading bias face greater supervisory intensity and intrusiveness. Market risk has been a focus of supervisors during 2014 and 2015, and a targeted review of banks’ internal models is now under way. The activity of JSTs and inspection teams in this area is wide-ranging, covering the different dimensions of market risk. The opaqueness in the valuation of certain products classified as Level 3 and the uncertainties in the classification of Level 2 assets and liabilities—together with the sheer size of these in the balancesheets of some institutions in the Euro Area —require an intense and frequent supervisory scrutiny.

34. The IRRBB has received a significant amount of supervisory attention during recent years and features as a key priority for SIs. The stress-test exercise on IRRBB conducted on SIs in 2017 has allowed the ECB to gather granular information on banks’ exposure to this risk after years of low interest rates. As part of the exercise, the ECB collected also qualitative information for a broader assessment of banks’ risk management practices, on which JSTs will follow-up.

35. Concentration risk and country risk should be viewed in a more comprehensive manner, and deserve more supervisory attention. The definition of concentration risk is limited to credit exposures and does not include different types of exposures in a broader sense. Supervisory expectations with respect to concentration risk and country risk management are not clearly communicated to the banks. There is no requirement that all material concentrations be regularly reviewed and reported to the bank’s supervisory board. Reporting and monitoring of country risk and concentrations can be improved, and their inclusion in banks’ stress tests specifically required.

36. The framework for transactions with related parties is weak. There is no requirement that related-party exposures be monitored and controlled separately and in aggregate. There is no regular reporting of exposures to related parties. Supervision of related-party risk is mostly carried out by external auditors, but their analysis of related-party risk is very limited. While some national laws provide for limits to transactions with related parties, there is no harmonized approach at EU level.

37. Supervisors have stepped up the frequency and intensity of interaction with credit institutions regarding their management of liquidity risk, contingency plans, and funding requirements, though important challenges remain. Supervisors have built up an in-depth understanding of liquidity and funding risks at individual institutions. Funding plans and results of stress testing are reported and evaluated periodically. Guidance for assessing the Internal Liquidity Adequacy Assessment Process (ILAAPs) was implemented in 2016 and helped strengthen the assessment of liquidity risk management as part of the SREP. Supervisors periodically meet with treasury staff and receive monthly monitoring of Liquidity Coverage Ratio (LCR) data. However, the LCR adopted in the EU has a number of elements that are less stringent than the Basel standard, most notably a wider definition of high-quality liquid assets (HQLA). In addition, given the centrality of liquidity risk in bank crises and in the light of recent experience, assumptions on the outflows of different categories of deposits over various time horizons should be revised, both for the banks’ own and supervisory stress testing, and the actual availability of supposedly liquid assets should be kept under review, since the information on unencumbered assets currently available to ECB banking supervision might not be sufficient to gauge the residual capacity of a bank to obtain emergency liquidity in a quickly deteriorating environment. Finally, given the sizeable currency transformation operated by certain internationally active banks—some with considerable presence in non-Euro markets—the ECB needs adequately granular and frequent information on their cash flows in material non-Euro currencies and by jurisdiction for JSTs to monitor it on a regular basis; reporting of the maturity ladder broken down by significant currencies has started in March 2018.

38. While operational risk has undergone several enhancements, more attention needs to be paid to monitoring the effective implementation of operational risk management frameworks. The ECB has initiated several reviews on operational risk matters, involving information technology (IT) and cybersecurity risk, and conduct risk, as well as an IT outsourcing questionnaire and a pilot exercise on cyber incidents reporting. Nevertheless, the ECB should take steps to enhance cybersecurity awareness, business continuity, and recovery planning and third-party vendor management in the outsourcing of significant functions. Operational risk is a major risk area under the SSM framework. The onsite examination process for Advanced Measurement Approaches (AMA) model accreditation appeared to be robust. Ongoing monitoring of AMA models has been strengthened by the recent implementation of the reporting for banks’ validation functions, and the operational risk benchmarking tool (IDRA).

39. European law and EBA guidelines, particularly the revised Guidelines on Internal Governance, provide a comprehensive set of requirements and supervisory expectations for the internal control framework of credit institutions. The revised Guidelines on Internal Governance clarify the responsibilities of the supervisory board in relation to the internal control framework, and emphasize the importance of a direct reporting line from the heads of compliance and internal audit to the supervisory function so that concerns and warnings may be raised. The Guidelines have been reinforced by the ECB’s supervisory expectations set out in the June 2016 “SSM supervisory statement on governance and risk appetite” and by the detailed assessment of internal governance undertaken by supervisors as part of the SREP process.

40. ECB banking supervision has only limited scope under EU law to engage in assessments of the integrity and external audit of financial statements of SIs prepared in accordance with relevant accounting standards. Responsibilities under EU directives in this area lie with other competent authorities. The overall EU framework, however, appears robust and ensures broad consistency with international standards. The ECB is stepping up its involvement in the external audit process, by assuming any powers granted by national laws to NCAs in relation to the appointment/replacement of external auditors, and through heightened engagement with external auditors, although engagement at the individual and collective level is already active. The ECB is seeking amendments to EU law that include a clear reference to additional supervisory powers regarding external auditors.

A. Introduction

41. This assessment of the implementation of the Basel Core Principles for Effective Banking Supervision (BCP) in the Euro Area has been completed as a part of the Financial Sector Assessment Program (FSAP) mission undertaken by the International Monetary Fund (IMF) during November 2017 and February 2018, at the request of the Euro Area authorities. It reflects the regulatory and supervisory framework in place as of the date of the completion of the assessment. It is not intended to represent an analysis of the state of the banking sector or the crisis management framework, which are addressed in other parts of the FSAP.

42. An assessment of the effectiveness of banking supervision requires a review of the legal framework, and detailed examination of the policies and practices of the institutions responsible for banking regulation and supervision. Since November 2014, banking supervision in the Euro Area has been conducted in the context of the SSM, which comprises the ECB and the NCAs of the 19 Euro Area Member States. The assessment focused on the ECB, which has overall supervisory responsibilities for the Euro Area banking system and for the efficient operation of the SSM, and did not cover the specificities of regulation and supervision of other financial intermediaries. More specifically, this assessment is limited to the direct supervision by the ECB of SIs. It is important to note, however, that to the extent regulations and practices are harmonized across SSM members, the assessment of the supervisory environment for SIs may provide a useful picture of regulation and supervision of the Less Significant Institutions (LSIs) indirectly supervised by the ECB.

43. This is the first detailed assessment of the BCP conducted for the Euro Area. Since the establishment of the SSM, one detailed assessment of Germany was conducted in 2016 and, while several SSM member countries have undergone FSAP exercises, no other detailed assessment has been conducted. Nevertheless, this assessment leverages on the work and material provided to the teams that covered banking regulation and supervision during these FSAPs. Information and Methodology Used for Assessment

44. The ECB requested to be assessed according to the Revised BCP Methodology issued by the Basel Committee of Banking Supervision in September 2012. The current assessment was thus performed on a revised content and methodological basis compared with previous BCP assessments carried out in several SSM member countries. Hence, such assessments cannot be directly compared to the current assessment. The revised BCP have a heightened focus on corporate governance and risk management practices in supervised institutions and their assessment by the supervisory authority, raising the bar in measuring the effectiveness of the supervisory framework (see Box 1 for more information on the 2012 Revised Core Principles).

45. The ECB chose to be assessed and rated against both the essential criteria and the additional criteria of the BCP, the highest standards of supervision and regulation. To assess compliance, the BCP Methodology uses a set of essential and additional assessment criteria for each principle. The essential criteria (EC) were usually the only elements on which to gauge full compliance with a Core Principle (CP). The additional criteria (AC) are recommended best practices against which the authorities of some more complex financial systems may agree to be assessed and rated. The assessment of compliance with each principle is made on a qualitative basis, using a five-part rating system explained below. The assessment of compliance with each CP requires a judgment on whether the criteria are fulfilled in practice. Evidence of effective application of relevant laws and regulations is essential to confirm that the criteria are met.

46. The assessment team reviewed the framework of laws, rules, and guidance and held extensive meetings with officials of ECB banking supervision, NCAs, auditing firms, and banking sector participants. The authorities provided a self-assessment of the CPs rich in quality and comprehensiveness, as well as detailed responses to additional questionnaires, and facilitated access to supervisory documents and files, staff, and systems.

47. The team appreciated the very high quality of cooperation received from the authorities. The team extends its thanks to staff of the authorities who provided excellent support, including extensive provision of documentation and access, at a time when staff was burdened by many initiatives related to European and global regulatory changes, and was still adapting to the new Euro Area supervisory framework.

48. The standards were evaluated in the context of the Euro Area financial system’s structure and complexity. The BCP methodology requires that a proportionate approach be adopted, both in terms of the expectations on supervisors for the discharge of their own functions and the standards that supervisors impose on banks. The assessment must recognize that supervisory practices should be commensurate with the complexity, interconnectedness, size, risk profile, and cross-border operation of the banks being supervised.

49. An assessment of compliance with the BCPs is not, and is not intended to be, an exact science. As noted above, judgments are required. Further, the assessment team evaluated the Euro Area supervisory and regulatory framework in the context of the considerable transition challenges created by the implementation of the SSM. Nevertheless, the assessment of the current legal and regulatory framework and supervisory practices against a common, agreed methodology should provide bank supervisors with an internationally consistent measure of the quality of banking supervision in relation to the CPs, which are internationally acknowledged as minimum standards, and point the way forward.

50. Assessing a cross-national supervisory framework imposed additional methodological challenges. The ECB is responsible for the supervision of credit institutions in the Euro Area, but not for all aspects of banking supervision; supervision of potential abuses of financial services, including money laundering and the financing of terrorism, is not under the ECB’s mandate. This made the assessment of Core Principle 29 impracticable, and it has therefore been excluded from this report. In addition, while several regulatory aspects of the CPs have been harmonized in the Euro Area, different national legal frameworks apply in many cases. In such cases, the ECB must apply national legislation. The ECB and the NCAs provided detailed information on the various national law frameworks, which confirmed the wide diversity of approaches. This assessment does not aspire to convey a detailed picture of the regulatory framework in each of the 19 Euro Area Member States; rather, it uses the national information as a source for a more general assessment of regulatory adequacy and supervisory effectiveness.

51. To determine observance of each CP, the assessment has made use of five rating categories: compliant, largely compliant, materially noncompliant, noncompliant, and non-applicable. A rating of “compliant” is given when all ECs and ACs are met without any significant deficiencies, including instances where the principle has been achieved by other means. A “largely compliant” rating is given when there are only minor shortcomings, which do not raise serious concerns about the authorities’ ability to achieve the objective of the principle and there is clear intent to achieve full compliance with the principle within a prescribed period of time (for instance, the regulatory framework is agreed but has not yet been fully implemented). A rating of “materially non-compliant” applies in the case of severe shortcomings when, despite the existence of formal rules and procedures, there is evidence that supervision has not been effective, practical implementation is weak, and that the shortcomings are sufficient to raise doubts about the authorities’ ability to achieve compliance. A principle is rated “non-compliant” if it is not substantially implemented, several ECs and ACs are not complied with, or supervision is manifestly ineffective. Finally, a category of “non-applicable” is reserved for those cases where the criteria are not relevant to the jurisdiction’s circumstances.

A. Supervisory Powers, Responsibilities, and Functions

Principle 1	Responsibilities, objectives, and powers. An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups.12 A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorize banks, conduct ongoing supervision, address compliance with laws, and undertake timely corrective actions to address safety and soundness concerns.13
Essential criteria
EC1	The responsibilities and objectives of each of the authorities involved in banking supervision14 are clearly defined in legislation and publicly disclosed. Where more than one authority is responsible for supervising the banking system, a credible and publicly available framework is in place to avoid regulatory and supervisory gaps.
Description and findings re EC1	The ECB, in cooperation with NCAs, is responsible for the supervision of credit institutions established in the participating EU Member States.15 Together, the ECB and the NCAs form the SSM, which became operational on November 4, 2014. The ECB is responsible for the effective and consistent functioning of the SSM. The objectives and responsibilities of ECB banking supervision and NCAs are defined in the SSMR.16 This Regulation is supplemented by the SSM Framework Regulation (SSMFR),17 which provides the framework for organizing the practical arrangements for cooperation within the SSM. The respective tasks of the ECB and of the NCAs, which depend on whether a credit institution is considered “significant” or not, are listed in Articles 4 and 6 of the SSMR and further detailed in the SSMFR. In brief, banks are SIs or LSIs on the basis of defined criteria in Article 6 of the SSMR, mainly: their size, their importance for the economy of the Union or a specific Member State, and the importance of their cross-border activities.18 Significant banks or banking groups are under the direct supervision of the ECB. In accordance with Article 6 of the SSMR, NCAs are responsible for assisting the ECB, under the conditions set out in the SSMFR, with the preparation and implementation of any acts relating to the range of tasks conferred on the ECB in Article 4 of the SSMR. Less significant banks or banking groups are under the direct supervision of the NCAs. For these LSIs, the ECB has an oversight responsibility to ensure that the supervisory activities of the NCAs are of the highest quality and that supervisory requirements on all credit institutions covered by the SSM are consistent.19 In this context, when necessary to ensure consistent application of high supervisory standards, the ECB may, on its own initiative and after consulting with the NCAs or upon request by an NCA, decide to exercise directly itself all relevant powers for one or more credit institutions, including in the case where financial assistance has been requested or received indirectly from the European Financial Stability Facility (EFSF) or the European Stability Mechanism (ESM). This prerogative has not been exercised to date. The SSMR and the SSMFR are published in the Official Journal of the EU and are available on the ECB Website. In addition, at the establishment of the SSM, the ECB published its Guide to banking supervision, which aims to explain to the public how the SSM functions and to give guidance on the SSM’s supervisory practices. In carrying out its prudential tasks, the ECB has at its disposal: the tools and powers provided for in the SSMR; and the tools and powers mentioned in EU supervisory law, in particular: the CRR20 dealing with prudential requirements for credit institutions; the CRD IV21 on access to the activity of credit institutions and the prudential supervision of credit institutions; the Single Resolution Mechanism Regulation (SRMR)22 establishing uniform rules and a uniform procedure for the resolution of credit institutions; the BRRD23 establishing the framework for the recovery and resolution of credit institutions; and the FICOD24 on supplementary supervision of financial conglomerates. In November 2016, the European Commission published proposals for an extensive revision of the above-mentioned legislation related to prudential supervision. The proposal contains amendments to the CRR and CRD IV, the SRMR, and the BRRD. The ECB published a detailed opinion on this proposal in November 2017 (CON/2017/46). Where the relevant EU law is composed of directives, the ECB is able to apply the tools and exercise the powers mentioned in national laws that have transposed these directives. The ECB also exercises directly powers granted to NCAs by national laws provided that these powers fall under the tasks conferred on the ECB in Article 4 of the SSMR and underpin the ECB’s supervisory functions under EU law.25 This understanding of the ECB’s powers is shared by the European Commission.26 Where the relevant EU law is composed of Regulations and where these Regulations explicitly grant options for Member States, the ECB also applies the national legislation exercising those options. In addition, the CRR and CRD IV, which predated the establishment of the SSM, provide options and discretions for Member States (around 30) and to NCAs (around 130) in relation to the prudential supervision of credit institutions. In 2015, the ECB decided to harmonize the application of options and discretions granted to NCAs for the supervision of SIs. The objective was to strengthen the overall robustness of the supervisory framework and the comparability of prudential requirements across credit institutions, so as to reduce regulatory complexity and compliance costs and the potential for regulatory arbitrage. A harmonized policy was introduced by means of a published Regulation, which entered into force on October 1, 2016, and a consolidated Guide.27 In April 2017, the ECB introduced a recommendation and a guideline addressed to NCAs to harmonize around 60 options and discretions available to NCAs in EU law for the supervision of LSIs. However, harmonization of options and discretions provided to Member States under the CRR and CRD IV would require amendments to EU legislation. On the basis of the SSMR, the ECB may adopt guidelines and recommendations, and take decisions subject to and in compliance with EU law. Moreover, to the extent necessary to carry out the tasks conferred upon it by the SSMR, the ECB may adopt regulations and may instruct national authorities to make use of their powers granted by national law, when the SSMR does not confer such a power on the ECB (Article 9(1) of the SSMR). In the case of supervision of LSIs, the ECB may issue regulations, guidelines28 or general instructions to NCAs in accordance with Article 6(5)(a) of the SSMR. The ECB is subject to technical standards developed by the EBA and adopted by the Commission, and also to the EBA’s European Supervisory Handbook. The EBA also issues guidelines and recommendations aimed at establishing consistent, efficient, and effective supervisory practices, which are subject to a “comply-or-explain” procedure on the part of competent authorities.
EC 2	The primary objective of banking supervision is to promote the safety and soundness of banks and the banking system. If the banking supervisor is assigned broader responsibilities, these are subordinate to the primary objective and do not conflict with it.
Description and findings re EC2	Article 1 of the SSMR clearly states the objectives of ECB banking supervision: “This Regulation confers on the ECB specific tasks concerning policies relating to the prudential supervision of credit institutions, with a view to contributing to the safety and soundness of credit institutions and the stability of the financial system within the Union and each Member State, with full regard and duty of care for the unity and integrity of the internal market based on equal treatment of credit institutions with a view to preventing regulatory arbitrage.” That is, the primary objective of ECB banking supervision is to promote the safety and soundness of banks and the stability of the financial system. Article 25 of the SSMR further specifies that, when carrying out its supervisory tasks, the ECB shall pursue only the objectives set by the SSMR. The same provision also establishes a framework to separate the supervisory function of the ECB from its monetary policy function. The purpose of the separation principle is to ensure that each function is exercised in accordance with its respective objectives, therefore avoiding conflicts between these objectives, but without duplication of work for shared services. The separation principle covers, among other things, the separation of objectives, decision-making processes, and tasks, including organizational and procedural separation at the level of the Governing Council. In order to ensure full separation of objectives, decisions taken by the ECB in the area of banking supervision are prepared by an independent Supervisory Board before being submitted to the Governing Council for final adoption. Adoption is mainly under a “nonobjection procedure,” according to which the Governing Council is deemed to have adopted the decision unless it objects within a specific timeframe.29 Moreover, the ECB’s Rules of Procedure were amended to regulate organizational and procedural aspects related to the Supervisory Board and its interaction with the Governing Council. This included the rule that the Governing Council’s deliberations on supervisory matters are to be kept strictly apart from those on other issues, with separate agendas and meetings. Additionally, as required under Article 25(5) of the SSMR, a Mediation Panel30 has been established to resolve any differences of views expressed by the NCAs of participating Member States regarding an objection of the Governing Council to a draft decision by the Supervisory Board. The SSMR requires the ECB to adopt and publish any necessary internal rules to ensure separation between the supervisory function on the one hand and monetary policy functional areas and other tasks of the ECB on the other, including rules regarding professional secrecy and information exchanges. On September 17, 2014, the ECB adopted a Decision on the implementation of separation between the monetary policy and supervision functions of the ECB.31
EC3	Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. The supervisor has the power to increase the prudential requirements for individual banks and banking groups based on their risk profile32 and systemic importance.33
Description and findings re EC3	The ECB has a range of powers provided for in the relevant regulations—the CRR and SSMR—and can apply the powers set out in CRD IV, as transposed into national legislation. The CRR and CRD IV provide the legislative basis for banking supervision in the EU. Minimum regulatory capital requirements are determined by Article 92 of the CRR. Credit institutions must at all times satisfy the following own funds requirements: (a) a Common Equity Tier 1 (CET1) capital ratio of 4.5 percent; (b) a Tier 1 capital ratio of 6.0 percent; and (c) a total capital ratio of 8.0 percent. Credit institutions are also required to maintain a capital conservation buffer of CET1 capital calculated in accordance with Article 129 of CRD IV. From January 1, 2016 onwards, a systemic risk buffer of CET1 capital has applied to banks that are identified as globally systemically important institutions (G-SII buffer) or as other systemic institutions (O-SII buffer, up to 2.0 percent of the total risk exposure). In addition, ECB banking supervision may increase capital requirements for individual banks and banking groups based on their risk profile and systemic importance. The determination of these requirements is based on the SSM SREP, referred to in Article 97 of the CRD IV and further specified in the respective EBA Guidelines.34 The SREP, which is described in detail in CP 8, ensures a common methodology and decision-making process for the ongoing assessment of credit institutions’ risks, their governance arrangements and their capital and liquidity situation. The SSM SREP evaluates: risks to which the institutions are or might be exposed; risks that an institution poses to the financial system in general; and risks revealed by stress testing, taking into account the nature, scale and complexity of an institution’s activities. ECB banking supervision assesses, at least annually, whether an additional capital requirement, on an individual or on a consolidated basis, is necessary to capture risks to which an institution is or might be exposed, taking into account the following: the quantitative and qualitative aspects of an institution’s assessment process; an institution’s arrangements, processes, and mechanisms; the outcome of the review and evaluation carried out; and the assessment of systemic risk. Starting in the 2016 SREP process, capital requirements based on the individual risk profile of a credit institution have two parts: Pillar 2 requirements and Pillar 2 guidance. Pillar 2 requirements are binding and breaches can have direct legal consequences for banks. Pillar 2 guidance is not directly binding and a failure to meet that guidance does not automatically trigger legal action. Nonetheless, the ECB expects credit institutions to meet Pillar 2 guidance; where an institution’s capital has fallen, or is expected to fall, below the level of that guidance, the institution is to immediately notify ECB banking supervision and explain the reasons for non-compliance. In addition to its powers to determine prudential capital and liquidity requirements for each bank or banking group, the ECB has a broad set of supervisory and investigatory powers that it can use to carry out its tasks, including oversight of the functioning of the system and of the supervision of LSIs by NCAs. These powers include, in particular, the supervisory powers listed in Article 16 of the SSMR. If a bank does not meet the requirements of relevant EU law, is likely to breach these requirements within 12 months, or if, based on the SREP, ECB banking supervision determines that the arrangements, strategies, processes, and mechanisms implemented by the credit institution and the own funds and liquidity held by it do not ensure sound management and coverage of its risks, the ECB has, inter alia, the following powers: to require the reinforcement of the arrangements, processes, mechanisms, and strategies; to require institutions to present a plan to restore compliance with supervisory requirements and set a deadline for its implementation, including improvements to that plan regarding scope and deadline; to require institutions to apply a specific provisioning policy or treatment of assets in terms of own funds requirements; to restrict or limit the business, operations, or network of institutions or to request the divestment of activities that pose excessive risks to the soundness of an institution; to require the reduction of the risk inherent in the activities, products, and systems of institutions; to require institutions to limit variable remuneration as a percentage of net revenues when it is inconsistent with the maintenance of a sound capital base; to require institutions to use net profits to strengthen own funds; to restrict or prohibit distributions to shareholders, members, or holders of Additional Tier 1 instruments where the prohibition does not constitute an event of default of the institution; or to impose additional or more frequent reporting requirements, including reporting on capital and liquidity positions. In practice, such qualitative measures are generally adopted as an outcome of the SREP process, in addition to specific capital or liquidity requirements. In addition, the ECB is able to take early intervention measures under Article 27 of the BRRD, which are discussed in EC 6 below. The ECB’s assessment of whether an early intervention measure is needed and proportionate forms a structural part of the yearly SREP cycle.
EC4	Banking laws, regulations, and prudential standards are updated as necessary to ensure that they remain effective and relevant to changing industry and regulatory practices. These are subject to public consultation, as appropriate.
Description and findings re EC4	As noted in EC 3 above, the CRR and CRD IV provide the legislative basis for banking supervision in the EU. This legislation was adopted in 2013 following public consultation. In November 2016, the Commission released for public consultation a set of proposals to amend, inter alia, the CRR and CRD. Article 32 of the SSMR provides that the Commission publish, every three years, a report on the application of the SSMR, accompanied by proposals for potential review. This ensures that the regulatory framework for European banking supervision is regularly updated. The first such EC report, to which the ECB actively contributed, was published in October 2017. The overall conclusion of the report was that the application of the SSMR appeared to work well in practice, with no major changes needed to the legal framework at this stage. The report also concluded that the supervisory pillar of the Banking Union has been successfully established, functions well and has proven its effectiveness. The report is also discussed in EC 3 of CP 2. As noted in EC 2 above, the ECB is subject to technical standards developed by the EBA and adopted by the Commission, and also to the EBA’s European Supervisory Handbook. EBA technical standards and guidelines are subject to formal public consultation. To meet its aspirations to be a best practice supervisory agency, particularly in terms of instruments and practices, the ECB contributes to the development of draft regulatory technical standards (RTS) or ITS by the EBA. The ECB is also entitled to draw the attention of the EBA to a potential need to submit to the Commission draft standards amending existing RTS or ITS. The ECB has defined and will continue defining supervisory approaches in policy stances and supervisory expectations to ensure a consistent application of supervisory law and a level playing field.35 Additionally, as noted in EC1 above, the ECB may adopt regulations to the extent necessary to organize or specify the arrangements for carrying out its tasks. Before adopting a regulation, the ECB must conduct open public consultations and analyze the potential related costs and benefits, unless such consultations and analyses are disproportionate in relation to the scope and impact of the regulations concerned or in relation to the particular urgency of the matter. In that case, the ECB must justify that urgency. To date, the ECB has adopted the following regulations after public consultations: ECB Regulation on reporting of supervisory financial information; ECB Regulation on supervisory fees; ECB SSMFR; and ECB Regulation on the exercise of options and discretions for SIs. While public consultation is only legally required for ECB regulations, the ECB has also conducted a number of public consultations on supervisory approaches, so as to inform the public about the proposed adoption of a new supervisory stance and to benefit from comments. Consultations have covered: ECB Guide on options and discretions available in Union law; ECB Guide on the approach to the recognition of institutional protection schemes for prudential purposes; ECB Guidance on NPLs; ECB Guidance on leveraged transactions; Addendum to ECB Guidance on leveraged transactions; ECB Guide to fit-and-proper supervision; ECB Guide concerning the assessment of license applications; ECB Guide concerning the assessments of fintech credit institution license applications; ECB Guide to onsite inspections and internal model investigations; ECB Guide on materiality assessment; Guideline on the options and discretions available in Union law by NCAs in relation to LSIs (ECB/2017/9); and Recommendation on common specifications for the exercise of some options and discretions available in Union law by NCAs in relation to LSIs (ECB/2017/10).
EC5	The supervisor has the power to: (a)have full access to banks’ and banking groups’ Boards, management, staff, and records in order to review compliance with internal rules and limits as well as external laws and regulations; (b)review the overall activities of a banking group, both domestic and cross-border; and (c)supervise the activities of foreign banks incorporated in its jurisdiction.
Description and findings re EC5	With respect to criterion EC 5 (a): In accordance with Article 10 of the SSMR, the ECB may require credit institutions; financial and mixed financial holding companies; and mixed-activity holding companies, established in the Euro Area, to provide all information necessary in order to carry out its supervisory tasks. The ECB may also request information from persons belonging to these entities or from third parties to whom those entities have outsourced functions or activities. In addition, pursuant to Article 11 of the SSMR, the ECB may conduct investigations of any of these entities, persons or third parties, when those are established or located in the Euro Area. To that end, the ECB is empowered to: require the submission of documents; examine the books and records of the persons referred to in Article 10 and take copies or extracts from such books and records; obtain written or oral explanations from any person referred to in Article 10 or their representatives or staff; and interview any other person who consents to be interviewed for the purpose of collecting information relating to the subject matter of an investigation. The ECB may also conduct all necessary onsite inspections according to Article 12 of the SSMR and may, for that purpose, enter any business premises and land of the legal persons subject to an investigation. With respect to criterion EC 5 (b): Article 4(1)(g) of the SSMR empowers the ECB to carry out supervision on a consolidated basis over credit institutions’ parents established in the Euro Area, including over financial holding companies and mixed financial holding companies. It is also involved in the consolidated supervision of cross-border institutions and groups, either as a home supervisor or a host supervisor in colleges of supervisors. If parents of a significant credit institution are established outside the Euro Area but in the EU/EEA, the ECB participates in supervision on a consolidated basis, including in colleges of supervisors, with the relevant NCAs as observers. Within the SSM, the ECB is the competent authority for participation in EU or international supervisory colleges for significant banking groups. The ECB may conclude MoUs with non-SSM NCAs in order to describe, in general terms, how they will cooperate with one another in the performance of their supervisory tasks (Article 3 of the SSMR). The conclusion of such a memorandum is specifically required by the SSMR with the NCA of each non-participating Member State that is home to at least one G-SII. To date, however, no MoUs or close cooperation agreements have been concluded with non-SSM NCAs (see CP 3). In addition, pursuant to Article 8 of the SSMR, the ECB may also develop contacts and enter into administrative arrangements with supervisory authorities of third countries (i.e., countries outside the EU), subject to appropriate coordination with the EBA. Under “step in” arrangements, the ECB took the place of NCAs in cooperation arrangements with other authorities entered into prior to November 4, 2014 that cover at least in part the supervisory tasks transferred to the ECB (Article 152 of the SSMFR). With respect to ECB 5 (c): The ECB has direct supervisory competence in respect of credit institutions, financial holding companies, and mixed financial holding companies, established in the Euro Area, and branches in the Euro Area of credit institutions established in the EU/EEA that are significant. For less significant branches of EU/EEA parents, the host authority is the respective NCA (Article 14 of the SSMFR). If a non-participating Member State establishes a college as the home authority, an onsite inspection of branches is possible under Article 159 of CRD IV. In accordance with Article 18 of the SSMFR, the ECB is the coordinator of financial conglomerates for SIs and the NCA the coordinator of financial conglomerates for LSIs. Similarly, foreign banks establishing a subsidiary in the Euro Area are authorized by the ECB and directly supervised by the ECB when classified significant. However, foreign banks establishing a branch or providing cross-border services in the EU are directly supervised by the relevant NCAs (Recital 28 of the SSMR) and regulated by national laws and regulations. Such branches are neither subject to CRD/CRR (and related EBA RTS/ITS and guidelines), nor to consolidated supervision at the EU level.
EC6	When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardize the bank or the banking system, the supervisor has the power to: (a)take (and/or require a bank to take) timely corrective action; (b)impose a range of sanctions; (c)revoke the bank’s license; and (d)cooperate and collaborate with relevant authorities to achieve an orderly resolution of the bank, including triggering resolution where appropriate.
Description and findings re EC6	Also see CP 11. The ECB has a broad range of measures it may take (and/or require a bank to take) to ensure timely corrective actions.36 Those measures include a wide range of supervisory powers as well as administrative measures and administrative penalties. In line with Article 102 of CRD IV for supervisory measures and Articles 27–29 of the BRRD for early intervention,37 the ECB has the power to intervene at an early stage in order to require an institution to take the necessary corrective measures to address relevant problems (e.g., when the institution does not meet relevant regulatory requirements or when the ECB has evidence that the institution is likely to breach these requirements). The assessment whether an institution infringes or is likely to infringe requirements is based on the outcome of the SREP. Any corrective measures should be the most appropriate for the particular weaknesses identified and proportionate to the particular circumstances. Additional supervisory measures available to the ECB under Article 16(2) of the SSMR include requiring institutions to hold additional own funds, to reinforce governance arrangements and procedures, and to apply a specific provisioning policy or treatment of assets in terms of own funds requirements; restricting or limiting the business, operations, or network of institutions; requesting the divestment of activities that pose excessive risks to the soundness of an institution; or requiring institutions to limit variable remuneration. The available early intervention measures described in Article 27 (1) of the BRRD include: requiring the management body of the institution to implement one or more of its recovery measures, to draw up and implement an action plan to overcome problems, or to convene a meeting of shareholders of the institution and require certain decisions to be considered for adoption by the shareholders; requiring one or more members of the management body or senior management to be removed or replaced; requiring the management body of the institution to draw up a plan for negotiation on restructuring of debt with some or all of its creditors according to the recovery plan, where applicable; requiring changes to the institution’s business strategy or its legal or operational structures; and acquiring, all the information necessary in order to update the resolution plan and prepare for the possible resolution of the institution and for valuation of its assets and liabilities in accordance with Article 36 of the BRRD. Under Articles 28 and 29 of the BRRD, the ECB can under specific conditions also remove the senior management or management body of the institution and appoint a temporary administrator. In addition, where a supervised entity, intentionally or negligently, breaches a requirement, the ECB may impose sanctions (see CP 11). The ECB also has the powers to withdraw the authorization of a credit institution (see EC1 of CP 5). In the case of the resolution of SIs and other cross-border banks, the SRB adopts a resolution scheme only when it assesses that a number of conditions are met. The ECB assesses one of the conditions for SIs or groups under its direct supervision, namely whether the condition that the entity is failing or is likely to fail is met, and communicates this assessment to the SRB and the Commission without delay. Under certain conditions, the determination that an entity is failing or likely to fail can also be made by the SRB. Where such a determination is made by either the ECB or the SRB, other external stakeholders have to be informed as well, e.g., the relevant deposit guarantee scheme(s), the competent ministries, the European Systemic Risk Board (ESRB) and the designated national macroprudential authority. Moreover, to support any resolution action(s), the ECB provides advice to the SRB and relevant NRA in the resolution stage and on necessary follow-up actions, e.g., authorization of a bridge bank and withdrawal of the license of the ‘old’ institution, where appropriate. Once an SI or group is in resolution and under the control of the SRB, the general obligation on the ECB to provide the resolution authority on request with all the information relevant for the exercise of its tasks continues to apply.38 In addition, the BRRD envisages certain tasks to be performed by the banking supervisor, e.g., assessing in agreement with the resolution authority the credibility that a business reorganization plan in the context of the bail-in instrument, if implemented, will restore the long-term viability of the institution. Where a bridge institution is set up by the resolution authority, it may submit a request to the banking supervisor for a temporary exemption of the conditions for authorization.39 In these cases, the relevant NCA would receive the request for authorization, but the ECB would grant authorization and it could become the competent banking supervisor for the bridge bank if it were an SI. The resolution authority will publish on its website and also request that the institution under resolution, the EBA and the ECB publish on their websites a copy of the resolution order or instrument or a summary note, and in particular the effects on retail customers and the terms and period of suspension or restriction.40
EC7	The supervisor has the power to review the activities of parent companies and of companies affiliated with parent companies to determine their impact on the safety and soundness of the bank and the banking group.
Description and findings re EC7	In the case of SIs, ECB banking supervision is performed both on a solo and on a consolidated basis. In the same vein, the assessment of the significance of banks and banking groups is done at the highest level of consolidation in the Euro Area. In relation to significant credit institutions or groups, the ECB carries out supervision, on a consolidated basis, of the parents of credit institutions established in one of the participating Member States, including over financial holding companies and mixed financial holding companies (Article 4(1)(g) of the SSMR). The ECB chairs supervisory colleges of groups of SIs with head office in a participating Member State and takes part in supervisory colleges for SIs with headquarters outside the Euro Area. The NCAs have the right to participate in such colleges as observer. Similarly, the ECB has the power to require credit institutions as well as financial holding companies and mixed financial holding companies in the Euro Area to take necessary measures. For such entities, the ECB may also use the powers conferred to the supervisor by the national law transposing Union law, or request the NCA to make use of its purely national powers. Where a significant credit institution or group has insurance or investment activities outside the banking perimeter, the ECB consults with the relevant national authority in terms of the EU’s FICOD.
Assessment of Principle 1	Largely Compliant
Comments	The SSM has established a clear allocation of responsibilities for the supervision of Euro Area credit institutions between the ECB and the NCAs in participating Member States. However, the legal underpinnings of the SSM are complex. The supervisory function has been “force fitted” over a complicated interplay of EU and national laws that had not envisaged a unified approach. Differences in national laws have been a challenge to achieving a consistent application of prudential rules and promotion of a level playing field among Euro Area banks. The ECB has a broad range of powers provided for in the CRR and the SSMR and can apply the powers set out in CRD IV as transposed into national legislation. However, the EU legislation also makes available a considerable number of options and discretions to either the NCAs or the Member States that allow modification of some of the provisions. As the competent authority, the ECB can exercise and harmonize the options and discretions granted to NCAs in the SSM, and it has made strong progress in this direction. The ECB has also publicly clarified that it is competent to directly exercise several “clusters” of supervisory powers granted to NCAs, when these powers are clearly used for prudential purposes and fall within the ECB’s supervisory tasks. Where the exercise of options and discretions is attributed to Member States, the ECB must apply national legislation and it cannot harmonize these types of options and discretions. Furthermore, national powers differ quite considerably, and need to be assessed on a case-by-case basis by applying a two-pronged test to establish whether the ECB can exercise these powers directly. Harmonization in these areas would require amendments to EU legislation, which should be pursued as a matter of priority. Though the ECB has a broad range of powers, the SSM legislative framework—reflecting the uneven coverage of national laws—leaves the ECB facing gaps and asymmetries in its supervisory powers. The ECB does not have supervisory powers that apply to all significant forms of credit intermediation in the Euro Area. In particular, investment firms undertaking “bank like” business in the Euro Area are subject to many of the same regulations as banks, including for capital and liquidity, but are currently supervised nationally even when they are of significant size and very active in cross-border business. In addition, Euro Area branches of non-EU or EEA banks, unlike their subsidiaries, are neither subject to CRD IV/CRR (and related EBA standards and guidelines), nor to consolidated supervision at the EU level;41 they are regulated by national laws and regulations, which vary significantly, and are supervised directly by local NCAs. This issue is discussed in detail in CP 5. The Commission’s proposals for an extensive revision of EU law related to prudential supervision provide an opportunity for harmonization and clarification of the ECB’s supervisory powers. In its opinion of November 2017 on these proposals, the ECB noted that large and complex “bank like” investment firms, particularly those with cross-border operations, can pose financial stability risks as well as an increased risk of spill-over effects on other banks. It has also proposed that EU law should include a clear reference to additional supervisory powers in a number of areas, to avoid legal uncertainty and to ensure a level playing field with regard to supervisory powers across the Banking Union. These areas mainly relate to acquisitions in third countries (see CP 7), mergers, asset transfers, and other strategic decisions, the amendment of credit institutions’ statutes and their shareholders’ agreements on the exercise of voting rights, the provision of credit to related parties, the outsourcing of activities by credit institutions, supervisory powers regarding external auditors, and additional powers related to the authorization of credit institutions. The Largely Compliant rating for CP 1 acknowledges the gaps and asymmetries in the ECB’s supervisory powers, which are material in some specific areas, but also recognizes the clear responsibilities and objectives of the ECB within the SSM, and the broad range of powers available to it under legislation, and being employed, to ensure effective supervision of Euro Area banks and to promote the safety and soundness of the Banking Union.
Principle 2	Independence, accountability, resourcing, and legal protection for supervisors. The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor.
Essential criteria
EC1	The operational independence, accountability, and governance of the supervisor are prescribed in legislation and publicly disclosed. There is no government or industry interference that compromises the operational independence of the supervisor. The supervisor has full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision.
Description and findings re EC1	Article 130 of the Treaty on the Functioning of the EU and the SSMR require that the ECB act independently. The ECB’s independence encompasses functional, institutional, personal and financial independence,42 and extends to its supervisory tasks. The same requirement for independence applies to the NCAs. Article 19 of the SSMR provides that: “When carrying out the tasks conferred on it by this Regulation, the ECB and the NCA acting within the SSM shall act independently. The Members of the Supervisory Board shall act independently and objectively in the interest of the Union as a whole and shall neither seek nor take instructions from the institutions or bodies from the Union, from any government of a Member State, or from any other public or private body.” ECB banking supervision is also subject to high standards of democratic accountability to ensure confidence and transparency in the conduct of this function. As a European institution, the ECB is primarily accountable to the European Parliament and the European Council, in line with Article 20 of the SSMR. The practical arrangements for this accountability are described in the Interinstitutional Agreement with the European Parliament and in the MoU with the European Council (see EC 3 below). Moreover, the ECB submits its annual report on banking supervision to national parliaments (NPs) and these may address their considered observations to the ECB (Article 21 of the SSMR).
EC2	The process for the appointment and removal of the head(s) of the supervisory authority and members of its governing body is transparent. The head(s) of the supervisory authority is (are) appointed for a minimum term and is removed from office during his/her term only for reasons specified in law or if (s)he is not physically or mentally capable of carrying out the role or has been found guilty of misconduct. The reason(s) for removal is publicly disclosed.
Description and findings re EC2	The Supervisory Board of the ECB is composed of a Chair, a Vice-Chair, four ECB representatives, and one representative of each NCA, who can be accompanied by one representative of the national central bank (NCB) if the NCA is not the NCB (this is the case for Austria, Estonia, Finland, Germany, Latvia, Luxembourg, and Malta). The process for the appointment of the Chair and Vice-Chair of the Supervisory Board, as well as of the four ECB representatives, is described in Article 26 of the SSMR, the ECB Rules of Procedure and Decision ECB ECB/2014/4 of February 6, 2014 on the appointment of representatives of the ECB to the Supervisory Board. The Chair is chosen on the basis of an open selection procedure, on which the European Parliament and the Council are kept duly informed, from among individuals of recognized standing and experience in banking and financial matters and who are not members of the Governing Council. The Interinstitutional Agreement with the European Parliament and the MoU with the Council provide that the ECB shall specify and make public the criteria for the selection of the Chair and describe arrangements that ensure a proper involvement of the European Parliament and Council in the procedures. The Vice-Chair is chosen from among the members of the Executive Board of the ECB, who are in turn appointed by the European Council, acting by a qualified majority, from among persons of recognized standing and professional experience in monetary or banking matters, on a recommendation from the Council, after it has consulted the European Parliament and the Governing Council of the ECB. The Chair and Vice-Chair are proposed by the ECB to the European Parliament for approval, after a public hearing has been held by the relevant Parliamentary Committee. Following approval of the Parliament, the Council adopts an implementing decision appointing them. The four ECB representatives are appointed by the Governing Council, on a proposal from the Executive Board, from among persons of recognized standing and experience in banking and financial matters. The term of office of the Chair, the Vice-Chair, and the four ECB representatives is five years, non-renewable. The Council may, following a proposal of the ECB that has been approved by the European Parliament, adopt a decision to remove the Chair from office, if he/she no longer fulfills the conditions required for the performance of his/her duties or has been guilty of serious misconduct. If the Vice-Chair, being at the same time a member of the Executive Board, no longer fulfills the conditions required for the performance of his/her duties or has been guilty of serious misconduct, the Court of Justice of the EU may, on application by the Governing Council or the Executive Board, compulsorily retire him/her from his/her function as member of the Executive Board. In such a case, the Council may, following a proposal by the ECB that has been approved by the European Parliament, adopt an implementing decision to remove him/her as well from the office of Vice-Chair. If an ECB representative no longer fulfills the conditions required for the performance of his/her duties, or if he/she has been guilty of serious misconduct, the Governing Council may, on application of the Executive Board and after having heard him or her, decide to remove him/her from office.
EC3	The supervisor publishes its objectives and is accountable through a transparent framework for the discharge of its duties in relation to those objectives.43
Description and findings re EC3	The objectives of ECB banking supervision are clearly stated in Article 1 of the SSMR. This Regulation confers on the ECB “… specific tasks concerning policies relating to the prudential supervision of credit institutions, with a view to contributing to the safety and soundness of credit institutions and the stability of the financial system within the Union and each Member State, with full regard and duty of care for the unity and integrity of the internal market based on equal treatment of credit institutions with a view to preventing regulatory arbitrage.” As noted in EC1 above, the ECB is accountable, mainly to the European Parliament and the Council and, to some extent, to NPs of the participating Member States. The main tool for accountability is the record of proceedings of each meeting of the Supervisory Board, which the ECB provides to the European Parliament, and the published ECB Annual Report on supervisory activities. This Report, which is also communicated to the Commission, the Eurogroup (an informal body of Ministers of the Euro Area Member States), and the NPs in the Euro Area, describes the implementation of the ECB’s supervisory tasks as well as the expected evolution of the structure and amount of supervisory fees. In practice, the Report is also an important element of communication about the priorities for supervision in the SSM for the coming year. The Chair of the Supervisory Board participates in public hearings in the European Parliament or in the Eurogroup, an informal body of Ministers of the Euro Area Member States. The ECB also replies in writing to questions posed by Members of the European Parliament, which are published on the ECB’s website. The ECB has a duty to cooperate in any investigations by the European Parliament, while the operational efficiency of the management of the ECB in exercising its supervisory tasks may be examined by the European Court of Auditors (ECA) (Article 20 of the SSMR). The first such review by the ECA was published in November 2016. In addition to this accountability to European institutions, the SSMR (Article 21) caters for a number of possible interactions and reporting requirements from ECB banking supervision to NPs. Members of NPs can ask the ECB written questions in respect of its tasks and the Chair or a Member of the Supervisory Board may be invited for an exchange of views in NPs regarding SIs in the respective Member State. Whether the exchanges of views are public or confidential depends on the institutional framework of each NP. Several such exchanges of views have taken place so far. This framework is without prejudice to the NCAs’ accountability to their NPs for their supervision of LSIs, for their residual tasks in the supervision of SIs (e.g., consumer protection, anti-money laundering (AML), counter-terrorism financing, third-country branches supervision), and for issues not related to supervision (e.g., budgets or human resources issues). Moreover, in order to enhance efficiency, the Commission will publish every three years a report on the application of the SSMR, with a special emphasis on monitoring the potential impact on the smooth functioning of the internal market. This report is to evaluate specific aspects of supervision listed in Article 32 of the SSMR, such as: the impact of ECB’s supervisory activities on the interest of the Union as a whole and on the coherence and integrity of the internal market in financial services; the division of tasks between the ECB and the NCAs within the SSM; the effectiveness of independence and accountability arrangements; the appropriateness of governance arrangements, including the composition of, and voting arrangements in, the Supervisory Board and its relation with the Governing Council. The Commission seeks the ECB’s views on specific issues for this review of Union legislation. The Commission’s first report under this mandate, which was focused on the legislative, institutional and procedural framework of the SSM, was issued in October 2017.44 The report assessed, inter alia, that the accountability arrangements applicable to the ECB are effective overall. In particular, the various processes and procedures in place for ensuring accountability towards political bodies such as the European Parliament, the Council, the Eurogroup, and NPs are frequently used in practice.
EC4	The supervisor has effective internal governance and communication processes that enable supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. The governing body is structured to avoid any real or perceived conflicts of interest.
Description and findings re EC4	The internal governance rules of the ECB and its banking supervision function are laid down, in particular, in the SSMR, the SSMFR, the ECB Rules of Procedure, and the Rules of Procedure of the Supervisory Board. The internal (communication) processes are specified further in the SSM Supervisory Manual. In addition, there is a general obligation to exchange information within the SSM, as introduced by Article 21 of the SSMFR. The decision-making processes in ECB banking supervision depend on whether supervisory actions are “operational acts” or are legally binding on supervised credit institutions. Operational acts are taken outside formal decision-making procedures, do not have a specific legal form and reflect the majority of the day-to day supervisory interaction with institutions (e.g., non-binding requests, statements, informal communication on supervisory expectations). Operational acts are decided by supervisors, without the involvement of the Supervisory Board and the Governing Council. However, all legally binding acts, including all supervisory decisions, need to be submitted to the Supervisory Board for approval, which then submits the draft decision to the Governing Council for adoption, under a nonobjection procedure. Consequently, both bodies are confronted with a very high number of supervisory decisions to be adopted (around 2,000 decisions a year, including many routine decisions), and the process has a considerable impact on the complexity and duration of decision-making even for straightforward decisions. This becomes particularly challenging if supervisory decisions need to be taken within defined legal deadlines. In response, the Governing Council has introduced a delegation framework that allows certain supervisory decisions, which involve limited discretion, to be delegated to nominated ECB managers. Implementing such delegation required two steps: firstly, a general framework setting out the institutional requirements for the delegation of decision-making powers: and, secondly, a specific framework for the types of supervisory decisions that are subject to delegation, setting out the relevant criteria for the exercise of delegation. The first types of delegated decisions, from June 2017, were “fit-and-proper” decisions, which represent the large majority of the ECB supervisory decisions, as well as decisions amending the significance of supervised entities or groups. The volume of routine decisions going to the Supervisory Board has fallen considerably as a result. The ECB is currently considering extending the delegation framework to other types of routine decisions, such as own funds decisions, for which there is critical mass and clear assessment criteria that allow limited discretion. The timelines for decision-making reflect the procedural steps laid down in the legal framework. These timelines must be reasonable (i) to ensure a proper interaction between the ECB and NCAs; (ii) to allow the Supervisory Board and the Governing Council to properly review draft decisions and to take reasoned decisions; and (iii) to respect the rights of the addressees of decisions. The ECB has endeavored to streamline the decision-making process by written procedures for routine decisions and by standardizing and simplifying the documentation to be submitted to the decision-making bodies. In addition, if need be, the timeframe can be reduced substantially using fast-track procedures such as shortening the time limits for approval or taking decisions at teleconferences. For instance, in emergency situations such as a crisis, decisions are more likely to be approved by the Supervisory Board in a teleconference, which may include the Governing Council or be held back-to-back with a Governing Council teleconference where the decision is adopted. These fast-track procedures allow the ECB to take decisions within a day, when necessary. In 2014, the Supervisory Board adopted a Code of Conduct to provide a general framework of high ethical standards that the members and other participants in Supervisory Board meetings are to observe. The Code establishes specific procedures to deal, among other things, with potential conflicts of interest, private financial transactions, and cooling-off periods. In substance, the Code of Conduct requires Supervisory Board members to comply with the rules on private financial transactions adopted by the ECB for its own staff. However, for Supervisory Board members who are representatives of NCAs, compliance with and monitoring of rules on private financial transactions are subject to any applicable national procedural rules. At the same time, the Code requires Supervisory Board members to disclose in writing any situation that could cause or could be perceived as causing a conflict of interest (these members will not participate in any deliberation or vote in relation to that situation). A high-level Ethics Committee has been established to support and advise Supervisory Board members in the application of ethics rules.
EC5	The supervisor and its staff have credibility based on their professionalism and integrity. There are rules on how to avoid conflicts of interest and on the appropriate use of information obtained through work, with sanctions in place if these are not followed.
Description and findings re EC5	The ECB’s Ethics Framework, which applies to all ECB staff, was revised in 2014. The revised Framework strengthens, in particular, the rules on avoiding conflicts of interest, as well as the rules governing gifts and hospitality, private financial transactions, professional secrecy, and cooling-off periods. It also establishes a Compliance and Governance Office, which advises all ECB staff and monitors compliance. In order to strengthen its impartiality and reputation, ECB banking supervision adopted a broad concept of conflicts of interests, and ethics rules have been laid down in order to avoid conflicts of interests during the recruitment phase and during ECB employment. In addition, restrictions have been established to avoid conflicts of interest arising from subsequent employment activities. To avoid the inappropriate use of information obtained through work, strict rules have been laid down regarding private financial transactions. Members of staff are also prohibited, even after their duties have ceased, from making unauthorized disclosure of any information that they have received in the performance of their duties, unless that information has already been made public. Disciplinary measures may be adopted in case of breach of professional duties, intentionally or by negligence.
EC6	The supervisor has adequate resources for the conduct of effective supervision and oversight. It is financed in a manner that does not undermine its autonomy or operational independence. This includes: (a)a budget that provides for staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the banks and banking groups supervised; (b)salary scales that allow it to attract and retain qualified staff; (c)the ability to commission external experts with the necessary professional skills and independence, and subject to necessary confidentiality restrictions to conduct supervisory tasks; (d)a budget and program for the regular training of staff; (e)a technology budget sufficient to equip its staff with the tools needed to supervise the banking industry and assess individual banks and banking groups; and (f)a travel budget that allows appropriate onsite work, effective cross-border cooperation, and participation in domestic and international meetings of significant relevance (e.g., supervisory colleges).
Description and findings re EC6	The SSMR provides that the ECB must be able to devote adequate resources to carry out its supervisory tasks effectively. It further requires that these resources be financed via a supervisory fee borne by the entities subject to the ECB’s supervision. The Supervisory Board does not exercise control over the ECB’s supervisory budget. The budgetary authority of the ECB is vested in its Governing Council. This body adopts the ECB’s annual budget, which encompasses the budgetary needs of the supervisory function, based on a proposal put forward by the Executive Board of the ECB after consultation with the Chair and the Vice-Chair of the Supervisory Board. The Governing Council is assisted in matters related to the budget by the Budget Committee (BUCOM) consisting of members from all NCBs of the Eurosystem and the ECB. The BUCOM evaluates the ECB’s reports on budget planning and monitoring and reports directly to the Governing Council. Hence, resources for ECB banking supervision are allocated within broader organizational priorities of the ECB. The annual budget covers all operating expenses, including those related to support functions. Since the establishment of the SSM, ECB banking supervision has been able to augment its original staffing allocation based on an improved understanding of the banks it was supervising, the desired level of supervisory intensity, and the resources needed for a number of key tasks. In September 2015, the Governing Council, which is the decision-making body for headcount decisions, agreed to augment the SSM-related headcount, to be implemented over the following two years; this increase significantly strengthened the JSTs as well as selected horizontal and oversight functions. In its 2016 review of the SSM, the ECA noted indications that staffing levels in ECB banking supervision at that time were insufficient, and recommended in particular that the ECB substantially increase the presence of its own staff in onsite inspections. The ECB accepted this recommendation. JSTs may request that an ECB staff member be appointed to lead an onsite inspection team, and have done so in the case of critical supervisory issues, to compensate for skills shortages or to ensure an independent pair of eyes. However, resource constraints have meant that ECB staff have led only around 10 percent of inspections, many fewer than the ECB would have preferred. More recently, the Governing Council has approved additional headcount for ECB banking supervision to prepare for the consequences of Brexit; increases will take place over 2018 and 2019. Other factors that will bear on future ECB headcount include the identification of synergies and opportunities to streamline work processes, and new supervisory tasks, e.g., in the context of crisis management and cooperation with the SRB. As envisaged under the SSM arrangements, a significant share of supervisory resources comes from the NCAs. The average composition of JSTs is around 25 percent ECB staff and 75 percent NCA staff, but this average masks considerable variation in the ratio across the different clusters of credit institutions; for some of the smaller and less complex SIs, the ratio is closer to 50/50. The average composition of onsite inspection teams is less than 10 percent ECB staff and more than 90 percent NCA staff, though inspection teams in some member states often comprise only NCA staff. NCA staff assigned to JSTs and to onsite inspections are determined and funded by each NCA, and remain part of the NCA’s personnel and organizational structure, including performance assessments and remuneration. As a consequence, the ECB does not have control over the levels, suitability, and performance of staff dedicated to the supervision of SIs (see EC 7 below). The ECB’s salary and benefit structure (applying to all ECB staff) has so far proven sufficiently attractive to hire and retain supervisory staff. The level of qualifications and experience is taken into account when determining the entry salary. ECB banking supervision has the ability to commission external consultants. Such consultants are subject to the same professional secrecy requirements as ECB staff members when they provide services related to the discharge of supervisory duties. In order to successfully pass on knowledge and develop skills, and to support the promotion of a common SSM culture, a dedicated training curriculum for the SSM has been developed that complements general training available at the ECB and training available locally at NCAs. SSM training activities are centrally coordinated and are open to all SSM staff. The Steering Group for Supervision Training has devised an SSM training curriculum that is currently being rolled out.
EC7	As part of their annual resource planning exercise, supervisors regularly take stock of existing skills and projected requirements over the short- and medium-term, taking into account relevant emerging supervisory practices. Supervisors review and implement measures to bridge any gaps in numbers and/or skill-sets identified.
Description and findings re EC7	ECB banking supervision benefits from the assistance of the NCAs and consequently from the skills and competences available at national level. Under the SSMR, the NCAs have a duty to cooperate in good faith, but the number of NCA staff to be made available to the ECB for JSTs and onsite work is not set out in any formal agreement. NCAs have some discretion in allocating the supervisory resources committed to JSTs. The commitment of NCA headcount is determined in the context of ECB banking supervision’s annual supervisory planning process (see EC 8 below). However, assignment to the ECB does not imply that individual NCA staff must work full-time on ECB supervisory tasks. NCAs commit only that their staff will be available 80 percent of the time (90 percent for some NCAs); staff may be taken “offline” by their NCA to work on LSI supervision or other matters in response to domestic priorities. As a consequence, the availability of NCA staff at any particular point cannot always be assured; in some JSTs, NCA staff may contribute as little as 25 percent of their time. Moreover, smaller NCAs facing their own staffing constraints can find it difficult to honor commitments. Commitments made by the NCAs are regularly monitored through surveys and discussed bilaterally and multilaterally. The Supervisory Board also receives a regular report on NCA headcount in the supervision of SIs (actual vs. committed). Drawing on experience gained so far, ECB banking supervision is seeking to optimize staff allocation based on supervisory needs and priorities. This process includes quantitative as well as qualitative analysis in order to balance the demand of headcount and required skills with the available workforce and expertise in the SSM. Three years after the establishment of the SSM, a program of rotation of JST Coordinators and supervisors has now commenced, as a means of broadening experience and perspectives, and avoiding regulatory capture. In its 2016 review of the SSM, the ECA recommended that the ECB amend the SSMFR to formalize commitments by NCAs and ensure that all NCAs participate fully and proportionately in the supervision of SIs. In its response, the ECB did not rule out the possible need for amendment to the SSMFR, but indicated a preference at this point for continued collaboration with NCAs to ensure that JSTs are always sufficiently staffed.
EC8	In determining supervisory programs and allocating resources, supervisors take into account the risk profile and systemic importance of individual banks and banking groups, and the different mitigation approaches available.
Description and findings re EC8	The level of supervisory engagement with SIs is governed by a detailed SEP for each SI that aims to ensure that interactions are risk-based and proportionate. The responsibility for defining the SEP lies with ECB banking supervision, with the respective NCA contributing. SEPs are approved by the Supervisory Board. Individual SEPs build upon the ECB’s annual Supervisory Priorities, the SSM Supervisory Principles and the SSM Supervisory Manual. The Supervisory Priorities are identified through a strategic planning exercise and take into account the macroprudential information at the ECB’s disposal. The SEPs define the main supervisory activities that will be carried out to monitor risks and address weaknesses of each SI, and are assessed and reviewed twice a year. SEPs set out the detailed activities that go beyond the defined minimum engagement levels (MELs), taking into account the specific risk profile of each institution. They form a solid core examination program that ensures appropriate intensity and frequency of supervisory work, and that system-wide risks are taken into account. Assessors saw a number of examples of SEPs. Two complementary consolidated SEPs have been developed in parallel to the individual SEPs. The first refers to the on-going supervision activities to be carried out by the JSTs and the second contains the onsite inspections and internal model investigations. Under the first consolidated SEP, each SI is classified in each risk category according to a level of engagement (Intense, Enhanced, Standard, or Basic) that depends on the risk score and the SI’s size and complexity. For each risk category, a set of core activities and respective frequency is proposed as the basis of the on-going supervision program. This constitutes the MEL for each SI. The MEL forms the basis for operational supervisory work and, as a general rule, must be performed by each JST. JSTs will then either comply with this requirement or explain any deviations. The execution of planned activities is monitored through the year and, if necessary, the SEP may be reviewed in response to possible emerging risks and their outcomes. The review may also address emerging resource constraints so as to make best use of available resources and to avoid bottlenecks. Conflicting plans or resource constraints may be tackled by reprioritizing, moving, or cancelling certain activities or by requesting the allocation of additional resources. Under the second consolidated SEP, in which JSTs and NCAs are also strongly involved, each JST submits a list of requests for onsite inspections and internal model investigations for the year, classifying each request according to its priority (also taking into account the supervisory priorities) and urgency. Horizontal functions in ECB banking supervision review the supervisory needs, also taking into account the resources available both in the ECB and in the NCAs. The activities are planned following a risk-based and proportionate approach. Moreover, in order to foster harmonization, disseminate best practices and reinforce the sense of unity, ECB banking supervision has recourse to staff from other NCAs in the SSM. For European cross-border institutions, the supervisory planning process contains the relevant procedures according to CRD IV (e.g., colleges of supervisors, joint risk assessment, joint decisions).
EC9	Laws provide protection to the supervisor and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The supervisor and its staff are adequately protected against the costs of defending their actions and/or omissions made while discharging their duties in good faith.
Description and findings re EC9	In accordance with Article 39 of the Statute of the European System of Central Banks, “The ECB shall enjoy in the territories of the Member States such privileges and immunities as are necessary for the performance of its tasks, under the conditions laid down in the Protocol on the privileges and immunities of the European Union.” In terms of Articles 11 and 22 of Protocol (No 7) on the privileges and immunities of the EU, ECB staff and members of its organs are “immune from legal proceedings in respect of acts performed by them in their official capacity, including their words spoken or written. They shall continue to enjoy this immunity after they have ceased to hold office.” The ECB is, however, liable for its actions and is subject to judicial control by the Court of Justice of the EU, which may annul ECB decisions. Actions may be brought by any legal or natural person, within a time limit of two months, against an act addressed to that person or which is of direct and individual concern to them. The ECB is required to make good any damage caused by it or by its staff in the performance of their duties, provided that their conduct infringes laws conferring rights on third parties, is sufficiently serious and there is a causal link between this unlawful conduct and the damage caused. This is without prejudice to the liability of NCAs to make good any damage caused by them or by their staff in the performance of their duties in accordance with national legislation (Recital 61 of the SSMR). NCA staff participating in internal bodies of the ECB, such as the Supervisory Board or JSTs, enjoy functional immunity in the EU according to Article 10 of the Protocol (No 7) on the privileges and immunities of the EU: “Representatives of Member States taking part in the work of the institutions of the Union, their advisers and technical experts shall, in the performance of their duties and during their travel to and from the place of meeting, enjoy the customary privileges, immunities and facilities.”
Assessment of Principle 2	Largely Compliant
Comments	The independence of the ECB’s banking supervision function is enshrined in law, and the ECB performs its supervisory tasks in an operationally independent manner. In principle, the fact that all legally binding supervisory decisions sent to individual institutions need to be submitted to the Supervisory Board, where all NCAs are represented, and then to the Governing Council for approval, provides further protection from “regulatory capture” and the promotion of special interests. In practice, the dominance of national representatives, with natural domestic allegiances, on the Supervisory Board may make it more challenging to achieve outcomes that give priority to the interests of the Banking Union. On some issues, the presence of strong national interests may work against timely policy responses. Decision-making processes in ECB banking supervision are complex and time-consuming. A substantial volume of supervisory decisions requiring Governing Council approval are routine decisions that, in many other supervisory agencies, would be made at the operational level. In many respects, this complexity is due to constraints resulting from EU law and cannot be easily remedied. Nonetheless, the Supervisory Board has taken important steps to streamline decision-making processes and reduce the burden they impose on the Board and the Governing Council, freeing up members of these two bodies (and the staff who support them) to focus more fully on strategic and policy decisions. The new delegation framework, which truncates decision-making for certain routine decisions at the level of ECB Senior Manager, has considerably shortened timetables, and delegation of other types of decisions that involve limited discretion is under discussion. In emergency situations, the decision-making timeframe can be reduced substantially using fast-track procedures, and the assessors saw evidence of the use of these procedures. With the SEP, ECB banking supervision has a well-structured process for determining and prioritizing its resource needs. An important constraint on this process, however, is that the aggregate resources available to ECB banking supervision to supervise SIs are variable and beyond its control. In the first place, the Supervisory Board does not exercise control over the ECB’s supervisory budget; resources for supervision are allocated within broader organizational priorities of the ECB. Hence, within the ECB itself the supervisory function may need to compete for resources within a given ECB budget envelope. Budget arrangements appear to have worked well to date, and ECB banking supervision has been able to augment its original staffing allocation. However, supervisory priorities may not always coincide with the ECB’s broader organizational objectives on matters related to resources and remuneration, in which case the timely resourcing of the ECB supervision function could not be assured. In the second place, the ECB does not have full control over the levels of NCA staff dedicated to the supervision of SIs, nor over their suitability and performance. Assessors were advised that the ECB has experienced varying levels of cooperation from NCAs in making up supervisory teams, but collaboration is improving for offsite supervision. In some cases, JSTs have been given sufficient NCA headcount at the beginning of the planning cycle but found that team members were pulled away for a time with little notice because of exigencies at the NCA, or were changed over the cycle. This resulted in a loss of continuity and left some JSTs very stretched. In other cases, the commitment of staffing has been constrained by budget pressures facing NCAs or by shortages of appropriate skills, particularly in smaller NCAs that may have lost key staff to the ECB. At times, close relationship management has been required. As the SSM moves beyond its “settling in” phase and the relationship between ECB banking supervision and the NCAs matures, some of these staffing tensions may ease. However, if collaborative efforts cannot ensure the level, suitability and availability of NCA staff committed to JSTs, more formal arrangements may be necessary. One option would be a binding commitment on NCAs that staff for SI supervision must be available for a minimum of at least 75 percent of their time. One issue raised with assessors was that the attitude of individual NCA team members may be problematic if these members view JST work as being secondary to other NCA work since their performance appraisal, remuneration, and promotion prospects are determined by their NCA. The ECB is now trialing arrangements under which the JST Coordinator provides feedback to the local JST sub-coordinator on their performance. However, there is no guarantee that this feedback will be considered in the formal local performance review, and the arrangements are facing resistance on privacy and labor law grounds.
Principle 3	Cooperation and collaboration. Laws, regulations, or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.45
Essential criteria
EC1	Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with all domestic authorities with responsibility for the safety and soundness of banks, other financial institutions, and/or the stability of the financial system. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC1	Cooperation in the framework of the SSM The SSM envisages a highly structured form of cooperation for Euro Area banking supervision, which goes well beyond the duties to exchange information and cooperate in good faith, as laid down in CRD IV and applicable to all EEA NCAs. The focal point of this heightened cooperation is the Supervisory Board itself, which is an internal ECB body and includes members of the ECB and one representative per competent authority of the participating Member States. The JSTs, which are the building block of Euro Area supervision, reinforce that cooperation, since the ECB relies heavily on NCA resources to staff the JSTs. For SIs operating entirely within the Euro Area, JSTs have replaced the previous cross-border supervisory framework based on the home-host division of labor and cooperation in supervisory colleges. Particular elements of cooperation between ECB banking supervision and Euro Area NCAs, in addition to ongoing supervision, include the full integration of the NCAs in the performance of the three so-called “common procedures” (authorization to take up the business of credit institution, lapsing and withdrawal of an authorization, acquisition of qualifying holdings in a credit institution), and the appointment of Heads of Missions for onsite inspections in consultation with the NCAs. Euro area NCAs are also regularly involved in the discussion of general and overarching supervisory issues through networks of national experts. Involvement on specific projects, such as the negotiation of MoUs with third countries, is also common at the staff level. Cooperation between the ECB and non-SSM NCAs Cooperation between the ECB and the non-SSM NCAs is based on the provisions of CRD IV. On top of that, under “step in” arrangements the ECB became a principal in the MoUs that these NCAs already had in place with the SSM NCAs. In accordance with Article 3 of the SSMR, the ECB is mandated to conclude an MoU with the NCAs of the non-participating Member States, including those that are home to at least one G-SII, as defined in Union law,46 although cooperation and exchange of information between competent authorities within the EU is already covered under CRD IV. The purpose of these MoUs is, inter alia, to clarify the information and consultation mechanisms in cases where ECB decisions on supervised credit institutions established in a participating Member State affect subsidiaries or branches established in non-participating Member States. To date, however, no MoUs or close cooperation agreements have been concluded with non-SSM NCAs. Cooperation between the ECB and relevant EU authorities Under the SSMR, the ECB is required to cooperate closely with the EBA, ESMA, EIOPA, and the ESRB and other authorities that form part of the European System of Financial Supervision. The ECB is also obliged to cooperate, and exchange supervisory information on supervised entities, with National Market Authorities (NMAs) of EU Member States if the information is sufficiently related to the responsibilities of the NMA and there are no overriding reasons not to disclose. This obligation, which applies even if no MoU is in place, does not imply that the ECB shares all information available on a specific supervised entity; the tasks and responsibilities of the requesting NMA must be taken into account. Against this background, the ECB has entered into an agreement with the EBA in order to share information on the key risks that might affect the banking system. The ECB also has non-voting member status on the EBA’s Board of Supervisors while the EBA can be invited to participate in the ECB’s Supervisory Board. The ECB has concluded an MoU with ESMA, among other things to reap the synergies deriving from the activities of both authorities. The ECB has also concluded with ESMA a Template MoU that the ECB is prepared to sign on a bilateral basis with NMAs upon an expression of interest from the NMAs. The ECB has signed such a Template MoU with the Italian Commissione Nazionale per le Societá e la Borsa, the Netherlands Authority for the Financial Markets, and the German Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin). Requests by NMAs for the disclosure of confidential information related to specific SIs have been increasing. The establishment of the SSM brought about important changes in the macroprudential framework in the EU. As before, the national competent or designated authorities can deploy two sets of macroprudential tools: (i) tools to counter systemic or macroprudential risks in the banking sector identified in the CRR/CRD IV and national specific law and (ii) other macroprudential tools identified in national legislation relating to the banking sector or other components of the financial system. However, the ECB can apply higher requirements or more stringent measures within the scope of the tools identified in the CRR/CRD IV. Thus, the ECB shares responsibility for macroprudential supervision with the national authorities. The ESRB is responsible for macroprudential oversight of the financial system within the EU and issuing warning and recommendations, when necessary. The participation of the ECB in the General Board of the ESRB (through high-level representatives) and in its Advisory Technical Committee allows for the interaction between the ESRB and the ECB, as well as the NCAs, and an exchange of views regarding the issuance of warnings/recommendations. Since the ESRB was established prior to the introduction of the Banking Union, the specific engagement of ECB banking supervision with the ESRB has not yet been formalized, although it is currently invited as an observer without voting rights. To strengthen cooperation and information flows, the EC in September 2017 put forward proposals to add the Chair of the ECB’s Supervisory Board and the Chair of the SRB as voting members of the ESRB General Board. Supplementary supervision In the EU, Directive 2002/87/EC (FICOD) establishes a legal framework for supplementary supervision of regulated entities (credit institutions, insurance and reinsurance undertakings, investment firms, asset management companies, and alternative investment fund managers) that are part of groups qualifying as financial conglomerates. The legal framework is supplementary to those in place for the sectorial supervision of the individual entities of conglomerates, in the sense that it is applied by using supervisory tools that add to (and do not replace) the sectoral rules. Supplementary supervision aims to provide a systematic monitoring of the risks stemming mainly from the interrelation between the insurance activities and the banking/financial activities within a same group. The financial position of financial conglomerates is mainly assessed through evaluation of capital adequacy, risk concentration, intra-group transactions, and internal controls within the conglomerate (see CP 12). FICOD establishes the criteria for identifying a competent authority to be the “coordinator” of supplementary supervision of regulated entities belonging to a financial conglomerate, and defines the tasks to be performed by it. FICOD also identifies which other authorities should participate in supplementary supervision and establishes the cooperation framework. Under the SSMR, the ECB has authority, for prudential supervisory purposes, to participate in supplementary supervision of financial conglomerates in relation to the credit institutions included in them. In the case of SIs, the ECB also assumes the coordinator role where it is appointed as such in accordance with FICOD; it is currently the coordinator for 27 financial conglomerates. Within the FICOD framework, the ECB is obliged to provide certain information to EU insurance supervisors, and vice-versa. At this point, there are no MoUs in place with EU insurance supervisors or with EIOPA. However, where ECB banking supervision chairs banking colleges for institutions designated as financial conglomerates, it has invited insurance/markets supervisors to attend as observers; ad hoc meetings have also been held between JSTs and insurance supervisors whether or not there is a college.
EC2	Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with relevant foreign supervisors of banks and banking groups. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC2	In the EEA, the principles of collaboration with authorities responsible for subsidiaries or branches of SSM-banking groups in third countries are based on the framework of supervisory colleges. The ECB sees supervisory colleges as a key mechanism for coordinating the supervision of cross-border banking groups. Where SIs have subsidiaries outside the Euro Area, the ECB is the consolidating (home) supervisor and chairs the relevant supervisory college, while the NCAs of the participating Member States where the parent, subsidiaries, and significant branches are established have the right to participate as observers. When the consolidating supervisor is not in the Euro Area, both the ECB and the NCAs participate in the college as (host) members/observers in line with the rules laid down in Article 10 of the SSMFR (see CP 13). The ECB currently participates in 45 supervisory colleges and, as the consolidating supervisor under CRD IV, is responsible for the operation of 30 of these colleges (plus a further four colleges that do not include EU participants other than the ECB). As the consolidating supervisor, the ECB is negotiating Written Coordination and Cooperation Arrangements (WCCAs) in order to facilitate crisis management within these colleges, and had concluded WCCAs for 16 colleges by end-February 2018. The Commissions’ 2017 Report on the SSM noted that supervisory colleges are viewed as particularly important where the ECB is host supervisor for subsidiaries of groups headquartered outside the Euro Area or for branches of non-Euro Area banks that are considered SIs. The participation of third-country authorities in EU colleges depends upon the evaluation of the equivalence of their confidentiality regime to the EU confidentiality regime. Under CRD IV, members of the colleges are to reach an agreement on this. The ECB has confirmed its compliance with the EBA Recommendations on the equivalence of confidentiality regimes. In order to ensure continuity with the cooperation framework and supervisory practices before the SSM, the ECB under “step in” arrangements became a principal in the MoUs that individual NCAs already had in place with some third-country authorities. As of September 2017, the ECB has become part of the MoUs and similar arrangements that 49 third countries had in place. ECB banking supervision also has the capacity to enter into administrative arrangements with the supervisory authorities of third countries in its own right, to provide the basis for information exchange and cooperation on matters such as authorization procedures, establishment of branches and subsidiaries, and the conduct of onsite inspections. The ECB has set up a network of national experts to work together with ECB staff to this end; the network has provided additional support for the drafting of an MoU template that is being used by the ECB as a basis for negotiating cooperation agreements with third country supervisory authorities. This template is largely based on the Basel Committee on Banking Supervision’s (BCBS) Statement of cooperation between banking supervisors (2014). In this context, the ECB is currently negotiating MoUs with supervisory authorities in a number of non-EU countries. The countries include the United States (Federal Reserve Board, Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation), Canada, Hong Kong, Japan, Singapore, and Switzerland. In December 2016, the ECB signed an MoU with the relevant authorities of Denmark, Finland, Norway, and Sweden for the conclusion of a cooperation agreement on the supervision of significant cross-border branches. An accession agreement to this MoU by the competent authorities of Estonia, Iceland, Latvia, and Lithuania was signed in April 2017. The ECB has also signed an MoU with Banco Central do Brazil and with the Mexican supervisory authority, Comisión Nacional Bancaria y de Valores. Negotiations with the supervisory authorities of South-eastern European countries (Albania, Kosovo, Serbia, Montenegro, Bosnia Herzegovina/Republika Srpska, FYRO Macedonia) have been finalized and the MoUs will be signed shortly. Home-host relationships have been augmented by trilateral meetings between ECB banking supervision and the Bank of England’s Prudential Regulation Authority (PRA) and the U.S. Federal Reserve Board. These meetings, two or three times a year, enable information to be shared at senior level on current supervisory issues and practices, and on detailed developments in individual G-SIBs and other banks.
EC3	The supervisor may provide confidential information to another domestic authority or foreign supervisor but must take reasonable steps to determine that any confidential information so released will be used only for bank-specific or system-wide supervisory purposes and will be treated as confidential by the receiving party.
Description and findings re EC3	CRD IV identifies a broad-ranging duty of cooperation within the EEA (Article 56) but also subjects the staff of competent authorities (and, individually, the persons working on behalf of the authorities, such as auditors) to a strict obligation of professional secrecy (Article 53). For ECB staff, the confidentiality rule is also laid down in Article 27 of the SSMR and in Article 37 of the Statute of the ESCB and of the ECB. The possible uses of confidential information by the receiving authority are limited. In particular, the information may only be used for specified supervisory purposes (Article 54 of CRD IV) and exchanged with a number of other institutions only in the discharge of specified purposes (Articles 56–59 of CRD IV). CRD IV allows for information sharing with authorities outside the EEA, provided that, under its national law, the receiving authority is subject to a confidentiality duty at least equivalent to that in the EU (Article 55). Where these requirements are not met, information may be disclosed only in summary or aggregate form, or in certain judicial or administrative proceedings where this does not concern third parties involved (Article 53(1)). In addition, the information shared may be used only for the supervisory tasks of the recipients. The onward sharing of information received from one authority has to be authorized beforehand. As mentioned under EC 2, participation in colleges with third-country authorities can only take place insofar as such authorities are subject to an equivalent confidentiality regime. In this respect, the ECB has declared that it complies with the EBA Recommendations identifying those third country authorities whose regime can be considered equivalent. On top of this, ensuring confidentiality of the information provided is of utmost importance when arranging bilateral cooperation between the ECB and the third country authorities through MoUs. In the case of third-country authorities not yet deemed by the EBA to have an equivalent confidentiality regime, where legally feasible the ECB negotiates specific clauses under which, except when disclosure is required under the law, the authority receiving information from the ECB can only share it with third parties with the ECB’s consent. To cater for the possibility that the MoUs allow for the exchange of specific information related to individuals, the data protection officer is kept informed and provides its view during negotiations. It also identifies the clauses that the negotiating parties need to accept for the MoU to be in line with EU data protection legislation.
EC4	The supervisor receiving confidential information from other supervisors uses the confidential information for bank-specific or system-wide supervisory purposes only. The supervisor does not disclose confidential information received to third parties without the permission of the supervisor providing the information and is able to deny any demand (other than a court order or mandate from a legislative body) for confidential information in its possession. In the event that the supervisor is legally compelled to disclose confidential information it has received from another supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, the supervisor uses all reasonable means to resist such a demand or protect the confidentiality of the information.
Description and findings re EC4	Confidential information received from another authority falls under the professional secrecy provisions described in EC 3. Under Article 54 of CRD IV, the supervisory authorities, including the ECB, receiving confidential information can use it only for the performance of their duties and only for certain designated purposes. Forward sharing of information is only permitted in selected circumstances (Articles 55–59); in particular, the information originating in another Member State can only be disclosed with the express agreement of the originating authority. By virtue of the primacy of EU law, these provisions take priority over incompatible national legislation providing for disclosure of confidential information beyond relevant EU law. This principle of primacy of EU law can be relied on in national and European courts.
EC5	Processes are in place for the supervisor to support resolution authorities (e.g., central banks and finance ministries as appropriate) to undertake recovery and resolution planning and actions.
Description and findings re EC5	Supervision and resolution are key building blocks of the Banking Union, and the EU crisis management framework creates a duty to cooperate between supervisory and resolution authorities. As outlined under CP 1, the primary partner of the ECB for cooperation in crisis management is the SRB, which will then involve relevant NRAs according to the SRB-NRA cooperation framework, if necessary. The interaction between the SSM and SRM is structured around three main pillars: the complementary institutional roles of the ECB and the SRB, mutual cooperation, and strong coordination. From a legal and operational standpoint, the nature of cooperation can be considered at different phases of supervisory and crisis management activities. Preparation and planning ECB banking supervision is responsible for requesting recovery plans from SIs and for their assessment, and it cooperates closely with the SRB in this assessment. The SRB’s particular focus is whether recovery plans pose any obstacles to resolution. The SRB is responsible for resolution planning, the determination of Minimum Requirements for Own Funds and Eligible Liabilities and the assessment of resolvability, and cooperates closely with ECB banking supervision in these areas. Early intervention ECB banking supervision plays the leading role in early intervention for SIs. Once it has determined that the preconditions for early intervention have been met in relation to an SI, the SRB has legally to be notified without delay. In practice, to foster timely cooperation, an SRB Board Member is invited to participate as observer in the ECB banking supervision meeting where the decision on early intervention may be taken. In addition, ECB banking supervision has to inform the SRB about any crisis prevention measures (e.g., the exercise of powers to direct removal of deficiencies or impediments to recoverability) or any specific requirements imposed on an institution (e.g., to increase own funds, apply a specific provisioning policy or limit business operations) pursuant to Article 104 of CRD IV, once the preconditions for early intervention have been met in relation to an SI. Determination that an institution is failing or likely to fail If ECB banking supervision determines, after consultation with the SRB, that an SI is failing or likely to fail, or if it receives such a determination from an institution itself, ECB banking supervision must first notify, inter alia, the SRB. In practice, to foster close cooperation and timely exchange of information, the SRB will be involved at an earlier stage, for instance by being invited to participate in the Institution-Specific Crisis Management Team meeting (see EC 7 of CP 8). The failing or likely to fail determination triggers the transfer of responsibilities for the institution to the SRB. Likewise, the SRB may make a determination that an institution is failing or likely to fail, but must first inform ECB banking supervision that it intends to make this determination, and allow the ECB three calendar days to make an assessment of the institution’s viability. Since its establishment, ECB banking supervision has made a failing or likely to fail determination in respect of three institutions. Conduct of resolution actions The SRB decides which resolution tools to use to resolve an institution, and ECB banking supervision gives support to the SRB, if needed. Furthermore, at a resolution stage, the BRRD envisages certain tasks that may need to be performed by the supervisory authority. The authority may have to adjust certain supervisory procedures; for example, if a sale of business tool or bail-in instrument is used, the assessment of the acquisition and/or a resulting qualifying holding has to be performed within the timelines imposed by the resolution authority. If a bridge institution is set up by the resolution authority, it may submit a request to the supervisory authority for a temporary exemption of the conditions for authorization. In such a case, ECB banking supervision would grant authorization and could become the competent authority for the bridge institution if it is classified as an SI. The resolution authority may submit a request to the ECB for a temporary exemption of the conditions for authorization of the bridge institution. The resolution authority will also request that the ECB publish on its website a copy of the resolution order or instrument or a summary note, and in particular the effects on retail customers and the terms and period of suspension or restriction on activities. Whenever ECB banking supervision acts either as a home or host supervisor of a bank subject to its direct supervision, it actively participates in resolution colleges and shares relevant information with all participating authorities, if possible. Memorandum of Understanding between the ECB and SRB Central to cooperation arrangements is the MoU between the ECB and SRB signed in December 2015. The MoU covers cooperation and the exchange of information between the two authorities with respect to all institutions directly supervised by the ECB as well as all cross-border LSIs under direct responsibility of the SRB as far as the so-called “common procedures” are concerned (see EC 1). The MoU includes arrangements for cooperation and information exchange in the different phases of supervisory and crisis management activities outlined above, and also contains provisions regarding communication, knowledge exchange, confidentiality, data protection, and cooperation with regard to non-participating Member States and third-country authorities. In the area of information exchange, ECB banking supervision shares all relevant supervisory information with the SRB, for example for the purpose of resolution planning. The SRB has access to relevant supervisory reporting data and recovery plans, which contain a significant amount of valuable information for the purpose of resolution planning. In addition, the ECB granted the SRB shared access to parts of its supervisory information platform in 2016 in order to support the SRB in the performance of its tasks and facilitate information exchange. Information sharing with the SRB is now automatic once an SI is assigned a certain SREP rating. To strengthen coordination, the ECB designates a representative entitled to participate, as a permanent observer, in the meetings of executive sessions and plenary sessions of the SRB. The ECB representative is entitled to participate in the debates and has access to all documents. In the same vein, the Chair of the SRB participates as an observer in the meetings of the Supervisory Board for items relating to the tasks and responsibilities of the SRB. In its Special Report 02/2018, The operational efficiency of the ECB’s crisis management for banks (January 2018), the ECA recommended that the ECB improve its information exchange with the SRB, noting in particular that there was no pre-specified package of information to be provided to the SRB in crisis situations. The ECB has accepted this recommendation. The level of information shared with the SRB was based on an initial assessment of needs at the time the MoU was finalized, and an early review of the effectiveness of information exchange in the light of experience was provided for in the MoU. That review is now underway and, according to the ECB, is expected to lead to an increase in the amount of information that is automatically shared with the SRB.
Assessment of Principle 3	Compliant
Comments	ECB banking supervision has an extensive and effective framework for cooperation and collaboration. Within the SSM, the framework is inherent in the various structures and elements of cooperation between ECB banking supervision and the Euro Area NCAs, with the Supervisory Board at the apex. Outside the SSM, ECB banking supervision has been seeking to build on the highly developed communication channels it inherited from the NCAs under “step in” arrangements. ECB banking supervision’s progress in finalizing MoUs in its own right with third country authorities, within and outside the EEA, has been slower than expected, due to complexities in negotiations arising from substantial differences between legal systems and national legal requirements). Similar complexities have been the main factor affecting the finalization of WCCAs for crisis management coordination in supervisory colleges in which the ECB is consolidating supervisor, although substantial progress in this area is now expected. The absence of formal arrangements has not, however, precluded effective working relationships with key authorities, with confidentiality of supervisory information covered in exchanges of letters where necessary. The trilateral meetings between ECB banking supervision and the PRA and the U.S. Federal Reserve Board are examples of constructive collaboration at the working level. The SSM’s preparations for Brexit from a banking supervision viewpoint have involved heightened interaction with other supervisory authorities. Through the Supervisory Board, SSM networks and bilateral meetings with Euro Area NCAs, ECB banking supervision has been exchanging information on Brexit plans of “incoming” banks, and to ensure consistent application of Brexit policy stances across the SSM for both SIs and LSIs. The ECB has also been in regular contact with other relevant third parties, such as the EBA, the PRA, and other third-country supervisors, in order to exchange information and promote alignment on operational issues. The effectiveness of cooperation arrangements between ECB banking supervision and the SRB have been “road tested” in three episodes of bank distress in 2017 where ECB banking supervision made a failing or likely to fail determination. This experience is vital input into the current review of the effectiveness of the MoU between the ECB and the SRB, which is expected to result in enhanced information sharing. ECB staff view these three episodes as confirming the effectiveness of cooperation arrangements with the SRB, although the assessors have noted (in CP 8) that there is room for improvement.
Principle 4	Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled.
Essential criteria
EC1	The term “bank” is clearly defined in laws or regulations.
Description and findings re EC1	At the European level, there is no definition of the term “bank.” Both the CRR and CRD IV use the term “credit institution,” which is defined as “an undertaking the business of which is to take deposits or other repayable funds from the public and to grant credits for its own account” (CRR Article 4(1)(1) and CRD IV Article 3(1)(1)). Therefore, the term “credit institution” is defined in terms of its range of permitted activities. This definition has been transposed into national laws.
EC2	The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined either by supervisors, or in laws or regulations.
Description and findings re EC2	The types of activities that a credit institution as defined in the CRR/CRD IV can carry out are not exhaustively determined at the EU level, although the activities must at least include taking deposits or other repayable funds from the public and granting credits for its own account. A credit institution license can only be granted—and is required—if the proposed activities in which the applicant will be engaged include these two essential elements, CRD IV Recital 14 stipulates that “this Directive should not affect the application of national laws which provide for special supplementary authorizations permitting credit institutions to carry out specific activities or undertake specific kinds of operations.” In addition, CRD IV Annex I provides a list of activities that can be performed by credit institutions authorized in one of the Member States without acquiring additional authorization from the host authorities (‘List of activities subject to mutual recognition’), although this does not restrict a Member State from allowing credit institutions to perform fewer or other activities in the jurisdiction. National laws define whether a credit institution is allowed to undertake activities other than the taking of deposits or other repayable funds from the public and the granting of credits for its own account. In Austria, for example, the banking activities that require authorization as a credit institution are broader than these two elements, and include building savings and loan business, investment fund business and real estate investment fund business; in Greece, credit institutions may be allowed to carry out financial or secondary activities additional to those listed in CRD IV Annex I. The ECB’s procedure for authorization of a credit institution applies to all activities that credit institutions are allowed to undertake, including activities subject to mutual recognition as well as other regulated activities that require authorization under national laws. This means that the authorization procedure also applies to situations where a credit institution that already has a banking license requires an extension of its authorization to undertake a new regulated activity. Furthermore, Article 104(1)(e) of CRD IV provides that competent authorities shall have the power to restrict or limit the business, operations, or network of institutions or to request the divestment of activities that pose excessive risks to the soundness of an institution. In this respect, the ECB can directly exercise this power with respect to SIs or, where such power was not conferred on the ECB, can require the NCA to make use of this power by way of instructions.
EC3	The use of the word “bank” and any derivations such as “banking” in a name, including domain names, is limited to licensed and supervised institutions in all circumstances where the general public might otherwise be misled.
Description and findings re EC3	There are no EU-level restrictions regarding the use of the word “bank” and any derivations. The ECB has no powers in relation to the restrictive and designated use of the word “bank” that are designed to ensure that the general public is not misled. Restrictions regarding the use of the term “bank” are imposed at the national level. Broadly speaking, the term “credit institution” is a protected designation, but in some Euro Area Member States the use of the term “bank” and any derivations by other enterprises may be permitted on a grandfathered basis (Germany) or if the activities of these enterprises precludes the impression that they conduct banking business (Germany, Greece). In the 2016 Detailed Assessment Report for Germany, assessors noted that they had access to several cases where the use of the term “bank” or similar by unlicensed institutions was investigated and sanctioned by the NCA, including for a domain name. Article 19 of CRD IV provides that “for the purposes of exercising their activities, credit institutions may, notwithstanding any provisions in the host Member State concerning the use of the words ‘bank,’ ‘savings bank,’ or other banking names, use throughout the territory of the Union the same name that they use in the Member State in which their head office is situated,” and “in the event of there being any danger of confusion, the host Member State may, for the purposes of clarification, require that the name be accompanied by certain explanatory particulars.”
EC4	The taking of deposits from the public is reserved for institutions that are licensed and subject to supervision as banks.47
Description and findings re EC4	Article 9 of CRD IV stipulates that “Member States shall prohibit persons or undertakings that are not credit institutions from carrying out the business of taking deposits or other repayable funds from the public” and “Such restriction shall not apply to the taking of deposits or other funds repayable by a Member State, or by a Member State’s regional or local authorities, by public international bodies of which one or more Member States are members, or to cases expressly covered by national or Union law, provided that those activities are subject to regulations and controls intended to protect depositors and investors.” The ECB itself has no powers to enforce the general prohibition on taking deposits or other repayable funds from the public by institutions that are not authorized as credit institutions. The prohibition has been transposed into national laws.
EC5	The supervisor or licensing authority publishes or otherwise makes available a current list of licensed banks, including branches of foreign banks, operating within its jurisdiction in a way that is easily accessible to the public.
Description and findings re EC5	Article 20(2) of CRD IV requires the EBA to publish on its website,48 and update regularly, a list of the names of all credit institutions that have been granted authorization, although the frequency of updating is not defined. This information is available under the Credit Institution Register on the EBA website, which contains names of (a) institutions set up in the Member States; (b) branches of institutions established in EEA countries that have the right to passport their activities; and (c) branches of other foreign banks. The Credit Institution Register is updated on a real-time basis with notifications of newly licensed institutions or withdrawal of authorization by competent authorities. The ECB publishes on its website (www.ecb.europa.eu) a list of the SIs it directly supervises as well as a list of the LSIs supervised by the NCAs. The ECB lists are updated regularly, based on decisions taken with regard to authorizations and the withdrawal or lapsing of authorizations, decisions amending the significance of supervised institutions, or relevant notifications received from the NCAs.
Assessment of Principle 4	Largely Compliant
Comments	European law as transposed into national laws covers the main elements of this Core Principle, with the necessary powers residing in most cases with NCAs. The ECB, for example, has not been conferred powers in relation to the restrictive and designated use of the word “bank,” nor to enforce the prohibition on the taking of deposits from the public by nonbanks; these matters are generally pursued at the national level. Previous BCP assessments have not identified any material deficiencies in Euro Area countries on this score. The Commission’s recent report on the SSM raised concerns about the growth of “banklike” activities in the EU. It noted structural market developments showing a trend for third-country groups to have increasingly complex structures in the EU, operating through entities that escape ECB supervision. A specific concern related to the largest investment firms that provide key wholesale market and investment banking services across the EU, which are bank-like in nature. These firms are subject to the CRR and CRD IV but are supervised at the national level; they are not authorized and supervised by the ECB as credit institutions. This opens the door to regulatory and supervisory arbitrage and creates an unlevel playing field in the application of the CRR and CRD IV. The Commission’s report suggested that current consultations on the Commission’s proposed amendments to the CRR/CRD IV framework for credit institutions might provide a good opportunity to address this concern. The Commission’s report also highlighted that the lack of ECB supervisory powers in relation to Euro Area branches of non-EU or EEA banks creates scope for regulatory and supervisory arbitrage. In its opinion of November 2017, the ECB noted that large and complex bank-like investment firms, particularly those with cross-border operations, can pose increased financial stability risks as well as an increased risk of spill-over effects on other banks. The ECB took the view that the consolidated and solo supervision of such bank-like investment firms in the EU warranted further consideration, to ensure prudent and consistent supervisory standards commensurate with the risks these firms can pose. One option it suggested would be to amend the CRR/CRD IV in order to ensure that large cross-border investment firms, which frequently carry out bank-like activities that are also carried out by banks, are authorized and supervised as credit institutions. However, for investment firms not in that category, the current differentiation of treatment reflected in national arrangements should be preserved.
Principle 5	Licensing criteria. The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of Board members and senior management)49 of the bank and its wider group, and its strategic and operating plan, internal controls, risk management, and projected financial condition (including capital base). Where the proposed owner or parent organization is a foreign bank, the prior consent of its home supervisor is obtained.
Essential criteria
EC1	The law identifies the authority responsible for granting and withdrawing a banking license. The licensing authority could be the banking supervisor or another competent authority. If the licensing authority and the supervisor are not the same, the supervisor has the right to have its views on each application considered, and its concerns addressed. In addition, the licensing authority provides the supervisor with any information that may be material to the supervision of the licensed bank. The supervisor imposes prudential conditions or limitations on the newly licensed bank, where appropriate.
Description and findings re EC1	Article 4(1)(a) of the SSMR establishes the ECB as the exclusive competent authority for the authorization of credit institutions (as defined in the CRR/CRD IV) in Euro Area Member States, whether the institutions are SIs for whom the ECB is also the supervisory authority, or LSIs directly supervised by the NCAs. The ECB is also the exclusive competent authority for the withdrawal of such authorizations. Authorization and withdrawal of authorization are two of the three tasks (referred to as “common procedures”) conferred on the ECB with regard to all Euro Area credit institutions (SIs and LSIs); assessment of acquisitions of qualifying holdings is the third (see CP 6). Nonetheless, the NCAs are fully integrated in the authorization process and authorization decisions are taken on the basis of applicable national law. NCAs represent the entry point for applications for authorizations and maintain contacts with the applicants; analysis of all applications takes place initially at the NCAs; and only viable applications are forwarded to the ECB. If the applicant complies with all conditions of authorization, the NCA prepares a draft decision for the Governing Council, which is deemed to be adopted unless the Governing Council objects to it within ten working days (extendable once in justified cases). In the case of LSIs, where the licensing authority and primary supervisor are separate agencies, this authorization mechanism ensures that the right of the supervisor to have its views and/or concerns about an application is addressed. Withdrawals of authorizations can be taken at the initiative of the NCAs or the ECB itself. In the latter case, the ECB must consult with the NCA concerned, at least 25 working days before the date on which it plans to make the decision: in urgent cases, the timeframe can be reduced to five working days. Resolution authorities may object to the ECB’s intention to withdraw an authorization of an institution entering resolution if they consider that this would affect resolution or financial stability. The ECB has not, to date, taken the initiative to withdraw an authorization. Article 6(2) of the SSMR underlines that the ECB and NCAs are subject to a duty of cooperation in good faith, and an obligation to exchange information. Accordingly, the ECB and the relevant NCA share all relevant findings during the assessment of an application for an authorization, and the content of the draft decision reflects this active coordination and exchange of information. Any information that the ECB has in its capacity as licensing authority that may be material to the NCA in its capacity as supervisory authority, is shared with the latter.
EC2	Laws or regulations give the licensing authority the power to set criteria for licensing banks. If the criteria are not fulfilled or if the information provided is inadequate, the licensing authority has the power to reject an application. If the licensing authority or-supervisor determines that the license was based on false information, the license can be revoked.
Description and findings re EC2	Minimum conditions for authorization of a credit institution are set out in Articles 10 to 14 of CRD IV. These cover the institution’s program of operations, structural organization, initial capital, fit-and-proper requirements for management and shareholders, absence of “close links” that may prevent effective supervision, and the “co-location” of the head office and the registered office or jurisdiction where business is actually carried out. Detailed requirements giving effect to these criteria are set out in national laws implementing CRD IV. Member States have the power to specify additional criteria, provided that they are not assessing the economic need for the bank to exist, which is prohibited under Article 11 of CRD IV. For example, credit institutions established in Ireland must comply with the Corporate Governance Code for Credit Institutions and Insurance Undertakings adopted by the Central Bank of Ireland. As the final decision on an authorization is based on the NCA’s draft proposal, in practice the ECB applies any additional licensing criteria included in the national laws of the participating Member States. The power to reject an application is implied by Articles 11 to 15 of CRD IV, which state that the NCA will only grant authorization if criteria are complied with; information on a rejection needs to be communicated to applicants within 12 months. An application for authorization may be rejected by the NCA and by the ECB. However, the ECB may only object to the NCA draft proposal to grant an authorization—and thus reject the authorization—where the conditions for authorization set out in relevant EU law are not met. Germany is one Member State in which the criteria for rejecting an application, which distinguish between mandatory and discretionary reasons for refusal, are explicit in national law. The information requirements necessary for authorization are covered by Articles 8, 10, and 14 of CRD IV. Both the NCA and the ECB have the right to ask an applicant to provide all relevant information in order to assess whether the applicant meets the requirements for authorization. In July 2017, the EBA released the RTS specifying the information to be provided to NCAs in applications for authorization as a credit institution, detailing requirements applicable to shareholders and members with qualifying holdings, and addressing obstacles to the effective exercise of supervisory functions. The power to revoke an authorization found to have been granted on the basis of false information or other irregular means is set out in Article 18(b) of CRD IV. If the ECB becomes aware of such, it may withdraw the license. The same applies for the NCA, in accordance with the relevant national law. In September 2017, the ECB released for public consultation a guide to the assessment of license applications from fintech credit institutions. For the purposes of the guide, a fintech credit institution is defined as having “a business model in which the production and delivery of banking products and services are based on technology-enabled innovation.” A fintech entity that meets the legal definition of a credit institution in terms of CRR/CRD IV (i.e., whose activities include taking deposits or other repayable funds from the public and granting credits for its own account) must seek authorization as a credit institution and will be subject to the same authorization requirements and assessment procedures as other credit institutions. The purpose of the guide is to enhance transparency for potential fintech bank applicants and increase their understanding of the ECB’s procedures and criteria for assessing license applications.
EC3	The criteria for issuing licenses are consistent with those applied in ongoing supervision.
Description and findings re EC3	Although not explicitly stated in EU law, the criteria for authorization are generally consistent with those applied in ongoing supervision. Pursuant to Article 18 of CRD IV, one of the possible reasons for withdrawing an authorization is that the credit institution “no longer fulfils the conditions under which authorization was granted.” As a result, all conditions for obtaining a license—including the conditions specified by national law— need to be fulfilled on an ongoing basis by the licensed bank (except for the demand for a program of operations). In certain cases (Spain), national law specifies other possible reasons for withdrawing an authorization, but these are closely linked to conditions with which credit institutions need to comply on an ongoing basis. The ECB may withdraw an authorization in the cases set out in relevant EU law on its own initiative, following consultations with the NCA, or on a proposal from the NCA.
EC4	The licensing authority determines that the proposed legal, managerial, operational, and ownership structures of the bank and its wider group will not hinder effective supervision on both a solo and a consolidated basis.50 The licensing authority also determines, where appropriate, that these structures will not hinder effective implementation of corrective measures in the future.
Description and findings re EC4	Under CRD IV, the conditions for granting authorization include the fitness and propriety of the management of the institution, and the existence of a direct link between the Member States where the institution is incorporated and where it is supervised. Authorization will be refused: if the licensing authority is not satisfied as to the suitability of the shareholders or members; where any close links between the credit institution and other natural or legal persons prevent the effective exercise of supervisory functions;51 and where the laws, regulations, or administrative provisions of a third country governing one or more natural or legal persons with which the credit institution has close links, or difficulties involved in the enforcement of those laws, regulations, or administrative provisions, prevent the effective exercise of supervisory functions. These conditions have been broadly transposed to national laws implementing CRD IV. In Italy, however, transposition is awaiting implementation and fit-and-proper assessments are bound by the current legal framework, which is not consistent with CRD IV. In this case, ECB banking supervision has been working with the NCA to overcome assessment gaps and to ensure the suitability of board members through supervisory dialogue with relevant banks. Developing a complete understanding of the proposed legal, managerial, operational, and ownership structures of the bank, both on solo and consolidated basis, is an essential component of the licensing process at the ECB and generally also at the NCAs. If impediments exist or arise, the supervisor may take appropriate remedial measures, including withdrawal of the license. The EBA’s recent RTS on information to be provided in authorization application addresses the identification of obstacles that could prevent the effective exercise of supervisory functions, including the nature of close links between the credit institution and other natural or legal persons, such as politically exposed persons, and the nature of interactions with third country authorities, if any, supervising these persons. To this point, concerns about these types of close links have not provided the basis for rejection of an application for authorization of a credit institution, but have been the basis for rejecting applications for acquisition of qualifying holdings (see CP 6).
EC5	The licensing authority identifies and determines the suitability of the bank’s major shareholders, including the ultimate beneficial owners, and others that may exert significant influence. It also assesses the transparency of the ownership structure, the sources of initial capital and the ability of shareholders to provide additional financial support, where needed.
Description and findings re EC5	Article 14 of CRD IV addresses the suitability of a bank’s major shareholders, including those that can exercise significant influence. The suitability requirements include reputation, knowledge, skills and experience, and financial soundness. As part of the NCA assessment process—and accordingly applied by the ECB as well— applicants are required to identify prospective shareholders, whether direct or indirect, natural or legal persons, that have a qualifying holding and the amounts of that holding or, where there are no qualifying holdings, the 20 largest shareholders. A background check is conducted both on the suitability and the financial soundness of these shareholders, including a check on the existence of reasonable grounds to suspect that there is a risk related to money laundering or terrorist financing. This check therefore identifies the sources of initial capital and ensures transparency of ownership. The EBA’s recent RTS on information to be provided in authorization applications requires the applicant to provide an explanation of the available funding sources for capital and, where available, evidence of the availability of those funding sources. This includes a summary of the use of private financial resources (including their availability and source). As a matter of supervisory practice, the NCAs and the ECB assess whether the financial soundness of shareholders is sufficient to ensure the sound and prudent operation of the credit institution for the first three years of business, taking into account the capital expected to be readily available once the credit institution commences its activities and the private financial resources of shareholders.
EC6	A minimum initial capital amount is stipulated for all banks.
Description and findings re EC6	Article 12 of CRD IV specifies a minimum initial capital amount for an authorized credit institution of EUR 5 million. The initial capital, which must be held in the form of common equity tier 1, is a floor below which an institution may not fall. In a small number of cases (mainly arising out of grandfathering arrangements), the minimum capital is EUR 1 million, but a ratchet applies. That is, any increase in common equity tier 1 becomes the new floor until the institution’s capital exceeds EUR 5 million. On top of the required minimum initial capital, NCAs generally require a level of own funds that is commensurate with the expected business plan of the applicant institution; this level is accordingly applied by the ECB. For example, a minimum initial capital requirement of EUR 8.7 million applies in Luxembourg, EUR 18 million in Spain and Greece (although in the case of Greece, the Bank of Greece can reduce that threshold to EUR 5 million), and EUR 20 million in Slovakia (EUR 30 million for mortgage banks). Under its “policy stance” on authorizations, ECB banking supervision generally requires new credit institutions to have sufficient initial capital to cover the minimum requirement set out in CRD IV, plus losses over the first three years of operation projected on the basis of a severe but plausible adverse scenario in the business plan. Where new credit institutions are subject to higher minimum initial requirements under national legislation, the “add on” may be limited to one year’s losses.
EC7	The licensing authority, at authorization, evaluates the bank’s proposed Board members and senior management as to expertise and integrity (fit-and-proper test), and any potential for conflicts of interest. The fit-and-proper criteria include: (i) skills and experience in relevant financial operations commensurate with the intended activities of the bank; and (ii) no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold important positions in a bank.52 The licensing authority determines whether the bank’s Board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks.
Description and findings re EC7	Under Article 13 of CRD IV, authorization of a credit institution can be granted only where at least two persons effectively direct the business of the institution. That is, there must be a clear distinction in the governance structure between risk-taking activities and risk management. Article 91 of the CRD IV establishes fit-and-proper requirements for the members of a credit institution’s “management body,” that is, the body empowered to set the institution’s strategy, objectives, and overall direction, and which oversees and monitors management decision-making. Authorization will be refused if the members of the management body do not meet the requirements that at all times they be, inter alia, of sufficiently good repute and possess sufficient knowledge, skills and experience to perform their duties. Member States must ensure that the management body defines, oversees and is accountable for the implementation of the governance arrangements that ensure effective and prudent management of an institution, including the segregation of duties in the organization and prevention of conflicts of interest. A key principle is that the management body must have the overall responsibility for the institution and approve and oversee the implementation of the institution’s strategic objectives, risk strategy, and internal governance. The EBA/ESMA has issued joint Guidelines on the assessment of the suitability of members of the management body and key function holders, which will apply from June 30, 2018. Record of criminal activities and adverse regulatory judgments are mentioned in Guideline 8 regarding reputation, honesty, and integrity, while Guideline 6 addresses knowledge, skills, and experience. The new Joint Guidelines include discussion of the assessment of the collective suitability of the management body. As part of the authorization process, the NCAs and the ECB carefully evaluate proposed directors with respect to fitness and propriety. The applicant must demonstrate that each prospective member of the management body has sufficient competence, experience, and ability to direct the policies of the bank in a safe and sound manner, taking into account the circumstances and plans of the organization. The ECB has responsibility for taking decisions on the appointment of all members of the management bodies of SIs that fall under its direct supervision, and of LSIs in the case of licensing or qualifying holdings. To promote harmonization of supervisory practices and convergence in fit-and-proper assessments in the Euro Area, the ECB issued a Guide to fit-and-proper assessments in May 2017. This serves as a guide for the suitability assessment of board members conducted by the NCAs and the ECB and covers all assessment criteria: (1) reputation, (2) time commitment, (3) experience, (4) independence of mind/conflicts of interest, and (5) collective suitability of the management body. The Guide also covers the criteria for conditional approvals and interviews with candidates; in addition, an SSM methodology for fit-and-proper interviews has been approved by the Supervisory Board. In its opinion of November 2017, the ECB recommended that EU law be amended to further harmonize the processes for fit-and-proper assessments.
EC8	The licensing authority reviews the proposed strategic and operating plans of the bank. This includes determining that an appropriate system of corporate governance, risk management, and internal controls, including those related to the detection and prevention of criminal activities, as well as the oversight of proposed outsourced functions, will be in place. The operational structure is required to reflect the scope and degree of sophistication of the proposed activities of the bank.53
Description and findings re EC8	Applications for authorization must be accompanied by a program of operations setting out the types of business envisaged and the structural organization of the credit institution. The content of such a program is specified in Article 6 of the EBA’s July 2017 RTS on information to be provided in authorization applications. The program must cover the first three years of operations, on a base case and stress scenario basis, and include information on the geographical distribution of activities, the viability of the business model, the organizational structure and the internal control framework; the latter must include the budgetary and human resources devoted to the compliance, risk management, and internal audit functions.
EC9	The licensing authority reviews pro forma financial statements and projections of the proposed bank. This includes an assessment of the adequacy of the financial strength to support the proposed strategic plan as well as financial information on the principal shareholders of the bank.
Description and findings re EC9	Applications for authorization must be accompanied by a range of information on the financial situation of the institution. This information, set out in Article 5 of the July 2017 RTS, must inter alia include: forecasts on a base case and stress scenario of balance sheets; profit and loss accounts and cash flow statements for the first three complete business years; planning assumptions for these forecasts; forecast calculations of own funds requirements; funding profile and diversification; internal liquidity adequacy assessment; and an outline of any indebtedness incurred or expected to be incurred prior to commencement of its activities as a credit institution. Information to be provided on the suitability of the principal shareholders of the applicant institution is specified in Article 11 of the RTS. This information includes the reputation and the financial soundness of these shareholders, particularly in relation to the type of business expected to be undertaken by the institution.
EC10	In the case of foreign banks establishing a branch or subsidiary, before issuing a license, the host supervisor establishes that no objection (or a statement of no objection) from the home supervisor has been received. For cross-border banking operations in its country, the host supervisor determines whether the home supervisor practices global consolidated supervision.
Description and findings re EC10	Under Article 17 of CRD IV, no authorization is required for branches of credit institutions established in another Member State. The credit institution must notify the home supervisor, and the home supervisor may oppose the passporting if it has reason to doubt the adequacy of the administrative structure or the financial situation of the credit institution, taking into account the activities envisaged (Article 35.3 of CRD IV). If it does not so oppose, it will communicate that information to the NCA in the host Member State within three months and inform the credit institution accordingly. In the case of subsidiaries of authorized credit institutions established in another Member State, Article 16 of CRD IV requires the host authority to consult the home supervisor before granting any authorization. Authorization will not be granted if the laws, regulations, or administrative provisions of a third country governing one or more natural or legal persons with which the credit institution has close links, or difficulties involved in the enforcement of those laws, regulations or administrative provisions, prevent the effective exercise of supervisory functions. In respect of authorizing a subsidiary or branch of a credit institution that is authorized in a third country (non-EU or EEA) and subject to consolidated supervision, Articles 47 and 48 of CRD IV state that, on the basis of an agreement concluded between the Union and the respective third country, NCAs are allowed to cooperate with that country regarding the means of exercising supervision on a consolidated basis. Currently, Euro Area branches of non-EU or EEA banks, unlike their subsidiaries, are neither subject to CRD IV/CRR (and related EBA RTS/ITS and guidelines), nor to consolidated supervision at the EU level. They are regulated by national laws and regulations and supervised directly by local NCAs; they are not authorized or supervised by the ECB. Such branches may not be subject to more preferential treatment than would or does apply to an EU Member State branch. As at end-March 2017, there were 77 third-country branches in the Euro Area, belonging to 54 third-country banking groups; 17 of these groups were operating via branches in more than one Euro Area country. This number could increase once the exit of the United Kingdom from the EU becomes effective.
EC11	The licensing authority or supervisor has policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the license approval are being met.
Description and findings re EC11	Once a new credit institution is authorized, its ongoing supervision if it is an SI is conducted in terms of the SEP set up by the relevant JST (see CP 9). The SEP determines the minimum set of activities that JSTs are required to perform, as well as any additional activities needed to address the particular characteristics of the institution. In principle, these characteristics would be expected to include the newness of the institution, but there are no specific requirements in the SSM Supervisory Manual on this point. If there are conditions attaching to the authorization of the credit institution, monitoring in the case of SIs is entrusted to the relevant JST and is carried out as part of ongoing supervision; if the conditions are based on national law, monitoring is entrusted to the relevant NCA in coordination with the JST.
Assessment of Principle 5	Largely Compliant
Comments	Within the SSM, the ECB has become the licensing authority for new credit institutions, and EU law establishes clear criteria for granting or withdrawing authorizations. However, ECB decisions are taken on the basis of applicable national laws and NCAs are fully involved in the authorization process. This process has been supported by publication, over the past year, of various EBA, EBA/ESMA and ECB guidance on different aspects of the authorization process, including for potential fintech bank applications, and by detailed procedures set out in the SSM Supervisory Manual. Taken together, the legal framework and complementary material provide a comprehensive basis for supervisory assessments of applications for authorization. Since the establishment of the SSM, the ECB has granted 49 authorizations of credit institutions and withdrawn 108 authorizations. The assessors saw evidence of the thoroughness of the authorization process, including supporting documentation for draft decisions prepared by different NCAs. The Commission’s recent report on the SSM acknowledged that the common procedures for authorizations represented a challenging task for the ECB, given inter alia the complexity of assessing proposals prepared by NCAs based on the different national legal frameworks. The report concluded that “… the ECB and NCAs have done a remarkable job and managed to create tools and procedures that help the ECB deliver on its tasks within the applicable constraining timeframe.” The ECB does not have authority to authorize and supervise Euro Area branches of non-EU or EEA banks. These branches are not subject to CRD IV/CRR (and related EBA RTS/ITS and guidelines), nor to consolidated supervision at the EU level; they are regulated by national laws and regulations and supervised directly by local NCAs. These arrangements create regulatory and supervisory arbitrage opportunities for non-EU banks, which can, inter alia, establish a presence in the Euro Area through branches and avoid ECB supervision. The Commission’s recent report on the SSM drew attention to these arbitrage risks. As part of its review of CRR/CRD IV, the Commission has proposed that third country banking groups with two or more institutions established in the EU be required to establish intermediate EU parent undertakings, thus allowing consolidated supervision and the application of prudential requirements on a consolidated basis. The ECB has welcomed this proposal, but has argued in its opinion of November 2017 that, in order to avoid regulatory arbitrage, the requirement should apply to third country credit institutions and branches and that, once an intermediate EU parent undertaking is established, existing branches of the same third country banking group exceeding a certain threshold should be re-established as branches of a credit institution authorized by the ECB.
Principle 6	Transfer of significant ownership. The supervisor54 has the power to review, reject, and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties.
Essential criteria
EC1	Laws or regulations contain clear definitions of “significant ownership” and “controlling interest.”
Description and findings re EC1	Under the CRR, a “qualifying holding” is defined as a direct or indirect holding in an undertaking which (i) represents 10 percent or more of the capital or of the voting rights; or (ii) makes it possible to exercise a significant influence over the management of that undertaking. A qualifying holding includes a controlling interest. “Control” is defined as the relationship between a parent undertaking and a subsidiary, or the accounting standards to which an institution is subject, or a similar relationship between any natural or legal person and an undertaking. Member States cannot impose more stringent requirements for notification to, or approval by, the competent authorities of direct or indirect acquisitions of voting rights or capital. According to the December 2016 EBA/ESMA/EIOPA’s Joint Guidelines on the prudential assessment of acquisitions and increases of qualifying holdings in the financial sector, which became effective from October 2017, the supervisor of the target undertaking (target supervisor) should take a number of factors into account in assessing whether significant influence may be exercised, including: the existence of material and regular transactions between the proposed acquirer and the target undertaking; the ownership structure of the target undertaking; and the proposed acquirer’s ability to participate in the operating and financial strategy of the target undertaking. The Joint Guidelines also sets out the relevant tests for assessing if a qualifying holding is acquired indirectly and the size of such holding when: (a) a natural or legal person acquires or increases a direct or indirect participation in an existing holder of a qualifying holding; or (b) a natural or legal person has a direct or indirect holding in a person which acquires or increases a direct participation in a target undertaking.
EC2	There are requirements to obtain supervisory approval or provide immediate notification of proposed changes that would result in a change in ownership, including beneficial ownership, or the exercise of voting rights over a particular threshold or change in controlling interest.
Description and findings re EC2	Articles 22 and 25 of CRD IV deal with acquisitions, increases, and divestitures of qualifying holdings. The proposed acquirer(s) has(ve) to indicate to the competent authority the size of the intended holdings and provide relevant information, as specified in Article 23(4) of CRD IV. These requirements have been transposed into national legislation. Legal and natural persons wishing to acquire, directly or indirectly, a qualifying holding in a credit institution or to further increase, directly or indirectly, such a qualifying holding as a result of which the proportion of the voting rights or of the capital held would reach or exceed 20 percent, 30 percent, or 50 percent or so that the credit institution would become its subsidiary (the “proposed acquisition”), need to notify the target NCA in advance, and the NCA may decide to oppose the acquisition. If a holding is acquired despite opposition by the competent authorities, Member States must provide either for the exercise of the corresponding voting rights to be suspended, or for the annulment of votes cast or for the possibility of their annulment. The ECB is the competent authority for both SIs and LSIs for approval of acquisitions or disposals of qualifying holdings in a credit institution (though not in the case of a bank in resolution). As with the other “common procedures,” the NCAs are fully integrated in the approval process. The assessment of the application is carried out by the target NCA on the basis of national law. Throughout the assessment, the NCA coordinates with and informs ECB banking supervision about progress; it also collects the views/objections of other NCAs involved in the supervision of the applicant (if it is a credit institution or other regulated financial undertaking). National laws set out their own due process requirements, in particular with regard to information required by the NCA, and to the corporate holding structures that need to be notified if they are considered to be a direct or indirect acquirer of a qualifying holding. These process requirements need to be taken into consideration, provided that they do not contradict EU law. The NCA forwards a proposal to the ECB, which may include conditions to be fulfilled by the applicant. Strict timelines apply to the approval process. The ECB has adopted internal rules for proposed acquisitions of qualifying holdings that set out the recommended approach on how to impose binding conditions or obligations, as well as non-binding recommendations. These rules also clarify when such provisions may be used, their impact on the timeline and the cases in which the right to be heard should be granted. The main task of ECB banking supervision is to ensure that NCAs follow common procedures regarding qualifying holdings as laid down in the SSMFR and the SSM Supervisory Manual, and that the application complies with the requirements set out in EU law. According to the EBA/ESMA/EIOPA’s 2016 Joint Guidelines, target supervisors should take the following non-exhaustive list of elements into account in order to assess whether a decision to acquire has been made: (a) whether the proposed acquirer was aware or, considering information to which it could have had access, should have been aware of the acquisition/increase of a qualifying holding and the transaction giving rise to it; and (b) whether the proposed acquirer had the ability to influence, to object to or to prevent the proposed acquisition or increase of a qualifying holding. Should shareholders cross a threshold involuntarily, they must notify the competent authorities immediately upon becoming aware of such an event, even if they intend to reduce their level of shareholding to below the threshold level.
EC3	The supervisor has the power to reject any proposal for a change in significant ownership, including beneficial ownership, or controlling interest, or prevent the exercise of voting rights in respect of such investments to ensure that any change in significant ownership meets criteria comparable to those used for licensing banks. If the supervisor determines that the change in significant ownership was based on false information, the supervisor has the power to reject, modify or reverse the change in significant ownership.
Description and findings re EC3	Article 23(2) of CRD IV sets out the conditions under which an application may be rejected, namely if there are reasonable grounds for doing so on the basis of five criteria set out in Article 23(1) or if the information provided by the proposed acquirer is incomplete. The five criteria are (i) reputation of the proposed acquirer; (ii) the reputation, knowledge, skills and experience of the proposed new managers of the target institution; (iii) the financial soundness of the acquirer; (iv) the prudential Impact on the target; and (v) whether there is any suspicion of money laundering or terrorist financing activities. Member States cannot reject the application based on economic needs of the market (Article 23(3)). The EBA/ESMA/EIOPA’s 2016 Joint Guidelines outline supervisory practices for assessing an applicant against these five criteria. ECB banking supervision applies more stringent assessment processes for acquirers with a high level of complexity (i.e., private equity funds, hedge funds, sovereign funds, large nonbanking groups, acquirers from third countries). In such cases, the assessment seeks to ensure that the credit institution will not be put under stress because part of the acquisition was financed by debt that needs to be repaid by the institution. Where applicable, ECB banking supervision seeks to prevent the proposed acquirer from financing the acquisition through any immediate asset or capital outflow from the targeted credit institution. Depending on the circumstances, specific acquirers may need to provide commitments relating to the minimum holding period of the participation and the absence of dividend distribution during a reasonable period following the acquisition, and/or the provision of additional funding on demand. Detailed analysis of the specific acquirer’s corporate governance is also required. Where relevant, the acquirer could be required for supervisory purposes (subject to the principle of proportionality) to simplify the holding chain by limiting the number of intermediary levels, their localization, and the sharing of economic and legal rights. Where applicable, a sufficient number of members of the supervisory board of the target credit institution (ideally 50 percent) should be independent from the specific acquirer. As noted in EC 2, the ECB has also developed internal rules and supervisory practices to be used as a reference in the prudential assessment of acquisitions of qualifying holdings in credit institutions. Some of these are related to the procedural rules prescribed under Articles 22(2) to 22(6) of CRD IV. Article 26(2) of CRD IV deals with the measures a Member State may take in cases where the applicant for a change in qualifying holdings has failed to provide the required notification or a qualifying holding has been acquired despite the opposition of the supervisor (see EC 5 below). However, there are no specific measures relating to the provision of false information. The response in such a case will depend on national legislation, and may require the suspension of voting rights and subsequent disposal of the qualifying holding on the basis of the lack of integrity of the shareholder.
EC4	The supervisor obtains from banks, through periodic reporting or onsite examinations, the names and holdings of all significant shareholders or those that exert controlling influence, including the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership.
Description and findings re EC4	Pursuant to Article 26(1) of CRD IV, credit institutions whose shares are listed on a regulated market are required to inform the competent authorities, at least annually, of the names of holders of qualifying holdings and of the size of such holdings. Administrative penalties and other administrative measures apply for breaches of this requirement. Credit institutions are also required to inform these authorities upon becoming aware of acquisitions or disposals of holdings in their capital that cause the holdings to exceed or fall below a relevant threshold. Not all details will necessarily be covered, however. For instance, depending on the applicable national law, identification of the ultimate beneficial owners is not always required. According to AML Directive (Directive (EU) 2015/849), there is an obligation for all companies in the EU to “obtain and hold adequate, accurate, and current information on their beneficial ownership, including the details of the beneficial interests held.” In the assessment of applications, and in the case of credit institutions whose shares are listed on a regulated market, all beneficial owners, limited partners, and all intermediaries within the holding chain must disclose their identity, i.e., their names and stakes. Participants holding participations above five percent in the (acquiring) funds would be asked to provide detailed information (CVs, criminal records, assessments from other authorities). For non-listed credit institutions, an assessment is needed of natural persons and (managers of) legal persons holding indirect participation of more than 10 percent, or a lower percentage if that allows them to exercise significant influence in the target.
EC5	The supervisor has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisor.
Description and findings re EC5	Article 26(2) of CRD IV deals with the measures a Member State may take in cases where the applicant for a change in qualifying holdings has failed to provide the required notification or a qualifying holding has been acquired despite the opposition of the supervisor. In the first case, the measures may include injunctions, penalties against members of the management body and managers, or the suspension of the exercise of the voting rights attached to the shares held by the shareholders or members of the credit institution in question. In the second case, Member States may provide either for exercise of the corresponding voting rights to be suspended, or for the annulment of votes cast or for the possibility of their annulment. These measures have been broadly transposed into national law. Article 66 (1) of CRD IV stipulates that Member States shall ensure that their laws, regulations and administrative provisions provide for administrative penalties and other administrative measures at least in respect of, inter alia, the acquisition, directly or indirectly, of a qualifying holding in a credit institution or a further increase, directly or indirectly, of such a qualifying holding as a result of which the proportion of the voting rights or of the capital held would reach or exceed the thresholds referred to in EC 2 above or so that the credit institution would become its subsidiary, without notifying in writing the supervisor of that institution during the assessment period, or against the opposition of the competent authorities, in breach of Article 22(1) of CRD IV. The sanctions for such a breach include possible pecuniary penalties; order to cease the conduct and desist; and suspension of voting rights. There are no specific requirements relating to the modification or reversal of a change of control that took place without proper authorization.
EC6	Laws or regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest.
Description and findings re EC6	There are no specific requirements in the CRR or CRD IV for credit institutions to notify the supervisor as soon as they become aware of any material information that may negatively affect the suitability of a major shareholder or a party that has a controlling interest. The application of a notification requirement in national laws is not consistent. In Latvia, the obligation on banks to notify the supervisor about material information is explicit in national law, while in the Netherlands, the obligation to notify the supervisor about any change in the reputation of a major shareholder applies to the major shareholder itself. In Spain, banks must ensure the suitability of qualifying shareholders at all times, and compliance with this requirement is monitored as part of ongoing supervision. In Germany and Austria, there are no explicit legal requirements on banks dealing with material information about the suitability of major shareholders, but there are obligations on bank auditors to report to the supervisor any observations which may be of supervisory relevance, including facts concerning qualifying shareholders. In other Member States, the notification requirement is more general. For example, in Greece any change in the data and information submitted for obtaining authorization of a bank that occurs during its operation has to be notified to the supervisor.
Assessment of principle 6	Largely Compliant
Comments	EU law, as transposed into national laws, establishes a clear basis for approving acquisitions or disposals of qualifying holdings in a credit institution by the ECB, the competent authority in this area. As with the other “common procedures,” the NCAs are fully integrated in the approval process and conduct assessments of applications on the basis of national laws, which have various due process requirements. The approval process is supported by the EBA/ESMA/EIOPA 2016 Joint Guidelines, ECB internal rules and detailed procedures set out in the SSM Supervisory Manual. The assessors saw evidence of the approval process, involving complex proposals and preparation of draft decisions by different NCAs. The conclusions in the Commission’s recent report on the SSM that the ECB and NCAs had done a “remarkable job” in implementing the common procedures for authorizations also applied to assessment of the acquisition of qualifying holdings. The legal framework does not, however, address all the Essential Criteria in this Core Principle. In particular, there are no specific EU requirements for credit institutions to notify the supervisor as soon as they become aware of any material information that may negatively affect the suitability of a major shareholder or a party that has a controlling interest, while notification requirements in national law are not consistent. Unless the supervisory relationship with individual SIs encourages a “no surprises” approach, information about a deterioration in the suitability of a major shareholder may take time to surface. In addition, there is no consistent requirement for periodic reporting by credit institutions of the ultimate beneficial owners of qualifying holdings, nor are there specific requirements for administrative penalties in respect of the modification or reversal of a change of control that took place without proper authorization.
Principle 7	Major acquisitions. The supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision.
Essential criteria
EC1	Laws or regulations clearly define: (a)what types and amounts (absolute and/or in relation to a bank’s capital) of acquisitions and investments need prior supervisory approval; and (b)cases for which notification after the acquisition or investment is sufficient. Such cases are primarily activities closely related to banking and where the investment is small relative to the bank’s capital.
Description and findings re EC1	Acquisitions in undertakings outside the financial sector Acquisitions by a credit institution in an undertaking outside the financial sector, or in an undertaking that does not carry on activities considered as a direct extension of banking, ancillary to banking, or in leasing, factoring, the management of unit trusts, the management of data processing services or any other similar activity, are subject to Articles 89 to 91 of the CRR, both in respect of type and amount of the acquisition. Neither supervisory approval nor pre-notification under these rules is required under the CRR, if the amount of the significant ownership in the nominal capital of the undertaking does not exceed 15 percent of the eligible capital of the credit institution, or the total amount of such significant ownerships held by the institution does not exceed 60 percent of the eligible capital (Tier 1 plus Tier 2 limited to 1/3 of Tier 1) of the institution. For any acquisition above the 15 percent threshold, or where the sum of such acquisitions exceeds 60 percent of eligible capital, credit institutions must apply a risk weight of 1,250 percent to the amounts in excess of these thresholds, or deduct those amounts from Common Equity Tier 1. Some national laws have notification or approval requirements for these types of acquisitions. In Ireland, certain prior approval requirements (for major acquisitions) and prior notification requirements (for other acquisitions) have been applied by the supervisor by means of a license condition. Where jurisdictions have notification/approval requirements, they are aimed mainly at safeguarding the sound and prudent management of the acquiring credit institution, and assessments address the impact of the acquisition on the capital and liquidity situation of that institution. Acquisitions in an EU financial sector entity The acquisition by a credit institution of a qualifying holding in another EU credit institution (or other EU financial regulated entity such as an investment firm, insurance company, etc.) is covered in Articles 22–27 of CRD IV. In contrast to acquisitions in undertakings outside the financial sector, these Articles grant power to the supervisor of the target institution and aim primarily at safeguarding the sound and prudent management of the target undertaking. Hence, approval and notification requirements are determined by reference to the size of voting rights/capital of the target undertaking and the assessment is made from the perspective of that undertaking. These requirements in the case of credit institutions are described in CP 6. Acquisitions of a non-EU bank Such acquisitions are not covered by the CRR or CRD IV. Article 22 of CRD IV only regulates the acquisition of qualifying holdings in a credit institution established in the EU but does not include explicit provisions on the acquisition of holdings in non-credit institutions or in credit institutions outside the EU. A small majority of Euro Area Member States provide for powers regarding the approval of acquisitions by credit institutions of holdings in a non-credit institution or a credit institution outside the EU. Such powers exist, for example, in Belgium, Finland, Italy, Netherlands, Portugal, and Spain, but are absent in a number of other Member States. The Supervisory Board has clarified that, as from January 1, 2017, supervisory powers related to the acquisition of holdings in a non-credit institution or a credit institution (also outside the EU) are to be directly exercised by the ECB for SIs, with the main purpose being to ensure the sound and prudent management of the acquiring credit institution. Use of these powers, in accordance with the SSMR, CRD IV, and the national laws of some Member States, is intended to ensure compliance with prudential requirements in the areas of own funds, liquidity and leverage. Where national laws do not specify any requirements for supervisory approval of such acquisitions, the ECB can assess the acquisitions only against the general requirement under Article 16 (1) (c) of the SSMR that the strategies of the acquiring institution should ensure a sound management and coverage of its risks.
EC2	Laws or regulations provide criteria by which to judge individual proposals.
Description and findings re EC2	There are no harmonized procedures or criteria at EU level for assessment of acquisitions by credit institutions. Only in a few Member States (e.g., Ireland, Slovenia) do national laws specify assessment criteria. However, as explained above, the ECB directly exercises supervisory powers related to the acquisition of holdings in a non-credit institution or a credit institution (also outside the EU) by SIs when national law provides for such power. Additionally, an acquisition by a credit institution may impact on the 15/60 thresholds and will therefore be subject to the relevant EU provisions (See EC 1). If the credit institution acquires another EU credit institution (or other EU financial regulated entity), a qualifying holding procedure as described in CP 6 will be conducted by the target supervisor. The criteria for assessing this acquisition are set out in Article 23(1) of CRD IV (See AC 1).
EC3	Consistent with the licensing requirements, among the objective criteria that the supervisor uses is that any new acquisitions and investments do not expose the bank to undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.55 The supervisor can prohibit banks from making major acquisitions/investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows deemed necessary for adequate consolidated supervision. The supervisor takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis.
Description and findings re EC3	There are no harmonized criteria at EU level relating to these specific requirements. In most Member States, national law is silent on such criteria. In Spain, the competent authority may refuse an application from a bank seeking to open a branch in a non-EU country if it considers that the activities of the branch will not be subject to effective control by the supervisory authority in the host country, or because of the existence of legal or other impediments preventing or hindering the control and inspection of the branch by the competent authority. Similar criteria apply in Ireland (regulation), and in Finland, Luxembourg, and Slovenia (national law). However, ECB banking supervision has clearly communicated to SIs, on an individual basis, that it needs to be aware of transactions that materially affect the risk profile of an institution in order to assess them prior to completing the transaction. In its assessment, ECB banking supervision seeks to obtain a comprehensive view of the impact of the transaction on the overall risk profile of the institution, including but not limited to capital and liquidity, governance and organizational aspects. Where ECB banking supervision is of the view that the transaction would negatively affect the institution, it can take measures under Article 16 (2) of the SSMR, including capital and liquidity add-ons, governance and organizational reinforcements, and can require divestment of activities that pose excessive risk. The possibility of such measures is a clear incentive for institutions to work with the ECB in advance of the conclusion of a transaction to avoid having to unwind the transaction. In addition, the impact of acquisitions will figure prominently in the SREPs following such transactions and may lead to requirements in the SREP decision.
EC4	The supervisor determines that the bank has, from the outset, adequate financial, managerial, and organizational resources to handle the acquisition/investment.
Description and findings re EC4	There are no specific requirements for assessment of the adequacy of the financial, managerial or organizational resources of the bank prior to it making an acquisition. In the case of investment in a nonfinancial sector entity, the risks are managed through the 15/60 percent thresholds as set out in Articles 89–91 of the CRR, but there is no requirement or limit for acquisitions of non-EU banks (see EC 1 above). National law in Germany has the general requirement that institutions have an organizational structure and risk management adequate to their size, complexity, and business structure on a single entity basis and on a group-wide basis. Similar general requirements apply in Ireland (through license conditions) and Slovenia (national law). As noted in EC 3 above, however, ECB banking supervision has clearly communicated to SIs that it needs to be aware of transactions that materially affect the risk profile of an institution in order to assess them prior to completing the transaction. In its assessment, ECB banking supervision seeks to obtain a comprehensive view of the impact of the transaction on the overall risk profile of the institution, including but not limited to capital and liquidity, governance, and organizational aspects.
EC5	The supervisor is aware of the risks that nonbanking activities can pose to a banking group and has the means to take action to mitigate those risks. The supervisor considers the ability of the bank to manage these risks prior to permitting investment in nonbanking activities.
Description and findings re EC5	ECB banking supervision is aware of the risks that nonbanking activities can pose to a banking group. Nonbanking risks are assessed as part of the SREP and the entire range of qualitative and quantitative supervisory measures at the disposal of the ECB may be taken to mitigate such risks. Such an assessment and reaction is also possible outside the SREP, as explained in EC 3 above. Where ECB banking supervision is aware of a transaction in advance of its completion, it will also consider the ability of the bank to manage nonbanking risks and take appropriate measures where it is not convinced. In Austria, acquisition of participations in nonbank business does not need supervisory approval. However, an acquisition is only permitted up to a limited amount of own funds; any amount in excess of that limit must be fully covered by own funds. In Spain, national law permits the competent authority to limit certain activities when deemed appropriate according to the bank’s solvency situation. In Ireland, risks that nonbanking activities can pose to a banking group are taken into account in license conditions.
AC1	The supervisor reviews major acquisitions or investments by other entities in the banking group to determine that these do not expose the bank to any undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.56 Where necessary, the supervisor is able to effectively address the risks to the bank arising from such acquisitions or investments.
Description and findings re AC1	There is no specific authorization procedure in the EU framework regarding acquisitions by other entities (subsidiaries) in the banking group. However, when the target of the acquiring credit institution is a supervised institution located in the EU (another credit institution, an insurance company or an investment firm), the competent authority of the acquiring credit institution may request cooperation from the target supervisor (Article 24 of CRD IV). In a few Member States (Belgium, Finland, Ireland), credit institutions must notify the NCA of major acquisitions by unregulated members of the banking group. In other Member States (Germany, France, Slovenia), requirements in national law relating to the acquisition of a participating interest in another enterprise apply for direct participating interests as well as for indirect participating interests.
Assessment of Principle 7	Materially Non-Compliant
Comments	EU law does not provide an adequate or consistent basis for ECB banking supervision to approve or reject, and impose prudential conditions on, major acquisitions or investments by a credit institution. In particular: there are no prior notification or approval requirements for acquisitions in an undertaking outside the financial sector; requirements relating to the acquisition of a qualifying holding in another EU credit institution are focused on safeguarding the sound and prudent management of the target, not the acquiring, institution; there are no explicit requirements on the acquisition of holdings in credit institutions outside the EU; and there are no harmonized procedures or criteria at EU level for assessment of major acquisitions by credit institutions, including whether the acquisitions expose the credit institution to undue risks or hinder effective supervision. National laws in a number of Member States have granted the relevant NCA supervisory powers to impose various notification and approval requirements, but the coverage is neither consistent nor complete across the Euro Area. The ECB has clarified that, where such powers exist, it is exclusively and directly competent to exercise them. The ECB can also assess major acquisitions against the general requirement that the acquisition should not jeopardize the sound and prudent management of the acquiring institution but, in the absence of pre-notification requirements, there can be no assurance that such assessments will have any ex ante influence on the acquisition. In its opinion on the Commission’s proposed amendments to CRR/CRD IV, the ECB noted that despite the recent clarification of its competence in this area, providing the NCAs’ existing supervisory powers with a common legal basis in EU law would trigger a requirement for their transposition and would foster a level playing field in EU banking supervision through the harmonization of supervisory powers. To achieve this, the ECB has argued that EU law should include a clear reference to additional supervisory powers in relation to material acquisitions in third countries. The reference would state that: “Member States shall require any credit institution that has taken a decision to undertake, directly or indirectly, a material acquisition or investment within or outside of the Union (the proposed transaction) to notify the competent authority in writing in advance of the proposed transaction. The competent authority shall have the power to approve or reject the proposed transaction.”
Principle 8	Supervisory approach. An effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess, and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become non-viable.
Essential criteria
EC1	The supervisor uses a methodology for determining and assessing on an ongoing basis the nature, impact and scope of the risks: (a)which banks or banking groups are exposed to, including risks posed by entities in the wider group; and (b)which banks or banking groups present to the safety and soundness of the banking system. The methodology addresses, among other things, the business focus, group structure, risk profile, internal control environment, and the resolvability of banks, and permits relevant comparisons between banks. The frequency and intensity of supervision of banks and banking groups reflect the outcome of this analysis.
Description and findings re EC1	The main tool for assessing on an ongoing basis the nature, impact and scope of risks for credit institutions is the SREP. In application of the CRD and its national implementation, the ECB as the competent authority is required to carry out a SREP and to take decisions for SIs. Within a group, this applies at the consolidated, sub-consolidated and single-entity levels unless an entity has been waived from supervision on an individual basis in accordance with Articles 7, 8, 10 of the CRR. In the case of a financial conglomerate, the SREP decisions also need to consider the outcome of the supplementary supervision as required by FICOD. The SSM SREP is based on a harmonized methodology developed along the lines of the EBA Guidelines on common procedures and methodologies for the SREP (EBA/GL/2014/13). It is applied in a proportionate manner to institutions depending on the nature, scale, and complexity of their activities, and, when relevant, on their situation within a group, its overseas and interbank ties, its significance for the overall market or a relevant subsegment of the market, and the institution’s overall risk situation, taking into account all relevant risks, its risk management processes and its capital and liquidity. The SREP methodology is in continuous development to reflect international and European regulatory work and best practices and encompasses evolving banks’ practices. The EBA is also undertaking a consultation and review of its current SREP Guidelines: https://www.eba.europa.eu/regulation-and-policy/supervisory-review-and-evaluation-srep-and-pillar-2. The ECB is also looking at streamlining the SREP without limiting its effectiveness. The SREP methodology relies extensively on quantitative and qualitative analysis. It combines data and expert judgment following a principle of “constrained judgment,” with a view to ensuring that the SREP decision fits best with an institution’s risk profile (and is not a “mechanical” process), takes into account the risks which banks or banking groups present to the safety and soundness of the banking system while also ensuring consistency and accountability across the SSM. The assessment of the risks which banks or banking groups present to the safety and soundness of the banking system is based on the clusters used by ECB banking supervision to identify banks’ riskiness. This clustering is regularly updated and benefits from the ongoing monitoring of markets and financial stability developments by the SSM Risk Analysis Division. The SSM SREP is built on four elements (see the following Figure): Download Figure Download figure as PowerPoint slide business model and profitability assessment; internal governance and risk management assessment; risk-by-risk assessment of risks to capital; risk-by-risk assessment of risks to liquidity and funding. The assessments performed for the four elements result in an overall SREP assessment, which underpins a wide range of possible supervisory actions, including the decisions on the institution’s capital or liquidity adequacy or other qualitative or quantitative measures. There is a direct link between the supervisory assessment, the necessary supervisory measures, and the SEP. The SREP score drives the intensity of the supervision—level of engagement—on an institution. This overall architecture facilitates comparisons across banks. For each element, the assessment can also be tailored to the specific situation of each institution. The various assessments are performed at different frequencies (MELs), defined as a result of the SREP in the SEP, which can be fine-tuned by the SEP for each individual institution. The JST is expected to update its assessments and remediation actions whenever it is warranted by new information. The assessments performed by the JST are documented in the ECB’s Information Management System (IMAS) on an ongoing basis. At least once a year, a SREP decision is taken. Examples of SREP decisions, including one with identified deficiencies, were provided to the assessors. The decisions describe the findings in detail and where appropriate establish enforceable prudential requirements for the institution. Assessors saw evidence of a direct link between offsite supervision and follow up with the institution reflected in the SEP. With respect to the assessment of resolvability, see EC6.
EC2	The supervisor has processes to understand the risk profile of banks and banking groups and employs a well defined methodology to establish a forward-looking view of the profile. The nature of the supervisory work on each bank is based on the results of this analysis.
Description and findings re EC2	The SREP methodology establishes a forward-looking view of the profile since JSTs shall take all necessary actions in a timely manner to ensure institutions’ future viability (See EC1). The assessments need to be carried out taking into account a forward-looking perspective. The SREP assesses an institution’s viability at a 12-month horizon, in the medium term (3 to 5 years), and over the cycle. To do so, ECB banking supervision relies on a wide range of backward and forward-looking, quantitative and qualitative information, such as stress testing. The ECB’s RAS supports the JST’s day-to-day supervisory work. It is used for evaluating banks’ risk levels and controls, their business model, their internal governance, their capital adequacy and their liquidity adequacy on an ongoing basis. The assessment of an institution’s capital, and liquidity needs is based on the outcome of the ongoing RAS, supplemented with a periodic more comprehensive review of the institution’s capital and liquid positions, in the light of the latter’s own assessments (internal capital adequacy assessment processes (ICAAP)/ILAAP) taking into account normal and stressed conditions. To that purpose, supervisors may challenge the ICAAP/ILAAP of the bank based on its own quantification (supervisory “proxies”) as well as supervisory stress tests (such as those conducted by the EBA or the ECB’s comprehensive assessments). These various dimensions provide supervisors with both a static and forward-looking perspective on the bank. The assessments of the first two elements (business model and profitability, and governance and risk management assessments) (see Figure shown in EC1), together with the assessments of risks to capital and to liquidity are conducted on the basis of regular reporting, such as common reporting (COREP) and financial reporting (in the EU) (FINREP), qualitative information, and also ad hoc information received by JSTs from various sources on an ongoing basis: other data (e.g., STE data), reports (e.g., external audit reports), meetings, etc. The outcome of this analysis is a risk analysis with short narratives summarized in scores that facilitate comparison and internal communication. The outcome of the SREP is taken into account together with ECB banking supervision analysis of the risk environment as well as other factors such as changes in the regulatory landscape to identify supervisory priorities and derive a SEP. The SEP defines the supervisory activities for ongoing supervision, onsite inspections, and internal model investigations to be carried at the SI over a predetermined time horizon (typically one year for ongoing activities and for the onsite inspections and internal model investigations). Pursuant to Article 12 of the SSMR, and as part of the SEP, in order to carry out the tasks assigned to it by the SSMR, the ECB appoints onsite inspection teams as laid down in Article 144 of Regulation 468/2014 of the ECB of April 16, 2014 (SSMFR) to conduct all necessary onsite inspections on the premises of a legal person as referred to in Article 10(1) of the SSMR (SSMFR Article 143). The fundamentals of the ECB’s methodological framework for supervision are sound. It also has been refined through the experience gained since its initial launch in 2015. This process of continual assessment and improvement should continue as the SREP matures.
EC3	The supervisor assesses banks’ and banking groups’ compliance with prudential regulations and other legal requirements.
Description and findings re EC3	The relevant Articles in CRD IV include Articles 73, 97, 98, and 99. In addition, in accordance with Article 10 of the SSMR, the ECB has the power to require institutions and parent undertakings to provide all information that is necessary in order to carry out its supervisory tasks. Part of the ECB’s mandate is to ensure that banks comply with the relevant Union law that imposes prudential requirements on credit institutions in the areas of own funds requirements, securitization, large exposure limits, liquidity, leverage, and reporting and public disclosure of information on those matters (See Article 4(1)(d) of the SSMR). The ECB also is charged with ensuring that banks comply with the relevant Union law requiring credit institutions to have in place robust governance arrangements, including “fit-and-proper” requirements for the persons responsible for the management of credit institutions, risk management processes, internal control mechanisms, remuneration policies, and practices and effective ICAAP, including Internal Ratings-Based (IRB) models. ECB banking supervision must assess whether the institutions of the group have implemented appropriate arrangements, strategies, processes, and mechanisms to comply with all requirements of CRD IV and CRR that set out the relevant prudential and other requirements. The assessment of banks’ and banking groups’ compliance with prudential regulations and other legal requirements is made on a regular basis in the context of the SREP. In particular, for each relevant risk category there is an assessment of compliance with the applicable laws and regulations covering own funds requirements; securitization; large exposure limits; liquidity; leverage; and reporting and public disclosure of information on those matters, governance arrangements, including the fit-and-proper requirements for the persons responsible for the management of credit institutions, risk management processes, internal control mechanisms, remuneration policies and practices, and effective ICAAP, including IRB models. A credit institution’s written SREP decision from the ECB tells the institution whether it has correctly implemented the arrangements, strategies, processes, and mechanisms necessary to comply with all requirements of CRD IV and CRR. If the ECB has evidence that the credit institution is likely to breach the requirements of the relevant union law within the next 12 months, it may at an early stage exercise the powers provided for by Article 16(2) of the SSMR. If an institution is rated 3 minus or 4, the SRB is granted automatic access to IMAS data on the institution. The entity’s internal governance assessment also assesses the compliance function. The compliance function is assessed in the following areas: (i) whether the institution is prepared for future regulation and evaluates the impact that regulation will have on its activities. This relates to both the rules resulting from the institution’s own policy in this area and those resulting from banking law and its implementing regulations, along with other legal and regulatory provisions applicable to the banking sector (for instance, transparency, AML, etc.) as well as litigation and reputational risk; (ii) whether the institution adheres to the aforementioned procedures and instructions on an ongoing basis (including a comprehensive incident database and analysis); reports periodically the results of such monitoring and awareness testing to the institution’s management body in its management function and management body in its supervisory function. Please refer to CP 25 for a discussion of AML as an operational risk factor. In addition, during onsite inspections one of the aims is to assess the institution’s compliance with banking regulation. The JST engages with SIs on an ongoing basis through regular meetings, onsite examinations, and thematic reviews and through the receipt of information sources such as internal and external audit reports. Discussions between assessors and JSTs from a cross-section of institutions show a high level of engagement with business line and senior management as well as risk managers. The availability of adequate resources for onsite supervision continues to be a challenge for the ECB. Resource related issues may vary by NCA and supervision program. While cooperation, planning, and coordination between the ECB and NCAs has improved, these efforts should continue. Otherwise, this may impact the ability of the ECB to fulfill their supervision responsibilities (See CP 2). The ECB conducts thematic reviews of significant areas on a horizontal basis (See EC 4). In 2017, the ECB launched the Targeted Review of Internal Models (TRIM) exercise, with the overall objective to enhance the credibility and to confirm the adequacy and appropriateness of approved Pillar I internal models for credit, market, and CCR of all SIs using internal models within the SSM with a view to ensure compliance with regulatory requirements and to harmonize supervisory practices. In this connection, the exercise aims to reduce the non-risk-based variability of risk-weighted assets calculated with internal models and foster a level playing field within the SSM. TRIM is an SSM-wide project jointly performed by the ECB and NCAs, with consultancy support, and it is planned to run until 2019. Overall, about 200 onsite investigations are expected to be conducted in the context of the project, reviewing all internal models for market and counterparty credit risk, and reviewing the most material and critical models for credit risk, ensuring coverage of at least 60 percent of total IRB Exposure at Default and risk-weighted assets of SIs. A draft General Topics chapter to the ECB Guide to Internal Models was published in October 2017: fhttps://www.bankingsupervision.europa.eu/press/pr/date/2017/html/ssm.pr170727.en.html A public consultation on the General Topics, which will reflect the results of TRIM’s internal model assessments, is expected at the end of the first quarter of 2018.
EC4	The supervisor takes the macroeconomic environment into account in its risk assessment of banks and banking groups. The supervisor also takes into account cross-sectoral developments, for example in nonbank financial institutions, through frequent contact with their regulators.
Description and findings re EC4	Article 97 of CRD IV requires the competent authorities to evaluate the risks institutions are or might be exposed to, risks that an institution poses to the financial system, and risks revealed by stress-testing taking into account the nature, scale, and complexity of an institution’s activities. Key Institutions’ internal arrangements to be reviewed as part of this SREP comprise the ICAAP as set out by Article73 of CRD IV and the ILAAP as set out by Article 86 of CRD IV. The macroeconomic situation and macroprudential considerations are taken into account in microprudential supervision through the strategic planning exercise, as well as in the SREP. The strategic planning exercise, conducted by the DG MS IV Planning Division with input from the Risk Analysis Division, is conducted yearly and includes a broad stocktaking of risks, which takes into account the viewpoints of NCAs/macroprudential authorities, several Directorates General of the ECB (e.g., DG-MF) and international bodies (e.g., the ESRB, the EBA and the IMF) to complement the Risk Analysis Division’s own research. Therefore, macro views are an important driving factor in the determination of supervisory priorities within the SSM and an input for the minimum engagement levels in the operational planning process. Risks stemming out of the external environment, such as sectoral risks, conduct risks, or cybercrime, come into play in SREP, either when assessing a specific risk category or in the holistic approach, taking all information available to arrive at the final assessment of the risk profile of the bank. In addition, there are risks that reflect another dimension: global/European (risks that could affect all banks and do not stem from a specific country or sector, e.g., cybercrime or reversal of the search for yield); cross-border sectoral (risk stemming from a specific sector, e.g., credit risk stemming from the global shipping sector); domestic country-wide (non-sectoral risks specific to a country, e.g., a credit-rating downgrade of the government of country Y); or domestic sectoral (sectoral risk in one country, e.g., deteriorating SME loans in country X). In the case of country and/or sector specific risks, JSTs need only assess those risks where the supervised bank has significant exposures. The JST assesses the institution’s capacity to cover its capital needs from a forward-looking perspective, assuming stressed economic, and financial developments. This is done using a wide range of information sources, including the institution’s internal stressed projections, SSM’s stressed supervisory proxies, and the outcome of supervisory (bottom-up and/or top-down) stress tests when available. Following the clarification of the EBA of July 2016 on the use of the 2016 EU-wide stress test results in the SREP process, the ECB has reflected the quantitative outcome of the stress test in capital guidance (See CP 9). The on-going supervision that is conducted by the JST and supported by the ECB and NCAs’ horizontal divisions includes the review of prudential returns and of financial statements. With regard to providing a forward-looking assessment of an institution’s capital position, the supervisor relies on an institution’s internal stress test, on the supervisor’s micro stress and sensitivity analysis, and on system-wide supervisory stress tests when available. Institutions usually rely on a wide range of internal stress tests and sensitivity analyses to determine their capital trajectory and their ability to raise own funds over a certain horizon. This helps them identifying backstop actions that may be warranted at an early stage should adverse scenarios materialize. To review these stress tests, ECB banking supervision follows the principles and recommendations of international supervisory bodies. Supervisors should expect institutions to analyze at least a baseline scenario and a stressed scenario, and make projections of its main balance sheet, profit and loss, and off-balance sheet items in view of the institution’s strategic plan, including the capitalized profit, dividends, share issues, subordinated capital issues, and capital charges in line with the expected business growth, changes in the Pillar 1 risk profile, other risks assessed in the ICAAP, regulatory changes, one-off transactions, etc. Stress tests should be conducted as part of the ICAAP to identify those events or changes in the market conditions in which institutions operate that may adversely affect their future solvency. At least one comprehensive adverse scenario, reflecting severe but plausible adverse developments of the institution’s operating conditions, should be used for capital planning. Supervisors should assess the underlying assumptions and the adequacy of the translation of these assumptions into stressed capital and risk projections over at least the upcoming three years. Furthermore, any embedded management actions should be scrutinized. The Risk Analysis Division is responsible for taking into account cross-sectoral developments through quantitative impact studies (not covered by the Methodology and Standards Development Division) and cross-sectional analysis of results, and institution-specific quantitative impact analysis of the macroprudential policies that use microprudential instruments (which is generally the case). The Risk Analysis Division and the ECB’s macroprudential function cooperate closely by exchanging views on risks and vulnerabilities e.g., in regular meetings. The ECB also established cooperation arrangements with other regulators, including insurance and market regulators (See CP 3). The ECB maintains frequent contact with NCAs and international bank regulatory authorities through supervisory colleges (See CP 13). It also maintains contact with other nonbank financial regulators such as securities and insurance supervisors in a variety of fora to discuss a common view of risks in the particular banking group supervised, supervisory approaches, and potential concerns on the banking group or subsidiaries (See CP 12).
EC5	The supervisor, in conjunction with other relevant authorities, identifies, monitors, and assesses the build-up of risks, trends, and concentrations within and across the banking system as a whole. This includes, among other things, banks’ problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs). The supervisor incorporates this analysis into its assessment of banks and banking groups and addresses proactively any serious threat to the stability of the banking system. The supervisor communicates any significant trends or emerging risks identified to banks and to other relevant authorities with responsibilities for financial system stability.
Description and findings re EC5	ECB banking supervision’s SREP strives for high-quality supervision and to ensure financial stability within the SSM. This entails enhancing institutions’ resilience to shocks. The JSTs are expected to carry out their assessment in a conservative manner, acting in a fair but tough manner, taking into account horizontal developments that may affect institutions under the ECB’s supervision. As the SREP is performed simultaneously for all SIs under the ECB’s direct supervision, the ECB is in a unique position to identify common trends likely to affect all or part of the institutions under its responsibility. Moreover, in order to ensure consistency and identify common trends, horizontal analyses are integral to the SREP methodology. This approach permits peer comparisons and the consistent application of supervision practices. Horizontal analyses are performed by the ECB’s horizontal function—mainly the MSD and RIA divisions. Their results are communicated to the Supervisory Board, which takes them into account in making final SREP decisions. The structure of the ECB’s decision-making bodies ensures that where appropriate, the identification of significant trends or emerging risks is communicated to the central banking and financial stability functions of the ECB. Horizontal analysis or ad-hoc thematic analysis may give rise to immediate communication to and/or actions by the institutions, when needed. Where individual measures are addressed to institutions, they should result in a forward-looking view of the situation of the bank and minimize the risk of underestimation of risks (See Assessment of CP 9). Assessments of the ECB’s supervision of specific substantive areas are found in: CP 18 on problem assets; CP 21 on country risk; CP 22 market risk; CP 23 on interest rate risk; CP 24 on liquidity; and, CP 25 on operational risk. The assessors identified a gap area in the ECB’s identification of a build-up of risks. The ECB should consider the risk management risk, and operational risk and liquidity impacts of high risk business models even though the activity may involve substantive areas regulated by NCAs or national authorities such as AML (See CP 25).
EC6	Drawing on information provided by the bank and other national supervisors, the supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability where appropriate, having regard to the bank’s risk profile and systemic importance. When bank-specific barriers to orderly resolution are identified, the supervisor requires, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational and ownership structures, and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business.
Description and findings re EC6	The EU legal framework for resolution planning (e.g., the SRM Regulation and BRRD), gives the resolution authority the responsibility for resolution planning, including the assessment of the bank’s resolvability and the taking of measures to address impediments to its resolvability. The ECB, as the competent supervisory authority, has a consultative role in the drawing up of resolution plans for SIs and in the assessment of resolvability. The ECB cooperates with the SRM under the framework of the BRRD and the SRM Regulation for resolution planning. The ECB shares relevant information on SIs with the SRB for the purpose of resolution planning in line with Article 30 SRMR. The SRB is required to consult the ECB with respect to the resolution plans and respective resolvability assessment of individual SIs, in line with Article 8 and 10 SRMR. The assessors saw written examples of this consultation between the ECB and SRB. If the SRB after consulting the ECB determines that there are substantive impediments to the resolvability of that SI, the SRB shall notify in writing that determination to the institution concerned, to the ECB and to the resolution authorities of the jurisdictions in which significant branches are located. Within four months of the date of receipt of a notification, the institution shall propose to the SRB possible measures to address or remove the substantive impediments identified in the notification. The SRB, after consulting the ECB, assesses whether those measures effectively address or remove the substantive impediments in question. If the measures proposed by the entity or parent undertaking concerned do not effectively reduce or remove the impediments to resolvability, the SRB shall take a decision, after consulting the ECB and, where appropriate, the designated macroprudential authority, indicating that the measures proposed do not effectively reduce or remove the impediments to resolvability, and instructing the national resolution authorities to require the institution, the parent undertaking, or any subsidiary of the group concerned, to take the below listed alternative measures. In identifying alternative measures, the SRB is required to demonstrate how the measures proposed by the institution would not be able to remove the impediments to resolvability and how the alternative measures proposed are proportionate in removing them. The SRB also must take into account the threat to financial stability of those impediments to resolvability and the effect of the measures on the business of the institution, its stability and its ability to contribute to the economy. For the purposes described above, SRB shall have the power to take any of the following measures: (a) require the institution to revise any intragroup financing agreements or review the absence thereof, or draw up service agreements, whether intra-group or with third parties, to cover the provision of critical functions; (b) require the institution to limit its maximum individual and aggregate exposures; (c) impose specific or regular additional information requirements relevant for resolution purposes; (d) require the institution to divest specific assets; (e) require the institution to limit or cease specific existing or proposed activities; (f) restrict or prevent the development of new or existing business lines or sale of new or existing products; (g) require changes to legal or operational structures of the institution or any group entity, either directly or indirectly under its control, so as to reduce complexity in order to ensure that critical functions may be legally and operationally separated from other functions through the application of the resolution tools; (h) require an institution or a parent undertaking to set up a parent financial holding company in a Member State or a Union parent financial holding company; (i) require an institution to issue eligible liabilities to meet the requirements of Article 45 of the BRRD; (j) require an institution to take other steps to meet the minimum requirement for own funds and eligible liabilities under Article 45 of the BRRD; and (k) where an institution is the subsidiary of a mixed-activity holding company, requiring that the mixed-activity holding company set up a separate financial holding company to control the institution. Before identifying any of the above-mentioned measures, the SRB, must consult with the ECB and, if appropriate, the designated national macroprudential authority, and is required to consider the potential effect of those measures on the particular institution, on the internal market for financial services, on the financial stability in other Member States and Union as a whole. In case of a Union parent undertaking, the joint decision process described in Article 18 of the BRRD applies. The ECB should continue to work with the SRB to develop and refine appropriate operational policies and procedures to implement their respective resolution planning roles (See EC7).
EC7	The supervisor has a clear framework or process for handling banks in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner.
Description and findings re EC7	The ECB’s crisis management framework covers several phases depending on the specific situation of the credit institution. It ranges from preparatory activities in the ongoing supervision to involvement in decisions on resolution. However, during the resolution process, the main decision-makers are the resolution authorities (i.e., the SRB and the NRAs). Within this context, the ECB plays an advisory role and cooperates with NRAs/SRB on any necessary follow-up actions (See EC6). A successful resolution requires a high level of coordination and information sharing between the SRB, ECB banking supervision, and liquidity providers. The robustness and feasibility of an SI’s liquidity contingency funding plans are essential (See CP 24 EC 6). The ECB’s ongoing supervision includes the early identification and remediation of emerging risks, and the assessment of recovery plans and the use of stress tests. The framework for stress testing by the ECB is further explained in EC4. Moreover, the ECB performs regular risk assessments and monitors the risk profile of an institution including whether the conditions required for authorization to continue exist, pursuant to Articles 97 and 107 of CRD IV. When the financial situation of an institution deteriorates, the ECB determines the appropriate supervisory action and the relevant JST steps up the supervisory activity for the institution, following an escalation process.57 The ECB escalation process should be understood by both ECB and SRB staff. Information that is relevant to the resolution process should be shared promptly. Advance preparation of resolution actions can prevent value destruction. Preliminary staff level discussions between the ECB and the SRB should occur shortly after a SI is projected to fail within a 12-month time horizon and well before the ECB forms a crisis management team (CMT). The ECB and SRB should adopt policies and operational arrangements to ensure that formal FOLTF determinations and the ‘resolution weekend’ are closely coordinated and can be prescheduled allowing for advance resolution preparation and the problem bank can be seamlessly transferred from the ECB to the SRB On the operational side, the ECB has designed an Emergency Action Plan that includes the operational steps for crisis management and crisis mitigation for SIs in the context of the ECB crisis management framework set out in the SSM Supervisory Manual. The ECB’s intermediate structures and horizontal divisions are informed about the deterioration in the risk profile. In particular, when the JST coordinator sees that the financial situation of a bank deteriorates materially either in a short period of time or gradually with a clear trend, the JST coordinator shall inform the head of the Crisis Management Division, while NCAs will be automatically involved through the JST. As a result, the Crisis Management Division will start monitoring the situation and cooperate with the JST. Those banks with a potential deterioration of liquidity or capital situation will be monitored more closely. Expert support is provided by the Crisis Management Division as regards both the analysis of the financial situation of the credit institution/banking group and the preparation of a draft decision proposal on remedial actions. In particular, the Crisis Management Division will share its knowledge and experience from other comparable situations and from its interaction and cooperation with the relevant crisis management functions of the NCAs. Before selecting the most appropriate intervention tools, the JST and the Crisis Management Division gather any analysis prepared by the DG MS IV Risk Analysis Division based on its monitoring of the SSM banking system. In a crisis situation, the JST coordinator and the head of the CRM may propose the establishment of an institution-specific CMT. The institution-specific CMT acts as the central internal coordination body with respect to necessary institution-specific supervisory actions within the SSM to mitigate a crisis situation. It is also the central hub for information sharing and coordination of the ECB supervisory response. While it is not a formal decision-making body, the IS CMT allocates concrete tasks and proposes draft decisions to be considered by the ECB decision-making bodies, as well as monitors progress, effectiveness, and efficiency of crisis management activities at the working level. Further, the IS CMT coordinates interactions with the institution in difficulty via the JST coordinator and relevant Banking Union NCAs. Cooperation with relevant representatives of NRAs and the SRB is then coordinated by CRM. Each IS CMT is composed of: the Chair and Vice-Chair of the Supervisory Board; the JST coordinator; his Head of Division and Director General; the Head of Division of CRM as well as the DG of DG MS IV; the Secretary of the Supervisory Board; and the Supervisory Board member(s) of the NCA(s) directly affected. Other senior representatives of Banking Union NCAs, including Supervisory Board members of directly affected NCAs, other ECB banking supervision staff (the non-affected DG MS I or II and DG MS III) and ECB divisions at DG level can be invited to IS CMT meetings. Where appropriate, other relevant ECB divisions (e.g., DG Communications, DG Market Operations) are debriefed after the IS CMT meeting on a need-to-know basis. In case of emergencies, the Chair of the Supervisory Board shall convene a meeting in time to take the necessary decisions; as appropriate, this can also be by means of teleconferencing under derogation from the general rules. The assessors note that the Supervisory Board has used emergency procedures for expedited decisions in time-sensitive situations. The relevant ECB DG submits, where necessary in cooperation with other competent DGs, to the Secretariat of the Supervisory Board, a proposal for a complete draft decision stating that an emergency decision is required. When a DG is preparing a proposal for a complete draft decision, the opinions of the NCAs are captured within the process. The ECB follows a specific decision-making procedure. This procedure respects the EU Treaty rules governing decision-making within the ECB, which assign decision-making powers exclusively to the Governing Council and the Executive Board. Under this procedure, the Supervisory Board proposes ‘complete draft decisions’ to the Governing Council, but the Supervisory Board cannot take legally binding ECB decisions of its own initiative, nor can decision-making powers be delegated to it. The Supervisory Board meeting is convened either in person, via conference call, or through written procedure, for a swift decision. The Supervisory Board is responsible for assessing all proposals for complete draft decisions submitted for approval through the Directorates General and to decide on the final proposal to be transmitted to the Governing Council. The decision is adopted by the Governing Council in the context of a physical meeting, via conference call, or through written procedure. The Governing Council cannot change complete draft decisions but only approve or object to them. Approval can also occur tacitly in the sense that complete draft decisions proposed to the Governing Council are considered adopted where it does not object within a defined time period (non-objection procedure). Overall, in crisis or emergency situations, decision-taking is speeded up significantly via a specific “fast-track” procedure. Where process steps are sequential, they are undertaken back-to-back. In the case of a cross-border banking group, the ECB, as the consolidating supervisor, plans and coordinates the supervisory activities (e.g., early intervention measures) within the supervisory college framework. Where appropriate, the ECB informs resolution authorities of any material deterioration in the financial soundness of an institution and of the implementation of early intervention measures (See Articles 27 and 30 of the BRRD). In accordance with Article 32(1)(a) of the BRRD and Article 18(1) of the SSMR, the ECB coordinates consultation with the SRB on the determination of failing or likely to fail. Where a “failing or likely to fail” determination is taken, the ECB informs all relevant stakeholders (e.g., the SRB and the Commission in line with Article 18(1) of the SSMR, other external stakeholders in line with Article 81(3), e.g., the relevant deposit guarantee scheme(s), the competent ministries, etc.). The ECB demonstrated to the assessors that this expedited approval process was used effectively in 2017 in connection with the resolutions of failed institutions. While a formal resolution framework is in place, the timeliness and level of coordination and collaboration between the ECB and SRB could be improved. The ECA assessed the operational efficiency of the management of the ECB in crisis management. (Special Report No. 02/2018: The Operational Efficiency of the ECB’s Crisis Management for Banks, 16/01/2018). The audit found that while the ECB has established a substantial framework for crisis management, it noted some design flaws and inefficient implementation that should be addressed. The audit recommended making better use of recovery plan assessments and developing operational guidance for crisis management activities and to enhance management reporting systems. Internal ECB processes should be reviewed for effectiveness in light of recent resolution experience. The assessors recommend that the ECB and SRB forge closer working relationships in recovery and resolution planning. Ongoing negotiations to revise the existing MoU should conclude as soon as possible. Automatic information sharing with the SRB has been established at the assignment of certain SREP ratings. Discussions about shared information should occur early in the process, well before formal “early intervention” and “failure or likely to fail” notifications are required to facilitate seamless recovery and resolution planning.
EC8	Where the supervisor becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw the matter to the attention of the responsible authority. Where the supervisor becomes aware of banks restructuring their activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this.
Description and findings re EC8	Where the ECB becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter or of banks restructuring their activities to avoid the regulatory perimeter, the ECB brings the matter to the attention of the responsible authority if such authority exists. The assessors note that the ECB lacks express authority to legally constrain activities outside its remit. The ECB cannot address directly the issue of jurisdiction-specific bank-like activities being conducted without adequate licensing authorities. The ECB cannot mitigate this gap without express Union powers or the authority to enforce national laws or regulations addressing the activity in question. Where SIs, intentionally or negligently, breach a requirement under relevant Union law, the ECB may impose administrative pecuniary penalties or fines (hereafter “sanctions”) to penalize the misconduct of business by the credit institution (Article 18(1) of the SSMR) or, in the cases specified in Article 18(5) of the SSMR, require NCAs to do so. In the case of a breach of ECB regulations or decisions, the ECB may sanction supervised entities with fines. In cases of ongoing breaches of regulations or national laws implementing relevant directives or ECB decisions, the ECB may impose enforcement measures to compel entities to comply with regulatory or supervisory requirements, make use of enforcement measures available to NCAs under national transposition of EU law or instruct NCAs to use their purely national enforcement powers, when available (See CP11).
Assessment of Principle 8	Largely Compliant
Comments	The fundamentals of the ECB’s methodological framework for supervision are sound. The main elements of the supervision methodology—SREP, RAS, and SEP—are well in in place. The methodology has been refined through the experience gained since its initial launch in 2015. This process of continual assessment and improvement should continue as the SREP, RAS and SEP mature over time. The greater emphasis on quantitative analysis is consistent with the EBA’s SREP Guidelines. The methodology meets the requirements of CP 8 as being a forward-looking risk-based assessment of individual banks and banking groups, proportionate to their systemic importance. The ECB’s supervisory approach identifies risks within banks and the banking system as a whole. The ECB should seek a balance between thematic and ongoing supervision after its level setting effort. ECB decision-making processes are complex and may impede timely supervisory action in the ordinary course. Furthermore, the volume, quality and availability of resources for the supervision of SIs are in some instances beyond the ECB’s control. In exigent circumstance, the Supervisory Board and the Governing Council, however, have demonstrated an ability to act. These bodies adopted emergency procedures that have been successfully tested in recent resolutions. It is important to address these constraints, even though some of them are structurally imbedded. The assessors reviewed the ECB’s supervisory histories for recent resolutions of SIs. The ECB in conjunction with the SRB and NRAs is a key participant in the Euro Area’s early intervention and resolution framework. Additional work, however, is required in the recovery and resolution planning area. Internal ECB processes should be reviewed in light of recent resolution experience. While a formal resolution framework is in place, the timeliness and level of coordination and collaboration between the ECB and SRB could be improved. Based upon the assessors’ review of the supervisory histories, the ECB’s crisis management function could make better use of recovery plan assessments and developing operational guidance for crisis management activities and to enhance management reporting systems (See also Special Report No. 02/2018: The Operational Efficiency of the ECB’s Crisis Management for Banks, 16/01/2018). The assessors recommend that the ECB and SRB forge closer working relationships in recovery and resolution planning at the earliest possible time. Ongoing negotiations to revise the existing MoU should conclude as soon as possible. Automatic information sharing with the SRB has been established at the assignment of certain SREP ratings. Informal discussions about information gaps, liquidity and preliminary resolution strategies should occur early in the process, well before formal “early intervention” and “failure or likely to fail” processes are required, to facilitate seamless recovery and resolution planning.
Principle 9	Supervisory techniques and tools. The supervisor uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of banks.
Essential criteria
EC1	The supervisor employs an appropriate mix of onsite58 and offsite59 supervision to evaluate the condition of banks and banking groups, their risk profile, internal control environment and the corrective measures necessary to address supervisory concerns. The specific mix between onsite and offsite supervision may be determined by the particular conditions and circumstances of the country and the bank. The supervisor regularly assesses the quality, effectiveness and integration of its onsite and offsite functions, and amends its approach, as needed.
Description and findings re EC1	The relevant EU legislation pertaining to the mix of onsite and offsite supervision is contained within Articles 97, 98 and 99 of CRD IV (See CP 8 EC1–2). In addition, the EBA guidelines on common procedures and methodologies for supervisory review and evaluation (SREP guidelines) provide detailed instructions on the risk assessment process. The EBA is undertaking a consultation on and review of these guidelines. Article 99 of CRD IV sets out the minimum expectations for NCAs to, at least annually, adopt a supervisory assessment program. According to Article 99, the program must include a plan for the activities and resources (paragraph 1(a)), identification of institutions for enhanced supervision (paragraph 1(b)) and a plan for onsite examinations (paragraph 1 (c)). Furthermore, the requirements of CRD IV provide for supervisors to adjust the intensity of supervision depending upon the risks identified, including a permanent onsite presence of the NCA (paragraph 3(b)), more frequent reporting (paragraph 3c)), and thematic inspections (paragraph 3(e)). The ECB is empowered: (i) to carry out offsite supervision in accordance with Article 4 of the SSMR; (ii) to adopt supervisory measures in accordance with Article 16 of the SSMR; (iii) to carry out onsite inspections in accordance with Article 12 of SSMR and Articles 143 to 146 of the SSMFR. The ECB communicates its broad supervisory priorities to the banking industry and the general public. In 2017 it identified three priority risk areas: business models and profitability drivers; credit risk, with a focus on NPLs and concentrations; and risk management. These messages were delivered in a variety of media and fora. Examples include the ECB’s SSM website; meetings with trade groups (e.g., European Banking Association meeting on January 23, 2017); and conference calls with banks, analysts, and journalists (e.g., December 15, 2017 SREP and Supervisory priorities conference call). The assessors believe that transparency on supervisory expectations, concerns, techniques, and strategies, to the extent permitted by confidentiality requirements, assists sound supervision. ECB banking supervision’s supervisory process starts with the planning of the regular supervisory activities, which is laid down in the SEP. The SEP covers the tasks and activities related to offsite ongoing supervision and onsite missions, in line with available resources. The appropriate mix between onsite and offsite supervision for a given institution and Euro Area-wide results from the SEP, which is defined in accordance with the process below. Offsite ongoing supervision entails a number of activities that are conducted regularly or on an ad hoc basis and that are aimed at checking compliance with prudential regulation, assessing the risk profile through the SREP and adopting capital, liquidity, or qualitative measures as appropriate. For SIs, these tasks fall under the responsibility of the JSTs. In addition, horizontal thematic reviews, in-depth reviews and ad hoc reviews are conducted on certain topics by offsite analyses and dedicated onsite missions. Examples are the 2015–2016 Governance and Risk Appetite and the 2017–2019 Internal Model (TRIM) thematic reviews and investigations. The onsite inspections are typically carried out by an inspection team, which—while organizationally independent—works in close cooperation with the JST (see EC 4). The various supervisory activities typically result in supervisory measures (e.g., recommendations, requirements, decisions) in the form of an operational act directed to the SI. Final decisions are taken at the level of the Supervisory Board and the Governing Council. Supervisory activities and decisions are typically followed by a number of routine steps including communication to the institution, the hearing of the institution, the monitoring of compliance and, if necessary, enforcement and sanctioning (See CP 11). CRD IV provides that supervision must be both risk-based and proportionate to the institutions concerned. The overall supervisory resources (i.e., resources available for ongoing supervision, onsite inspections, and horizontal work) therefore need to be allocated to the supervision of the different institutions in a way that considers these two objectives (See CP1 EC8). This leads to a different supervisory engagement—defined here as the type, intensity, and frequency of supervisory work (e.g., offsite analysis, meetings, ad hoc data requests, and onsite inspections)—for different types of institutions. SIs are grouped into five different categories to each of which a different level of supervisory engagement applies. The grouping of an institution reflects both the potential impact of its demise on financial stability (first step of the categorization) and its intrinsic riskiness (second step of the categorization). The categorization is updated annually or whenever there are new developments changing the assessment of the impact, supervisory complexity, or riskiness (e.g., the purchase of another bank). In a first step, “impact” is assessed in the same way as in the Financial Stability Board context for Systemically Important Financial Institutions, taking into account five dimensions: size, complexity and geographical diversification, substitutability, interconnectedness, and implicit groups. Size and complexity (including geographical diversification and some business model-related aspects) are relatively easy to measure and are used as the leading indicators. As these two dimensions do not necessarily provide a comprehensive view of each bank’s impact on the Euro Area financial system, additional, more specific, but harder to measure, information is incorporated into the analysis. The impact categorization also may be adjusted to reflect other aspects such as the complexity of supervising an institution (e.g., a financial conglomerate or a bank using many sophisticated internal models) or thematic reviews conducted by the ECB. The Step 1 categorization is to be performed jointly by the DGs responsible for the microprudential supervision of the individual institution and by DG MS IV. As a result, institutions are grouped into five different clusters. In a second step, the outcome of Step 1 (Cluster) is combined with the “riskiness” of the institution, the latter based on the last available RAS overall rating assigned by the JST, to provide the supervisory overall engagement level. An assessment matrix is provided by the Planning Division within DG MS IV. A different level of supervisory engagement applies to each of these categories in terms of (i) supervisory expectations and (ii) resources allocated (especially with regard to JST resources), with both dimensions being interrelated. In practice, the de facto supervisory engagement may differ from the ex-ante required supervisory engagement in the event of unforeseen developments. The matrix determines for each combination of cluster and riskiness the overall supervisory engagement level to be applied. The bigger, more complex and riskier institutions are allocated a higher engagement level. The engagement level defines the minimum set of supervisory activities to be performed in the SI and therefore is directly linked to (i) supervisory work/expectations and (ii) resources allocated (especially with regard to JST resources), with both dimensions being interrelated. In practice, the de facto supervisory engagement may differ from the ex-ante required supervisory engagement in the event of unforeseen developments. In practice, the de facto supervisory engagement may differ from the ex-ante required supervisory engagement in the event of unforeseen developments. In such cases, ad-hoc tasks to address the most urgent issues should be prioritized when necessary, overruling the initial plan. Adjustments to the adopted program of onsite inspections and internal model examinations for reasons of optimization of resources and adaption to new priorities are approved by the Supervisory board and approved by the Governing Council under nonobjection procedures. The Supervisory Board also receives periodic status reports on the SEP for SIs. The same approach is used for each RAS risk category, in order to fine-tune the level of engagement to be applied on a risk-by-risk basis. In this way, each institution will have an overall supervisory engagement level, according to which overall supervisory expectations and resource allocation are to be made, as well as a supervisory engagement level per risk category, according to which the minimum intensity and frequency of supervisory work and types of supervisory actions are defined per risk category. For significant subsidiaries two engagement levels have been defined according to the SREP approach.
EC2	The supervisor has a coherent process for planning and executing onsite and offsite activities. There are policies and processes to ensure that such activities are conducted on a thorough and consistent basis with clear responsibilities, objectives, and outputs, and that there is effective coordination and information sharing between the onsite and offsite functions.
Description and findings re EC2	The process for planning and executing onsite and offsite activities is defined in the confidential SSM Supervisory Manual. The JST sets up an individual SEP for the SI it supervises. The SEP defines the supervisory activities for offsite on-going supervision, onsite inspections, and internal model investigations to be carried at the SI over a predetermined time horizon (typically one year for offsite on-going activities and for the onsite inspections and internal model investigations). The SEPs must be aligned with the determined Supervisory Priorities and follow the principles of a risk-based approach and proportionality. This is accomplished through the establishment of MELs (see EC 1) by the Planning and Coordination of SEP Division in close cooperation with other Divisions in DGMS IV and DGMS I and II. For on-going SEP activities, Planning and Coordination of SEP Division formulates a first draft proposal of on-going SEPs activities that includes the minimum engagement level activities (MEL activities) for each SI. Then JSTs assess this proposal on a comply or explain basis and include in the draft SEPs on-going “additional SEP” activities to address the needs and specificities of the institution. For onsite SEP activities (onsite inspections and internal model investigations), the JSTs formulate a first draft proposal, taking into account the available resources. Following unforeseen developments, amendments to the individual SEP throughout the year are possible. The SEP may be subject to ex post reviews by the DG MS IV SQA Division, although primarily it is the responsibility of management and staff of operating units to ensure permanent compliance with the SSM Manual. Based on the available input and macro evidence, draft SEPs are formulated in detail by the JSTs for each SI. In practice, the macro-calendar of supervisory activities regarding on-going supervision, onsite inspections, and internal model investigations is defined in a horizontal way. The JST also considers information provided by non-SSM competent authorities for other entities within the group, in cases where the consolidated supervision of the group in question is the responsibility of an EEA home supervisor. All these activities, except in exceptional cases, are undertaken to comply with the minimum engagement level defined in the strategic planning process by the Planning and Coordination Division. The activities must be prioritized to allow for a replacement buffer for possible ad hoc needs. The SEP is discussed in the core JST. The individual SEP proposal should be associated with a first evaluation of the allocation of tasks and needed resources, including an estimation of the number of resources to be requested for onsite inspection teams and the specialized expertise functions (e.g., specialists on risk analysis or internal models). These additional resources may be supplied by the ECB or from the NCAs’ horizontal functions. In its 2016 review of the SSM, the ECA noted indications that staffing levels in ECB banking supervision at that time were insufficient and recommended that the ECB substantially increase the presence of its own staff in onsite inspections. The ECB accepted this recommendation (See CP 2). JSTs need to clear their draft SEPs with their ECB intermediate structures and senior management (i.e., Heads of Division and Directors General) before submitting them to the Planning and Coordination of SEP Division. This process step may include feedback on and revision of individual SEPs. In addition, there is a dialogue between the ECB and NCA senior management that provides input to the establishment of the SEP, especially regarding diverging views not yet resolved by the core JST. The individual SEPs are submitted to the Planning and Coordination of SEP Division, which will perform a final check for compliance with the MELs and consistency across similar SIs. This may result in some adjustments to the original individual SEPs to be discussed and agreed with the respective JSTs. The Planning and Coordination of SEP Division will then translate the proposals of the individual SEPs into a single consolidated SEP. At this point, the Centralized Onsite Inspections (COI) and Internal Models Divisions will also perform content quality checks on the requests for onsite inspections and internal model investigations. This may result in some adjustments to the individual SEPs to be discussed and agreed with the respective JSTs. The draft consolidated SEP will be consolidated accordingly. The ECB horizontal divisions liaise with their counterparties in the NCAs to plan the onsite inspections and internal model investigations to be performed, taking into account the “prioritized demand” for missions required by the JSTs and the availability of resources to carry them out in the ECB, NCAs, and if necessary, by external providers. One should note that in principle, onsite inspections are planned with a time-horizon of one year. However, specific inspections may be requested by the JST on an ad hoc basis. The onsite inspection (OSI) planning strategy is designed around the Targeted Engagement Level (TEL) for onsite inspections. The TEL is a flexible framework tool taking into account both Supervisory Priorities, SREP reviews (RAS scoring and cluster of the individual SI) and the historical perspective; the TEL provides indicative expectations about the number of OSIs and their related risk focus and as such serves as a base-line tool for JSTs when requesting OSIs; it is also used as an indicative benchmark for prioritizing requests from DG-MS I and DG-MS II Senior Management. This process may require some amendments to the individual SEPs to be discussed and agreed with the respective JSTs. The draft consolidated SEP will be consolidated accordingly. The onsite inspections and internal model investigations resulting from this step (selected missions to be approved by the Supervisory Board and carried out during the next year) must be confirmed by the Heads of Division, Senior Management of DG MSF I, DG MS II, and DG MS IV and the NCAs. The planning process is concluded with a meeting (or alternative form of contact) of the Head of the Planning and Coordination Division, other HDs/Senior Management involved, and the ECB intermediate structures in charge of DGs MS I, II, and IV. The purpose of this meeting (or alternative form of contact) is to settle any remaining issues relating to conflicting plans or resource constraints regarding the draft integrated SEP. This may be achieved by reprioritizing, rescheduling, or cancelling certain activities or by requesting the allocation of additional resources from NCAs. The Planning and Coordination of SEP Division will finalize the consolidated SEP with the support of the COI and Internal Model Divisions. The consolidated SEP, with separate details for each SI, is submitted for information to the Supervisory Board. The list of onsite inspections and internal model investigations included in the consolidated SEP, with separate details for each SI, is submitted for approval to the Supervisory Board and the Governing Council will be invited to adopt it under the non-objection procedure. Its approval (including potential changes) is notified to the JST coordinators and NCAs. In order to ensure a pragmatic implementation of the onsite program, the optimal use of available resources and a fast adaptation to new priorities, proposals for adjustments of the approved list may be submitted on a monthly basis to the Supervisory Board. Such adjustments may include changes to previously approved missions as well as new missions to be carried out. The SEPs are implemented by the JSTs, the onsite inspections and the internal model investigation teams, with the support of the Planning and Coordination of SEP Division and other horizontal divisions involved, according to the defined schedules. A monitoring process is established, encompassing checks on the SEPs’ adoption and implementation. The Planning and Coordination of SEP Division, in close cooperation with the COI and Internal Models Divisions, monitors the execution of the program semi-annually. On this basis, the JST coordinators, the COI and Internal Models Divisions cooperate with the Planning and Coordination of SEP Division also on the implementation of the SEPs, providing information on any possible issues that could prevent the fulfillment of the planned tasks (e.g., limited capacity, a change in priorities, sudden events to be taken into account, etc.), so that back-up measures can be devised. The Planning and Coordination of SEP Division may act to ensure that SEPs are implemented, coordinating with the JSTs, the COI and Internal Models Divisions and the NCAs any necessary adjustments to the SEPs.
EC3	The supervisor uses a variety of information to regularly review and assess the safety and soundness of banks, the evaluation of material risks, and the identification of necessary corrective actions and supervisory actions. This includes information, such as prudential reports, statistical returns, information on a bank’s related entities, and publicly available information. The supervisor determines that information provided by banks is reliable60 and obtains, as necessary, additional information on the banks and their related entities.
Description and findings re EC3	In accordance with Article 10 of the SSMR, the ECB has the power to require institutions and parent undertakings to provide all information that is necessary to carry out its supervisory tasks. Additional legal support is found in Articles in 73, 97, 98, and 99 of CRD IV. The supervisory assessments are performed based on a wide range of information sources, from a quantitative and qualitative nature. Quantitative data are of particular importance to foster consistency and comparability. Key sources of quantitative information include: (i)risk indicators based on FINREP and COREP data (available on a consolidated level since mid-2014); (ii)risk indicators from sources other than FINREP/COREP (e.g., from the ECB’s STE data collection); (iii)indicators on economic and market conditions (GDP, sector NPL, market volatility etc.); (iv)other regulatory data, not harmonized (central credit register, etc.); (v)a bank’s internal estimates (ICAAP, ILAAP, stress tests, internal reports); (vi)financial statements, Pillar 3 disclosures; (vii)peer group indicators; (viii)supervisory stress test results; and (ix)market views (external ratings, investors’ quantitative analyses, etc.) Quantitative reporting to ECB banking supervision management and senior management is managed in cooperation with ECB’s DG-Statistics, which is responsible for performing data consistency and quality checks. Qualitative information is also necessary for identifying weaknesses and includes: (i)supervisory findings (onsite inspection reports, meeting reports, etc.) (ii)institutions’ internal documents (ICAAPs/ILAAPs, financial statements, board memos, organizational charts, internal audit reports, whistle-blower reports, etc.) (iii)business and risk management reports (dashboards, limit reports, etc.) (iv)reports on the environment in which they operate (risk trends, new areas of focus, analysts’ reports, rating agencies’ reports, equity analyst recommendations, news, etc.). Please refer to CP 10 for a discussion of the ECB’s Supervisory Reporting Manual and possible data gaps.
EC4	The supervisor uses a variety of tools to regularly review and assess the safety and soundness of banks and the banking system, such as: (a)analysis of financial statements and accounts; (b)business model analysis; (c)horizontal peer reviews; (d)review of the outcome of stress tests undertaken by the bank; and (e)analysis of corporate governance, including risk management and internal control systems. The supervisor communicates its findings to the bank as appropriate and requires the bank to take action to mitigate any particular vulnerabilities that have the potential to affect its safety and soundness. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC4	Under CRD IV, the ECB as the competent authority is required to carry out a SREP and to take decisions for SIs (See CP 8 for a complete discussion). Within a group, this applies at the consolidated, sub-consolidated and single-entity levels unless an entity has been waived from supervision on an individual basis in accordance with Articles 7, 8, 10 of the CRR. In a case of a financial conglomerate, the SREP decisions also need to take into account the outcome of the supplementary supervision as required by FICOD. The SREP is the main tool to regularly review and assess the safety and soundness of banks and the banking system. It is a harmonized methodology developed on the basis of the EBA guidelines on SREP. It is applied in a proportionate manner to institutions depending on the nature, scale, and complexity of their activities, and, when relevant, on their situation within a group. The SREP methodology relies extensively on quantitative and qualitative analysis. It combines data and expert judgment following a principle of “constrained judgment,” with a view to ensuring that the SREP decision fits best with an institution’s risk profile (and is not a “mechanical” process) while also ensuring consistency and accountability across the SSM. Please refer to CP 8 for a full description of the SREP methodology. The assessments performed for the four elements result in an overall SREP assessment, which underpins a wide range of possible supervisory actions, including the decisions on the institution’s capital or liquidity adequacy or other qualitative or quantitative measures. There is a direct link between the supervisory assessment, the necessary supervisory measures, and the SEP. This overall architecture facilitates comparisons across banks. For each element, the assessment can also be tailored to the specific situation of each institution. The various assessments are performed at different frequencies, defined as a result of the SREP in the SEP’s “MELs,” which can be fine-tuned by the SEP for each individual institution. The JST is expected to update its assessments and remediation actions whenever it is warranted by new information: The analysis of financial statements and accounts, apart from their use to perform the SREP, is carried out by JSTs on an on-going basis. The annual financial statements are certified by external auditors. Annual accounts are complemented by interim financial information on a risk-oriented basis. With FINREP, a harmonized financial reporting exists on a quarterly basis. In addition, for those banks or groups using nGAAP instead of IFRS, a reporting framework has been introduced on a solo basis since March 2014 and on consolidated basis since September 2014. For more detailed information see CP 27. The assessment of an institution’s business model is split into three parts: (i) its business model viability (or the institution’s ability to generate an acceptable return over the next 12 months); (ii) its business model sustainability (i.e., its ability to generate an acceptable return over the next three years); and (iii) its business model sustainability over a full business/economic cycle (i.e., its ability to generate an acceptable return over periods longer than three years). Business model analysis may also give rise to targeted horizontal analysis on an ad hoc basis. A horizontal peer review is an essential part of ECB banking supervision’s supervisory approach and is an integral part of the SREP. The overall SREP score is based on the integration of the four SREP elements following a common approach for all banks with the need for JSTs—where appropriate—to adjust the overall score based on: (i) their knowledge of the bank; (ii) peer comparisons; (iii) the macro environment under which the institution operates; (iv) its capital/liquidity planning to ensure a sound trajectory towards the full implementation of CRD IV/CRR; and (v) the SSM risk tolerance. Peer comparison is also part of the assessment of business model viability indicators. The objective is to assess the viability of the current business model by means of a quantitative analysis of several risk indicators at the consolidated level and the comparison to peers. These aspects taken together should give the analyst a full picture of the real and concrete strategy pursued from the bank and the key metrics regarding profitability at the consolidated level. The assessors note that the ECB has successfully benchmarked in a number of areas. A pan European view was unavailable prior to the creation of the SSM. The consolidated annual accounts of at least the past three years, and the most recent monthly/quarterly management reports for the current year budget (including year-to-date realization) should be used. All available information from FINREP and COREP, data and indicators available in IMAS, as well as data from SNL Financial, an external data provider, forms the starting point of the analysis. These data should be used to understand how the main risk indicators have developed over time and how their current levels and volatility compare to the peer group. When assessing peer comparisons, the JSTs should understand the reasons behind the level of difference from peers bearing in mind that the differences may be reasonable and acceptable when fully understood but also surprising and unacceptable depending on the context. When assessing business model sustainability, peer review plays a role in the forward-looking business environment. The business environment is the context in which an institution operates and seeks to generate profits and influences both the bank and its peers. The scope of the business environment analysis is determined by the hypotheses and should include a number of key areas. One is the macroeconomic environment, as measured by key macroeconomic variables that may have an impact on the area of the bank under assessment. Another is the competitive landscape—consider the activities of the main players and competitors of the institution or business area being analyzed (the peer group), and assess how the competitive landscape is likely to evolve. ECB banking supervision also relies on peer review in the context of thematic reviews. Dedicated horizontal analysis may be launched on specific topics—e.g., governance. JSTs analyze on the basis of a common methodology common issues for all—or a subset of— SSM SIs. The outcome of these thematic reviews may give rise to specific recommendations or measures addressed to institutions either through dedicated decisions or in the context of the annual SREP decision. The stress tests undertaken by banks are used by the JSTs to assess the institution’s capacity to cover its capital needs from a forward-looking perspective, assuming stressed economic and financial developments. This is done using a wide range of information sources, including the institution’s internal stressed projections, the SSM’s stressed supervisory proxies, and the outcome of supervisory (bottom-up and/or top-down) stress tests when available. To provide a forward-looking assessment of an institution’s capital positions, the supervisor relies on an institution’s internal stress test, on the supervisor’s micro stress and sensitivity analysis, and on system-wide supervisory stress tests when available. To review these stress tests, ECB banking supervision follows the principles and recommendations established by international supervisory bodies. Supervisors should expect institutions to analyze at least a baseline scenario and a stressed scenario, and make projections of its main balance sheet, profit and loss, and off-balance sheet items in view of the institution’s strategic plan, including the capitalized profit, dividends, share issues, subordinated capital issues, and capital charges in line with the expected business growth, changes in the Pillar 1 risk profile, other risks assessed in the ICAAP, regulatory changes, one-off transactions, etc. Stress tests should be conducted as part of the ICAAP to identify those events or changes in the market conditions in which institutions operate that may adversely affect their future solvency. At least one comprehensive adverse scenario, reflecting severe but plausible adverse developments of the institution’s operating conditions, should be used for capital planning. JSTs should assess in this regard the underlying assumptions (Sufficiently severe? Plausible?) and the adequacy of the translation of these assumptions into stressed capital and risk projections over at least the upcoming three years. Furthermore, any embedded management actions should be scrutinized. Discussions of corporate governance, risk management, and internal control requirements are found in CP 14, 15, and 26. The analyses and assessments by JSTs are performed and documented in IMAS on an ongoing basis. At least once a year, a SREP decision including appropriate supervisory measures is taken and communicated to the bank. JSTs may also communicate findings, decisions or recommendations to the institutions under their responsibility whenever necessary after having complied with the SSM’s decision-making procedures. Onsite supervision is conducted through inspections, which are in-depth investigations of risks, risk controls, and governance that follow specific procedures described within the SSM Supervisory Manual. The scope and frequency of onsite inspections takes into account the supervisory strategy, the characteristics of the credit institution (size, nature of activities, and risk culture) and the specific areas of the credit institution perceived as more vulnerable. Onsite inspections are conducted in an independent manner, in close liaison with the JSTs, based on a coordinated approach steered by ECB banking supervision. Both on-going supervision and onsite inspections are essential for effective supervision. They are complementary and cannot substitute for the other. Supervisors must have a permanent in-depth knowledge of the institution. This knowledge is obtained through on-going supervision, which mainly relies on the information reported by the institution (regulatory, external, and internal reporting), complemented by onsite inspections to check inter alia the accurateness of the information used by on-going supervision. Accordingly, in the SSM organizational model, the onsite inspections function is embedded and anchored in the overall SSM framework without jeopardizing its independence or allowing that independence to imply isolation. This principle of independent inspections is made operational through a separation in the performance of the two types of supervision: (i) the JST performs on-going supervision; and (ii) independent inspection teams conduct the onsite inspections. The close liaison between the JSTs and the onsite inspections is achieved by permitting JST members to participate in inspections. However, JSTs are not allowed to act as head of onsite inspection teams. Onsite inspections can be conducted on a number of different levels. An inspection can be done at a group level, in which case the scope includes the parent entity as well as some or all of the subsidiaries and branches of that group or; it can be conducted at an individual level of the group member in which case the inspection is of a subsidiary of a group. An individual subsidiary inspected may be located within the SSM, or in an EU non-SSM Member State, or in a third-party country. The rationale for performing onsite inspections is to gain a more in-depth knowledge of the respective institution by interacting with the key individuals responsible for the management of business or risk areas subject to inspection and having access to and the ability to test the underlying documentation found in regulatory reports and the institution’s information management and reporting systems. By doing so, the inspection team is given the opportunity to assess, inter alia, processes, systems and quality of management across the institution, enabling the team to challenge the senior management and management body in an informed way, based on this more in-depth assessment of the institution, gained by verification in situ. Onsite inspections are carried out based on a predefined scope, timeline and resources, and use investigating and inspecting techniques to test controls and substantive procedures, following certain standards. The outcome of onsite inspections is a report that includes an executive summary, the list of facts and findings, and the body of the report. Appendices should be added. In particular, onsite inspections aim at: examining and assessing the level, nature and features of the inherent risks, also taking into account the risk culture; examining and assessing the appropriateness and quality of the institution’s corporate governance and internal control framework in view of the nature of its business and risks; assessing the control systems and risk management processes, focusing, in particular, on detecting weaknesses or vulnerabilities that can have an impact on the own funds of the institution; examining the quality of balance sheet items and the financial situation of the institution; and assessing compliance with banking regulation. In line with the supervisory principles for the functioning of the SSM, inspections are risk-based, proportional, intrusive, and forward-looking. Onsite inspections are limited in time and performed to reach a pre-defined objective following a focused, comprehensive and coordinated approach. They can be classified in several ways, depending on the aspects taken into account. More than one type of inspection may apply: full scope vs. targeted inspection; thematic inspections; program versus ad hoc inspections; follow-up inspections. Onsite inspections are an important part of the ECB’s integrated supervisory approach. They also keep the JST informed on the key dimensions of the institution. Hence, the scope of the inspections must be aligned as much as possible with the methodology used by the ongoing supervision (RAS and SREP concepts) and with the assessment and division of work decided by the respective JST. This alignment is ensured by the respective Directorates General of the ECB. Following the list of issues mentioned in the RAS, the main topics inspections can cover are: business model and profitability; internal governance and risk management; credit risk and counterparty credit risk; market risk; operational risk; IRRBB; capital adequacy; liquidity and funding risk. These aspects are not mutually exclusive; on the contrary, an inspection may explicitly cover several of them and good onsite work is characterized by being attentive to all of them, particularly to how the transactions or areas under review affect the overall situation of the inspected legal entity regarding liquidity, capital or profit, and compliance with regulations. The overall inspection life cycle involves the following phases: planning, pre-inspection, investigation, reporting, consistency review, follow-up. The onsite inspection teams are, in principle, led by NCA staff. These staff members can either be staff members from the NCA of the country in which the inspection takes place or staff members from any other NCA within the SSM. This does not preclude the possibility of the ECB taking the lead of any inspection. In order to ensure that onsite inspections are conducted in an independent manner, the Head of Mission (HoM) cannot be held by a JST member or by an external expert. The choice of a HoM is based on a combination of technical and non-technical competences, including: the type of expertise needed for a specific mission, managerial capabilities (especially for international teams), soft skills necessary to constructively interact with a large number of stakeholders (e.g., the institution, JST Coordinators, ECB COI Division team responsible for on-going monitoring, teams performing the consistency reviews of reports, etc.). Due attention must be paid to the general principle of rotation of the HoMs. The composition of the team, in terms of size, skills, expertise, and seniority, is commensurate with the inspection entrusted to it. The inspection team is composed by at least two persons, including the HoM. The ECB’s IPCS Division appoints the team members after consultation with all the concerned parties. To this aim the ECB’s IPCS Division is informed of the resources available for inspections. The composition of the team must be in line with the SEP, while taking into account the evolution of the portfolio or area to inspect since the SEP was adopted. In addition, COI Division may appoint its own staff as members to join the onsite inspection team. Upon request of the JST Coordinator, JST members may join an inspection team. To safeguard the efficiency and the independence of judgment of the onsite inspection, the JST members assigned to the team should be placed under the functional authority of the HoM for the duration of their involvement in the mission. The onsite inspection teams may be composed of professionals coming from NCAs, ECB staff members, as well as external experts.
EC5	The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and mitigate any emerging risks across banks and to the banking system as a whole, potentially including conducting supervisory stress tests (on individual banks or system-wide). The supervisor communicates its findings as appropriate to either banks or the industry and requires banks to take action to mitigate any particular vulnerabilities that have the potential to affect the stability of the banking system, where appropriate. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC5	The SREP framework sets out the risk factors to be assessed as part of the supervisory review, the topics to be included, and the supervisory measures to be implemented based on the identification of risk. The framework includes risks to the bank as well as risks to the system as required for in Article 97 (see paragraph 1(b) and Article 99 paragraph 2(b)) of CRD IV. In terms of the identification and assessment of emerging risks throughout the EU area, one of the responsibilities of the EBA is to ensure the orderly functioning and integrity of financial markets and the stability of the financial system in the EU. To this end, the EBA is mandated to monitor and assess market developments as well as to identify trends, potential risks and vulnerabilities stemming from the microprudential level. One of the primary supervisory tools to conduct such an analysis is the EU-wide stress test exercise. The EBA Regulation gives the Authority powers to initiate and coordinate the EU-wide stress tests, in cooperation with the ESRB. The aim of such tests is to assess the resilience of financial institutions to adverse market developments, as well as to contribute to the overall assessment of systemic risk in the EU financial system. Building upon this work, the ECB’s specific horizontal risk analysis function is in charge of supporting other ECB banking supervision operating units (such as other DGs, horizontal divisions, and JSTs) by providing up-to-date information on current risks and vulnerabilities affecting the SSM; conducting regular in-depth risk analysis and broader microprudential analysis and research on the banking sector; and identifying on a timely basis trends, developments and emerging risks affecting multiple banks for further supervisory review and action. Furthermore, the SSM methodologies for SREP contain specifics for the use of stress testing as an input into the supervisory assessment process for individual credit institutions. In particular, in Element 3—Assessment of risks to capital—the JST assesses, among other things, the institution’s capacity to cover its capital needs from a forward-looking perspective, assuming stressed economic and financial developments. This is done using a wide range of information sources, including the institution’s internal stressed projections, ECB stressed supervisory proxies, and the outcome of supervisory (bottom-up and/or top-down) stress tests when available. In Element 4—Assessment of risks to liquidity and funding—the JST assesses, among other things, the institution’s capacity to cover its liquidity needs from a forward-looking perspective, assuming stressed economic and financial developments (See CP 24). This is done using a wide range of information sources, including the institution’s internal stressed projections, ECB stressed supervisory proxies, and the outcome of supervisory (bottom-up and/or top-down) stress tests when available—e.g., a stress scenario based on a deposit run and no access to wholesale markets for a prolonged period. The assessments of these features contribute to the overall SREP assessment, which underpins a wide range of possible supervisory actions, including decisions on the institution’s capital or liquidity adequacy or other qualitative or quantitative measures. Since 2016, following the EBA clarification on the use of the 2016 EU-wide stress test results in the SREP process (link), the ECB has introduced a pillar 2 capital guidance that is used to take account the outcome of system-wide supervisory stress tests in the SREP. There is a direct link between the supervisory assessment, the necessary supervisory measures, and the SEP. ECB banking supervision communicates the outcome of the risk assessment via informal supervisory dialogue with the institutions, using a comprehensive set of information. ECB banking supervision also organizes horizontal communications and workshops held every year with CEOs. In addition, the key aspects of the SSM SREP methodology and the outcomes of each SREP cycle are published on the ECB website. Moreover, comprehensive assessments—including assets quality review and stress tests— are performed on new SIs or periodically if deemed appropriate.
EC6	The supervisor evaluates the work of the bank’s internal audit function, and determines whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk.
Description and findings re EC6	Articles 97 and 98 of CRD IV provide the legal basis for supervisors to evaluate the work of the independent audit function within the supervisory assessment. The work of the internal audit function is evaluated within Element 2—Internal governance and risk management—of the SREP (see CP 26). Internal audit reports are key sources of qualitative information to perform SREP assessments. In addition, the internal audit function may be subject to onsite inspection to obtain assurance that the function meets generally accepted principles on internal audit with respect to governance, status and organization, scope of activity, and internal audit life cycle. Based on the assessment of the internal audit function carried out during the SREP and onsite inspection, JSTs determine whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk (See CP 26).
EC7	The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s Board, non-executive Board members and senior and middle management (including heads of individual business units and control functions) to develop an understanding of and assess matters such as strategy, group structure, corporate governance, performance, capital adequacy, liquidity, asset quality, risk management systems, and internal controls. Where necessary, the supervisor challenges the bank’s Board and senior management on the assumptions made in setting strategies and business models.
Description and findings re EC7	Article 98 of CRD IV establishes the legal underpinnings for supervisors to review and evaluate governance arrangements of institutions, their corporate culture and values, and the ability of members of the management body to perform their duties (see paragraph 7). In conducting that review, the supervisor examines at a minimum agenda, supporting documentation for meetings of the management body and its committees, and the results of internal and external performance evaluations. The assessors were provided samples of such internal governance reviews presentation, agendas, and other materials. The ECB maintains ongoing and effective communication and engagement with SI’s Board, non-executive Board members and senior and middle management. JSTs oversee all external written and oral communication with the SI. Usually, JSTs interact extensively with the banks through requests for information or meetings with bank representatives. Meetings are used to get to know the management and gather information on the bank’s strategies and activities, as well as to complement and crosscheck the data used in the supervisory process. Meeting with the bank to discuss strategic planning is a critical component of the offsite process. A top-level meeting is held with heads of the supervisory board and/or management board and/or risk managers to discuss the bank’s condition, its strategic and operational perspectives, governance issues, and the business policies (also with reference to specific sectors), with particular regard to risk management, capital and organizational safeguards related to risks, and internal controls. JSTs may challenge the adequacy of the bank’s strategies and business model and request further information from the board and senior management. Where appropriate, JSTs may also participate in board meetings. The ECB expects independent supervisory board members to be active and informed so as to provide a credible challenge to management (See CP 14). Governance and Risk Management is one of the four pillars of the SREP assessment process. The SREP along with the recommendations of the ECB’s thematic review on governance and risk appetite has made supervisory board involvement more robust (See CP 8 and CP 14). Meetings also are held with mid-level management and are technical and operational in nature focusing on areas such as risk management methodologies, self-assessment of capital adequacy, and control systems.
EC8	The supervisor communicates to the bank the findings of its on- and offsite supervisory analyses in a timely manner by means of written reports or through discussions or meetings with the bank’s management. The supervisor meets with the bank’s senior management and the Board to discuss the results of supervisory examinations and the external audits, as appropriate. The supervisor also meets separately with the bank’s independent Board members, as necessary.
Description and findings re EC8	Onsite: The reporting phase commences when the HoM is of the view that the conclusions of the onsite inspection are firm and can be presented to the JST and to any other level of the SSM framework. Based on individual notes, the inspection team prepares a draft report containing facts and findings. The HoM leads the preparation of the draft report and gives guidance with the aim of ensuring that the findings are clear, concise, and to the point. At any time, the inspection team may consult the JST to clarify issues, as well as to keep the team informally informed on the findings of the inspection. Based on the draft report of the inspection, the HoM calls an exit meeting with the institution. This meeting is the last meeting of the onsite inspection where the facts and the findings described in the draft report are presented. The objective of this meeting is to gain assurance on the accuracy of the facts and findings and to check the degree of awareness of the institution. To allow the inspected legal entity to prepare for the meeting the draft report is sent 3-5 days in advance. If the inspected legal entity is the subsidiary of a parent located in the SSM, the draft report may be sent to the parent as well as the subsidiary. The draft report is discussed at the exit meeting and the inspected legal entity is granted a 2-week period to submit written comments on a standardized template (3-column-table) which are then assessed by the HoM. If necessary, the HoM will revise the report. The feedback template including the HoM’s answers to the inspected bank’s feedback are then attached to the final report as annex. The inspected entities comments should focus on the executive summary, the findings and on possible factual errors. The report must be clear, concise, and to the point and contain an executive summary, findings and an overall assessment of the topics covered by the mission. The length of the document should be commensurate with the scope and magnitude of the inspection. The reports are produced in English, whereby the annexes can be kept in the original languages, unless produced by the inspection team (i.e., if the annexes include documents produced by the bank, they can be kept in the original language), in accordance with the SSM provisions for language-related issues. A finding contains the following elements: Criteria (What should be); Condition (What is); Root Cause(s) (Why did it happen); and Effect (What are the consequences and the potential risks). As an onsite inspection is a point in time exercise, findings are based on the actual situation at a given time. As a result, deficiencies for which the institution has taken corrective measures during the inspection must be documented accordingly in the report but flagged as a finding. By contrast, no findings should be reported in respect of deficiencies that had already been corrected before the inspection began. Where appropriate, this could be mentioned in the report. Prior to the exit meeting, the HoM sends the draft report for a consistency review to the ECB’s COI Division. The consistency review process focuses on the internal consistency of the report; its consistency with other reports with comparable scope, throughout the SSM; and its consistency with the SSM Supervisory Manual, in particular the methodology for onsite inspections, and with relevant European legislation and standards. The aim of this review is not to replicate onsite activities. Although COI Division is ultimately responsible for all consistency reviews of SSM onsite draft reports, the ECB recently instituted a joint consistency review process that also consists of NCA personnel. Only staff members that have not been members of the respective inspection team will be entrusted with consistency reviews, otherwise they will not be regarded as independent. The joint consistency review teams improve efficiency and foster mutual understanding among NCA and ECB staff. If the HoM decides not to accept the COI Division’s recommendations, he/she must provide a reasoned rationale. All consistency review workflows are archived. The HoM is expected to support the COI Division’s consistency efforts to ensure homogeneity and the implementation of common standards. The HoM signs the report and sends it to the JST Coordinator, COI Division, and the NCAs concerned. This signed version of the report contains the final version of the findings. Based on the report, the JST is responsible for drafting a follow-up letter including recommendations and an action plan, comprising deadlines or supervisory measures as the results of the onsite inspection. The signed final report, together with the draft follow-up letter, is then sent by the ECB COI Division to the institution and a closing meeting with the institution’s senior management takes place. This meeting is held by the JST Coordinator (the HoM might participate, as an observer). After the closing meeting, the JST conveys the final recommendations to the institution and to the respective NCA(s). After receiving the follow-up letter, the institution is requested to send an official response with its proposed action plan explaining how it intends to address the recommendations within specific timeframes. A follow-up procedure is needed to guarantee that the institution’s action plan is appropriate. The JST is responsible for assessing this official response, if needed in consultation with the HoM. During this phase, several follow-up steps may occur: a request for additional information, the implementation of additional corrective measures, a request for a readjustment of the institution’s plan, or the preparation of a complete draft decision for consideration by the Supervisory Board and the Governing Council. When the JST has verified and concludes that the mitigation measures recommended to the institution have been implemented, the follow-up process is closed. The assessors were provided with anonymized onsite inspection reports, Supervisory Board decisions and follow-up materials from a random sampling of SIs. Offsite: The decision on adequate levels of capital and liquidity as well as any additional supervisory measures, as set out in Article 104 of CRD IV and Article 16 of the SSMR, is communicated to the institution (both the parent company of the group and the single entities concerned) following the formal decision-making process of the ECB. The draft decision is sent to the institution, which has the right to be heard in accordance with Article 31 of the SSMFR. However, before starting the formal decision-making process, the JST coordinator organizes a dialogue on decisions with the management body of the SSM area parent institution and the relevant subsidiaries. The level of hierarchy for the participation of ECB and NCA management is discussed and decided in the core JST. JSTs may organize meetings with the independent members of the Board as deemed necessary.
EC9	The supervisor undertakes appropriate and timely follow-up to check that banks have addressed supervisory concerns or implemented requirements communicated to them. This includes early escalation to the appropriate level of the supervisory authority and to the bank’s Board if action points are not addressed in an adequate or timely manner.
Description and findings re EC9	Supervisory measures (e.g., recommendations, requirements, or other decisions) are monitored though a dedicated IT tool. It is the responsibility of the JSTs to decide on how to monitor (including reporting) implementation of remedial measures by the relevant parties. Moreover, JSTs must include the follow-up of supervisory measures in the supervisory calendar for the relevant institution. The length of time an SI has for taking corrective measures is dependent upon the nature and complexity of the matter. If an institution does not comply with a supervisory measure within the specified timeframe, the JST must consider taking additional action against the institution. JSTs have a wide range of possible responses that can be initiated. They range from informal notifications to the institution concerned, or the use of additional supervisory powers, to enforcement measures or even sanctions, depending on the nature of the original supervisory measure and the extent of the non-compliance. Every monitoring task is performed by the JSTs. The follow-up of decisions may be based on periodical or ad hoc reports only or may take place through a closer interaction with the institution. The closer interaction procedure may involve specific meetings with the institution’s management, or follow-up inspections to monitor the implementation activities of the institution. Based on the information provided, the JST assesses whether progress on implementation of the supervisory measure(s) is adequate. In this regard, the JST produces regular follow-up notes describing the progress in implementing the supervisory recommendations, requirements or decisions and forwards the information to the ECB’s horizontal divisions, and to the Supervisory Board and/or the Governing Council, if deemed relevant. The NCA is kept informed too. Based on these follow-up notes provided by the JST, the Supervisory Board and the Governing Council, as well as the relevant ECB functions and the NCAs, may wish to issue recommendations to the respective JST. If the institution does not start implementing remedial measures, the JST refers the case to the Enforcement and Sanctions Division if it considers that an enforcement measure is needed or that there is reason to suspect that a breach has been committed. If the JST considers that additional supervisory action—other than enforcement measures or sanctions—is needed, it prepares a note to the Supervisory Board and the Governing Council detailing which supervisory action should be taken against the institution. Any non-material adjustment to the supervisory measures to be implemented by the institution can be directly endorsed by the JST. A discussion of the ECB’s supervisory remediation powers and its formal enforcement and sanctioning authorities against institutions is found in CP 11.
EC10	The supervisor requires banks to notify it in advance of any substantive changes in their activities, structure and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements.
Description and findings re EC10	The ECB expects but does not require banks to notify it in advance of all substantive changes in their activities, structure, and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements. This topic is described in greater detail in CP 4 to CP 7. Breaches of any legally required notifications are subject to mandatory referral to the ECB’s independent enforcement and sanctions unit for review and potential action if it is institution related (see Article 18 of the SSMR). Breaches regarding individuals or violations of Directives transposed into national laws are referred to the appropriate NCA for further action (see CP 11). The assessors recommend that the ECB seek a mandatory notification requirement for all substantive changes in an institution’s activities, structure, and overall condition, or as soon as they become aware of any material adverse developments.
EC11	The supervisor may make use of independent third parties, such as auditors, provided there is a clear and detailed mandate for the work. However, the supervisor cannot outsource its prudential responsibilities to third parties. When using third parties, the supervisor assesses whether the output can be relied upon to the degree intended and takes into consideration the biases that may influence third parties.
Description and findings re EC11	The ECB onsite function operates under a joint ECB and NCA staffing model. Onsite inspections are ordinarily performed by staff from the NCAs and/or the ECB. Nevertheless, the ECB can use external experts when it is deemed advisable or appropriate. External experts are appointed as ECB team members and carry out the tasks assigned under the lead of a HoM supplied by the NCAs or from COI Division. The ECB has used consultancy firms and auditors as members of internal model investigations missions under the TRIM initiative. The use of external experts is permitted under Article 12 (2) of the SSMR. External consultants may participate in onsite inspection and internal model investigation missions in case there is a lack of appropriate resources within the inspection team, following the COI Division guidelines. To ensure that the responsibility is not outsourced, external consultants can only participate as team members and cannot act as a HoM. Prior to the appointment of external consultants, the HoM provides a sound rationale, which must be appropriately approved, for the need for external consultants and a description of the expected tasks and outputs to be produced. To ensure the independence of the external provider, the audit firm must provide the ECB with some background information about its relationship with the inspected entity as well as its self-assessment about the potential existence of a conflict of interest. Based on this information, COI Division will review the self-assessment and officially clear the firm prior to accepting any offer and submitting the legally binding order. Depending of the fees, the contract is then signed at different management levels according to the generic provision of delegation of power. During the onsite inspection, external consultants perform the same tasks as ECB banking supervision staff and apply the SSM methodology under the supervision and direction of the HoM. Their presence is transparently communicated to the institution. The ECB’s quality assurance program and the HoM’s direct oversight of all team members, including any external consultants, permits the use and reliance on such consultants’ work product.
EC12	The supervisor has an adequate information system which facilitates the processing, monitoring and analysis of prudential information. The system aids the identification of areas requiring follow-up action.
Description and findings re EC12	Directorate General Information Systems provides, maintains, and develops the information and communications systems necessary for ECB banking supervision to carry out its tasks. This includes the provision of information governance and security. The unit is also responsible for providing support services for end-users as well as quality, supplier, and license management. DG Statistics ensures the availability of reliable and accurate supervisory data across the SSM for supervision and statistics purposes. The data is made available to end-users according to the SSM Information Security Policies and IT system entitlements. DG Statistics checks the completeness and data accuracy of each report received as well as the presentation of the information to ensure that different reporting entities use the same format (allowing for data consistency and making historical or sector-wide analysis easier). In addition, it monitors compliance with the submission deadline for each report. These different processes are computerized to ensure a sound and efficient follow-up on the reports, as their number is quite significant. On the issues of erroneous data, missing data, or reports and failures to meet submission deadlines, DG Statistics liaises closely with the reporting entities as well as with the NCAs. It keeps track of all its requests to the reporting entities to be sure to have received a satisfactory reply to each of them. In cases where, after a certain predetermined period (as set out in the reporting schedules), no response is received, DG Statistics sends a reminder to the reporting entity concerned. Thereafter, it ensures that the database always contains the last and most correct version of the reports; historical data is kept in the database but should be clearly marked as such. The Directorate General informs end-users whenever new updates of supervisory data are available. In cases where it receives an amendment to a report that has already been released, DG Statistics informs the end-users and provides them with an updated version of the report as soon as possible. To facilitate the processing, monitoring, and analysis of prudential information and assist the identification of areas requiring follow-up action, ECB banking supervision and the NCAs rely on the IMAS system. It provides an integrated supervisory tool facilitating the analysis of prudential data, the prioritization and monitoring of tasks, as well as the performance of SREP. Please refer to CP 10 for additional information and recommendations for enhancing the ECB’s supervisory reporting.
Additional criteria
AC1	The supervisor has a framework for periodic independent review, for example by an internal audit function or third party assessor, of the adequacy and effectiveness of the range of its available supervisory tools and their use, and makes changes as appropriate.
Description and findings re AC1	ECB banking supervision’s supervisory activities are performed under the ECB internal control framework, which relies on a three-lines-of-defense model. It is the responsibility of the ECB’s operational management to establish appropriate systems of internal controls. Thus, operational management acts as the first line of defense. The risk management, control, compliance, and oversight functions established and deployed by management represent the second line of defense. The Supervisory Quality Assurance (SQA) Division has been set up to provide regular feedback to ECB banking supervision managers on the quality of their supervisory output in terms of consistency and effectiveness. The SQA Division operates by means of desk reviews, interviews with stakeholders and factual checks and analysis. Once a year the SQA Division issues a “lessons learned” report for discussion by the Supervisory Board, which may decide on further actions. The ECB’s Directorate Internal Audit (D/IA) provides independent and objective assurance and consulting services designed to add value and to improve the ECB’s operations. D/IA acts as a third, independent line of defense within the ECB governance framework. The D/IA helps the ECB in accomplishing its objectives by bringing a systematic disciplined approach to evaluate and improve the effectiveness and efficiency of risk management, control, and governance processes. All activities, operations and processes of the ECB may be subject to internal auditing. Moreover, D/IA coordinates and performs audit work under the umbrella of the Internal Auditors Committee (IAC). The scope of the IAC covers the performance of the euro system/ESCB and SSM tasks and activities as defined in the Statute of the ESCB and the ECB and in the SSMR, including their enabling processes and risks associated with them, and/or activities decided by the Executive Board, Governing Council, or General Council. The supervisory activities of the ECB are reviewed by the European Commission and the ECA, which reviews SSM operations with a specific focus on operational efficiency. The assessors reviewed the Commission’s review of the ECB’s implementation of CRD IV (Report from The Commission to The European Parliament and The Council, on the SSM established pursuant to Regulation (EU) No 1024/2013, October 11, 2017). The Commission gave an overall positive assessment of the application of the SSMR and the first years of the ECB acting in its supervisory capacity, especially in terms of levelling the playing field and fostering confidence from the integrated supervision of credit institutions. The ECA also assesses the ECB supervisory activities. The assessors reviewed the ECA report on the ECB’s SSM operations. (Special Report No. 29/2016: SSM—Good start but further improvement needed, November 18, 2016). The Court of Auditors examined the SSM’s governance, accountability, and offsite and onsite inspection programs. The report assessed the SSM’s reliance on the NCA for resources (See CP 2 EC6). The ECA also assessed the operational efficiency of the ECB in crisis management. (Special Report No. 02/2018: The Operational Efficiency of the ECB’s Crisis Management for Banks, 16/01/2018). The audit found that while the ECB has established a substantial framework for crisis management, it noted some design flaws and inefficient implementation that should be addressed. The audit recommended making better use of recovery plan assessments and developing operational guidance for crisis management activities and to enhance management reporting systems. The ECB formally responded to the findings and recommendations of both reports. The assessors found that the ECB supervisory functions operate under an effective internal control environment that is augmented by oversight from external bodies, which include the European Parliament, the European Commission, and the ECA.
Assessment of Principle 9	Compliant
Comments	The ECB, through the SREP, uses a mix of offsite analysis and onsite inspections that focus on both horizontal risk themes and vertical assessments of institution-specific risks. The techniques and tools to implement the supervisory approach appear to be appropriately designed, as evidenced by the confidential SSM Supervisory Manual and Appendices. The SEPs and onsite inspections also appear to be appropriately calibrated according to institutions’ risk profiles and systemic importance. Further refinements to the supervision program should be adopted incrementally as the ECB gains additional experience over time. The availability and allocation of staff for the joint JST and onsite inspection teams are assessed in CP 2. The assessors’ limited interviews with JSTs, senior staff members and experts in DGI, DGII, and DGIV, the SSM Supervisory Manual, sample SREP decisions, examples of onsite inspections, memoranda, presentations, and other related materials appear to support this assessment. The ECB should consider streamlining its internal reporting lines to ensure the timely communication of supervisory and other information. The assessors recommend that the ECB seek a mandatory notification requirement rather than the current expectation that institutions report all substantive changes in their activities, structure, and overall condition, or as soon as they become aware of any material adverse developments. The assessors recommend that the ECB be more transparent about its supervisory expectations, approaches, and techniques through the publication of guides on supervisory topics. The July 2017 Guide to onsite inspections and internal model investigations is a good primer on the ECB’s supervisory activities that is suited for public consumption. Supervision is enhanced, and potential issues are eliminated if the ECB’s identifies and communicates to SIs and interested parties its priorities and any emerging concerns it discerns from its ongoing and horizontal supervision of SIs and their activities. This also is an international best practice adopted by other supervisors of large banking institutions. The ECB’s practice of publishing guides on important supervisory topics should be continued. A condensed version of the SSM Supervisory Manual was published in March 2018 after the assessors’ onsite visit. The published manual removed much of the detail on supervisory techniques or information. Such transparency helps institutions comply with the ECB’s expectations and assures the public that the SSM operates under well designed supervisory processes. The ECB is in the process of reviewing additional elements of the Supervisory Manual for later publication.
Principle 10	Supervisory reporting. The supervisor collects, reviews and analyses prudential reports and statistical returns61 from banks on both a solo and a consolidated basis, and independently verifies these reports through either onsite examinations or use of external experts.
Essential criteria
EC1	The supervisor has the power62 to require banks to submit information, on both a solo and a consolidated basis, on their financial condition, performance, and risks, on demand and at regular intervals. These reports provide information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector, geography, and currency), asset quality, loan loss provisioning, related party transactions, interest rate risk, and market risk.
Description and findings re EC1	The core of supervisory reporting requirements in the EU is established in the CRR and detailed in the EC Implementing Regulation (or ITS) N. 680/2014, on supervisory reporting; it constitutes the sole EU-wide legal framework for supervisory reporting and a maximum harmonization instrument. As clarified by the EBA in a Q&A, “This means that, with regard to the scope of application of the Implementing Regulation, competent authorities cannot add nor delete data to be reported, nor can they require the reporting of that data in a different format nor in a different (less or more granular) breakdown, nor in a combination, other than in accordance with the CRR and with Directive 2013/36/EU (‘CRD IV’). The opposite would lead to different ways of application of the Implementing Regulation across the Union, thus leading to ‘less than maximum harmonization’ and would defeat the purposes of the Regulation as a legal instrument (as opposed to a Directive), and would be contrary to the will of the EU legislators as explicitly provided in Article 99 CRR. The Implementing Regulation shall only be modified by adopting amendments by the EBA and endorsement of the Commission.” The harmonized reporting includes information on: Solvency/COREP (capital adequacy) Financial information/FINREP (on- and off-balance sheet assets and liabilities, profit and loss, asset quality (NPLs, forbearance), loan loss provisioning, related party transactions, geographical, sectoral concentration) Large exposures (concentration per counterparty sector and region) Losses from immovable property Leverage ratio Liquidity (LCR and NSFR (with detail of significant currencies) and additional monitoring metrics) Asset encumbrance Supervisory benchmarking Funding plans Remuneration policies Reporting is required both on a consolidated (prudential scope of consolidation) and on a solo basis; it covers on- and off-balance sheet items. The frequency varies between reporting from monthly (liquidity) to quarterly and semi-annual or annual for some individual templates. While FINREP was originally mandatory only for IFRS institutions on a consolidated level, Regulation (EU) 2015/534 of the ECB gradually extends the financial supervisory reporting to institutions under other accounting standards (national GAAP or nGAAP) and on a solo level. The amount of information reported takes into account the proportionality principle (i.e., institutions with a low level of complexity not surpassing certain thresholds are allowed to submit fewer data points). Competent authorities can also, under certain conditions explicitly spelled out in the CRR, waive institutions from reporting on an individual level. Approximately 250 supervised entities belonging to SI groups have been granted a waiver for reporting of own funds on a solo basis; most of these are also exempted from FINREP. Other areas not addressed by the EBA ITS on Supervisory Reporting can be covered via additional data collections: as explained in the abovementioned EBA Q&A, “In other areas of reporting, not covered by the scope of the Implementing Regulation as defined in Article 1 of the Implementing Regulation, competent authorities and/or central banks may be in a position to require further reporting by institutions in these other areas, as the case may be and depending on the legal basis available.” Having identified the SREP as one of these areas, the ECB launched in 2015 a data collection named Short-term Exercise (STE), aimed at supporting the SSM activities leading to the SREP with data not available in the ITS reporting framework. The legal basis for the data collection by the ECB is represented by Article 10 of the SSMR (power to require credit institutions and other legal or natural persons to provide all information necessary to carry out its tasks, including information to be provided at recurring intervals and in specified formats for supervisory and related statistical purposes) and Article 141 of the SSMFR (“the ECB may require supervised entities to report additional supervisory information whenever such information is necessary for the ECB to carry out the tasks conferred on it by the SSMR. Subject to the conditions set out in relevant Union law, the ECB may specify in particular the categories of information that should be reported as well as the processes, formats, frequencies, and time limits for provision of the information concerned”). The STE covers all SIs plus some significant subsidiaries; it encompasses, among others, the following information needs: Profitability (budget and planned data on income and expenses) Credit Risk (breakdown of exposures and loan loss provisions by classification, type of collateral, loan-to-value and transition matrices) Concentration risk (100 largest exposures of all counterparties) Market risk (sensitivities to interest rate, equity, commodity, credit spread, and FX risks) IRRBB Sovereign risk (direct and indirect exposures to sovereigns in both the banking and trading book) Liquidity risk (NSFR, funding plans) Operational risk The needs for STE data collections are reviewed every year; as soon as certain information collected through the STE become available as ITS reporting, the respective STE templates will be discontinued. Over the medium to long term, the ECB aims to propose to the EBA appropriate amendments to the ITS reporting framework and to reduce accordingly the STE for SREP data collection. The ESCB has launched initiatives for BIRD and IReF—focusing mainly on ESCB statistical requirements for the moment—that could lead to the creation of a single, common, ultra-granular data source for users’ multiple information needs. This would grant flexibility in the extraction of the relevant information from the same source, improving cross-consistency among different reports and, potentially, their data quality. Through time these initiatives could lead to a reduction in the overall reporting burden on banks.
EC2	The supervisor provides reporting instructions that clearly describe the accounting standards to be used in preparing supervisory reports. Such standards are based on accounting principles and rules that are widely accepted internationally.
Description and findings re EC2	According to Article 24 of the CRR, the valuation of assets and off-balance sheet items shall be affected in accordance with the applicable accounting framework. According to Article 99(2) of the CRR, SIs that prepare their consolidated accounts in conformity with IFRS are required to provide FINREP reporting templates for supervisory purposes. For other supervised entities, the ECB has issued Regulation (EU) 2015/534 to require supervisory financial information for non-IFRS reporters and at solo level. In eight member states, SIs with no securities traded on regulated markets are allowed to report on a consolidated basis according to their national GAAPs (though in two of these states nGAAP is considered fully compatible with IFRS); there are currently 11 SIs (representing 3 percent of total assets and 2 percent of RWAs in the SSM) that use nGAAP for reporting on a consolidated level. According to Article 24(2) of the CRR, the ECB could require those non-IFRS SIs to apply IFRS at a consolidated level; however, this would require such SIs to maintain two different accounting regimes in place. The ECB regulation on reporting of supervisory financial information uses templates designed by the EBA that form part of Commission Implementing Regulation (EU) No 680/2014. In particular, there are dedicated national GAAP reporting templates that harmonize the reporting of entities under these accounting standards while respecting their differences vis-à-vis IFRS. The ECB is collaborating with the NCAs to provide national GAAP banks with further guidance to facilitate their reporting.
EC3	The supervisor requires banks to have sound governance structures and control processes for methodologies that produce valuations. The measurement of fair values maximizes the use of relevant and reliable inputs and is consistently applied for risk management and reporting purposes. The valuation framework and control procedures are subject to adequate independent validation and verification, either internally or by an external expert. The supervisor assesses whether the valuation used for regulatory purposes is reliable and prudent. Where the supervisor determines that valuations are not sufficiently prudent, the supervisor requires the bank to make adjustments to its reporting for capital adequacy or regulatory reporting purposes.
Description and findings re EC3	Article 76(2) of CRD IV requires the management body to devote sufficient time to the consideration of risk issues as well as the valuation of assets, the use of external credit ratings, and internal models relating to those risks. To the extent that the applicable accounting framework is IFRS, the measurement of fair values and valuation rules are determined on the grounds of IFRS requirements (IAS 39, IFRS 13). In relation to internal modeling approaches, Article 78 of CRD IV requires that, at least annually, competent authorities assess the consistency and comparability of risk-weighted assets produced by institutions’ internal modeling approaches (except for operational risk) which competent authorities have granted permission to use for capital purposes. EBA RTS (EBA/RTS/2015/01) provide supervisors with a benchmarking tool to enable competent authorities to compare the outcomes of banks’ models. The ITS specify the benchmarking portfolios as well as the templates, definitions, and IT solutions that should be applied in the benchmarking exercise for market and credit risk. The RTS for prudential valuation (EBA/RTS/2014/06/rev1) establishes approaches for prudential valuation adjustments as required by the CRR (see CP 22, EC4). The EU-wide legislation does not cover the capacity for the supervisor to require a bank to make adjustments to its reporting for capital adequacy or regulatory reporting in order to impose a specific provision if valuations are deemed not sufficiently prudent. However, the ECB has the power to influence the provisioning policy of a bank within the limits of accounting standards. The ECB is also entitled to require credit institutions to apply specific adjustments (deductions, filters, or similar measures) to own funds calculations where the accounting treatment applied by the bank is considered not prudent from a supervisory perspective. In other words, the ECB has the power—for the purposes of own funds calculations (i.e., only for determining the capital ratios for prudential purposes)—to go beyond the accounting treatment when this is considered not prudent.
EC4	The supervisor collects and analyses information from banks at a frequency commensurate with the nature of the information requested, and the risk profile and systemic importance of the bank.
Description and findings re EC4	EU harmonized supervisory reporting is subject to the following minimum frequencies: Solvency/COREP (quarterly with some templates semi-annually) Financial information/FINREP (quarterly with some templates semi-annually or annually) Large exposures (quarterly) Losses from immovable property (semi-annually) Leverage ratio (quarterly) Liquidity (monthly) Asset encumbrance (quarterly) Supervisory benchmarking (annually) Funding plans (annually) Remuneration policies (annually) The frequency of collection and analysis of information from banks can be adjusted depending on the risk profile and systemic importance of the bank as per Article 104 paragraph a of CRD IV. Currently there are approximately 50 SIs that are subject to additional reporting requirements (including an increased reporting frequency). Most STE data is collected quarterly.
EC5	In order to make meaningful comparisons between banks and banking groups, the supervisor collects data from all banks and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates (stock data) and periods (flow data).
Description and findings re EC5	ECB banking supervision has direct supervisory competence in respect of credit institutions, financial holding companies, mixed financial holding companies established in participating Member States, and branches in participating Member States of credit institutions established in non-participating Member States that are significant. The perimeter of the entities included in the prudential scope of consolidation is defined in the CRR (Chapter 2, “Prudential consolidation”) and is applied to all institutions supervised within the SSM. The ITS on supervisory reporting provides harmonized reporting requirements for all these entities (FINREP only for IFRS institutions at the consolidated level). In order to ensure comparability between banks with different year-ends, according to Article 2 of Commission Implementing Regulation (EU) No 680/2014: “Where institutions are permitted by national laws to report their financial information based on their accounting year-end which deviates from the calendar year, reporting reference dates may be adjusted accordingly, so that reporting of financial information is done every three, six, or twelve months from their accounting year-end, respectively.” There are currently eight entities (part of SI groups) allowed to report their year-end results at dates not coinciding with calendar year-ends.
EC6	The supervisor has the power to request and receive any relevant information from banks, as well as any entities in the wider group, irrespective of their activities, where the supervisor believes that it is material to the condition of the bank or banking group, or to the assessment of the risks of the bank or banking group or is needed to support resolution planning. This includes internal management information.
Description and findings re EC6	Article 4 of CRD IV regarding the designation of powers to the competent authorities provides the legal basis for supervisors to have access to all relevant information from credit institutions as well as entities in the wider group. Paragraph 3 states that Member States shall ensure that appropriate measures are in place to enable the competent authority to obtain the information needed to assess the compliance of institutions, and of financial holding companies and mixed financial holding companies. Paragraph 5 states that Member States shall also ensure that internal control mechanisms and administrative accounting procedures of the institution permit the checking of their compliance with such rules at all times. Article 10 of the SSMR allows the ECB to require all information necessary to carry out the tasks of prudential supervision conferred on in by that Regulation, including: compliance with prudential requirements (Article 4.1d); and compliance with requirements on robust governance arrangements, including the fit-and-proper requirements for the persons responsible for the management of credit institutions, risk management processes, internal control mechanisms, remuneration policies and practices and effective ICAAP, including IRB models (Article 4.1.e). The assessors saw evidence of the capacity of JSTs to obtain, from banks and entities in the wider group, internal management information and any supplementary information needed for its assessment of the bank or banking group condition.
EC7	The supervisor has the power to access63 all bank records for the furtherance of supervisory work. The supervisor also has similar access to the bank’s Board, management, and staff, when required.
Description and findings re EC7	Article 11 of the SSMR allows the ECB to “examine the books and records of the persons referred to in Article 10(1) and take copies or extracts from such books and records,” and “obtain written or oral explanations from any person referred to in Article 10(1) or their representatives or staff.” The (legal and natural) persons referred to in Article 10(1) are the following: a)credit institutions established in the participating Member States; b)financial holding companies established in the participating Member States; c)mixed financial holding companies established in the participating Member States; d)mixed-activity holding companies established in the participating Member States; e)persons belonging to the entities referred to in points (a) to (d); f)third parties to whom the entities referred to in points (a) to (d) have outsourced functions or activities.
EC8	The supervisor has a means of enforcing compliance with the requirement that the information be submitted on a timely and accurate basis. The supervisor determines the appropriate level of the bank’s senior management is responsible for the accuracy of supervisory returns, imposes sanctions for misreporting and persistent errors, and requires that inaccurate information be amended.
Description and findings re EC8	Article 67 of CRD IV, in paragraphs (e) to (m), establishes the capacity for the competent authority to enforce compliance with the requirement that information submitted for regulatory purposes is accurately and timely. The ECB decision of July 2, 2014 (ECB/2014/29) specifies that the ECB will ensure compliance with the provisions of Union law that impose prudential requirements on credit institutions as regards reporting. Article 3 specifies the remittance dates to the ECB, with different deadlines according to the nature of the reporting entity. SIs directly supervised by the ECB have an earlier remittance date than LSIs. Article 4 requires NCAs to monitor and ensure the quality and reliability of the data made available to the ECB, by applying the validation rules specified in Annex XV of the EBA ITS on supervisory reporting, and to apply the additional data quality checks defined by the ECB in cooperation with the NCAs. Further, the information must be complete: existing gaps must be acknowledged, explained to the ECB and, if applicable, filled in without undue delay. Article 18(1) of the SSMR empowers the ECB to open infringement proceedings against and impose administrative pecuniary penalties on SIs for breaches, inter alia, of the reporting obligations stemming from the CRR. The ECB may also, pursuant to Article 18(5) of the SSMR, request NCAs to open proceedings in order to impose non-pecuniary penalties on SIs and/or sanctions against natural persons belonging to these entities. Moreover, on the basis of Article 9(1) second paragraph of the SSMR and for the exclusive purpose of carrying out the supervisory tasks conferred on it by that regulation, the ECB is empowered to directly impose on SIs the national enforcement measures stemming from the transposition of the relevant Directives; likewise and according to Article 9(1) third paragraph of the SSMR and Article 22(1) of the SSMFR, where national laws provide NCAs with enforcement powers, the ECB may require, by way of instructions, these authorities to make use of their enforcement powers with respect to breaches of reporting obligations. In case the reporting obligations breached are contained in an ECB decision or regulation, the ECB may also impose on SIs and LSIs periodic penalty payments (PPPs) and fines provided for in Article 122 of the SSMFR. As a result of the data quality process carried out by the ECB (Supervisory Statistics Division within the Directorate General Statistics) together with the NCAs, banks can be requested to resubmit their reports when the information received is found to be incomplete or inaccurate. In the EU framework, there is no indication of the appropriate level of the bank’s senior management to be held responsible for the accuracy of supervisory returns.
EC9	The supervisor utilizes policies and procedures to determine the validity and integrity of supervisory information. This includes a program for the periodic verification of supervisory returns by means either of the supervisor’s own staff or of external experts.64
Description and findings re EC9	The ITS reporting framework developed by the EBA defines data items and binding validation rules that ensure consistent application of the requirements. In addition, the EBA has developed additional quality checks for use by NCAs when reviewing the reported information. According to Article 140(4) of the SSMFR, “the ECB shall organize the processes relating to collection and quality review of data reported by supervised entities subject to, and in compliance with, relevant Union law and EBA implementing technical standards.” Therefore, the ECB organizes the quality review of the data and the NCAs monitor and ensure the quality and reliability of the data made available to the ECB. The Banking Supervision Data Division (BSDD) is responsible for carrying out these tasks, as established in the SSM Supervisory Manual. The main objective of BSDD is to ensure that the ECB has reliable and accurate supervisory data. Therefore, the function maintains close cooperation with NCAs’ reporting units, which are the first recipients of prudential reporting by credit institutions and which perform the first data quality checks on this data. BSDD collaborates with NCAs (and supervised entities in case of direct reporting to the ECB) through the sequential approach with the objective of putting into place efficient processes for the collection and the data quality assessment of the supervisory reports. The BSDD also ensures that reporters follow reporting deadlines established in the EBA ITS. Additionally, the BSDD assesses whether the data are submitted in a timely manner, and forwards the received reports—overnight—to end-users, such as JSTs and horizontal functions within the ECB. Upon receipt, selected data is also forwarded to the EBA. The data is made available to end-users according to the SSM Information Security Policies and IT-system entitlements. The BSDD produces regular supervisory statistics, KRIs, reports and dashboards for end-users. The BSDD is solely responsible for planning and executing its own tasks and activities. In cases of reporting errors (missing reports, false reports, or missed deadlines) that require further action, and where a reporting agent does not respond to repeated requests, the BSDD liaises with the JSTs and the Enforcement and Sanctioning Division as necessary. This process is currently under review with the objective of letting the BSDD have more direct contact with reporting agents in these matters. The STE reporting is also subject to data quality controls, but subject to a lower number of validation rules and according to a less structured process.
EC10	The supervisor clearly defines and documents the roles and responsibilities of external experts,65 including the scope of the work, when they are appointed to conduct supervisory tasks. The supervisor assesses the suitability of experts for the designated task(s) and the quality of the work and takes into consideration conflicts of interest that could influence the output/recommendations by external experts. External experts may be utilized for routine validation or to examine specific aspects of banks’ operations.
Description and findings re EC10	In cases where external experts are required to support the ECB in carrying out its prudential supervisory tasks, including the direct supervision of SIs, the rules followed are those that apply generally within the ECB. The ECB initiates the tender process by means of a contract notice published in the Official Journal of the EU with highly qualified external providers. The aim is to have the appropriate expertise and resources available when required, including at short notice, to assist the ECB’s head of supervisory assignments. The selection process is conducted in compliance with ECB Decisions (for example Decision ECB/2007/5 for the 2015 process), laying down the Rules on Procurement. The publication is followed by a selection and an award phase. The ECB evaluates the tenders received based on the formal requirements and award criteria in order to select the economically most advantageous tender, i.e., offering the best price/quality ratio, taking into account the award criteria. In light of the information collected, the framework agreement to be entered into with a selected entity further elaborates on the conditions under which a contractor may be considered to be subject to a conflict of interest and would therefore not be deployed for certain supervisory assignments. In addition, according to Article 24(4) of the Decision, the ECB may exclude tenderers from participation at any time if they or their management, staff, or agents are subject to a conflict of interest. To this end, tenderers are requested to certify that they are not subject to such a conflict of interest and/or provide such evidence specified in the contract notice. If such circumstances arise in the course of the procedure, the tenderer concerned shall inform the ECB without undue delay. When such external contractors are used, they would be contractually required to work in accordance with SSM methodologies and in close collaboration with ECB staff, and the head of the supervisory assignment, in particular. The quality of work of external experts is closely monitored and assessed by the ECB/SSM staff working on the specific task before taking it into account for supervisory conclusions. External contractors would be subject to the same professional secrecy requirements as ECB staff members when they provide services related to the discharge of supervisory duties. Furthermore, as with all of the ECB’s other activities, the use of external contractors is guided by the principle of prudent management of resources and by the goal of finding effective and cost-efficient solutions. External contractors are to be used only in limited circumstances. In the past two years they have been used in support of onsite missions and internal model investigations, in support of the preparatory and execution phases of TRIM, and in support of the preparatory and execution phases of EBA and SREP stress test exercises. In the cases of onsite missions or internal models investigations, a central ECB team, together with the SSM HoMs, assesses the suitability of each proposed external expert for the specific task. The SSM HoM reviews the output delivered by the expert team(s) and remains in charge and responsible for the mission team’s deliverables. Feedback from the HoMs is collected centrally and regularly for each mission and discussed in regular meetings with the experts’ employers.
EC11	The supervisor requires that external experts bring to its attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes.
Description and findings re EC11	In cases where external experts are required to support ECB banking supervision in its supervisory duties, the rules followed are those applied by the ECB. When such external contractors are used, they are contractually required to work under the instructions of ECB staff, and the HoM in particular. The integration of external experts into the assessment teams and their frequent interaction with the HoM ensure that any material shortcoming of banks’ compliance is promptly brought to the attention of the HoM.
EC12	The supervisor has a process in place to periodically review the information collected to determine that it satisfies a supervisory need.
Description and findings re EC12	The SSM is represented in the relevant bodies responsible for the establishment of reporting requirements, such as the EBA Reporting Subgroup and the EBA Standing Committee on Accounting, Reporting, and Auditing (as regards EBA ITS data) and the ECB Statistical Committee (as regards statistical data). It also coordinates various SSM networks involving NCAs, where the users’ needs on supervisory reporting are discussed: e.g., the network ‘User requirements of Supervisory Reporting’ discusses on a regular basis additional data gaps that could be discussed with the EBA when considering future enhancements of the EBA ITS reporting. As regards the EBA ITS data, there is no EU-wide framework for competent authorities to periodically review the information collected from banks and to determine whether it still satisfies supervisory needs. No framework has been established so far for competent authorities to perform an assessment of the information that has been collected to meet supervisory needs. However, Article 99(7) of the CRR allows competent authorities to notify the EBA whenever they believe that additional information should be included in the ITS on supervisory reporting. Accordingly, the EBA ITS is periodically updated to follow regulatory developments and to close data gaps identified by supervisors. As regards the information not included in the EBA ITS collected by the ECB, the reporting requirements are periodically discussed in the various networks and groups of the SSM. For example, the STE is reviewed on a yearly basis to take into account changes in activities and risks that would require modifications of the corresponding information collected for Pillar 2 purposes as well as areas entering into the EBA ITS scope.
Assessment of Principle 10	Largely Compliant
Comments	The ITS on supervisory reporting, published by the EBA after approval by the EC, is aimed at monitoring compliance with requirements established by the CRR (mostly Pillar 1 requirements); it represents the sole EU-wide legal framework for supervisory reporting in a number of areas and is a “maximum harmonization” instrument. This means that “with regard to the scope of application of the Implementing Regulation, competent authorities cannot add nor delete data to be reported, nor can they require the reporting of that data in a different format nor in a different (less or more granular) breakdown, nor in a combination, other than in accordance with the CRR and with [CRD],” as explained by the EBA. The ECB complements this information, for areas beyond the scope of application of the ITS to address specific and delineated needs. For instance, the STE data collections cover fundamentally some of the data needs for SREP (e.g., assets and liabilities by repricing date, for IRRBB estimation). The legal basis for this form of data collection is Article 10 of SSMR. STE reporting and surveys are necessary to give the ECB some flexibility in addressing its data needs to perform sound supervision. The ECB can also request data in its capacity as central bank, as it does for its ANACREDIT project, a Euro Area-wide collection of granular data on corporate loans. While allowing the ECB some room for flexibly, this provision does not allow the ECB to autonomously and promptly address any substantial data gaps that may emerge in areas already covered by the ITS. Currently, the only way to cover the need for new or more granular standardized data in such areas would be through a revision of the ITS, a much lengthier and more complex process. In addition, the STE data are not subject to the same quality control routines as for ITS reporting, which is likely to lead to lower data quality. The maximum harmonization principle is considered a fundamental safeguard for the development of the single market in the EU, both by creating a level playing field among institutions and by reducing the reporting burden (and, hence, the related costs). As such and taking into account the still existing differences in supervisory approaches across the EU, it is not necessarily fully supporting individual supervisory authorities’ interest in nimbly adapting the reporting to dynamically evolving needs. So far, the ECB has, in specific areas, complemented its data collection with tailored additional requests (e.g., the recently introduced supervisory reporting related to NPLs); going forward, the process to amend and integrate the harmonized supervisory reporting should be streamlined and expedited, as to reduce the need for the ECB to keep a host of supplementary data collections in place for long times. In the longer term, the initiatives for BIRD and IReF might contribute to ensuring harmonization of reporting while allowing for more flexibility in its uses: the introduction of a single, common, ultra-granular data source for users’ multiple information needs could support streamlining the current reporting requirements and, consequently, reduce the reporting burden on banks while increasing data quality. The ECB should further promote its development and widespread adoption. The EU-wide legislation does not cover the capacity for the supervisor to require a bank to make adjustments to its reporting for capital adequacy or regulatory reporting in order to impose a specific provision if valuations are deemed not sufficiently prudent (EC 3). However, the ECB has the power to influence the provisioning policy of a bank within the limits of accounting standards. The ECB is also entitled to require credit institutions to apply specific adjustments (deductions, filters, or similar measures) to own funds calculations where the accounting treatment applied by the bank is considered not prudent from a supervisory perspective. In other words, the ECB has the power—for the purposes of own funds calculations (i.e., only for determining the capital ratios for prudential purposes)—to go beyond the accounting treatment when this is considered not prudent. In the EU framework, there is no indication of the appropriate level of the bank’s senior management to be held responsible for the accuracy of supervisory returns (EC 8). As regards the EBA ITS data, there is no EU-wide framework for competent authorities to periodically review the information collected from banks and to determine whether it still satisfies supervisory needs. Considering the sizeable currency transformation operated by some internationally active banks, some with considerable presence in non-Euro markets, the ECB should ensure that the ITS include adequately granular and frequent breakdown of those banks’ cash flows in material non-Euro currencies and that the JSTs monitor it on a regular basis (see also CP 24). Regular reporting of a maturity ladder with a breakdown also by significant currency started in March 2018.
Principle 11	Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking license or to recommend its revocation.
Essential criteria
EC1	The supervisor raises supervisory concerns with the bank’s management or, where appropriate, the bank’s Board, at an early stage, and requires that these concerns be addressed in a timely manner. Where the supervisor requires the bank to take significant corrective actions, these are addressed in a written document to the bank’s Board. The supervisor requires the bank to submit regular written progress reports and checks that corrective actions are completed satisfactorily. The supervisor follows through conclusively and in a timely manner on matters that are identified.
Description and findings re EC1	The ECB is empowered to require banks, financial holding companies or mixed financial holding companies to take necessary measures (See CP 1 EC 3). The main tool used by the ECB are Decisions (legal acts) and operational acts (informal communication. Decisions result from the annual SREP, which is the most used supervisory tool. The ECB supervisory decisions, as defined in Article 2(26) of the SSMFR, must be adopted following the provisions set forth in Article 22 of the SSMR and Articles 25 et seqq. of the SSMFR. ECB supervisory decisions are in writing. According to Article 35 of the SSMFR, the ECB’s supervisory decisions can be delivered to SI’s governing board. Before making use of supervisory powers, the ECB employs a progressive remedial process. The ECB will employ non-binding routine or ad hoc requests, letters, statements, meetings with the management of the credit institution or a letter of intervention (collectively “operational acts”) if they will address an issue satisfactorily. If an SI does not comply with the ECB’s recommendations, or the seriousness of the problem identified, or deficiency so requires, the process will involve a formal supervisory measure. Such measures require a decision by the Supervisory Board and the Governing Council. The supervisory measure maybe included in the annual SREP decision addressed to the SI or may be in a separate decision. In practice, the SREP decision is the most often used Decisions are followed up by periodical/ad hoc reports only, or more frequent interaction with the SI, including follow-up inspections. The ECB also may seek to impose an enforcement measure to compel the SI to restore compliance, or a sanction, to punish the infringement. Referral to the ECB’s Enforcement and Sanctions Division is mandatory if the supervisors have reason to suspect that a breach of a prudential requirement or of an ECB regulation or decision is being or has been committed (See EC4). The decisions on enforcement measures and sanctions are taken by the Supervisory Board and the Governing Council. For LSIs, any material supervisory procedures or draft supervisory decisions should be notified to the ECB.
EC2	The supervisor has available66 an appropriate range of supervisory tools for use when, in the supervisor’s judgment, a bank is not complying with laws, regulations or supervisory actions, is engaged in unsafe or unsound practices or in activities that could pose risks to the bank or the banking system, or when the interests of depositors are otherwise threatened.
Description and findings re EC2	The powers of the ECB are laid down in Chapter III of the SSMR (Articles 9 to 18). Apart from the supervisory powers listed in Article 16(2) of the SSMR, the ECB can directly exercise powers conferred on the national authorities by national law transposing Union law directives. It can also require the NCAs, to the extent necessary, and by way of instructions, to make use of their powers, under and in accordance with the conditions of national law, where the SSMR does not confer such powers on the ECB. This is relevant, since the CRD-transposed powers do not cover all the breaches of requirements established by CRR—in that case, the ECB necessarily must resort to instruct NCAs to use purely national powers to deal with the issue. The assessors had access to files when this was the case. The ECB can act in two different ways to address shortcomings: (a) Informal dialogue with the credit institution (or operational acts), which does not require a Supervisory Board and Governing Council decision and is not legally binding; and (b) formal supervisory measures, which require decisions by the Supervisory Board and the Governing Council. These powers include, among others, the power to draw up an action program and a timetable for its implementation, to replace one or more managers, to request the management to convene a shareholders’ meeting and to appoint a special manager. The ECB may also impose an enforcement measure to compel the SI to restore compliance, or a sanction, to punish the infringement (see EC4).
EC3	The supervisor has the power to act where a bank falls below established regulatory threshold requirements, including prescribed regulatory ratios or measurements. The supervisor also has the power to intervene at an early stage to require a bank to take action to prevent it from reaching its regulatory threshold requirements. The supervisor has a range of options to address such scenarios.
Description and findings re EC3	The ECB has broad powers granted by Article 16 of the SSMR. These powers are available not only when the institution is breaching requirements but also when the ECB has evidence that the bank is likely to breach applicable legal requirements specified in Article 4(3) of the SSMR within the next 12 months; or when, based on the SREP, the ECB considers that the arrangements, strategies, processes, and mechanisms implemented by the institution and the own funds and liquidity held by it do not ensure a sound management and coverage of its risks. The ECB’s supervisory processes and powers are generally sufficient to resolve issues. In the event an institution remains noncompliant, the ECB may resort to enforcement and sanctions. However, the ECB’s enforcement powers are limited and misaligned with supervisory objectives. The ECB may employ non-pecuniary enforcement tools to affirmatively compel supervised entities to comply with applicable supervisory or legal requirements only when they are provided for in national transposition of CRD IV or as purely national measures. Pecuniary penalties are the only enforcement tool directly available to the ECB in every jurisdiction.
EC4	The supervisor has available a broad range of possible measures to address, at an early stage, the scenarios described in EC 2. These measures include the ability to require a bank to take timely corrective action or to impose sanctions expeditiously. In practice, the range of measures is applied in accordance with the gravity of a situation. The supervisor provides clear prudential objectives or sets out the actions to be taken, which may include restricting the current activities of the bank; imposing more stringent prudential limits and requirements; withholding approval of new activities or acquisitions; restricting or suspending payments to shareholders or share repurchases; restricting asset transfers, barring individuals from the banking sector; replacing or restricting the powers of managers, Board members, or controlling owners; facilitating a takeover by or merger with a healthier institution; providing for the interim management of the bank; and revoking or recommending the revocation of the banking license.
Description and findings re EC4	The ECB has at its disposal a broad range of possible measures to address, at an early supervisory stage, deficiencies and weaknesses at SIs, as described in EC 2 above. These measures are comparable to those available to competent authorities pursuant to Articles 103-106 of CRD IV and include the ability to require a SI to take timely corrective action through the ECB Supervisory Board decision process. The formal imposition of sanctions is not expeditious due to the complex legal framework. Internal ECB process improvements should be undertaken even if there are other legal impediments to timely action. The ECB can require the SI to take timely corrective action by applying the broad supervisory powers available to the ECB. According to Article 16(2) of the SSMR, the ECB has the power to: require institutions to hold additional own funds; require the reinforcement of the arrangements, processes, mechanisms and strategies; require institutions to present a plan to restore compliance with supervisory requirements; require institutions to apply a specific provisioning policy or treatment of assets in terms of own funds requirements; restrict or limit the business, operations or network of institutions or to request the divestment of activities that pose excessive risks to the soundness of an institution; require the reduction of the risk inherent activities, products or systems of institutions; require institutions to limit variable remuneration as a percentage of net revenues; require institutions to use net profits to strengthen own funds; restrict or prohibit distributions of interest payments by an institution to shareholders, members or holders of Additional Tier 1 instruments; impose specific liquidity requirements, including restrictions on maturity mismatches between assets and liabilities; require additional disclosures; remove at any time members from the management body of credit institutions who do not fulfil the requirements set out in relevant Union law. The ECB has the power to require SIs to take necessary measures at an early stage if a SI is likely to breach prudential requirement within the next 12 months or if sound management and coverage of risks is not ensured (See EC 2 and EC 3). Article 16 of the SSMR also authorizes the ECB to directly exercise all powers conferred on the NCAs by national law transposing Union law directives in order to carry out its supervisory tasks. It also may require a NCA to make use of their national powers, where the SSMR does not confer such powers on the ECB (See EC 2). Thus, the ECB can directly or indirectly apply the powers NCAs have under and in accordance with the conditions set out in national law. Under Article 14(5) of the SSMR, the ECB also has the power to withdraw a credit institution’s authorization if circumstances warrant (See CP 5). The ECB can also impose sanctions. The allocation of sanctioning tasks between the ECB and the NCAs vis-à-vis SIs depends on three main elements: (i) type of regulation allegedly infringed (i.e., directly applicable Union law; national law implementing Directives, ECB decisions, or regulations; national law relating to tasks not conferred on the ECB); (ii) entity to be penalized (i.e., supervised entity or natural person); (iii) sanction to be imposed (i.e., pecuniary or non-pecuniary). In general, the ECB can only apply non-pecuniary sanctions and sanction natural persons through an NCA. The table below summarizes the allocation of sanctioning powers between the ECB and the NCAs based on the nature of the infringement: ECB / NCA SANCTIONING POWERS Citation: IMF Staff Country Reports 2018, 233; 10.5089/9781484369715.002.A001 Download Figure Download figure as PowerPoint slide Where SIs intentionally or negligently breach a requirement under relevant directly applicable Union law in relation to which administrative penalties are available to competent authorities, the ECB may under Article 18(1) of the SSMR impose administrative pecuniary penalties of twice the amount of the profits gained or losses avoided because of the breach where those can be determined or up to 10 percent of the total annual turnover in the proceeding business year. In case of breach of ECB regulations or decisions, the ECB may under Article 18(7) of the SSMR impose fines against supervised entities of the same maximum amount. The ECB has the power to impose periodic penalty payments of up to five percent of the average daily turnover per day of infringement in order to enforce ECB decisions or regulations. The ECB can require NCAs to open proceedings if penalties for breaches of national law transposing EU Directives, penalties against natural persons or non-pecuniary penalties are to be imposed (See Article 18(5) of the SSMR, Article 134 of the SSMFR). Beside the application of these supervisory powers and sanctions, the ECB has the power to impose enforcement measures to compel a SI to comply with (i) an ECB supervisory decision or regulation or (ii) an obligation under relevant Union law. The ECB can also impose enforcement measures against LSIs for ongoing breaches of ECB decisions or regulations imposing an obligation vis-á-vis the ECB. The allocation of enforcement powers between the ECB and the NCAs is as follow: ECB ENFORCEMENT POWERS Citation: IMF Staff Country Reports 2018, 233; 10.5089/9781484369715.002.A001 Download Figure Download figure as PowerPoint slide As regards the types of enforcement measures available, the ECB is empowered to directly impose on SIs periodic penalty payments (PPPs) provided for in Council Regulation (EC) No 2532/98 in cases of ongoing breaches of ECB supervisory decisions or regulations. The upper limit of PPPs shall be five percent of the average daily turnover per day of infringement for a maximum period of six months. In addition, according to Article 9(1) paragraph 2 of the SSMR for the exclusive purpose of carrying out its tasks, the ECB shall have all the powers and obligations which NCAs shall have under the relevant Union law. Based on this Article, the ECB may also adopt directly those measures that NCAs shall have under the relevant Union law which are considered as enforcement measures in the national legislation implementing relevant directives. For example, cease-and-desist orders could be included in this category depending on the Member State’s implementation of CRD IV. The ECB provided the assessors with a mapping of national enforcement and sanctioning powers compiled by the NCAs. Unless powers are expressly labeled as enforcement under CRD IV transposition, the ECB cannot exercise these directly and needs to instruct NCAs to exercise these pure national powers. For example, in Germany, there are few powers directly available to the ECB as the powers available to BaFin are not considered to be enforcement measures under CRD IV but as administrative measures under German law. Other jurisdictions more closely follow the provisions of CRD IV in terms of the availability and size of pecuniary penalties. Procedural processes vary widely among Member States with regard to assessing penalties against individuals, and some breaches under national law need to observe precise thresholds for trigger. Some national laws also impose procedural processes or approvals before the ECB may exercise a national law tool. Cyprus is an example of where the imposition of national law sanctions requires the agreement of the Minister of Finance. Moreover, differences in national laws governing breaches may result in potentially inconsistent outcomes for similar breaches. This does not foster consistency and a level playing field.
EC5	The supervisor applies sanctions not only to the bank but, when and if necessary, also to management and/or the Board, or individuals therein.
Description and findings re EC5	The ECB may impose sanctions only on legal entities (SIs), but it does not have the power to directly impose sanctions on natural persons pursuant to recital 53 and Article 18(1) of the SSMR. In contrast, under CRD IV (Article 65 on Administrative penalties and other administrative measures), Member State competent authorities are authorized to impose sanctions on credit institutions as well as to members of management bodies and other individuals. The ECB may, however, require NCAs to open proceedings with a view to taking action to ensure that appropriate national law penalties are imposed for breaches of prudential requirements under Article 18(5) of the SSMR. (Sanctioning powers between ECB and NCAs are discussed in BCP 11 EC 4). Pursuant to Article 134 of the SSMFR, NCAs may impose sanctions upon natural persons belonging to SIs only at the ECB’s request and shall inform the ECB of the outcome of the proceedings. NCAs also may ask the ECB to request them to open proceedings to impose a sanction on natural persons belonging to a SI. The level of sanctions has gradually increased since the inception of the SSM. Only four proceedings were initiated in 2015 (3 sanctioning proceedings and 1 enforcement proceeding; 2 sanctioning proceedings were completed in 2015). In 2016, the ECB launched 41 sanctioning proceedings and one enforcement proceeding. The ECB handled 44 proceedings in 2016 (including two ongoing 2015 proceedings), 42 of them regarding sanctions and two related to enforcement measures. Altogether, 30 out of the 42 sanctioning proceedings handled in 2016 relate to suspected breaches of directly applicable EU law (ECB decisions and regulations included). These proceedings concern 26 SIs and relate to the areas of own funds, reporting, public disclosure, liquidity and large exposures. The remaining 12 out of the 42 sanctioning proceedings are related to suspected breaches of national law transposing CRD IV provisions and concern SIs or natural persons. These proceedings involved suspected breaches regarding governance, including internal control mechanisms, management body functions and remuneration. During 2016, the ECB also addressed three requests to NCAs to open sanctioning proceedings within the remit of their national competences. The two enforcement proceedings handled in 2016 concerned a suspected breach of national remuneration rules and non-compliance with an ECB supervisory decision (See ECB Annual Report on Supervisory Activities 2016). In addition, the ECB has the competence pursuant to Article 16(2)(m) of the SSMR to remove members of the management body of SIs who do not fulfill the fit-and-proper requirement under its supervisory authorities at any time. The removal powers of NCAs vary under national laws. Some Member States lack the power to remove individual management body members. Others only allow the imposition of penalties upon natural persons. Enforcement proceedings against individuals are brought under national laws, appeals of any such enforcement actions or sanctions are directed to national courts where the ECB may not have legal standing.
EC6	The supervisor has the power to take corrective actions, including ring-fencing of the bank from the actions of parent companies, subsidiaries, parallel-owned banking structures, and other related entities in matters that could impair the safety and soundness of the bank or the banking system.
Description and findings re EC6	The ECB is empowered by Article 16 of the SSMR to require SIs to take the necessary corrective measures at an early stage. The measures available to the ECB are broad and encompass the actions specified in EC6. They are described in more detail in EC 1, EC 2, and EC 4. In addition to those direct supervisory measures, the ECB can also use the existing purely national structural powers (indirectly exercised by way of instructions pursuant to Article 9(1) 3rd paragraph of the SSMR). The ECB possesses early intervention authorities. An intensive interaction between the ECB and SRB takes place when early intervention measures are planned to be taken by the ECB regarding an institution for which SRB is the resolution authority. Notable differences exist between the scope of the direct supervision of the ECB and the remit of entities falling under the competence of the SRB. The latter has a more extended scope that includes cross-border LSIs not directly supervised by the ECB. Furthermore, there is some overlap between the early intervention powers in the BRRD and the supervisory powers listed in the SSMR, each backed by different procedures (See Commission Staff Working Document https://ec.europa.eu/info/sites/info/files/171011-ssm-review-report-staff-working-document_en.pdf).
EC7	The supervisor cooperates and collaborates with relevant authorities in deciding when and how to effect the orderly resolution of a problem bank situation (which could include closure, or assisting in restructuring, or merger with a stronger institution).
Description and findings re EC7	The legal framework for crisis management and bank resolution for SIs is established under the BRRD and the SRMR. The framework defines in detail the cooperation arrangements between the ECB and the SRB during the resolution process. If the ECB determines after consulting with the SRB that the institution is failing or likely to fail, or if the ECB receives such a determination from an institution itself, the ECB must notify, inter alia, the SRB. Before it decides that an institution is failing or likely to fail, the SRB must first inform the ECB that it intends to make this determination and allow the ECB three calendar days to make an assessment. The ECB and SRB have signed an MoU, which should ensure early and effective coordination and information sharing. (MoU, between the SRB and the ECB in respect of cooperation and information exchange). At the resolution stage, the BRRD envisages certain tasks to be performed by the supervisor. The ECB will perform these tasks in accordance with the national transposition of the BRRD. For example, in case a bridge institution is set up by the resolution authority, it may submit a request for a temporary exemption of the conditions for authorization. In these cases, the ECB would grant authorization and could become the competent authority for the bridge bank.
Additional criteria
AC1	Laws or regulations guard against the supervisor unduly delaying appropriate corrective actions.
Description and findings re AC1	The ECB is required to take timely supervisory action under Article 16(2) of the SSMR. The assessors saw evidence that the SSM identified deficiencies and initiated timely corrective action through the supervisory process. This is accomplished primarily through progressive remedial measures starting with “operational acts” and culminating in the issuance of formal ECB decisions. The subsequent initiation of formal post-remediation enforcement and sanction actions is less timely. This is due to substantive and procedural legal limitations. With respect to sanctions, the ECB provided the assessors with its June 23, 2016 Guidance for the referral of suspected breaches to the ECB’s independent Enforcement Division. According to this detailed guidance, without prejudice to the adoption of any of the above-mentioned supervisory measures, JSTs and/or other business areas in charge of day-to day supervision must refer to the ECB’s independent investigating unit every identified suspected breach of prudential requirements. Breaches of quantitative prudential requirements do not entail a margin of supervisory judgement and must be referred immediately. The identification of breaches of qualitative prudential requirements may entail a margin of supervisory judgment. Those breaches shall be referred only when, based on expert supervisory judgment, the JST or the relevant business area identified non-compliance with supervisory requirements. The ECB’s independent investigating unit shall assess the referred breaches and decide whether to open a sanctioning procedure according to the criteria set out in the ex-ante Supervisory Board Guidance. In case the independent investigating unit decides to open a sanctioning procedure, it will consider the distribution of sanctioning powers between the ECB and the NCAs.
AC2	When taking formal corrective action in relation to a bank, the supervisor informs the supervisor of nonbank related financial entities of its actions and, where appropriate, coordinates its actions with them.
Description and findings re AC2	There is no express provision requiring the ECB to communicate with NCAs or other nonbank EU or national regulatory authorities when taking formal corrective action against a bank that has nonbank related financial entities supervised by it. When the NCA is an integrated supervisory authority for all regulated financial sector entities and sits at the Supervisory Board at the ECB, who approves all supervisory measures, it will be informed. In addition, in this case, the NCA members in the JSTs are generally responsible for the liaison and communication of material issues. This indirect communication process with nonbank national regulators may unnecessarily slow any coordinated response. The ECB is encouraged to develop protocols for communication with insurance and financial market regulators of nonbank entities to coordinate actions, since not all NCAs are integrated supervisors.
Assessment re principle 11	Materially Non-Compliant
Comments	The ECB uses the SREP methodology and its SEPs to identify unsafe or unsound practices at SIs at an early stage. Once deficiencies are identified, a progressive remedial process is followed. Ongoing supervision by the JSTs identifies issues and recommends specific corrective actions within defined time periods to SI management informally and in writing. Article 16.2 of the SSMR lists a broad range of authorities that permit the imposition of both affirmative obligations and significant consequences to correct deficiencies. Written communications from the JSTs are “operational acts.” These communications carry significant moral suasion weight even though they are not legally binding at this stage. The ECB’s standard practice is to escalate a matter to the ECB Supervisory Board for a formal decision if an SI does not comply with an operational act. The Supervisory Board decision is legally binding upon a SI and is enforceable, as noncompliance constitutes a breach that is subject to sanctions. Assessors saw evidence of this process working effectively in practice. The national laws of several Member States and the SSMR provide a broad range of actions that can be taken by supervisors in their respective responsibilities. Direct enforcement powers and sanctions of the ECB are limited; however, the ECB can make direct use of the enforcement powers available to NCAs, if they derive from the transposition of CRD, and request NCAs to open proceedings with a view to taking action in order to ensure that appropriate penalties are imposed for breaches of national law transposing CRDIV. When the powers available to NCAs exist only under purely national law, the ECB can instruct the NCA to use such powers. Assessors had access to evidence of such indirect actions, where the ECB instructed NCAs to apply local sanctioning powers according to the national legislation. The legal framework for enforcement and sanctions, therefore, is complex and contains substantive and procedural gaps that should be addressed to meet CP 11 standards. Assessors note the complex legal enforcement framework may make it operationally difficult and time consuming for the ECB to impose formal enforcement actions and sanctions in some countries, where some powers may not be available. In addition, CRD IV powers do not cover all breaches of the CRR. Some common breaches—such as misreporting of financial statements—are not covered by CRD transposition and therefore cannot be subject to enforcement or sanctioning measures directly by the ECB in all jurisdictions. As noted above, the ECB may impose enforcement measures and sanctions only on legal entities (SIs), but it does not have the power to directly impose enforcement measures and sanctions on natural persons. In contrast, under CRD IV Member State competent authorities are authorized to impose enforcement measures and sanctions on credit institutions as well as to members of management bodies and other individuals. In order to fully ensure deterrence and a level playing field, the ECB’s enforcement and sanctioning powers should be fully aligned to its supervisory responsibilities, including the possibility to directly impose sanctions for breaches of national law implementing EU directives and to sanction managers, and its enforcement and sanctioning toolkit should be completed with non-pecuniary measures The current lack of harmonization in the scope and approach to enforcement and sanctions results in similar breaches being addressed asymmetrically. The ECB should have a comparable authority to impose direct enforcement measures and sanctions upon individuals, as is the case with NCAs, and on entities regarding all breaches of the CRR. While the ECB has effectively used its authorities under Article 16.2 to effect necessary remedial measures at SIs, express authority to impose non-pecuniary sanctions, such as enforceable cease and desist orders with affirmative covenants, would provide an additional supervisory tool that could be used in appropriate circumstances. The ECB initiated 44 sanctioning cases since 2015 as of year-end 2016. The ECB should consider measures to reduce the backlog of the 35 remaining sanctioning cases. It is noted that only two matters were brought to a successful conclusion during this period and that only three cases were referred to NCAs to open proceedings under national law. https://www.bankingsupervision.europa.eu/banking/sanctions/html/index.en.html. The assessors were shown a detailed schematic of the ECB’s enforcement and sanction process. It is complex and may involve a high level of coordination with NCAs. Streamlining the process and procedures could result in a timelier resolution of referred breaches.
Principle 12	Consolidated supervision. An essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide.67
Essential criteria
EC1	The supervisor understands the overall structure of the banking group and is familiar with all the material activities (including nonbanking activities) conducted by entities in the wider group, both domestic and cross-border. The supervisor understands and assesses how group-wide risks are managed and takes action when risks arising from the banking group and other entities in the wider group, in particular contagion and reputation risks, may jeopardize the safety and soundness of the bank and the banking system.
Description and findings re EC1	The ECB is the competent authority under the CRD and the SSMR to carry out a SREP and to take decisions for SIs. Supervision is conducted at the consolidated, sub-consolidated, and single-entity levels within a group unless an entity has been waived from supervision on an individual basis in accordance with Articles 7, 8, 10 of the CRR. In case of a financial conglomerate, the SREP decisions also take into account the outcome of the supplementary supervision as required by FICOD. This means that the supervisor must understand both the group-wide view as well as gain an understanding of all material activities conducted by the various entities within the group. To achieve this goal in case s where supervision has not been waived, the ECB carries out a SREP. Consolidated supervision generally consists of the following elements: the day-to-day supervision of each supervised group is carried out by a JST, comprised of staff from both the ECB and NCAs and coordinated by an ECB JST coordinator; supervision at the consolidated level is carried out by the JST with a high degree of involvement of ECB staff; solo/sub-consolidated supervision of parent companies, banking subsidiaries, and significant branches follows the same supervisory model as consolidated supervision, but with greater involvement by the local JST members. For solo/sub-consolidated supervision of subsidiaries and branches established in non-participating Member States, the model used is based on the supervisory college framework as set out in the CRD. For solo/sub-consolidated supervision of subsidiaries and branches established in third countries (outside the EU), the model is based on MoUs, and if possible on colleges as set out in CRD IV. If the parent entity is established in a non-Euro Area Member State or third country, the JSTs conduct sub-consolidated/solo supervision on the entities established in the participating Member-States. For SIs, the JSTs conduct the SREP in accordance with the SSM methodology and ensure compliance with the requirements of CRD IV and the CRR. The interaction between consolidated and sub-consolidated/single entity supervision is mainly relevant for large cross-border credit institutions. The model adopted by ECB banking supervision is designed for those institutions but, in principle, can also apply to smaller cross-border groups. For unconsolidated and consolidated supervision, a matrix model applies under which NCA staff remain employed in their own institutions, although for the fulfilment of the JST tasks, a reporting line exists with the JST coordinator, who is able to give instructions to all JST members for the purpose of internal coordination. In addition, sub-coordinators can be used to efficiently manage the JST and to facilitate cooperation with the NCAs. The assessors met with JST team members of consolidated banking groups with numerous subsidiaries and foreign subsidiaries or operations to get a practical understanding of the ECB’s supervisory approach to consolidated entities. The SSM Supervisory Manual Chapter 7 on Conglomerates, and relevant supervisory analysis, reviews and other materials were provided to the assessors. Consolidated supervision Consolidated supervision builds on the findings of sub-consolidated or single entity (i.e., solo) supervision. The model adopted is depicted schematically in Figure 1 below. Consolidated Supervision Citation: IMF Staff Country Reports 2018, 233; 10.5089/9781484369715.002.A001 Download Figure Download figure as PowerPoint slide Consolidated supervision is at the center of SSM supervision. The role of the JST coordinator is pro-active. The JST coordinator utilizes ECB delegated experts and NCA experts directly. He or she can, on his or her own initiative, also direct the sub-coordinator of the parent company to manage or perform specific tasks. The core JST also plays a role in consolidated supervision with respect to information exchange and the organization of work. It reviews the consolidated assessment, taking into account the results of the analysis at national level, and acts as a first level of mediation in case of conflict between NCAs or between NCAs and the ECB. Download Figure Download figure as PowerPoint slide The respective sub-coordinator, as the competent organizational manager for the parent-company NCA staff in the JST, is involved in discussions on strategic issues related to the supervisory program. The JST coordinator liaises with him or her on important supervisory decisions, such as SREP decisions. The experts working on consolidated supervision are ECB supervisors, supervisors from the previously responsible authority for the parent company, and supervisors responsible for material subsidiaries. In order to successfully avoid competing teams and potential overlap between ECB and NCA supervisors, they are organized as one cross-border team. Solo/sub-consolidated supervision The role of the sub-coordinators is more prominent regarding solo and sub-consolidated supervision. The JST coordinators, however, retain the right to have direct contact with the employees working in sub-consolidated or single entity supervision at the national level. Together with their team, they have the main role in the planning for and preparing the necessary supervisory activities. In the case of the parent entity and material subsidiaries, the teams can be supported by ECB staff also working at the national level. Figure 2: Solo/sub-consolidated supervision Risks arising from participation in consolidated entities that are not supervised as credit institutions by ECB banking supervision (i.e., supervised by other authorities such as insurance supervisors, financial market regulators, or not supervised at all) are also considered. Financial conglomerate The SREP for a financial conglomerate, established on the basis of the FICOD criteria, includes an assessment of the potential impact of nonbanking activities on the banking part of the group, its risk profile of the group, its profitability, and its capital and liquidity position, and assesses the overall situation at the conglomerate level. During the assessment, JSTs need to understand the risks from nonbanking activities (e.g., underwriting risk and the mitigation of this risk are specific to insurance entities), and the mechanisms through which these activities could affect the credit institution part of the conglomerate. This assessment, and the issuance of any requirements arising from it, takes place at the end of the process. The conglomerate approach takes into account the different sectoral regulations. In cases where a mixed financial holding company (MFHC) is subject to equivalent provisions under CRD IV and FICOD, there is the option to apply only the provisions of FICOD to the MFHC. Decisions are made on a case-by-case basis (see Articles 4, 108(3) and 120 of CRD IV). Because separate regulatory requirements exist for each sector, groups may have separate risk databases for banking, insurance, and other activities. The lack of common databases may make it more difficult for both management and the JSTs to fully understand the risks to the consolidated group and may impede effective consolidated supervision. Some consolidation of risks is, however, performed at group level and is presented in groups’ internal risk dashboards. As coordinator, the ECB may receive the conglomerate’s data from the supervised banking entity. If banking, nonbanking and other risks are managed in a fully integrated manner by the supervised institution, the information provided may be used in the assessment. The ECB may also receive information from the competent insurance supervisors. FICOD provides that the competent authorities are responsible for the supervision of regulated entities in a financial conglomerate and the competent authority appointed as the coordinator should share information which is essential or relevant for the exercise of the other authorities’ supervisory tasks under the sectoral rules and FICOD. Supervisory intensity The proper allocation of supervisory work between the “central” parent/group and the “local” subsidiary/sub-consolidated level requires, as a precondition, a thorough awareness of the group’s structure, business model(s) and operational features. The assessors were provided several examples of the ECB’s analysis of a banking group’s structure and its management of group-wide domestic and cross-border risks. The axis to bear in mind while mapping the group’s perimeter includes, as a minimum, the following: (a)Degree of relevance of the subsidiary/sub-consolidated group: “Relevance” indicates the importance that a given subsidiary/sub-consolidated group has within the significant group it belongs to. There are different quantitative indicators deemed suitable to measure “relevance,” such as percentage of total assets, income contribution, contribution to the consolidated capital requirements, risks, etc. Qualitative information may be considered as well, as in the case where a local subsidiary manages an important production process or business area within the group (e.g., subsidiaries managing the credit card business or the custodian bank function) or develops complex activities. (b)Degree of significance of the subsidiary/sub-consolidated group: “Significance” indicates the importance that a given subsidiary/sub-consolidated group holds in the local market, for example in terms of market share of loans, deposits, etc. As is the case for the relevance criterion, significance may also be assessed on the basis of qualitative information; for example, a subsidiary may be considered locally significant if it manages a “core” infrastructure in the local payment system. There may, of course, be cases where the statuses of significance and relevance do not correspond to each other. (c)Degree of centralization/decentralization of strategy, business, operations, risk governance and controls: Institutions’ organization structures exhibit different degrees of centralization or decentralization. Situations may exist where the parent company plays a considerable role in setting strategies, providing binding business guidelines, managing and controlling risks, and providing operational and support services (e.g., IT, accounting, back-up and central processing services, etc.). On the other hand, there are cases where the local subsidiaries/sub-consolidated entities enjoy greater autonomy when following the guidelines and principles issued by the parent company. Therefore, knowing the degree of centralization opted for is of key importance in defining the supervisory model to be adopted on a solo basis. Indeed, the higher the degree of centralization, the less significant the contribution to the analysis on a solo basis, at least potentially, and vice-versa. (d)Level of perceived risk: The level of risk of the subsidiary/sub-consolidated group being assessed has to be taken into account in defining the intensity of supervision, based on the principle that entities deemed to be particularly risky within cross-border groups can have potentially destabilizing effects—at least on a reputational level—on the group as a whole. This mapping is an important part of the supervisory planning process and in principle allows for the identification of two subsets of subsidiaries/sub-consolidated groups: those which are significant and/or relevant and/or more autonomous and/or riskier (material subsidiaries). This subset of entities warrants a level of supervisory intensity comparable to that applied at the consolidated level; the remaining entities (non-material subsidiaries), for which the supervisory intensity may be lower. The mapping, to be performed along the aforementioned dimensions, is the JST’s responsibility supported by DG MS IV and NCAs where needed. An annual review of the mapping is carried out by the JST coordinator, who requests updates from the NCAs. The objective of the assessment of business model viability indicators on a consolidated level is to assess viability by means of a quantitative analysis of several risk indicators at the consolidated level, and a comparison to peers. Taken together, these and other indicators should give the analyst a full picture of the real and concrete strategy pursued by the bank and the key metrics regarding profitability at the consolidated level. The consolidated annual accounts of at least the past three years, and the most recent monthly/quarterly management reports for the current year budget (including year-to-date realization) should be used. All available information from FINREP and COREP, data and indicators available in IMAS as well as SNL data will form the starting point of the analysis. A bank should be able to provide detailed bottom-up forecasts of performance for the short-to-medium term (one to three years) and, at least, top-down forecasts for the longer term (two to five years). The assumptions used by the bank to generate forecasts for key drivers should be identified and understood. These are usually found in the bank’s strategic assessment and planning documents and Board papers/documents regarding strategic and financial planning. It is necessary to distinguish between assumptions applied at the consolidated level and assumptions applied to business lines. Additional objectives have been established with regard to cross-sector supervision of financial conglomerates, which requires specific institutional arrangements (including at the national level when there is distinct sector supervision). Within the EU, cooperation among sector supervisors is governed by FICOD, which provides the framework for the supplementary supervision of credit institutions, insurance undertakings, and investment firms in a financial conglomerate. This supplementary supervision is understood as supervision that does not substitute the sectorial supervision but builds on it and addresses those risks that stem from the activities of a group in the other financial sectors. Supplementary supervision addresses the “Five Cs”: (i)Capital adequacy at group level (i.e., avoidance of “double gearing” across the sectors); (ii)Contagion (i.e., supervising intra-group transactions); (iii)Concentration (i.e., supervising risk concentration across business lines); (iv)Conflict of interest (i.e., issues with respect to corporate governance); (v)Complexity. For cooperation with other authorities please refer also to BCP 3.
EC2	The supervisor imposes prudential standards and collects and analyses financial and other information on a consolidated basis for the banking group, covering areas such as capital adequacy, liquidity, large exposures, and exposures to related parties, lending limits, and group structure.
Description and findings re EC2	Prudential standards established by the CRR/CRD (Pillar 1 and Pillar 2 requirements) are imposed at the consolidated, sub-consolidated and individual basis. According to the CRR: (a)’consolidated situation’ means the situation that results from applying the requirements of this Regulation in accordance with Part One, Title II, Chapter 2 to an institution as if that institution formed, together with one or more other entities, a single institution; (b)‘sub-consolidated basis’ means on the basis of the consolidated situation of a parent institution, financial holding company or MFHC, excluding a sub-group of entities, or on the basis of the consolidated situation of a parent institution, financial holding company or MFHC that is not the ultimate parent institution, financial holding company, or MFHC. Articles 11, 13, and 14 of the CRR state that parts 2 (Own Funds), 3 (Capital requirements), 4 (Large Exposures), 5 (Exposures to Transferred Risk), 6 (Liquidity), 7 (Leverage), and 8 (Disclosure) are to be complied with on a consolidated basis. For large exposures, Article 11(1) of the CRR stipulates that parent institutions in a Member State of the EU shall comply, to the extent and in the manner prescribed in Article 18 of the CRR, with the large exposures obligations laid down in Part Four of the CRR on the basis of their consolidated situation. According to Article 11(1) of the CRR, the parent undertakings and their subsidiaries set up a proper organizational structure and appropriate internal control mechanisms in order to ensure that the data required for consolidation are duly processed and forwarded. In particular, they ensure that subsidiaries which are not subject to the CRR implement arrangements, processes, and mechanisms to ensure a proper consolidation. With respect to parent financial holding companies, Article 11(2) of the CRR stipulates that institutions controlled by a parent financial holding company or a parent MFHC in a Member State of the EU shall comply, to the extent and in the manner prescribed in Article 18 of the CRR, with the large exposure obligations laid down in Part Four of the CRR on the basis of the consolidated situation of that financial holding company or MFHC. Article 6 of the CRR states that parts 2 (Own Funds), 3 (Capital requirements), 4 (Large Exposures), 5 (Exposures to Transferred Risk), 6 (Liquidity), 7 (Leverage), and 8 (Disclosure) are to be complied with on individual basis, unless waivers under Article 7, 8, or 10 apply. CRR provisions on reporting in Articles 99–100 (reporting on own funds on consolidated basis based on accounting standards), 394 (large exposures), 415–416 (liquidity), 430 (leverage), as specified by the EBA’s ITS on reporting, require that information shall be reported on both a solo and consolidated basis, unless a waiver from reporting on a solo basis under articles 7, 8, or 10 applies. The ECB has adopted Regulation (EU) 2015/534 of March 17, 2015 on reporting of supervisory financial information (See CP 10). The regulation lays down the requirements regarding reporting on supervisory financial information to be submitted to NCAs and the ECB by supervised banks. This reporting includes information on balance sheet items such as financial assets, nonperforming exposures (NPEs), and financial liabilities as well as on income and expenses such as impairment due to credit losses. CP 12 EC 1 applies regarding the supervision of the different levels of institutions. The supervisor collects and analyses information on a consolidated basis for the banking group covering various business areas. When assessing this information for the banking group, the supervisor ‘maps’ several components. This model used is complemented by a detailed centrally coordinated planning process that defines the supervisory priorities and the level of involvement of the JSTs, the ECB staff and the level of assistance provided by the NCA within the JSTs for all major supervisory tasks to be carried out (See EC 1). The ECB provided the assessors examples of its consolidated financial review and analysis of banking groups’ capital, liquidity, concentrations, exposures to related parties, lending limits, and group structure. The materials included ECB “operational act” onsite inspection letters and subsequent correspondence following up on specified recommendations.
EC3	The supervisor reviews whether the oversight of a bank’s foreign operations by management (of the parent bank or head office and, where relevant, the holding company) is adequate having regard to their risk profile and systemic importance and there is no hindrance in host countries for the parent bank to have access to all the material information from their foreign branches and subsidiaries. The supervisor also determines that banks’ policies and processes require the local management of any cross-border operations to have the necessary expertise to manage those operations in a safe and sound manner, and in compliance with supervisory and regulatory requirements. The home supervisor takes into account the effectiveness of supervision conducted in the host countries in which its banks have material operations.
Description and findings re EC3	The ECB has implemented a group-wide supervisory approach when assessing management’s oversight of its foreign operations. The supervisor gathers all relevant information concerning the risk management and internal governance on a group-wide level, while risk category specific areas are covered by the related methodological documents on the individual risk categories. The results from those assessments feed into the reliability assessment for capital and liquidity determinations. In the case of home/host relationships, the coordination and cooperation, including exchange of information, is organized through the colleges of supervisors. Additional information on the effectiveness of supervision conducted in the host countries in which its banks have material operation is found in CP 13. The assessors were provided with sample supervisory reviews of the adequacy of SI groups’ oversight of their foreign operations. The ECB actively assesses SIs’ oversight of foreign operations. Resources and the intensity of supervisory activity are based upon risk and systemic importance (See EC1). The sample of onsite “operational act” letters assessed internal governance, risk management, compliance, internal audit, and financial activities at the entities’ foreign operations.
EC4	The home supervisor visits the foreign offices periodically, the location and frequency being determined by the risk profile and systemic importance of the foreign operation. The supervisor meets the host supervisors during these visits. The supervisor has a policy for assessing whether it needs to conduct onsite examinations of a bank’s foreign operations, or require additional reporting, and has the power and resources to take those steps as and when appropriate.
Description and findings re EC4	The legal basis for ECB onsite inspections is Article 12 of the SSMR and Title 5 of the SSMFR. The ECB is empowered, based on an ECB decision, to conduct all necessary onsite inspections at the business premises of the legal persons referred to in Article 10(1) of the SSMR and any other undertaking included in supervision on a consolidated basis where the ECB is the consolidating supervisor. Colleges of supervisors are the primary vehicles for cooperation and coordination among the authorities responsible for and involved in the supervision of the different components of cross-border banking groups (see CP 13). The assessors reviewed several agendas and minutes of supervisory college meetings where entities with cross borders operations were discussed with home/host supervisors. Topics discussed included supervisory findings, financial results, organizational changes, business model changes, and substantive international policy issues. The supervisory colleges are maturing.
EC5	The supervisor reviews the main activities of parent companies, and of companies affiliated with the parent companies, that have a material impact on the safety and soundness of the bank and the banking group, and takes appropriate supervisory action.
Description and findings re EC5	The ECB has the authority and responsibility to understand and assess the risks of cross-border companies and subsidiaries (See CP13 EC 1, EC 3, and EC 4). Additional information on the supervision of nonbanking activities within a financial conglomerate is found in EC 2. Information on cooperation and the supervision of parent companies is found in EC 5 and EC 8 of CP 8. The assessors note that the SSM framework requires supervisors to review the activities of companies affiliated with parent companies which may have an impact on the safety and soundness of the group only in the case these are classified as “institutions,” i.e., have an investment firm or credit institution license. This EC refers to activities of companies affiliated with parent companies, which may not be supervised entities at all. The lack of authority to review such activities in national law may hinder the ECB’s ability to assess whether such parent’s activities may have a material impact on the safety and soundness of the bank and the banking group and its ability to take appropriate supervisory action if warranted. The ECB’s ability to rely on national law is limited to the extent that not all Member States have enacted laws that permit the NCA to review and limit or restrict a parent company and their affiliates’ activities or to require divesture.
EC6	The supervisor limits the range of activities the consolidated group may conduct and the locations in which activities can be conducted (including the closing of foreign offices) if it determines that: (a)the safety and soundness of the bank and banking group is compromised because the activities expose the bank or banking group to excessive risk and/or are not properly managed; (b)the supervision by other supervisors is not adequate relative to the risks the activities present; and/or (c)the exercise of effective supervision on a consolidated basis is hindered.
Description and findings re EC6	Article 16(2) of the SSMR grants the ECB supervisory authorities over consolidated entities of a credit institution. It is empowered to ensure compliance with applicable substantive requirements on own funds, securitization, large exposure limits, liquidity, leverage, and reporting and disclosure. It also governs internal governance, including fit-and-proper requirements for the persons responsible for the management of credit institutions, risk management processes, internal control mechanisms, remuneration policies and practices and effective ICAAP, including IRB models. Based upon SREP, the ECB may require an increase in the own funds and liquidity held by a consolidated group to ensure sound management and coverage of its risks. The ECB can exercise, among others, the following powers: to restrict or limit the business, operations or network of institutions or to request the divestment of activities that pose excessive risks to the soundness of an institution and to require the reduction of the risk inherent in the activities, products and systems of institutions (see CP 8, EC3). The ECB’s ability to rely on national law is limited to the extent that not all Member States have enacted laws that permit the NCA to limit or restrict a parent company and their affiliates’ activities or to require divesture. In addition, the ECB has the power to grant authorization to take up business as a credit institution (licensing); if the applicable national law allows, when issuing the decision, the ECB can limit the range of activities that are conducted and the locations in which they can be conducted within the consolidated group and of individual institutions. The aim of an authorization assessment is to ensure that applying entities meet relevant requirements, in particular on governance, conduct of business, prudential requirements and business model (program of operations), and fulfil the applicable national requirements. The assessment consists of a detailed review and evaluation of the information in the application and other documentation requested by the NCA. Another power of authorization the ECB has regards the use as a remedial measure. An authorization may be withdrawn by the ECB on its own initiative (or on basis of a proposal from the NCA of the participating Member State where the credit institution is established).
EC7	In addition to supervising on a consolidated basis, the responsible supervisor supervises individual banks in the group. The responsible supervisor supervises each bank on a standalone basis and understands its relationship with other members of the group.68
Description and findings re EC7	The ECB, in addition to supervising on a consolidated basis, also supervises on the individual level in the group in order to gain a better understanding of the group dimension. Within the SREP, the various assessments are performed at different frequencies, through MELs which can be fine-tuned by the SEP for each individual institution. This allows the supervisor to assess institutions on a stand-alone basis and these assessments are then consolidated into a single SEP (See CP12 EC1–EC2).
Additional criteria
AC1	For countries which allow corporate ownership of banks, the supervisor has the power to establish and enforce fit-and-proper standards for owners and senior management of parent companies.
Description and findings re AC1	Only general criteria exist under Article 23 of CRD IV to assess the suitability of a corporate acquirer (See EC 5). There are no express fit-and-proper requirements for owners/senior managers of the corporate/legal person which has acquired the bank unless those persons “will direct the business of the credit institution as a result of the proposed acquisition.” Any requirements for non-regulated entity ownership and their managers are defined at national level. Holding companies are not required to be authorized under EU law.
Assessment of Principle 12	Largely Compliant
Comments	The ECB is the consolidated supervisor for all SIs. The ECB utilizes its SREP and SEP programs to monitor consolidated parents and affiliates and applies its prudential standards to all aspects of the business conducted by the banking group worldwide to the extent permitted by law. The assessors note that the lack of integrated data systems and different regulatory reporting requirements between banking and other regulated financial activity may impede effective consolidated supervision (See EC1). The availability of a unique, universal, and permanent identifier for each legal entity client is a fundamental prerequisite for the correct identification of the perimeter of banking group. As recommended by the EBA, competent authorities should request that all institutions under their supervisory remit that are subject to reporting obligations obtain Legal Entity Identifier (LEI) codes for themselves and for all entities within their group on which information is required under their reporting obligations. In an elaboration on a sample of 29 SIs, 6 of these had, on average, two-thirds of the financial entities within their group not identifiable through a LEI. The SSM framework requires supervisors to review the activities of companies affiliated with parent companies which may have an impact on the safety and soundness of the group only in the case these are classified as “institutions,” i.e., have an investment firm or credit institution license. The assessors note that a gap may exist with the activities of certain affiliates and parent companies, which may not be supervised entities at all, although CRD (Articles 119(3) and 122) set forth rules on requests on information and inspections for certain unregulated subsidiaries and parents. The lack of authority to review or directly regulate such activities in national law may hinder the ECB’s ability to assess whether such parent’s activities may have a material impact on the safety and soundness of the bank and the banking group and its ability to take appropriate supervisory action if warranted. The ECB’s ability to rely on national law is limited to the extent that not all Member States have enacted laws that permit the NCA to review and limit or restrict a parent company and their affiliates’ activities or to require divesture. The assessors also note that potential gaps in the ECB’s fit-and-proper supervisory authority may exist where there is corporate ownership of the group and there is no governing national law. The ECB is the lead supervisor for 27 financial conglomerates under FICOD. Article 2(15) of Directive 2002/87defines an MFHC as a “parent undertaking, other than a regulated entity, which, together with its subsidiaries (…), constitutes a financial conglomerate.” Although a MFHC may be part of the banking consolidation perimeter and subject to banking consolidated supervision, MFHCs do not require authorization from regulators. This may imply a constrained capacity to identify related parties, or nonfinancial entities that may impact conglomerates and as a practical matter include them in the supervisory perimeter. Thresholds for conglomerate definition also are based on fixed percentages of balance sheet and do not include off-balance-sheet assets and provide no supervisory discretion to include other assets or to deem a group a conglomerate based on risk. There is no framework for the resolution of an international conglomerate, which may impede its orderly resolution.
Principle 13	Home-host relationships. Home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisors require the local operations of foreign banks to be conducted to the same standards as those required of domestic banks.
Essential criteria
EC1	The home supervisor establishes bank-specific supervisory colleges for banking groups with material cross-border operations to enhance its effective oversight, taking into account the risk profile and systemic importance of the banking group and the corresponding needs of its supervisors. In its broadest sense, the host supervisor who has a relevant subsidiary or a significant branch in its jurisdiction and who, therefore, has a shared interest in the effective supervisory oversight of the banking group, is included in the college. The structure of the college reflects the nature of the banking group and the needs of its supervisors.
Description and findings re EC1	The ECB is the exclusive competent authority for the supervision of SIs. Rather than establishing colleges of supervisors for Member State NCAs, the SSM has integrated the NCAs into the supervision of SIs through its JSTs. JSTs are set up for all SIs in those EU Member States which participate in the SSM. According to Article 3 of the SSMFR, each JST must be composed of staff members from the ECB and from the NCAs, including NCBs where the NCA is not a central bank but cooperates with the NCB in supervision based on national law. The composition of the JSTs integrates pan-European and national perspectives into the supervision of SIs. The ECB establishes colleges of supervisors for subsidiaries of SIs located outside the SSM, with the relevant NCAs and other third-country supervisors to facilitate the exchange of information, to coordinate supervisory activities and to ensure a consistent application of prudential requirements. (The ECB chairs the college of supervisors as consolidating supervisor.) In this case, NCAs participate in the colleges as observers. Supervisory college tasks are performed at least on an annual basis (See Article 116 of CRD IV). The ECB currently participates in 45 supervisory colleges and, as the consolidating supervisor, is responsible for the operation of 26 of these colleges. The ECB’s 2017 Report on the SSM noted that supervisory colleges are viewed as particularly important where the ECB is host supervisor for subsidiaries of groups headquartered outside the Euro Area or for non-Euro Area branches that are considered SIs (See CP3). The participation of third-country authorities in EU colleges depends upon the evaluation of the equivalence of their confidentiality regime to the EU confidentiality regime. Under CRD IV, members of the colleges are to reach an agreement on equivalence. The ECB has confirmed its compliance with the EBA Recommendations on the equivalence of confidentiality regimes. The decision on college membership or observer status of supervisory authorities is based on a mapping exercise. This identifies the entities (subsidiaries, branches, other financial sector entities) of a cross-border banking group and it determines and notes the significance of these entities for the local markets and the group. The EBA is invited as a college member. Members of the colleges may include the competent authorities responsible for the supervision of subsidiaries of an EU parent institution or of an EU parent financial holding company or of an EU parent MFHC, and the competent authorities of host Member States where significant branches as referred to in Article 51 of CRD IV are established, as well as ESCB central banks of Member States that are involved in accordance with their national law in the prudential supervision of the legal entities but which are not competent authorities. Competent authorities of host EU Member States where nonsignificant branches are established, and third-country supervisory authorities (from countries which are not EU Member States) and other relevant authorities may be invited to participate in the colleges as observers. The ECB invites potential members and observers to the college. Membership and observer status is acquired upon acceptance of the invitation. College members discuss and agree on the scope and level of involvement of observers, if any, in the college. Colleges are structured depending on the size of the banking group and its activities. All college members and observers attend a general or European College, which is the basic form for colleges. If needed, other possible college structures besides the European College are the Core College (no third-country supervisors, supervisors of the most important group entities attending), the Crisis Management Group and Cross Border Stability Groups (see EC 5), Resolution Colleges, as well as subgroups depending on the specific needs (for instance, Liquidity Subgroup). A list of the SSM’s supervisory colleges was provided to the assessors. The establishment and the operating framework for supervisory colleges are detailed in WCCAs, which specify arrangements for information exchange and cover observers’ participation in the college. The ECB establishes regular cooperation with college members that can take the form of meetings (at least annually) or other activities. Sample agendas of European and core supervisory college meetings with relevant Member State and third country supervisors were provided to the assessors. Where the ECB acts as host supervisor, it participates in the college as a member. Depending on the ultimate decision of the home supervisor, the JST’s NCAs participate as observers. Finally, NCAs participate in the colleges as observers (Article 9(1) of the SSMFR).
EC2	Home and host supervisors share appropriate information on a timely basis in line with their respective roles and responsibilities, both bilaterally and through colleges. This includes information both on the material risks and risk management practices of the banking group69 and on the supervisors’ assessments of the safety and soundness of the relevant entity under their jurisdiction. Informal or formal arrangements (such as MOUs) are in place to enable the exchange of confidential information.
Description and findings re EC2	As a principle, the ECB shares relevant information on SIs on a regular and on an ad hoc basis with other supervisory authorities. This includes, but is not limited to, phone calls, emails, and meetings, and is done in either a bi-lateral or multilateral setting. Colleges of supervisors are an important forum for the exchange of information, as explained below. This principle is applied independently from the role of the ECB as being either home or host supervisor, respectively. In the European context, as required by Article 117 of CRD IV, the ECB cooperates closely with other supervisory authorities and facilitates the sharing of relevant information for the exercise of supervisory tasks. In its capacity as consolidating supervisor for SIs, the ECB established a framework for the exchange of information in going concern and emergency situations governed by a college-specific WCCA (Article 115 of CRD IV). Under the WCCA framework, the ECB coordinates the gathering and dissemination of relevant information in going concern and emergency situations with other supervisory authorities, as well as oversight bodies, who participate in the college. The authorities supply one another with the necessary information on management and ownership of the institutions they supervise and additional information that is useful to facilitate their monitoring (Article 55 of CRD IV). Information sharing is particularly relevant to liquidity, solvency, deposit guarantee, large exposures, administrative and accounting procedures, internal control mechanisms, and other factors that may influence the systemic risk posed by such institutions. The same arrangements are in place where the ECB acts as the host supervisor and relevant information is shared with the home supervisor accordingly. Within colleges, the ECB and the members of the college exchange all information necessary to facilitate the exercise and coordination of supervisory activities and the joint decisions on institution-specific prudential requirements (Articles 112 and113 of CRD IV). All essential information is exchanged regardless of whether received from a group entity, a competent or supervisory authority or any other source. This information exchange is adequate, accurate, and timely, thereby enabling and facilitating the efficient, effective, and full performance of the supervisory tasks of the college members. Information sharing is subject to the confidentiality regime of Article 54 of CRD IV, which mandates that the competent authorities receiving confidential information shall only use this information in furtherance of their official duties (e.g., when imposing penalties). The assessors reviewed examples of the ECB’s coordinated supervision plans with foreign supervisors. Competent authorities may transmit to monetary authorities and authorities overseeing payment systems information that is related to their role and function. The sharing of information on the liquidity of SIs is particularly important in the case of weak or troubled SIs. The information normally exchanged includes the outcomes of the SREP and a set of commonly agreed indicators. Some NCAs had entered into MoUs with non-SSM Member States and third countries prior to the SSM’s creation. In order to ensure continuity with the cooperation framework and supervisory practices before the SSM, the ECB under “step in” arrangements became a principal in the MoUs that individual NCAs already had in place with some third country authorities. As of September 2017, the ECB has become part of the MoUs and similar arrangements that 49 third countries had in place. Executing an MoU can be a lengthy process. The ECB has not finalized agreements with all international supervisors of globally significant banking institutions. Coordination and cooperation with these supervisors only exists under ad hoc arrangements. The ECB should strive to conclude these international MoUs as quickly as possible (See CP 3).
EC3	Home and host supervisors coordinate and plan supervisory activities or undertake collaborative work if common areas of interest are identified in order to improve the effectiveness and efficiency of supervision of cross-border banking groups.
Description and findings re EC3	Under the WCCA framework, the ECB and the members of the college discuss and agree on the content of the college SEP that contains at least: (i) the areas of joint work identified as a result of the SREP or as a result of any other colleges activities undertaken; (ii) the areas of focus of the college’s work and its planned supervisory activities, including ongoing activities, onsite inspections and internal model investigations; (iii) the respective SEPs of the consolidating supervisor and the members of the college; (iv) the members of the college responsible for undertaking the planned supervisory activities; and (v) the expected timelines, both in terms of timing and duration. As a host supervisor, the ECB shares and discusses its SEP with the home supervisor. Planned activities and onsite missions are discussed on a college level as well as bilaterally. Where relevant, the home supervisor may participate as an observer or as an additional resource in scheduled missions. Furthermore, through the establishment of MoUs with third country authorities (non-EU), the ECB also manages its relationship with the third-country supervisors/regulators that participate in the colleges as observers (See CP3).
EC4	The home supervisor develops an agreed communication strategy with the relevant host supervisors. The scope and nature of the strategy reflects the risk profile and systemic importance of the cross-border operations of the bank or banking group. Home and host supervisors also agree on the communication of views and outcomes of joint activities and college meetings to banks, where appropriate, to ensure consistency of messages on group-wide issues.
Description and findings re EC4	In the case of SIs, the ECB has established a college communication policy with the college participants and sets this out in a WCCA. The communication policy includes the scope, frequency, and channels of communication. Under this policy, the ECB is responsible for communicating, including requesting information, with the EU parent undertaking. The other members of the college are responsible for communicating, including requesting information, with the EU institutions and EU branches within their supervisory remit. This applies to the outcomes of joint activities and college meetings, which are communicated to the parent undertaking by the consolidating supervisor, whereas host supervisors convey these messages to the entities under their respective supervision. As regards information sharing and communication among the involved authorities, the ECB established an on-going information sharing regime for SIs. For this purpose, the ECB maintains and shares with the competent authorities of a host Member State an up-to-date list for each institution containing the relevant contacts, including emergency contacts, for exchange of information (Article 4 of the CRR). College meetings are held at least annually. For significant banks, semi-annual meetings are routinely scheduled. In addition, the college holds conference calls to exchange the information specified in EC 2. Written information is exchanged via secured emails and secure supervisory college websites.
EC5	Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities, develops a framework for cross-border crisis cooperation and coordination among the relevant home and host authorities. The relevant authorities share information on crisis preparations from an early stage in a way that does not materially compromise the prospect of a successful resolution and subject to the application of rules on confidentiality.
Description and findings re EC5	Within the Euro Area, the framework for cross-border crisis cooperation and coordination among home and host authorities for the management of a cross-border financial crisis has been significantly improved because of the creation of the SSM and the SRM, as well as the adoption of the BRRD. A December 22, 2015 MoU between the ECB and the SRB established a framework for cooperation and information exchange. The ECB also provided evidence that it responded to the SRB consultations on draft group resolution plans pursuant to their MoU. The ECB participates as home or host authority for significant banking groups in supervisory colleges, which provide the framework for cooperation and coordination between competent authorities both in normal times and in crises situations. In the college framework, the assessment of recovery plans, early intervention measures and the overall planning of the supervisory response of home and host authorities in preparation for and during emergency situations is performed in a coordinated way. The specific procedures for the planning and coordination of supervisory activities in preparation for and during emergency situations, including the minimum set of information to be exchanged during an emergency, are laid out in WCCAs for each college. These WCCAs also include provisions regarding the framework for providing coordinated input to the resolution college. Such a framework addresses, inter alia, the group resolution plans, the assessment of the group resolvability, and powers to address or remove impediments to the group resolvability, as set out in the BRRD. With specific reference to cross-border crisis cooperation and coordination, the ECB has concluded and is in the process of negotiating a number of MoU, stepping-in arrangements and other agreements for establishing frameworks for the exchange of information in connection with their respective supervisory responsibilities with foreign authorities (See CP 3). The ECB, together with the competent authorities of subsidiaries and of significant branches, review the group recovery plan in the framework of the college. The assessment of the recovery plan is made in accordance with the procedure established in Articles 6 and 8 of the BRRD through a joint decision process. This assessment also involves input from the appropriate resolution authority on potential actions in the recovery plan that may adversely impact the resolvability of the institution. In an emergency, the ECB, when acting as a consolidating supervisor, coordinates the assessment of the emergency in cooperation with the members of the college. The ECB, and the members of the college that supervise group entities that are affected or likely to be affected by the emergency, monitor and exchange information on the implementation of the coordinated supervisory response, and coordinate to the extent possible their external communications. Regarding coordination of early intervention measures, where the conditions for early intervention or the appointment of a temporary administrator are met in relation to a group, the ECB, as a consolidating supervisor, consults the other competent authorities within the supervisory college and notifies the college of any early intervention measures (See, respectively, Articles 27 and 29 of the BRRD). Where the conditions for early intervention or the appointment of a temporary administrator are met in relation to a subsidiary for which the ECB is a host authority, the ECB consults the consolidating supervisor on any measure it intends to take. A general principle under the BRRD and CRD IV is that competent and resolution authorities should cooperate with each other to ensure that decisions are made, and actions taken in a coordinated and efficient manner. Once the ECB has determined that the preconditions for early intervention measures have been met in relation to an institution, relevant resolution authorities are notified without delay.70 Moreover, the ECB should inform relevant resolution authorities about any crisis prevention measures (including for example the exercise of powers to direct removal of deficiencies or impediments to recoverability and the application of early intervention powers) and any actions taken pursuant to Article 104 of CRD IV.71 Furthermore, if an emergency emerges at an institution, the ECB is required to alert the EBA, the NCB and the responsible ministry as soon as practicable and provide these authorities with all information essential for the fulfillment of their tasks.72 Where the coordinated supervisory response to an emergency is likely to be more efficient by involving the group-level resolution authority, resolution authorities of subsidiaries, or resolution authorities of jurisdictions in which significant branches are located, central banks, competent ministries, and deposit guarantee schemes, the ECB shall consider the involvement of these authorities. The ECB also participates in resolution colleges in accordance with Article 88 of the BRRD. Resolution colleges provide a framework of cooperation between the group-level resolution authority, the other resolution authorities and, where appropriate, competent authorities and consolidating supervisors concerned in order to perform the following tasks: (a) exchanging information relevant for the development of group resolution plans, for the application to groups of preparatory and preventative powers and for group resolution; (b) developing group resolution plans pursuant to Articles 12 and 13; (c) assessing the resolvability of groups pursuant to Article 16(d) exercising powers to address or remove impediments to the resolvability of groups pursuant to Article 18; (e) deciding on the need to establish a group resolution scheme (Article 91 or 92); (f) reaching the agreement on a group resolution scheme; (g) coordinating public communication of group resolution strategies and schemes; (h) coordinating the use of financing arrangements; and (i) setting the minimum requirements for groups at consolidated and subsidiary level under Article 45. In addition, resolution colleges can be used as a forum to discuss any issues relating to cross-border group resolution. The ECB also participates as home and host authority of banking groups designated as G-SIIs by the Financial Stability Board in numerous institution-specific Crisis Management Groups (CMGs) for the purposes of developing recovery plans and resolution plans for such firms (crisis preparation). Within those CMGs, the ECB has concluded cooperation agreements that govern the activities and information sharing in some CMGs. Cooperation between the ECB and the third countries is based on Article 93 of the BRRD. The Commission may submit to the Council proposals for the negotiation of agreements with one or more third countries regarding the means of cooperation between the resolution authorities and the relevant third-country authorities. The cooperation concerns, inter alia, information sharing for recovery and resolution planning. Further, Article 97 of the BRRD entrusts the EBA with concluding non-binding framework cooperation arrangements with relevant third-country authorities to promote, inter alia, information sharing needed for the development of resolution plans (See also CP 3).
EC6	Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities and relevant host authorities, develops a group resolution plan. The relevant authorities share any information necessary for the development and maintenance of a credible resolution plan. Supervisors also alert and consult relevant authorities and supervisors (both home and host) promptly when taking any recovery and resolution measures.
Description and findings re EC6	The framework for developing resolution plans is established by the BRRD and Regulation 2014/806/EU. In line with this framework, the ECB, as a competent authority, is not responsible for drafting resolution plans. In line with Articles 10 and 12 of the BRRD, the (group) resolution authority oversees drawing up (group) resolution plans, after consulting the competent authority. For SIs within the Banking Union, the SRB as the competent (group) resolution authority draws up the resolution plan and consults with the ECB. The ECB works closely with the nonbanking Union NRAs and the SRB for the development of resolution plans, but the ultimate responsibility in this respect does not rest with the ECB. Importantly, the ECB is required to cooperate with the SRB and the nonbanking Union NRAs in order to provide relevant information to them for the drawing-up of resolution plans. The actual implementation of cooperation and information exchange in this respect with the SRB is set out in the MoU between the SRB and the ECB. In accordance with Article 10 of the BRRD, resolution plans should include, quantified whenever appropriate and possible: (a) a summary of the key elements of the plan; (b) a summary of the material changes to the institution that have occurred after the latest resolution information was filed; (c) a demonstration of how critical functions and core business lines could be legally and economically separated, to the extent necessary, from other functions so as to ensure continuity upon the failure of the institution; (d) an estimation of the timeframe for executing each material aspect of the plan; (e) a detailed description of the assessment of resolvability; (f) a description of any measures required pursuant to Article 17 of the BRRD to address or remove impediments to resolvability; (g) a description of the processes for determining the value and marketability of the critical functions, core business lines, and assets of the institution; (h) a detailed description of the arrangements for ensuring that the required information for drawing up resolution plans is up to date and at the disposal of the resolution authorities at all times; (i) an explanation by the resolution authority as to how the resolution options could be financed; (j) a detailed description of the different resolution strategies that could be applied; (k) a description of critical interdependencies; (l) a description of options for preserving access to payments and clearing services and other infrastructures and an assessment of the portability of client positions; (m) an analysis of the impact of the plan on the employees of the institution; (n) a communication plan; (o) the minimum requirement for own funds and eligible liabilities and a deadline to reach that level, where applicable; (p) where applicable, the minimum requirement for own funds and contractual bail-in instruments, and a deadline to reach that level, where applicable; (q) a description of essential operations and systems for maintaining the continuous functioning of the institution’s operational processes; and (r) where applicable, any opinion expressed by the institution in relation to the resolution plan. Banking Union parent undertakings shall submit the information that may be required for the drawing up of resolution plans in accordance with Article 11 of the BRRD to the group-level resolution authority, which is responsible for sharing this information. The information provided by the group-level resolution authority to the resolution authorities and competent authorities of subsidiaries, resolution authorities of the jurisdiction in which any significant branches are located, and to the relevant competent authorities, shall include at a minimum all information that is relevant to the subsidiary or significant branch. The information provided to the EBA shall include all information that is relevant to the role of the EBA in relation to the group resolution plans. In the case of information relating to third-country subsidiaries, the group-level resolution authority shall not be obliged to transmit that information without the consent of the relevant third-country supervisory authority or resolution authority. Group-level resolution authorities, acting jointly with the resolution authorities of subsidiaries, after consulting the relevant competent authorities, including the competent authorities of the jurisdictions of Member States in which any significant branches are located, adopt resolution plans within the framework of resolution colleges. Group-level resolution authorities may, at their discretion, and subject to the necessary confidentiality requirements, involve in the drawing-up and maintenance of group resolution plans third-country resolution authorities of jurisdictions in which the group has established subsidiaries or financial holding companies or significant branches. Group resolution plans are adopted through a Joint decision of the resolution college (in line with Article 13) within four months. The ECB participates in the resolution colleges as the competent supervisor. Group resolution plans are reviewed, and where appropriate updated, at least annually, and after any change to the legal or organizational structure, to the business or to the financial position of the group including any group entity, that could have a material effect on or require a change to the plan. With respect to early intervention actions, consultation with the relevant competent authorities and for the provision of relevant information to the resolution authority is required (See EC 5).
EC7	The host supervisor’s national laws or regulations require that the cross-border operations of foreign banks are subject to prudential, inspection, and regulatory reporting requirements similar to those for domestic banks.
Description and findings re EC7	Under Article 4(2) of the SSMR, the ECB is responsible for the supervision of branches of credit institutions established in EU Member States that do not participate in the SSM. As a host supervisor, the ECB is responsible for assessing the risks, capital adequacy, and liquidity position of its supervised local entities following its own process and methodology for SREP. The ECB, as host supervisor, is also responsible for sharing all relevant and essential information with the home supervisor. Within the EU, the EU-wide application of CRD IV and the CRR ensures that, for every Member State, the operations of banks whose parent is incorporated in other Member States are subject to prudential, inspection, and regulatory reporting requirements similar to those for domestic banks. This implies, for example, that the ECB may require credit institutions that have branches under its supervision to report periodically to it on their activities (Article 40 of CRD IV). Local subsidiaries of foreign banks need to be authorized by the ECB according to national requirements (See CP 5). Foreign branches, however, are authorized by each country and observe different requirements in different jurisdictions. They are supervised by NCAs under national law. Such branches are not subject to ECB supervision regardless of their size, complexity, or interconnectedness of their operations. The cross-border operations of foreign banks, including through branches, are subject to NCA prudential and supervision requirements. If a foreign bank’s operations occur in a subsidiary that meets the definition of a SI it would be supervised by the ECB.
EC8	The home supervisor is given onsite access to local offices and subsidiaries of a banking group in order to facilitate their assessment of the group’s safety and soundness and compliance with customer due diligence requirements. The home supervisor informs host supervisors of intended visits to local offices and subsidiaries of banking groups.
Description and findings re EC8	In practice, the ECB as a home supervisor informs the host supervisor individually and via the college about planned activities/visits for the group and individual subsidiaries as relevant. This also includes, for instance, intended participation of the home supervisor as an observer or supporting resource in onsite missions conducted by the host supervisor. In the case of foreign subsidiaries and branches of a banking group where the ECB acts as the consolidating supervisor, the ECB is empowered to conduct all necessary onsite inspections at the business premises of the supervised entities based on Article 12 of the SSMR. The ECB as home supervisor carries out onsite inspections after having informed the host supervisory authorities, based on Article 52 of CRD IV. In this respect, when the ECB as home supervisor wishes to check the information concerning an institution situated in another Member State, it may ask the host supervisor to have the check carried out. The host supervisor can (but is not obliged to) allow the home supervisor to carry it out directly. In addition, the ECB can decide to have recourse to external experts when this is considered appropriate. External experts will be appointed as team members and will carry out the tasks assigned under the lead of a HoM coming from NCAs or from the ECB’s COI Division. Regarding onsite inspections in countries that do not participate in the SSM, or within countries that participate in the SSM but where the ECB acts as host supervisor, the right to inspect branches and subsidiaries would usually be granted based on MoUs (See CP 3). The ECB consults with the host authority before it visits the local offices and subsidiaries of banking groups. In general, the host authority is invited to a preparatory meeting and can request participation in the onsite inspection. The assessors were provided evidence that host supervisors are informed of inspections.
EC9	The host supervisor supervises booking offices in a manner consistent with internationally agreed standards. The supervisor does not permit shell banks or the continued operation of shell banks.
Description and findings re EC9	The ECB is empowered to authorize credit institutions and withdraw such authorizations (Article 4 para 1(a) of the SSMR). Banking licenses are granted subject to the conditions set out in the relevant national law. Applicants must comply with all conditions. Under EU law, the ECB grants a banking license only where at least two persons effectively direct the business of the applicant and the bank has its head office in the same Member State as its registered office or in the Member State where it is licensed, and it actually carries out its business (Article 13 of CRD IV). The ECB has stated that it does not permit shell banks that only serve as a booking office. Apart from the notification requirements of Article 13 of CRD IV, there are no specific legal requirements that authorize the ECB or NCAs to explicitly prohibit shell banks or the continued operation of shell banks, although it is possible to withdraw the banking license in case of credit institutions that do not make use of the authorization within 12 months or ceases to engage in business for more than 6 months (Article 18(a) CRD). There is also no clear mandate to supervise booking offices in a manner consistent with internationally agreed standards. There are no provisions on booking branches such as those contained in the BCBS 2003 document on shell banks and booking offices (p. 3) and it is unclear whether it is sufficient, in order to avoid the establishment of shell banks, that applicants for a banking license guarantee that at least two persons effectively direct the business.
EC10	A supervisor that takes consequential action on the basis of information received from another supervisor consults with that supervisor, to the extent possible, before taking such action.
Description and findings re EC10	The ECB consults with the competent authority or authorities in the other EU Member States before it takes extraordinary or significant supervisory actions (or immediately after having taken the decision, in case of urgency or if a consultation could jeopardize the effectiveness of the measure decided). Examples of post-supervisory action notifications where the need for urgency was present were provided to the assessors.
Assessment of Principle 13	Largely Compliant
Comments	The ECB-led supervisory colleges appear to serve their intended purpose in practice. Evidence provided to the assessors shows that they enhance effective oversight by considering the risk profile and systemic importance of the banking group and the corresponding needs of its supervisors in the case of subsidiaries of SIs located within and outside the SSM. The ECB has not finalized agreements with all international supervisors of G-SIBs. Coordination and cooperation with these supervisors exists under ad hoc arrangements. The ECB should strive to conclude international MoUs as quickly as possible given their systemic importance. The EU framework for cross-border crisis cooperation and coordination among home and host authorities for the management of a cross-border financial crisis has been significantly improved because of the creation of the SSM and the SRM, as well as the adoption of the BRRD. The MoU between the ECB and the SRB established a framework for cooperation and information exchange. Both entities should build on this framework in the planned MoU revision so as to further advance their respective important missions. The spirit of cooperation should become part of the culture of both the ECB and SRB, especially in the advanced planning stage of resolution strategies. Any operational or other issues should be identified and resolved in advance of a cross-border crisis. The ECB’s participation as home or host authority for significant banking groups in supervisory colleges fosters coordination between competent authorities in crisis situations. The assessment of recovery plans, early intervention measures and the overall planning of the supervisory response of home and host authorities in preparation for and during emergency situations is performed in a coordinated way through the supervisory colleges. The specific procedures for the planning and coordination of supervisory activities in preparation for and during emergency situations, including the minimum set of information to be exchanged during an emergency, are laid out in WCCAs for each college. These WCCAs also include provisions regarding the framework for providing coordinated input to the resolution college. Such a framework addresses, inter alia, the group resolution plans, the assessment of the group resolvability, and powers to address or remove impediments to the group resolvability. The ECB has stated that it does not permit shell banks that only serve as a booking office. There are no specific legal requirements that authorize the ECB or NCAs to expressly prohibit shell banks or the continued operation of shell banks, although it is possible to withdraw the banking license in case of credit institutions that do not make use of the authorization within 12 months or ceases to engage in business for more than 6 months (Article 18(a) CRD) There is also no clear mandate to supervise booking offices in a manner consistent with internationally agreed standards. There are no provisions on booking branches such as those contained in the BCBS 2003 document on shell banks and booking offices and it is unclear whether it is sufficient, to avoid the establishment of shell banks, that applicants for banking license guarantee that at least two persons effectively direct the business. The ECB should seek express authority to prohibit shell banks or to limit the use of foreign branches as mere booking offices.

View Table

Principle 1	Responsibilities, objectives, and powers. An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups.12 A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorize banks, conduct ongoing supervision, address compliance with laws, and undertake timely corrective actions to address safety and soundness concerns.13
Essential criteria
EC1	The responsibilities and objectives of each of the authorities involved in banking supervision14 are clearly defined in legislation and publicly disclosed. Where more than one authority is responsible for supervising the banking system, a credible and publicly available framework is in place to avoid regulatory and supervisory gaps.
Description and findings re EC1	The ECB, in cooperation with NCAs, is responsible for the supervision of credit institutions established in the participating EU Member States.15 Together, the ECB and the NCAs form the SSM, which became operational on November 4, 2014. The ECB is responsible for the effective and consistent functioning of the SSM. The objectives and responsibilities of ECB banking supervision and NCAs are defined in the SSMR.16 This Regulation is supplemented by the SSM Framework Regulation (SSMFR),17 which provides the framework for organizing the practical arrangements for cooperation within the SSM. The respective tasks of the ECB and of the NCAs, which depend on whether a credit institution is considered “significant” or not, are listed in Articles 4 and 6 of the SSMR and further detailed in the SSMFR. In brief, banks are SIs or LSIs on the basis of defined criteria in Article 6 of the SSMR, mainly: their size, their importance for the economy of the Union or a specific Member State, and the importance of their cross-border activities.18 Significant banks or banking groups are under the direct supervision of the ECB. In accordance with Article 6 of the SSMR, NCAs are responsible for assisting the ECB, under the conditions set out in the SSMFR, with the preparation and implementation of any acts relating to the range of tasks conferred on the ECB in Article 4 of the SSMR. Less significant banks or banking groups are under the direct supervision of the NCAs. For these LSIs, the ECB has an oversight responsibility to ensure that the supervisory activities of the NCAs are of the highest quality and that supervisory requirements on all credit institutions covered by the SSM are consistent.19 In this context, when necessary to ensure consistent application of high supervisory standards, the ECB may, on its own initiative and after consulting with the NCAs or upon request by an NCA, decide to exercise directly itself all relevant powers for one or more credit institutions, including in the case where financial assistance has been requested or received indirectly from the European Financial Stability Facility (EFSF) or the European Stability Mechanism (ESM). This prerogative has not been exercised to date. The SSMR and the SSMFR are published in the Official Journal of the EU and are available on the ECB Website. In addition, at the establishment of the SSM, the ECB published its Guide to banking supervision, which aims to explain to the public how the SSM functions and to give guidance on the SSM’s supervisory practices. In carrying out its prudential tasks, the ECB has at its disposal: the tools and powers provided for in the SSMR; and the tools and powers mentioned in EU supervisory law, in particular: the CRR20 dealing with prudential requirements for credit institutions; the CRD IV21 on access to the activity of credit institutions and the prudential supervision of credit institutions; the Single Resolution Mechanism Regulation (SRMR)22 establishing uniform rules and a uniform procedure for the resolution of credit institutions; the BRRD23 establishing the framework for the recovery and resolution of credit institutions; and the FICOD24 on supplementary supervision of financial conglomerates. In November 2016, the European Commission published proposals for an extensive revision of the above-mentioned legislation related to prudential supervision. The proposal contains amendments to the CRR and CRD IV, the SRMR, and the BRRD. The ECB published a detailed opinion on this proposal in November 2017 (CON/2017/46). Where the relevant EU law is composed of directives, the ECB is able to apply the tools and exercise the powers mentioned in national laws that have transposed these directives. The ECB also exercises directly powers granted to NCAs by national laws provided that these powers fall under the tasks conferred on the ECB in Article 4 of the SSMR and underpin the ECB’s supervisory functions under EU law.25 This understanding of the ECB’s powers is shared by the European Commission.26 Where the relevant EU law is composed of Regulations and where these Regulations explicitly grant options for Member States, the ECB also applies the national legislation exercising those options. In addition, the CRR and CRD IV, which predated the establishment of the SSM, provide options and discretions for Member States (around 30) and to NCAs (around 130) in relation to the prudential supervision of credit institutions. In 2015, the ECB decided to harmonize the application of options and discretions granted to NCAs for the supervision of SIs. The objective was to strengthen the overall robustness of the supervisory framework and the comparability of prudential requirements across credit institutions, so as to reduce regulatory complexity and compliance costs and the potential for regulatory arbitrage. A harmonized policy was introduced by means of a published Regulation, which entered into force on October 1, 2016, and a consolidated Guide.27 In April 2017, the ECB introduced a recommendation and a guideline addressed to NCAs to harmonize around 60 options and discretions available to NCAs in EU law for the supervision of LSIs. However, harmonization of options and discretions provided to Member States under the CRR and CRD IV would require amendments to EU legislation. On the basis of the SSMR, the ECB may adopt guidelines and recommendations, and take decisions subject to and in compliance with EU law. Moreover, to the extent necessary to carry out the tasks conferred upon it by the SSMR, the ECB may adopt regulations and may instruct national authorities to make use of their powers granted by national law, when the SSMR does not confer such a power on the ECB (Article 9(1) of the SSMR). In the case of supervision of LSIs, the ECB may issue regulations, guidelines28 or general instructions to NCAs in accordance with Article 6(5)(a) of the SSMR. The ECB is subject to technical standards developed by the EBA and adopted by the Commission, and also to the EBA’s European Supervisory Handbook. The EBA also issues guidelines and recommendations aimed at establishing consistent, efficient, and effective supervisory practices, which are subject to a “comply-or-explain” procedure on the part of competent authorities.
EC 2	The primary objective of banking supervision is to promote the safety and soundness of banks and the banking system. If the banking supervisor is assigned broader responsibilities, these are subordinate to the primary objective and do not conflict with it.
Description and findings re EC2	Article 1 of the SSMR clearly states the objectives of ECB banking supervision: “This Regulation confers on the ECB specific tasks concerning policies relating to the prudential supervision of credit institutions, with a view to contributing to the safety and soundness of credit institutions and the stability of the financial system within the Union and each Member State, with full regard and duty of care for the unity and integrity of the internal market based on equal treatment of credit institutions with a view to preventing regulatory arbitrage.” That is, the primary objective of ECB banking supervision is to promote the safety and soundness of banks and the stability of the financial system. Article 25 of the SSMR further specifies that, when carrying out its supervisory tasks, the ECB shall pursue only the objectives set by the SSMR. The same provision also establishes a framework to separate the supervisory function of the ECB from its monetary policy function. The purpose of the separation principle is to ensure that each function is exercised in accordance with its respective objectives, therefore avoiding conflicts between these objectives, but without duplication of work for shared services. The separation principle covers, among other things, the separation of objectives, decision-making processes, and tasks, including organizational and procedural separation at the level of the Governing Council. In order to ensure full separation of objectives, decisions taken by the ECB in the area of banking supervision are prepared by an independent Supervisory Board before being submitted to the Governing Council for final adoption. Adoption is mainly under a “nonobjection procedure,” according to which the Governing Council is deemed to have adopted the decision unless it objects within a specific timeframe.29 Moreover, the ECB’s Rules of Procedure were amended to regulate organizational and procedural aspects related to the Supervisory Board and its interaction with the Governing Council. This included the rule that the Governing Council’s deliberations on supervisory matters are to be kept strictly apart from those on other issues, with separate agendas and meetings. Additionally, as required under Article 25(5) of the SSMR, a Mediation Panel30 has been established to resolve any differences of views expressed by the NCAs of participating Member States regarding an objection of the Governing Council to a draft decision by the Supervisory Board. The SSMR requires the ECB to adopt and publish any necessary internal rules to ensure separation between the supervisory function on the one hand and monetary policy functional areas and other tasks of the ECB on the other, including rules regarding professional secrecy and information exchanges. On September 17, 2014, the ECB adopted a Decision on the implementation of separation between the monetary policy and supervision functions of the ECB.31
EC3	Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. The supervisor has the power to increase the prudential requirements for individual banks and banking groups based on their risk profile32 and systemic importance.33
Description and findings re EC3	The ECB has a range of powers provided for in the relevant regulations—the CRR and SSMR—and can apply the powers set out in CRD IV, as transposed into national legislation. The CRR and CRD IV provide the legislative basis for banking supervision in the EU. Minimum regulatory capital requirements are determined by Article 92 of the CRR. Credit institutions must at all times satisfy the following own funds requirements: (a) a Common Equity Tier 1 (CET1) capital ratio of 4.5 percent; (b) a Tier 1 capital ratio of 6.0 percent; and (c) a total capital ratio of 8.0 percent. Credit institutions are also required to maintain a capital conservation buffer of CET1 capital calculated in accordance with Article 129 of CRD IV. From January 1, 2016 onwards, a systemic risk buffer of CET1 capital has applied to banks that are identified as globally systemically important institutions (G-SII buffer) or as other systemic institutions (O-SII buffer, up to 2.0 percent of the total risk exposure). In addition, ECB banking supervision may increase capital requirements for individual banks and banking groups based on their risk profile and systemic importance. The determination of these requirements is based on the SSM SREP, referred to in Article 97 of the CRD IV and further specified in the respective EBA Guidelines.34 The SREP, which is described in detail in CP 8, ensures a common methodology and decision-making process for the ongoing assessment of credit institutions’ risks, their governance arrangements and their capital and liquidity situation. The SSM SREP evaluates: risks to which the institutions are or might be exposed; risks that an institution poses to the financial system in general; and risks revealed by stress testing, taking into account the nature, scale and complexity of an institution’s activities. ECB banking supervision assesses, at least annually, whether an additional capital requirement, on an individual or on a consolidated basis, is necessary to capture risks to which an institution is or might be exposed, taking into account the following: the quantitative and qualitative aspects of an institution’s assessment process; an institution’s arrangements, processes, and mechanisms; the outcome of the review and evaluation carried out; and the assessment of systemic risk. Starting in the 2016 SREP process, capital requirements based on the individual risk profile of a credit institution have two parts: Pillar 2 requirements and Pillar 2 guidance. Pillar 2 requirements are binding and breaches can have direct legal consequences for banks. Pillar 2 guidance is not directly binding and a failure to meet that guidance does not automatically trigger legal action. Nonetheless, the ECB expects credit institutions to meet Pillar 2 guidance; where an institution’s capital has fallen, or is expected to fall, below the level of that guidance, the institution is to immediately notify ECB banking supervision and explain the reasons for non-compliance. In addition to its powers to determine prudential capital and liquidity requirements for each bank or banking group, the ECB has a broad set of supervisory and investigatory powers that it can use to carry out its tasks, including oversight of the functioning of the system and of the supervision of LSIs by NCAs. These powers include, in particular, the supervisory powers listed in Article 16 of the SSMR. If a bank does not meet the requirements of relevant EU law, is likely to breach these requirements within 12 months, or if, based on the SREP, ECB banking supervision determines that the arrangements, strategies, processes, and mechanisms implemented by the credit institution and the own funds and liquidity held by it do not ensure sound management and coverage of its risks, the ECB has, inter alia, the following powers: to require the reinforcement of the arrangements, processes, mechanisms, and strategies; to require institutions to present a plan to restore compliance with supervisory requirements and set a deadline for its implementation, including improvements to that plan regarding scope and deadline; to require institutions to apply a specific provisioning policy or treatment of assets in terms of own funds requirements; to restrict or limit the business, operations, or network of institutions or to request the divestment of activities that pose excessive risks to the soundness of an institution; to require the reduction of the risk inherent in the activities, products, and systems of institutions; to require institutions to limit variable remuneration as a percentage of net revenues when it is inconsistent with the maintenance of a sound capital base; to require institutions to use net profits to strengthen own funds; to restrict or prohibit distributions to shareholders, members, or holders of Additional Tier 1 instruments where the prohibition does not constitute an event of default of the institution; or to impose additional or more frequent reporting requirements, including reporting on capital and liquidity positions. In practice, such qualitative measures are generally adopted as an outcome of the SREP process, in addition to specific capital or liquidity requirements. In addition, the ECB is able to take early intervention measures under Article 27 of the BRRD, which are discussed in EC 6 below. The ECB’s assessment of whether an early intervention measure is needed and proportionate forms a structural part of the yearly SREP cycle.
EC4	Banking laws, regulations, and prudential standards are updated as necessary to ensure that they remain effective and relevant to changing industry and regulatory practices. These are subject to public consultation, as appropriate.
Description and findings re EC4	As noted in EC 3 above, the CRR and CRD IV provide the legislative basis for banking supervision in the EU. This legislation was adopted in 2013 following public consultation. In November 2016, the Commission released for public consultation a set of proposals to amend, inter alia, the CRR and CRD. Article 32 of the SSMR provides that the Commission publish, every three years, a report on the application of the SSMR, accompanied by proposals for potential review. This ensures that the regulatory framework for European banking supervision is regularly updated. The first such EC report, to which the ECB actively contributed, was published in October 2017. The overall conclusion of the report was that the application of the SSMR appeared to work well in practice, with no major changes needed to the legal framework at this stage. The report also concluded that the supervisory pillar of the Banking Union has been successfully established, functions well and has proven its effectiveness. The report is also discussed in EC 3 of CP 2. As noted in EC 2 above, the ECB is subject to technical standards developed by the EBA and adopted by the Commission, and also to the EBA’s European Supervisory Handbook. EBA technical standards and guidelines are subject to formal public consultation. To meet its aspirations to be a best practice supervisory agency, particularly in terms of instruments and practices, the ECB contributes to the development of draft regulatory technical standards (RTS) or ITS by the EBA. The ECB is also entitled to draw the attention of the EBA to a potential need to submit to the Commission draft standards amending existing RTS or ITS. The ECB has defined and will continue defining supervisory approaches in policy stances and supervisory expectations to ensure a consistent application of supervisory law and a level playing field.35 Additionally, as noted in EC1 above, the ECB may adopt regulations to the extent necessary to organize or specify the arrangements for carrying out its tasks. Before adopting a regulation, the ECB must conduct open public consultations and analyze the potential related costs and benefits, unless such consultations and analyses are disproportionate in relation to the scope and impact of the regulations concerned or in relation to the particular urgency of the matter. In that case, the ECB must justify that urgency. To date, the ECB has adopted the following regulations after public consultations: ECB Regulation on reporting of supervisory financial information; ECB Regulation on supervisory fees; ECB SSMFR; and ECB Regulation on the exercise of options and discretions for SIs. While public consultation is only legally required for ECB regulations, the ECB has also conducted a number of public consultations on supervisory approaches, so as to inform the public about the proposed adoption of a new supervisory stance and to benefit from comments. Consultations have covered: ECB Guide on options and discretions available in Union law; ECB Guide on the approach to the recognition of institutional protection schemes for prudential purposes; ECB Guidance on NPLs; ECB Guidance on leveraged transactions; Addendum to ECB Guidance on leveraged transactions; ECB Guide to fit-and-proper supervision; ECB Guide concerning the assessment of license applications; ECB Guide concerning the assessments of fintech credit institution license applications; ECB Guide to onsite inspections and internal model investigations; ECB Guide on materiality assessment; Guideline on the options and discretions available in Union law by NCAs in relation to LSIs (ECB/2017/9); and Recommendation on common specifications for the exercise of some options and discretions available in Union law by NCAs in relation to LSIs (ECB/2017/10).
EC5	The supervisor has the power to: (a)have full access to banks’ and banking groups’ Boards, management, staff, and records in order to review compliance with internal rules and limits as well as external laws and regulations; (b)review the overall activities of a banking group, both domestic and cross-border; and (c)supervise the activities of foreign banks incorporated in its jurisdiction.
Description and findings re EC5	With respect to criterion EC 5 (a): In accordance with Article 10 of the SSMR, the ECB may require credit institutions; financial and mixed financial holding companies; and mixed-activity holding companies, established in the Euro Area, to provide all information necessary in order to carry out its supervisory tasks. The ECB may also request information from persons belonging to these entities or from third parties to whom those entities have outsourced functions or activities. In addition, pursuant to Article 11 of the SSMR, the ECB may conduct investigations of any of these entities, persons or third parties, when those are established or located in the Euro Area. To that end, the ECB is empowered to: require the submission of documents; examine the books and records of the persons referred to in Article 10 and take copies or extracts from such books and records; obtain written or oral explanations from any person referred to in Article 10 or their representatives or staff; and interview any other person who consents to be interviewed for the purpose of collecting information relating to the subject matter of an investigation. The ECB may also conduct all necessary onsite inspections according to Article 12 of the SSMR and may, for that purpose, enter any business premises and land of the legal persons subject to an investigation. With respect to criterion EC 5 (b): Article 4(1)(g) of the SSMR empowers the ECB to carry out supervision on a consolidated basis over credit institutions’ parents established in the Euro Area, including over financial holding companies and mixed financial holding companies. It is also involved in the consolidated supervision of cross-border institutions and groups, either as a home supervisor or a host supervisor in colleges of supervisors. If parents of a significant credit institution are established outside the Euro Area but in the EU/EEA, the ECB participates in supervision on a consolidated basis, including in colleges of supervisors, with the relevant NCAs as observers. Within the SSM, the ECB is the competent authority for participation in EU or international supervisory colleges for significant banking groups. The ECB may conclude MoUs with non-SSM NCAs in order to describe, in general terms, how they will cooperate with one another in the performance of their supervisory tasks (Article 3 of the SSMR). The conclusion of such a memorandum is specifically required by the SSMR with the NCA of each non-participating Member State that is home to at least one G-SII. To date, however, no MoUs or close cooperation agreements have been concluded with non-SSM NCAs (see CP 3). In addition, pursuant to Article 8 of the SSMR, the ECB may also develop contacts and enter into administrative arrangements with supervisory authorities of third countries (i.e., countries outside the EU), subject to appropriate coordination with the EBA. Under “step in” arrangements, the ECB took the place of NCAs in cooperation arrangements with other authorities entered into prior to November 4, 2014 that cover at least in part the supervisory tasks transferred to the ECB (Article 152 of the SSMFR). With respect to ECB 5 (c): The ECB has direct supervisory competence in respect of credit institutions, financial holding companies, and mixed financial holding companies, established in the Euro Area, and branches in the Euro Area of credit institutions established in the EU/EEA that are significant. For less significant branches of EU/EEA parents, the host authority is the respective NCA (Article 14 of the SSMFR). If a non-participating Member State establishes a college as the home authority, an onsite inspection of branches is possible under Article 159 of CRD IV. In accordance with Article 18 of the SSMFR, the ECB is the coordinator of financial conglomerates for SIs and the NCA the coordinator of financial conglomerates for LSIs. Similarly, foreign banks establishing a subsidiary in the Euro Area are authorized by the ECB and directly supervised by the ECB when classified significant. However, foreign banks establishing a branch or providing cross-border services in the EU are directly supervised by the relevant NCAs (Recital 28 of the SSMR) and regulated by national laws and regulations. Such branches are neither subject to CRD/CRR (and related EBA RTS/ITS and guidelines), nor to consolidated supervision at the EU level.
EC6	When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardize the bank or the banking system, the supervisor has the power to: (a)take (and/or require a bank to take) timely corrective action; (b)impose a range of sanctions; (c)revoke the bank’s license; and (d)cooperate and collaborate with relevant authorities to achieve an orderly resolution of the bank, including triggering resolution where appropriate.
Description and findings re EC6	Also see CP 11. The ECB has a broad range of measures it may take (and/or require a bank to take) to ensure timely corrective actions.36 Those measures include a wide range of supervisory powers as well as administrative measures and administrative penalties. In line with Article 102 of CRD IV for supervisory measures and Articles 27–29 of the BRRD for early intervention,37 the ECB has the power to intervene at an early stage in order to require an institution to take the necessary corrective measures to address relevant problems (e.g., when the institution does not meet relevant regulatory requirements or when the ECB has evidence that the institution is likely to breach these requirements). The assessment whether an institution infringes or is likely to infringe requirements is based on the outcome of the SREP. Any corrective measures should be the most appropriate for the particular weaknesses identified and proportionate to the particular circumstances. Additional supervisory measures available to the ECB under Article 16(2) of the SSMR include requiring institutions to hold additional own funds, to reinforce governance arrangements and procedures, and to apply a specific provisioning policy or treatment of assets in terms of own funds requirements; restricting or limiting the business, operations, or network of institutions; requesting the divestment of activities that pose excessive risks to the soundness of an institution; or requiring institutions to limit variable remuneration. The available early intervention measures described in Article 27 (1) of the BRRD include: requiring the management body of the institution to implement one or more of its recovery measures, to draw up and implement an action plan to overcome problems, or to convene a meeting of shareholders of the institution and require certain decisions to be considered for adoption by the shareholders; requiring one or more members of the management body or senior management to be removed or replaced; requiring the management body of the institution to draw up a plan for negotiation on restructuring of debt with some or all of its creditors according to the recovery plan, where applicable; requiring changes to the institution’s business strategy or its legal or operational structures; and acquiring, all the information necessary in order to update the resolution plan and prepare for the possible resolution of the institution and for valuation of its assets and liabilities in accordance with Article 36 of the BRRD. Under Articles 28 and 29 of the BRRD, the ECB can under specific conditions also remove the senior management or management body of the institution and appoint a temporary administrator. In addition, where a supervised entity, intentionally or negligently, breaches a requirement, the ECB may impose sanctions (see CP 11). The ECB also has the powers to withdraw the authorization of a credit institution (see EC1 of CP 5). In the case of the resolution of SIs and other cross-border banks, the SRB adopts a resolution scheme only when it assesses that a number of conditions are met. The ECB assesses one of the conditions for SIs or groups under its direct supervision, namely whether the condition that the entity is failing or is likely to fail is met, and communicates this assessment to the SRB and the Commission without delay. Under certain conditions, the determination that an entity is failing or likely to fail can also be made by the SRB. Where such a determination is made by either the ECB or the SRB, other external stakeholders have to be informed as well, e.g., the relevant deposit guarantee scheme(s), the competent ministries, the European Systemic Risk Board (ESRB) and the designated national macroprudential authority. Moreover, to support any resolution action(s), the ECB provides advice to the SRB and relevant NRA in the resolution stage and on necessary follow-up actions, e.g., authorization of a bridge bank and withdrawal of the license of the ‘old’ institution, where appropriate. Once an SI or group is in resolution and under the control of the SRB, the general obligation on the ECB to provide the resolution authority on request with all the information relevant for the exercise of its tasks continues to apply.38 In addition, the BRRD envisages certain tasks to be performed by the banking supervisor, e.g., assessing in agreement with the resolution authority the credibility that a business reorganization plan in the context of the bail-in instrument, if implemented, will restore the long-term viability of the institution. Where a bridge institution is set up by the resolution authority, it may submit a request to the banking supervisor for a temporary exemption of the conditions for authorization.39 In these cases, the relevant NCA would receive the request for authorization, but the ECB would grant authorization and it could become the competent banking supervisor for the bridge bank if it were an SI. The resolution authority will publish on its website and also request that the institution under resolution, the EBA and the ECB publish on their websites a copy of the resolution order or instrument or a summary note, and in particular the effects on retail customers and the terms and period of suspension or restriction.40
EC7	The supervisor has the power to review the activities of parent companies and of companies affiliated with parent companies to determine their impact on the safety and soundness of the bank and the banking group.
Description and findings re EC7	In the case of SIs, ECB banking supervision is performed both on a solo and on a consolidated basis. In the same vein, the assessment of the significance of banks and banking groups is done at the highest level of consolidation in the Euro Area. In relation to significant credit institutions or groups, the ECB carries out supervision, on a consolidated basis, of the parents of credit institutions established in one of the participating Member States, including over financial holding companies and mixed financial holding companies (Article 4(1)(g) of the SSMR). The ECB chairs supervisory colleges of groups of SIs with head office in a participating Member State and takes part in supervisory colleges for SIs with headquarters outside the Euro Area. The NCAs have the right to participate in such colleges as observer. Similarly, the ECB has the power to require credit institutions as well as financial holding companies and mixed financial holding companies in the Euro Area to take necessary measures. For such entities, the ECB may also use the powers conferred to the supervisor by the national law transposing Union law, or request the NCA to make use of its purely national powers. Where a significant credit institution or group has insurance or investment activities outside the banking perimeter, the ECB consults with the relevant national authority in terms of the EU’s FICOD.
Assessment of Principle 1	Largely Compliant
Comments	The SSM has established a clear allocation of responsibilities for the supervision of Euro Area credit institutions between the ECB and the NCAs in participating Member States. However, the legal underpinnings of the SSM are complex. The supervisory function has been “force fitted” over a complicated interplay of EU and national laws that had not envisaged a unified approach. Differences in national laws have been a challenge to achieving a consistent application of prudential rules and promotion of a level playing field among Euro Area banks. The ECB has a broad range of powers provided for in the CRR and the SSMR and can apply the powers set out in CRD IV as transposed into national legislation. However, the EU legislation also makes available a considerable number of options and discretions to either the NCAs or the Member States that allow modification of some of the provisions. As the competent authority, the ECB can exercise and harmonize the options and discretions granted to NCAs in the SSM, and it has made strong progress in this direction. The ECB has also publicly clarified that it is competent to directly exercise several “clusters” of supervisory powers granted to NCAs, when these powers are clearly used for prudential purposes and fall within the ECB’s supervisory tasks. Where the exercise of options and discretions is attributed to Member States, the ECB must apply national legislation and it cannot harmonize these types of options and discretions. Furthermore, national powers differ quite considerably, and need to be assessed on a case-by-case basis by applying a two-pronged test to establish whether the ECB can exercise these powers directly. Harmonization in these areas would require amendments to EU legislation, which should be pursued as a matter of priority. Though the ECB has a broad range of powers, the SSM legislative framework—reflecting the uneven coverage of national laws—leaves the ECB facing gaps and asymmetries in its supervisory powers. The ECB does not have supervisory powers that apply to all significant forms of credit intermediation in the Euro Area. In particular, investment firms undertaking “bank like” business in the Euro Area are subject to many of the same regulations as banks, including for capital and liquidity, but are currently supervised nationally even when they are of significant size and very active in cross-border business. In addition, Euro Area branches of non-EU or EEA banks, unlike their subsidiaries, are neither subject to CRD IV/CRR (and related EBA standards and guidelines), nor to consolidated supervision at the EU level;41 they are regulated by national laws and regulations, which vary significantly, and are supervised directly by local NCAs. This issue is discussed in detail in CP 5. The Commission’s proposals for an extensive revision of EU law related to prudential supervision provide an opportunity for harmonization and clarification of the ECB’s supervisory powers. In its opinion of November 2017 on these proposals, the ECB noted that large and complex “bank like” investment firms, particularly those with cross-border operations, can pose financial stability risks as well as an increased risk of spill-over effects on other banks. It has also proposed that EU law should include a clear reference to additional supervisory powers in a number of areas, to avoid legal uncertainty and to ensure a level playing field with regard to supervisory powers across the Banking Union. These areas mainly relate to acquisitions in third countries (see CP 7), mergers, asset transfers, and other strategic decisions, the amendment of credit institutions’ statutes and their shareholders’ agreements on the exercise of voting rights, the provision of credit to related parties, the outsourcing of activities by credit institutions, supervisory powers regarding external auditors, and additional powers related to the authorization of credit institutions. The Largely Compliant rating for CP 1 acknowledges the gaps and asymmetries in the ECB’s supervisory powers, which are material in some specific areas, but also recognizes the clear responsibilities and objectives of the ECB within the SSM, and the broad range of powers available to it under legislation, and being employed, to ensure effective supervision of Euro Area banks and to promote the safety and soundness of the Banking Union.
Principle 2	Independence, accountability, resourcing, and legal protection for supervisors. The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor.
Essential criteria
EC1	The operational independence, accountability, and governance of the supervisor are prescribed in legislation and publicly disclosed. There is no government or industry interference that compromises the operational independence of the supervisor. The supervisor has full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision.
Description and findings re EC1	Article 130 of the Treaty on the Functioning of the EU and the SSMR require that the ECB act independently. The ECB’s independence encompasses functional, institutional, personal and financial independence,42 and extends to its supervisory tasks. The same requirement for independence applies to the NCAs. Article 19 of the SSMR provides that: “When carrying out the tasks conferred on it by this Regulation, the ECB and the NCA acting within the SSM shall act independently. The Members of the Supervisory Board shall act independently and objectively in the interest of the Union as a whole and shall neither seek nor take instructions from the institutions or bodies from the Union, from any government of a Member State, or from any other public or private body.” ECB banking supervision is also subject to high standards of democratic accountability to ensure confidence and transparency in the conduct of this function. As a European institution, the ECB is primarily accountable to the European Parliament and the European Council, in line with Article 20 of the SSMR. The practical arrangements for this accountability are described in the Interinstitutional Agreement with the European Parliament and in the MoU with the European Council (see EC 3 below). Moreover, the ECB submits its annual report on banking supervision to national parliaments (NPs) and these may address their considered observations to the ECB (Article 21 of the SSMR).
EC2	The process for the appointment and removal of the head(s) of the supervisory authority and members of its governing body is transparent. The head(s) of the supervisory authority is (are) appointed for a minimum term and is removed from office during his/her term only for reasons specified in law or if (s)he is not physically or mentally capable of carrying out the role or has been found guilty of misconduct. The reason(s) for removal is publicly disclosed.
Description and findings re EC2	The Supervisory Board of the ECB is composed of a Chair, a Vice-Chair, four ECB representatives, and one representative of each NCA, who can be accompanied by one representative of the national central bank (NCB) if the NCA is not the NCB (this is the case for Austria, Estonia, Finland, Germany, Latvia, Luxembourg, and Malta). The process for the appointment of the Chair and Vice-Chair of the Supervisory Board, as well as of the four ECB representatives, is described in Article 26 of the SSMR, the ECB Rules of Procedure and Decision ECB ECB/2014/4 of February 6, 2014 on the appointment of representatives of the ECB to the Supervisory Board. The Chair is chosen on the basis of an open selection procedure, on which the European Parliament and the Council are kept duly informed, from among individuals of recognized standing and experience in banking and financial matters and who are not members of the Governing Council. The Interinstitutional Agreement with the European Parliament and the MoU with the Council provide that the ECB shall specify and make public the criteria for the selection of the Chair and describe arrangements that ensure a proper involvement of the European Parliament and Council in the procedures. The Vice-Chair is chosen from among the members of the Executive Board of the ECB, who are in turn appointed by the European Council, acting by a qualified majority, from among persons of recognized standing and professional experience in monetary or banking matters, on a recommendation from the Council, after it has consulted the European Parliament and the Governing Council of the ECB. The Chair and Vice-Chair are proposed by the ECB to the European Parliament for approval, after a public hearing has been held by the relevant Parliamentary Committee. Following approval of the Parliament, the Council adopts an implementing decision appointing them. The four ECB representatives are appointed by the Governing Council, on a proposal from the Executive Board, from among persons of recognized standing and experience in banking and financial matters. The term of office of the Chair, the Vice-Chair, and the four ECB representatives is five years, non-renewable. The Council may, following a proposal of the ECB that has been approved by the European Parliament, adopt a decision to remove the Chair from office, if he/she no longer fulfills the conditions required for the performance of his/her duties or has been guilty of serious misconduct. If the Vice-Chair, being at the same time a member of the Executive Board, no longer fulfills the conditions required for the performance of his/her duties or has been guilty of serious misconduct, the Court of Justice of the EU may, on application by the Governing Council or the Executive Board, compulsorily retire him/her from his/her function as member of the Executive Board. In such a case, the Council may, following a proposal by the ECB that has been approved by the European Parliament, adopt an implementing decision to remove him/her as well from the office of Vice-Chair. If an ECB representative no longer fulfills the conditions required for the performance of his/her duties, or if he/she has been guilty of serious misconduct, the Governing Council may, on application of the Executive Board and after having heard him or her, decide to remove him/her from office.
EC3	The supervisor publishes its objectives and is accountable through a transparent framework for the discharge of its duties in relation to those objectives.43
Description and findings re EC3	The objectives of ECB banking supervision are clearly stated in Article 1 of the SSMR. This Regulation confers on the ECB “… specific tasks concerning policies relating to the prudential supervision of credit institutions, with a view to contributing to the safety and soundness of credit institutions and the stability of the financial system within the Union and each Member State, with full regard and duty of care for the unity and integrity of the internal market based on equal treatment of credit institutions with a view to preventing regulatory arbitrage.” As noted in EC1 above, the ECB is accountable, mainly to the European Parliament and the Council and, to some extent, to NPs of the participating Member States. The main tool for accountability is the record of proceedings of each meeting of the Supervisory Board, which the ECB provides to the European Parliament, and the published ECB Annual Report on supervisory activities. This Report, which is also communicated to the Commission, the Eurogroup (an informal body of Ministers of the Euro Area Member States), and the NPs in the Euro Area, describes the implementation of the ECB’s supervisory tasks as well as the expected evolution of the structure and amount of supervisory fees. In practice, the Report is also an important element of communication about the priorities for supervision in the SSM for the coming year. The Chair of the Supervisory Board participates in public hearings in the European Parliament or in the Eurogroup, an informal body of Ministers of the Euro Area Member States. The ECB also replies in writing to questions posed by Members of the European Parliament, which are published on the ECB’s website. The ECB has a duty to cooperate in any investigations by the European Parliament, while the operational efficiency of the management of the ECB in exercising its supervisory tasks may be examined by the European Court of Auditors (ECA) (Article 20 of the SSMR). The first such review by the ECA was published in November 2016. In addition to this accountability to European institutions, the SSMR (Article 21) caters for a number of possible interactions and reporting requirements from ECB banking supervision to NPs. Members of NPs can ask the ECB written questions in respect of its tasks and the Chair or a Member of the Supervisory Board may be invited for an exchange of views in NPs regarding SIs in the respective Member State. Whether the exchanges of views are public or confidential depends on the institutional framework of each NP. Several such exchanges of views have taken place so far. This framework is without prejudice to the NCAs’ accountability to their NPs for their supervision of LSIs, for their residual tasks in the supervision of SIs (e.g., consumer protection, anti-money laundering (AML), counter-terrorism financing, third-country branches supervision), and for issues not related to supervision (e.g., budgets or human resources issues). Moreover, in order to enhance efficiency, the Commission will publish every three years a report on the application of the SSMR, with a special emphasis on monitoring the potential impact on the smooth functioning of the internal market. This report is to evaluate specific aspects of supervision listed in Article 32 of the SSMR, such as: the impact of ECB’s supervisory activities on the interest of the Union as a whole and on the coherence and integrity of the internal market in financial services; the division of tasks between the ECB and the NCAs within the SSM; the effectiveness of independence and accountability arrangements; the appropriateness of governance arrangements, including the composition of, and voting arrangements in, the Supervisory Board and its relation with the Governing Council. The Commission seeks the ECB’s views on specific issues for this review of Union legislation. The Commission’s first report under this mandate, which was focused on the legislative, institutional and procedural framework of the SSM, was issued in October 2017.44 The report assessed, inter alia, that the accountability arrangements applicable to the ECB are effective overall. In particular, the various processes and procedures in place for ensuring accountability towards political bodies such as the European Parliament, the Council, the Eurogroup, and NPs are frequently used in practice.
EC4	The supervisor has effective internal governance and communication processes that enable supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. The governing body is structured to avoid any real or perceived conflicts of interest.
Description and findings re EC4	The internal governance rules of the ECB and its banking supervision function are laid down, in particular, in the SSMR, the SSMFR, the ECB Rules of Procedure, and the Rules of Procedure of the Supervisory Board. The internal (communication) processes are specified further in the SSM Supervisory Manual. In addition, there is a general obligation to exchange information within the SSM, as introduced by Article 21 of the SSMFR. The decision-making processes in ECB banking supervision depend on whether supervisory actions are “operational acts” or are legally binding on supervised credit institutions. Operational acts are taken outside formal decision-making procedures, do not have a specific legal form and reflect the majority of the day-to day supervisory interaction with institutions (e.g., non-binding requests, statements, informal communication on supervisory expectations). Operational acts are decided by supervisors, without the involvement of the Supervisory Board and the Governing Council. However, all legally binding acts, including all supervisory decisions, need to be submitted to the Supervisory Board for approval, which then submits the draft decision to the Governing Council for adoption, under a nonobjection procedure. Consequently, both bodies are confronted with a very high number of supervisory decisions to be adopted (around 2,000 decisions a year, including many routine decisions), and the process has a considerable impact on the complexity and duration of decision-making even for straightforward decisions. This becomes particularly challenging if supervisory decisions need to be taken within defined legal deadlines. In response, the Governing Council has introduced a delegation framework that allows certain supervisory decisions, which involve limited discretion, to be delegated to nominated ECB managers. Implementing such delegation required two steps: firstly, a general framework setting out the institutional requirements for the delegation of decision-making powers: and, secondly, a specific framework for the types of supervisory decisions that are subject to delegation, setting out the relevant criteria for the exercise of delegation. The first types of delegated decisions, from June 2017, were “fit-and-proper” decisions, which represent the large majority of the ECB supervisory decisions, as well as decisions amending the significance of supervised entities or groups. The volume of routine decisions going to the Supervisory Board has fallen considerably as a result. The ECB is currently considering extending the delegation framework to other types of routine decisions, such as own funds decisions, for which there is critical mass and clear assessment criteria that allow limited discretion. The timelines for decision-making reflect the procedural steps laid down in the legal framework. These timelines must be reasonable (i) to ensure a proper interaction between the ECB and NCAs; (ii) to allow the Supervisory Board and the Governing Council to properly review draft decisions and to take reasoned decisions; and (iii) to respect the rights of the addressees of decisions. The ECB has endeavored to streamline the decision-making process by written procedures for routine decisions and by standardizing and simplifying the documentation to be submitted to the decision-making bodies. In addition, if need be, the timeframe can be reduced substantially using fast-track procedures such as shortening the time limits for approval or taking decisions at teleconferences. For instance, in emergency situations such as a crisis, decisions are more likely to be approved by the Supervisory Board in a teleconference, which may include the Governing Council or be held back-to-back with a Governing Council teleconference where the decision is adopted. These fast-track procedures allow the ECB to take decisions within a day, when necessary. In 2014, the Supervisory Board adopted a Code of Conduct to provide a general framework of high ethical standards that the members and other participants in Supervisory Board meetings are to observe. The Code establishes specific procedures to deal, among other things, with potential conflicts of interest, private financial transactions, and cooling-off periods. In substance, the Code of Conduct requires Supervisory Board members to comply with the rules on private financial transactions adopted by the ECB for its own staff. However, for Supervisory Board members who are representatives of NCAs, compliance with and monitoring of rules on private financial transactions are subject to any applicable national procedural rules. At the same time, the Code requires Supervisory Board members to disclose in writing any situation that could cause or could be perceived as causing a conflict of interest (these members will not participate in any deliberation or vote in relation to that situation). A high-level Ethics Committee has been established to support and advise Supervisory Board members in the application of ethics rules.
EC5	The supervisor and its staff have credibility based on their professionalism and integrity. There are rules on how to avoid conflicts of interest and on the appropriate use of information obtained through work, with sanctions in place if these are not followed.
Description and findings re EC5	The ECB’s Ethics Framework, which applies to all ECB staff, was revised in 2014. The revised Framework strengthens, in particular, the rules on avoiding conflicts of interest, as well as the rules governing gifts and hospitality, private financial transactions, professional secrecy, and cooling-off periods. It also establishes a Compliance and Governance Office, which advises all ECB staff and monitors compliance. In order to strengthen its impartiality and reputation, ECB banking supervision adopted a broad concept of conflicts of interests, and ethics rules have been laid down in order to avoid conflicts of interests during the recruitment phase and during ECB employment. In addition, restrictions have been established to avoid conflicts of interest arising from subsequent employment activities. To avoid the inappropriate use of information obtained through work, strict rules have been laid down regarding private financial transactions. Members of staff are also prohibited, even after their duties have ceased, from making unauthorized disclosure of any information that they have received in the performance of their duties, unless that information has already been made public. Disciplinary measures may be adopted in case of breach of professional duties, intentionally or by negligence.
EC6	The supervisor has adequate resources for the conduct of effective supervision and oversight. It is financed in a manner that does not undermine its autonomy or operational independence. This includes: (a)a budget that provides for staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the banks and banking groups supervised; (b)salary scales that allow it to attract and retain qualified staff; (c)the ability to commission external experts with the necessary professional skills and independence, and subject to necessary confidentiality restrictions to conduct supervisory tasks; (d)a budget and program for the regular training of staff; (e)a technology budget sufficient to equip its staff with the tools needed to supervise the banking industry and assess individual banks and banking groups; and (f)a travel budget that allows appropriate onsite work, effective cross-border cooperation, and participation in domestic and international meetings of significant relevance (e.g., supervisory colleges).
Description and findings re EC6	The SSMR provides that the ECB must be able to devote adequate resources to carry out its supervisory tasks effectively. It further requires that these resources be financed via a supervisory fee borne by the entities subject to the ECB’s supervision. The Supervisory Board does not exercise control over the ECB’s supervisory budget. The budgetary authority of the ECB is vested in its Governing Council. This body adopts the ECB’s annual budget, which encompasses the budgetary needs of the supervisory function, based on a proposal put forward by the Executive Board of the ECB after consultation with the Chair and the Vice-Chair of the Supervisory Board. The Governing Council is assisted in matters related to the budget by the Budget Committee (BUCOM) consisting of members from all NCBs of the Eurosystem and the ECB. The BUCOM evaluates the ECB’s reports on budget planning and monitoring and reports directly to the Governing Council. Hence, resources for ECB banking supervision are allocated within broader organizational priorities of the ECB. The annual budget covers all operating expenses, including those related to support functions. Since the establishment of the SSM, ECB banking supervision has been able to augment its original staffing allocation based on an improved understanding of the banks it was supervising, the desired level of supervisory intensity, and the resources needed for a number of key tasks. In September 2015, the Governing Council, which is the decision-making body for headcount decisions, agreed to augment the SSM-related headcount, to be implemented over the following two years; this increase significantly strengthened the JSTs as well as selected horizontal and oversight functions. In its 2016 review of the SSM, the ECA noted indications that staffing levels in ECB banking supervision at that time were insufficient, and recommended in particular that the ECB substantially increase the presence of its own staff in onsite inspections. The ECB accepted this recommendation. JSTs may request that an ECB staff member be appointed to lead an onsite inspection team, and have done so in the case of critical supervisory issues, to compensate for skills shortages or to ensure an independent pair of eyes. However, resource constraints have meant that ECB staff have led only around 10 percent of inspections, many fewer than the ECB would have preferred. More recently, the Governing Council has approved additional headcount for ECB banking supervision to prepare for the consequences of Brexit; increases will take place over 2018 and 2019. Other factors that will bear on future ECB headcount include the identification of synergies and opportunities to streamline work processes, and new supervisory tasks, e.g., in the context of crisis management and cooperation with the SRB. As envisaged under the SSM arrangements, a significant share of supervisory resources comes from the NCAs. The average composition of JSTs is around 25 percent ECB staff and 75 percent NCA staff, but this average masks considerable variation in the ratio across the different clusters of credit institutions; for some of the smaller and less complex SIs, the ratio is closer to 50/50. The average composition of onsite inspection teams is less than 10 percent ECB staff and more than 90 percent NCA staff, though inspection teams in some member states often comprise only NCA staff. NCA staff assigned to JSTs and to onsite inspections are determined and funded by each NCA, and remain part of the NCA’s personnel and organizational structure, including performance assessments and remuneration. As a consequence, the ECB does not have control over the levels, suitability, and performance of staff dedicated to the supervision of SIs (see EC 7 below). The ECB’s salary and benefit structure (applying to all ECB staff) has so far proven sufficiently attractive to hire and retain supervisory staff. The level of qualifications and experience is taken into account when determining the entry salary. ECB banking supervision has the ability to commission external consultants. Such consultants are subject to the same professional secrecy requirements as ECB staff members when they provide services related to the discharge of supervisory duties. In order to successfully pass on knowledge and develop skills, and to support the promotion of a common SSM culture, a dedicated training curriculum for the SSM has been developed that complements general training available at the ECB and training available locally at NCAs. SSM training activities are centrally coordinated and are open to all SSM staff. The Steering Group for Supervision Training has devised an SSM training curriculum that is currently being rolled out.
EC7	As part of their annual resource planning exercise, supervisors regularly take stock of existing skills and projected requirements over the short- and medium-term, taking into account relevant emerging supervisory practices. Supervisors review and implement measures to bridge any gaps in numbers and/or skill-sets identified.
Description and findings re EC7	ECB banking supervision benefits from the assistance of the NCAs and consequently from the skills and competences available at national level. Under the SSMR, the NCAs have a duty to cooperate in good faith, but the number of NCA staff to be made available to the ECB for JSTs and onsite work is not set out in any formal agreement. NCAs have some discretion in allocating the supervisory resources committed to JSTs. The commitment of NCA headcount is determined in the context of ECB banking supervision’s annual supervisory planning process (see EC 8 below). However, assignment to the ECB does not imply that individual NCA staff must work full-time on ECB supervisory tasks. NCAs commit only that their staff will be available 80 percent of the time (90 percent for some NCAs); staff may be taken “offline” by their NCA to work on LSI supervision or other matters in response to domestic priorities. As a consequence, the availability of NCA staff at any particular point cannot always be assured; in some JSTs, NCA staff may contribute as little as 25 percent of their time. Moreover, smaller NCAs facing their own staffing constraints can find it difficult to honor commitments. Commitments made by the NCAs are regularly monitored through surveys and discussed bilaterally and multilaterally. The Supervisory Board also receives a regular report on NCA headcount in the supervision of SIs (actual vs. committed). Drawing on experience gained so far, ECB banking supervision is seeking to optimize staff allocation based on supervisory needs and priorities. This process includes quantitative as well as qualitative analysis in order to balance the demand of headcount and required skills with the available workforce and expertise in the SSM. Three years after the establishment of the SSM, a program of rotation of JST Coordinators and supervisors has now commenced, as a means of broadening experience and perspectives, and avoiding regulatory capture. In its 2016 review of the SSM, the ECA recommended that the ECB amend the SSMFR to formalize commitments by NCAs and ensure that all NCAs participate fully and proportionately in the supervision of SIs. In its response, the ECB did not rule out the possible need for amendment to the SSMFR, but indicated a preference at this point for continued collaboration with NCAs to ensure that JSTs are always sufficiently staffed.
EC8	In determining supervisory programs and allocating resources, supervisors take into account the risk profile and systemic importance of individual banks and banking groups, and the different mitigation approaches available.
Description and findings re EC8	The level of supervisory engagement with SIs is governed by a detailed SEP for each SI that aims to ensure that interactions are risk-based and proportionate. The responsibility for defining the SEP lies with ECB banking supervision, with the respective NCA contributing. SEPs are approved by the Supervisory Board. Individual SEPs build upon the ECB’s annual Supervisory Priorities, the SSM Supervisory Principles and the SSM Supervisory Manual. The Supervisory Priorities are identified through a strategic planning exercise and take into account the macroprudential information at the ECB’s disposal. The SEPs define the main supervisory activities that will be carried out to monitor risks and address weaknesses of each SI, and are assessed and reviewed twice a year. SEPs set out the detailed activities that go beyond the defined minimum engagement levels (MELs), taking into account the specific risk profile of each institution. They form a solid core examination program that ensures appropriate intensity and frequency of supervisory work, and that system-wide risks are taken into account. Assessors saw a number of examples of SEPs. Two complementary consolidated SEPs have been developed in parallel to the individual SEPs. The first refers to the on-going supervision activities to be carried out by the JSTs and the second contains the onsite inspections and internal model investigations. Under the first consolidated SEP, each SI is classified in each risk category according to a level of engagement (Intense, Enhanced, Standard, or Basic) that depends on the risk score and the SI’s size and complexity. For each risk category, a set of core activities and respective frequency is proposed as the basis of the on-going supervision program. This constitutes the MEL for each SI. The MEL forms the basis for operational supervisory work and, as a general rule, must be performed by each JST. JSTs will then either comply with this requirement or explain any deviations. The execution of planned activities is monitored through the year and, if necessary, the SEP may be reviewed in response to possible emerging risks and their outcomes. The review may also address emerging resource constraints so as to make best use of available resources and to avoid bottlenecks. Conflicting plans or resource constraints may be tackled by reprioritizing, moving, or cancelling certain activities or by requesting the allocation of additional resources. Under the second consolidated SEP, in which JSTs and NCAs are also strongly involved, each JST submits a list of requests for onsite inspections and internal model investigations for the year, classifying each request according to its priority (also taking into account the supervisory priorities) and urgency. Horizontal functions in ECB banking supervision review the supervisory needs, also taking into account the resources available both in the ECB and in the NCAs. The activities are planned following a risk-based and proportionate approach. Moreover, in order to foster harmonization, disseminate best practices and reinforce the sense of unity, ECB banking supervision has recourse to staff from other NCAs in the SSM. For European cross-border institutions, the supervisory planning process contains the relevant procedures according to CRD IV (e.g., colleges of supervisors, joint risk assessment, joint decisions).
EC9	Laws provide protection to the supervisor and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The supervisor and its staff are adequately protected against the costs of defending their actions and/or omissions made while discharging their duties in good faith.
Description and findings re EC9	In accordance with Article 39 of the Statute of the European System of Central Banks, “The ECB shall enjoy in the territories of the Member States such privileges and immunities as are necessary for the performance of its tasks, under the conditions laid down in the Protocol on the privileges and immunities of the European Union.” In terms of Articles 11 and 22 of Protocol (No 7) on the privileges and immunities of the EU, ECB staff and members of its organs are “immune from legal proceedings in respect of acts performed by them in their official capacity, including their words spoken or written. They shall continue to enjoy this immunity after they have ceased to hold office.” The ECB is, however, liable for its actions and is subject to judicial control by the Court of Justice of the EU, which may annul ECB decisions. Actions may be brought by any legal or natural person, within a time limit of two months, against an act addressed to that person or which is of direct and individual concern to them. The ECB is required to make good any damage caused by it or by its staff in the performance of their duties, provided that their conduct infringes laws conferring rights on third parties, is sufficiently serious and there is a causal link between this unlawful conduct and the damage caused. This is without prejudice to the liability of NCAs to make good any damage caused by them or by their staff in the performance of their duties in accordance with national legislation (Recital 61 of the SSMR). NCA staff participating in internal bodies of the ECB, such as the Supervisory Board or JSTs, enjoy functional immunity in the EU according to Article 10 of the Protocol (No 7) on the privileges and immunities of the EU: “Representatives of Member States taking part in the work of the institutions of the Union, their advisers and technical experts shall, in the performance of their duties and during their travel to and from the place of meeting, enjoy the customary privileges, immunities and facilities.”
Assessment of Principle 2	Largely Compliant
Comments	The independence of the ECB’s banking supervision function is enshrined in law, and the ECB performs its supervisory tasks in an operationally independent manner. In principle, the fact that all legally binding supervisory decisions sent to individual institutions need to be submitted to the Supervisory Board, where all NCAs are represented, and then to the Governing Council for approval, provides further protection from “regulatory capture” and the promotion of special interests. In practice, the dominance of national representatives, with natural domestic allegiances, on the Supervisory Board may make it more challenging to achieve outcomes that give priority to the interests of the Banking Union. On some issues, the presence of strong national interests may work against timely policy responses. Decision-making processes in ECB banking supervision are complex and time-consuming. A substantial volume of supervisory decisions requiring Governing Council approval are routine decisions that, in many other supervisory agencies, would be made at the operational level. In many respects, this complexity is due to constraints resulting from EU law and cannot be easily remedied. Nonetheless, the Supervisory Board has taken important steps to streamline decision-making processes and reduce the burden they impose on the Board and the Governing Council, freeing up members of these two bodies (and the staff who support them) to focus more fully on strategic and policy decisions. The new delegation framework, which truncates decision-making for certain routine decisions at the level of ECB Senior Manager, has considerably shortened timetables, and delegation of other types of decisions that involve limited discretion is under discussion. In emergency situations, the decision-making timeframe can be reduced substantially using fast-track procedures, and the assessors saw evidence of the use of these procedures. With the SEP, ECB banking supervision has a well-structured process for determining and prioritizing its resource needs. An important constraint on this process, however, is that the aggregate resources available to ECB banking supervision to supervise SIs are variable and beyond its control. In the first place, the Supervisory Board does not exercise control over the ECB’s supervisory budget; resources for supervision are allocated within broader organizational priorities of the ECB. Hence, within the ECB itself the supervisory function may need to compete for resources within a given ECB budget envelope. Budget arrangements appear to have worked well to date, and ECB banking supervision has been able to augment its original staffing allocation. However, supervisory priorities may not always coincide with the ECB’s broader organizational objectives on matters related to resources and remuneration, in which case the timely resourcing of the ECB supervision function could not be assured. In the second place, the ECB does not have full control over the levels of NCA staff dedicated to the supervision of SIs, nor over their suitability and performance. Assessors were advised that the ECB has experienced varying levels of cooperation from NCAs in making up supervisory teams, but collaboration is improving for offsite supervision. In some cases, JSTs have been given sufficient NCA headcount at the beginning of the planning cycle but found that team members were pulled away for a time with little notice because of exigencies at the NCA, or were changed over the cycle. This resulted in a loss of continuity and left some JSTs very stretched. In other cases, the commitment of staffing has been constrained by budget pressures facing NCAs or by shortages of appropriate skills, particularly in smaller NCAs that may have lost key staff to the ECB. At times, close relationship management has been required. As the SSM moves beyond its “settling in” phase and the relationship between ECB banking supervision and the NCAs matures, some of these staffing tensions may ease. However, if collaborative efforts cannot ensure the level, suitability and availability of NCA staff committed to JSTs, more formal arrangements may be necessary. One option would be a binding commitment on NCAs that staff for SI supervision must be available for a minimum of at least 75 percent of their time. One issue raised with assessors was that the attitude of individual NCA team members may be problematic if these members view JST work as being secondary to other NCA work since their performance appraisal, remuneration, and promotion prospects are determined by their NCA. The ECB is now trialing arrangements under which the JST Coordinator provides feedback to the local JST sub-coordinator on their performance. However, there is no guarantee that this feedback will be considered in the formal local performance review, and the arrangements are facing resistance on privacy and labor law grounds.
Principle 3	Cooperation and collaboration. Laws, regulations, or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.45
Essential criteria
EC1	Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with all domestic authorities with responsibility for the safety and soundness of banks, other financial institutions, and/or the stability of the financial system. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC1	Cooperation in the framework of the SSM The SSM envisages a highly structured form of cooperation for Euro Area banking supervision, which goes well beyond the duties to exchange information and cooperate in good faith, as laid down in CRD IV and applicable to all EEA NCAs. The focal point of this heightened cooperation is the Supervisory Board itself, which is an internal ECB body and includes members of the ECB and one representative per competent authority of the participating Member States. The JSTs, which are the building block of Euro Area supervision, reinforce that cooperation, since the ECB relies heavily on NCA resources to staff the JSTs. For SIs operating entirely within the Euro Area, JSTs have replaced the previous cross-border supervisory framework based on the home-host division of labor and cooperation in supervisory colleges. Particular elements of cooperation between ECB banking supervision and Euro Area NCAs, in addition to ongoing supervision, include the full integration of the NCAs in the performance of the three so-called “common procedures” (authorization to take up the business of credit institution, lapsing and withdrawal of an authorization, acquisition of qualifying holdings in a credit institution), and the appointment of Heads of Missions for onsite inspections in consultation with the NCAs. Euro area NCAs are also regularly involved in the discussion of general and overarching supervisory issues through networks of national experts. Involvement on specific projects, such as the negotiation of MoUs with third countries, is also common at the staff level. Cooperation between the ECB and non-SSM NCAs Cooperation between the ECB and the non-SSM NCAs is based on the provisions of CRD IV. On top of that, under “step in” arrangements the ECB became a principal in the MoUs that these NCAs already had in place with the SSM NCAs. In accordance with Article 3 of the SSMR, the ECB is mandated to conclude an MoU with the NCAs of the non-participating Member States, including those that are home to at least one G-SII, as defined in Union law,46 although cooperation and exchange of information between competent authorities within the EU is already covered under CRD IV. The purpose of these MoUs is, inter alia, to clarify the information and consultation mechanisms in cases where ECB decisions on supervised credit institutions established in a participating Member State affect subsidiaries or branches established in non-participating Member States. To date, however, no MoUs or close cooperation agreements have been concluded with non-SSM NCAs. Cooperation between the ECB and relevant EU authorities Under the SSMR, the ECB is required to cooperate closely with the EBA, ESMA, EIOPA, and the ESRB and other authorities that form part of the European System of Financial Supervision. The ECB is also obliged to cooperate, and exchange supervisory information on supervised entities, with National Market Authorities (NMAs) of EU Member States if the information is sufficiently related to the responsibilities of the NMA and there are no overriding reasons not to disclose. This obligation, which applies even if no MoU is in place, does not imply that the ECB shares all information available on a specific supervised entity; the tasks and responsibilities of the requesting NMA must be taken into account. Against this background, the ECB has entered into an agreement with the EBA in order to share information on the key risks that might affect the banking system. The ECB also has non-voting member status on the EBA’s Board of Supervisors while the EBA can be invited to participate in the ECB’s Supervisory Board. The ECB has concluded an MoU with ESMA, among other things to reap the synergies deriving from the activities of both authorities. The ECB has also concluded with ESMA a Template MoU that the ECB is prepared to sign on a bilateral basis with NMAs upon an expression of interest from the NMAs. The ECB has signed such a Template MoU with the Italian Commissione Nazionale per le Societá e la Borsa, the Netherlands Authority for the Financial Markets, and the German Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin). Requests by NMAs for the disclosure of confidential information related to specific SIs have been increasing. The establishment of the SSM brought about important changes in the macroprudential framework in the EU. As before, the national competent or designated authorities can deploy two sets of macroprudential tools: (i) tools to counter systemic or macroprudential risks in the banking sector identified in the CRR/CRD IV and national specific law and (ii) other macroprudential tools identified in national legislation relating to the banking sector or other components of the financial system. However, the ECB can apply higher requirements or more stringent measures within the scope of the tools identified in the CRR/CRD IV. Thus, the ECB shares responsibility for macroprudential supervision with the national authorities. The ESRB is responsible for macroprudential oversight of the financial system within the EU and issuing warning and recommendations, when necessary. The participation of the ECB in the General Board of the ESRB (through high-level representatives) and in its Advisory Technical Committee allows for the interaction between the ESRB and the ECB, as well as the NCAs, and an exchange of views regarding the issuance of warnings/recommendations. Since the ESRB was established prior to the introduction of the Banking Union, the specific engagement of ECB banking supervision with the ESRB has not yet been formalized, although it is currently invited as an observer without voting rights. To strengthen cooperation and information flows, the EC in September 2017 put forward proposals to add the Chair of the ECB’s Supervisory Board and the Chair of the SRB as voting members of the ESRB General Board. Supplementary supervision In the EU, Directive 2002/87/EC (FICOD) establishes a legal framework for supplementary supervision of regulated entities (credit institutions, insurance and reinsurance undertakings, investment firms, asset management companies, and alternative investment fund managers) that are part of groups qualifying as financial conglomerates. The legal framework is supplementary to those in place for the sectorial supervision of the individual entities of conglomerates, in the sense that it is applied by using supervisory tools that add to (and do not replace) the sectoral rules. Supplementary supervision aims to provide a systematic monitoring of the risks stemming mainly from the interrelation between the insurance activities and the banking/financial activities within a same group. The financial position of financial conglomerates is mainly assessed through evaluation of capital adequacy, risk concentration, intra-group transactions, and internal controls within the conglomerate (see CP 12). FICOD establishes the criteria for identifying a competent authority to be the “coordinator” of supplementary supervision of regulated entities belonging to a financial conglomerate, and defines the tasks to be performed by it. FICOD also identifies which other authorities should participate in supplementary supervision and establishes the cooperation framework. Under the SSMR, the ECB has authority, for prudential supervisory purposes, to participate in supplementary supervision of financial conglomerates in relation to the credit institutions included in them. In the case of SIs, the ECB also assumes the coordinator role where it is appointed as such in accordance with FICOD; it is currently the coordinator for 27 financial conglomerates. Within the FICOD framework, the ECB is obliged to provide certain information to EU insurance supervisors, and vice-versa. At this point, there are no MoUs in place with EU insurance supervisors or with EIOPA. However, where ECB banking supervision chairs banking colleges for institutions designated as financial conglomerates, it has invited insurance/markets supervisors to attend as observers; ad hoc meetings have also been held between JSTs and insurance supervisors whether or not there is a college.
EC2	Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with relevant foreign supervisors of banks and banking groups. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC2	In the EEA, the principles of collaboration with authorities responsible for subsidiaries or branches of SSM-banking groups in third countries are based on the framework of supervisory colleges. The ECB sees supervisory colleges as a key mechanism for coordinating the supervision of cross-border banking groups. Where SIs have subsidiaries outside the Euro Area, the ECB is the consolidating (home) supervisor and chairs the relevant supervisory college, while the NCAs of the participating Member States where the parent, subsidiaries, and significant branches are established have the right to participate as observers. When the consolidating supervisor is not in the Euro Area, both the ECB and the NCAs participate in the college as (host) members/observers in line with the rules laid down in Article 10 of the SSMFR (see CP 13). The ECB currently participates in 45 supervisory colleges and, as the consolidating supervisor under CRD IV, is responsible for the operation of 30 of these colleges (plus a further four colleges that do not include EU participants other than the ECB). As the consolidating supervisor, the ECB is negotiating Written Coordination and Cooperation Arrangements (WCCAs) in order to facilitate crisis management within these colleges, and had concluded WCCAs for 16 colleges by end-February 2018. The Commissions’ 2017 Report on the SSM noted that supervisory colleges are viewed as particularly important where the ECB is host supervisor for subsidiaries of groups headquartered outside the Euro Area or for branches of non-Euro Area banks that are considered SIs. The participation of third-country authorities in EU colleges depends upon the evaluation of the equivalence of their confidentiality regime to the EU confidentiality regime. Under CRD IV, members of the colleges are to reach an agreement on this. The ECB has confirmed its compliance with the EBA Recommendations on the equivalence of confidentiality regimes. In order to ensure continuity with the cooperation framework and supervisory practices before the SSM, the ECB under “step in” arrangements became a principal in the MoUs that individual NCAs already had in place with some third-country authorities. As of September 2017, the ECB has become part of the MoUs and similar arrangements that 49 third countries had in place. ECB banking supervision also has the capacity to enter into administrative arrangements with the supervisory authorities of third countries in its own right, to provide the basis for information exchange and cooperation on matters such as authorization procedures, establishment of branches and subsidiaries, and the conduct of onsite inspections. The ECB has set up a network of national experts to work together with ECB staff to this end; the network has provided additional support for the drafting of an MoU template that is being used by the ECB as a basis for negotiating cooperation agreements with third country supervisory authorities. This template is largely based on the Basel Committee on Banking Supervision’s (BCBS) Statement of cooperation between banking supervisors (2014). In this context, the ECB is currently negotiating MoUs with supervisory authorities in a number of non-EU countries. The countries include the United States (Federal Reserve Board, Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation), Canada, Hong Kong, Japan, Singapore, and Switzerland. In December 2016, the ECB signed an MoU with the relevant authorities of Denmark, Finland, Norway, and Sweden for the conclusion of a cooperation agreement on the supervision of significant cross-border branches. An accession agreement to this MoU by the competent authorities of Estonia, Iceland, Latvia, and Lithuania was signed in April 2017. The ECB has also signed an MoU with Banco Central do Brazil and with the Mexican supervisory authority, Comisión Nacional Bancaria y de Valores. Negotiations with the supervisory authorities of South-eastern European countries (Albania, Kosovo, Serbia, Montenegro, Bosnia Herzegovina/Republika Srpska, FYRO Macedonia) have been finalized and the MoUs will be signed shortly. Home-host relationships have been augmented by trilateral meetings between ECB banking supervision and the Bank of England’s Prudential Regulation Authority (PRA) and the U.S. Federal Reserve Board. These meetings, two or three times a year, enable information to be shared at senior level on current supervisory issues and practices, and on detailed developments in individual G-SIBs and other banks.
EC3	The supervisor may provide confidential information to another domestic authority or foreign supervisor but must take reasonable steps to determine that any confidential information so released will be used only for bank-specific or system-wide supervisory purposes and will be treated as confidential by the receiving party.
Description and findings re EC3	CRD IV identifies a broad-ranging duty of cooperation within the EEA (Article 56) but also subjects the staff of competent authorities (and, individually, the persons working on behalf of the authorities, such as auditors) to a strict obligation of professional secrecy (Article 53). For ECB staff, the confidentiality rule is also laid down in Article 27 of the SSMR and in Article 37 of the Statute of the ESCB and of the ECB. The possible uses of confidential information by the receiving authority are limited. In particular, the information may only be used for specified supervisory purposes (Article 54 of CRD IV) and exchanged with a number of other institutions only in the discharge of specified purposes (Articles 56–59 of CRD IV). CRD IV allows for information sharing with authorities outside the EEA, provided that, under its national law, the receiving authority is subject to a confidentiality duty at least equivalent to that in the EU (Article 55). Where these requirements are not met, information may be disclosed only in summary or aggregate form, or in certain judicial or administrative proceedings where this does not concern third parties involved (Article 53(1)). In addition, the information shared may be used only for the supervisory tasks of the recipients. The onward sharing of information received from one authority has to be authorized beforehand. As mentioned under EC 2, participation in colleges with third-country authorities can only take place insofar as such authorities are subject to an equivalent confidentiality regime. In this respect, the ECB has declared that it complies with the EBA Recommendations identifying those third country authorities whose regime can be considered equivalent. On top of this, ensuring confidentiality of the information provided is of utmost importance when arranging bilateral cooperation between the ECB and the third country authorities through MoUs. In the case of third-country authorities not yet deemed by the EBA to have an equivalent confidentiality regime, where legally feasible the ECB negotiates specific clauses under which, except when disclosure is required under the law, the authority receiving information from the ECB can only share it with third parties with the ECB’s consent. To cater for the possibility that the MoUs allow for the exchange of specific information related to individuals, the data protection officer is kept informed and provides its view during negotiations. It also identifies the clauses that the negotiating parties need to accept for the MoU to be in line with EU data protection legislation.
EC4	The supervisor receiving confidential information from other supervisors uses the confidential information for bank-specific or system-wide supervisory purposes only. The supervisor does not disclose confidential information received to third parties without the permission of the supervisor providing the information and is able to deny any demand (other than a court order or mandate from a legislative body) for confidential information in its possession. In the event that the supervisor is legally compelled to disclose confidential information it has received from another supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, the supervisor uses all reasonable means to resist such a demand or protect the confidentiality of the information.
Description and findings re EC4	Confidential information received from another authority falls under the professional secrecy provisions described in EC 3. Under Article 54 of CRD IV, the supervisory authorities, including the ECB, receiving confidential information can use it only for the performance of their duties and only for certain designated purposes. Forward sharing of information is only permitted in selected circumstances (Articles 55–59); in particular, the information originating in another Member State can only be disclosed with the express agreement of the originating authority. By virtue of the primacy of EU law, these provisions take priority over incompatible national legislation providing for disclosure of confidential information beyond relevant EU law. This principle of primacy of EU law can be relied on in national and European courts.
EC5	Processes are in place for the supervisor to support resolution authorities (e.g., central banks and finance ministries as appropriate) to undertake recovery and resolution planning and actions.
Description and findings re EC5	Supervision and resolution are key building blocks of the Banking Union, and the EU crisis management framework creates a duty to cooperate between supervisory and resolution authorities. As outlined under CP 1, the primary partner of the ECB for cooperation in crisis management is the SRB, which will then involve relevant NRAs according to the SRB-NRA cooperation framework, if necessary. The interaction between the SSM and SRM is structured around three main pillars: the complementary institutional roles of the ECB and the SRB, mutual cooperation, and strong coordination. From a legal and operational standpoint, the nature of cooperation can be considered at different phases of supervisory and crisis management activities. Preparation and planning ECB banking supervision is responsible for requesting recovery plans from SIs and for their assessment, and it cooperates closely with the SRB in this assessment. The SRB’s particular focus is whether recovery plans pose any obstacles to resolution. The SRB is responsible for resolution planning, the determination of Minimum Requirements for Own Funds and Eligible Liabilities and the assessment of resolvability, and cooperates closely with ECB banking supervision in these areas. Early intervention ECB banking supervision plays the leading role in early intervention for SIs. Once it has determined that the preconditions for early intervention have been met in relation to an SI, the SRB has legally to be notified without delay. In practice, to foster timely cooperation, an SRB Board Member is invited to participate as observer in the ECB banking supervision meeting where the decision on early intervention may be taken. In addition, ECB banking supervision has to inform the SRB about any crisis prevention measures (e.g., the exercise of powers to direct removal of deficiencies or impediments to recoverability) or any specific requirements imposed on an institution (e.g., to increase own funds, apply a specific provisioning policy or limit business operations) pursuant to Article 104 of CRD IV, once the preconditions for early intervention have been met in relation to an SI. Determination that an institution is failing or likely to fail If ECB banking supervision determines, after consultation with the SRB, that an SI is failing or likely to fail, or if it receives such a determination from an institution itself, ECB banking supervision must first notify, inter alia, the SRB. In practice, to foster close cooperation and timely exchange of information, the SRB will be involved at an earlier stage, for instance by being invited to participate in the Institution-Specific Crisis Management Team meeting (see EC 7 of CP 8). The failing or likely to fail determination triggers the transfer of responsibilities for the institution to the SRB. Likewise, the SRB may make a determination that an institution is failing or likely to fail, but must first inform ECB banking supervision that it intends to make this determination, and allow the ECB three calendar days to make an assessment of the institution’s viability. Since its establishment, ECB banking supervision has made a failing or likely to fail determination in respect of three institutions. Conduct of resolution actions The SRB decides which resolution tools to use to resolve an institution, and ECB banking supervision gives support to the SRB, if needed. Furthermore, at a resolution stage, the BRRD envisages certain tasks that may need to be performed by the supervisory authority. The authority may have to adjust certain supervisory procedures; for example, if a sale of business tool or bail-in instrument is used, the assessment of the acquisition and/or a resulting qualifying holding has to be performed within the timelines imposed by the resolution authority. If a bridge institution is set up by the resolution authority, it may submit a request to the supervisory authority for a temporary exemption of the conditions for authorization. In such a case, ECB banking supervision would grant authorization and could become the competent authority for the bridge institution if it is classified as an SI. The resolution authority may submit a request to the ECB for a temporary exemption of the conditions for authorization of the bridge institution. The resolution authority will also request that the ECB publish on its website a copy of the resolution order or instrument or a summary note, and in particular the effects on retail customers and the terms and period of suspension or restriction on activities. Whenever ECB banking supervision acts either as a home or host supervisor of a bank subject to its direct supervision, it actively participates in resolution colleges and shares relevant information with all participating authorities, if possible. Memorandum of Understanding between the ECB and SRB Central to cooperation arrangements is the MoU between the ECB and SRB signed in December 2015. The MoU covers cooperation and the exchange of information between the two authorities with respect to all institutions directly supervised by the ECB as well as all cross-border LSIs under direct responsibility of the SRB as far as the so-called “common procedures” are concerned (see EC 1). The MoU includes arrangements for cooperation and information exchange in the different phases of supervisory and crisis management activities outlined above, and also contains provisions regarding communication, knowledge exchange, confidentiality, data protection, and cooperation with regard to non-participating Member States and third-country authorities. In the area of information exchange, ECB banking supervision shares all relevant supervisory information with the SRB, for example for the purpose of resolution planning. The SRB has access to relevant supervisory reporting data and recovery plans, which contain a significant amount of valuable information for the purpose of resolution planning. In addition, the ECB granted the SRB shared access to parts of its supervisory information platform in 2016 in order to support the SRB in the performance of its tasks and facilitate information exchange. Information sharing with the SRB is now automatic once an SI is assigned a certain SREP rating. To strengthen coordination, the ECB designates a representative entitled to participate, as a permanent observer, in the meetings of executive sessions and plenary sessions of the SRB. The ECB representative is entitled to participate in the debates and has access to all documents. In the same vein, the Chair of the SRB participates as an observer in the meetings of the Supervisory Board for items relating to the tasks and responsibilities of the SRB. In its Special Report 02/2018, The operational efficiency of the ECB’s crisis management for banks (January 2018), the ECA recommended that the ECB improve its information exchange with the SRB, noting in particular that there was no pre-specified package of information to be provided to the SRB in crisis situations. The ECB has accepted this recommendation. The level of information shared with the SRB was based on an initial assessment of needs at the time the MoU was finalized, and an early review of the effectiveness of information exchange in the light of experience was provided for in the MoU. That review is now underway and, according to the ECB, is expected to lead to an increase in the amount of information that is automatically shared with the SRB.
Assessment of Principle 3	Compliant
Comments	ECB banking supervision has an extensive and effective framework for cooperation and collaboration. Within the SSM, the framework is inherent in the various structures and elements of cooperation between ECB banking supervision and the Euro Area NCAs, with the Supervisory Board at the apex. Outside the SSM, ECB banking supervision has been seeking to build on the highly developed communication channels it inherited from the NCAs under “step in” arrangements. ECB banking supervision’s progress in finalizing MoUs in its own right with third country authorities, within and outside the EEA, has been slower than expected, due to complexities in negotiations arising from substantial differences between legal systems and national legal requirements). Similar complexities have been the main factor affecting the finalization of WCCAs for crisis management coordination in supervisory colleges in which the ECB is consolidating supervisor, although substantial progress in this area is now expected. The absence of formal arrangements has not, however, precluded effective working relationships with key authorities, with confidentiality of supervisory information covered in exchanges of letters where necessary. The trilateral meetings between ECB banking supervision and the PRA and the U.S. Federal Reserve Board are examples of constructive collaboration at the working level. The SSM’s preparations for Brexit from a banking supervision viewpoint have involved heightened interaction with other supervisory authorities. Through the Supervisory Board, SSM networks and bilateral meetings with Euro Area NCAs, ECB banking supervision has been exchanging information on Brexit plans of “incoming” banks, and to ensure consistent application of Brexit policy stances across the SSM for both SIs and LSIs. The ECB has also been in regular contact with other relevant third parties, such as the EBA, the PRA, and other third-country supervisors, in order to exchange information and promote alignment on operational issues. The effectiveness of cooperation arrangements between ECB banking supervision and the SRB have been “road tested” in three episodes of bank distress in 2017 where ECB banking supervision made a failing or likely to fail determination. This experience is vital input into the current review of the effectiveness of the MoU between the ECB and the SRB, which is expected to result in enhanced information sharing. ECB staff view these three episodes as confirming the effectiveness of cooperation arrangements with the SRB, although the assessors have noted (in CP 8) that there is room for improvement.
Principle 4	Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled.
Essential criteria
EC1	The term “bank” is clearly defined in laws or regulations.
Description and findings re EC1	At the European level, there is no definition of the term “bank.” Both the CRR and CRD IV use the term “credit institution,” which is defined as “an undertaking the business of which is to take deposits or other repayable funds from the public and to grant credits for its own account” (CRR Article 4(1)(1) and CRD IV Article 3(1)(1)). Therefore, the term “credit institution” is defined in terms of its range of permitted activities. This definition has been transposed into national laws.
EC2	The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined either by supervisors, or in laws or regulations.
Description and findings re EC2	The types of activities that a credit institution as defined in the CRR/CRD IV can carry out are not exhaustively determined at the EU level, although the activities must at least include taking deposits or other repayable funds from the public and granting credits for its own account. A credit institution license can only be granted—and is required—if the proposed activities in which the applicant will be engaged include these two essential elements, CRD IV Recital 14 stipulates that “this Directive should not affect the application of national laws which provide for special supplementary authorizations permitting credit institutions to carry out specific activities or undertake specific kinds of operations.” In addition, CRD IV Annex I provides a list of activities that can be performed by credit institutions authorized in one of the Member States without acquiring additional authorization from the host authorities (‘List of activities subject to mutual recognition’), although this does not restrict a Member State from allowing credit institutions to perform fewer or other activities in the jurisdiction. National laws define whether a credit institution is allowed to undertake activities other than the taking of deposits or other repayable funds from the public and the granting of credits for its own account. In Austria, for example, the banking activities that require authorization as a credit institution are broader than these two elements, and include building savings and loan business, investment fund business and real estate investment fund business; in Greece, credit institutions may be allowed to carry out financial or secondary activities additional to those listed in CRD IV Annex I. The ECB’s procedure for authorization of a credit institution applies to all activities that credit institutions are allowed to undertake, including activities subject to mutual recognition as well as other regulated activities that require authorization under national laws. This means that the authorization procedure also applies to situations where a credit institution that already has a banking license requires an extension of its authorization to undertake a new regulated activity. Furthermore, Article 104(1)(e) of CRD IV provides that competent authorities shall have the power to restrict or limit the business, operations, or network of institutions or to request the divestment of activities that pose excessive risks to the soundness of an institution. In this respect, the ECB can directly exercise this power with respect to SIs or, where such power was not conferred on the ECB, can require the NCA to make use of this power by way of instructions.
EC3	The use of the word “bank” and any derivations such as “banking” in a name, including domain names, is limited to licensed and supervised institutions in all circumstances where the general public might otherwise be misled.
Description and findings re EC3	There are no EU-level restrictions regarding the use of the word “bank” and any derivations. The ECB has no powers in relation to the restrictive and designated use of the word “bank” that are designed to ensure that the general public is not misled. Restrictions regarding the use of the term “bank” are imposed at the national level. Broadly speaking, the term “credit institution” is a protected designation, but in some Euro Area Member States the use of the term “bank” and any derivations by other enterprises may be permitted on a grandfathered basis (Germany) or if the activities of these enterprises precludes the impression that they conduct banking business (Germany, Greece). In the 2016 Detailed Assessment Report for Germany, assessors noted that they had access to several cases where the use of the term “bank” or similar by unlicensed institutions was investigated and sanctioned by the NCA, including for a domain name. Article 19 of CRD IV provides that “for the purposes of exercising their activities, credit institutions may, notwithstanding any provisions in the host Member State concerning the use of the words ‘bank,’ ‘savings bank,’ or other banking names, use throughout the territory of the Union the same name that they use in the Member State in which their head office is situated,” and “in the event of there being any danger of confusion, the host Member State may, for the purposes of clarification, require that the name be accompanied by certain explanatory particulars.”
EC4	The taking of deposits from the public is reserved for institutions that are licensed and subject to supervision as banks.47
Description and findings re EC4	Article 9 of CRD IV stipulates that “Member States shall prohibit persons or undertakings that are not credit institutions from carrying out the business of taking deposits or other repayable funds from the public” and “Such restriction shall not apply to the taking of deposits or other funds repayable by a Member State, or by a Member State’s regional or local authorities, by public international bodies of which one or more Member States are members, or to cases expressly covered by national or Union law, provided that those activities are subject to regulations and controls intended to protect depositors and investors.” The ECB itself has no powers to enforce the general prohibition on taking deposits or other repayable funds from the public by institutions that are not authorized as credit institutions. The prohibition has been transposed into national laws.
EC5	The supervisor or licensing authority publishes or otherwise makes available a current list of licensed banks, including branches of foreign banks, operating within its jurisdiction in a way that is easily accessible to the public.
Description and findings re EC5	Article 20(2) of CRD IV requires the EBA to publish on its website,48 and update regularly, a list of the names of all credit institutions that have been granted authorization, although the frequency of updating is not defined. This information is available under the Credit Institution Register on the EBA website, which contains names of (a) institutions set up in the Member States; (b) branches of institutions established in EEA countries that have the right to passport their activities; and (c) branches of other foreign banks. The Credit Institution Register is updated on a real-time basis with notifications of newly licensed institutions or withdrawal of authorization by competent authorities. The ECB publishes on its website (www.ecb.europa.eu) a list of the SIs it directly supervises as well as a list of the LSIs supervised by the NCAs. The ECB lists are updated regularly, based on decisions taken with regard to authorizations and the withdrawal or lapsing of authorizations, decisions amending the significance of supervised institutions, or relevant notifications received from the NCAs.
Assessment of Principle 4	Largely Compliant
Comments	European law as transposed into national laws covers the main elements of this Core Principle, with the necessary powers residing in most cases with NCAs. The ECB, for example, has not been conferred powers in relation to the restrictive and designated use of the word “bank,” nor to enforce the prohibition on the taking of deposits from the public by nonbanks; these matters are generally pursued at the national level. Previous BCP assessments have not identified any material deficiencies in Euro Area countries on this score. The Commission’s recent report on the SSM raised concerns about the growth of “banklike” activities in the EU. It noted structural market developments showing a trend for third-country groups to have increasingly complex structures in the EU, operating through entities that escape ECB supervision. A specific concern related to the largest investment firms that provide key wholesale market and investment banking services across the EU, which are bank-like in nature. These firms are subject to the CRR and CRD IV but are supervised at the national level; they are not authorized and supervised by the ECB as credit institutions. This opens the door to regulatory and supervisory arbitrage and creates an unlevel playing field in the application of the CRR and CRD IV. The Commission’s report suggested that current consultations on the Commission’s proposed amendments to the CRR/CRD IV framework for credit institutions might provide a good opportunity to address this concern. The Commission’s report also highlighted that the lack of ECB supervisory powers in relation to Euro Area branches of non-EU or EEA banks creates scope for regulatory and supervisory arbitrage. In its opinion of November 2017, the ECB noted that large and complex bank-like investment firms, particularly those with cross-border operations, can pose increased financial stability risks as well as an increased risk of spill-over effects on other banks. The ECB took the view that the consolidated and solo supervision of such bank-like investment firms in the EU warranted further consideration, to ensure prudent and consistent supervisory standards commensurate with the risks these firms can pose. One option it suggested would be to amend the CRR/CRD IV in order to ensure that large cross-border investment firms, which frequently carry out bank-like activities that are also carried out by banks, are authorized and supervised as credit institutions. However, for investment firms not in that category, the current differentiation of treatment reflected in national arrangements should be preserved.
Principle 5	Licensing criteria. The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of Board members and senior management)49 of the bank and its wider group, and its strategic and operating plan, internal controls, risk management, and projected financial condition (including capital base). Where the proposed owner or parent organization is a foreign bank, the prior consent of its home supervisor is obtained.
Essential criteria
EC1	The law identifies the authority responsible for granting and withdrawing a banking license. The licensing authority could be the banking supervisor or another competent authority. If the licensing authority and the supervisor are not the same, the supervisor has the right to have its views on each application considered, and its concerns addressed. In addition, the licensing authority provides the supervisor with any information that may be material to the supervision of the licensed bank. The supervisor imposes prudential conditions or limitations on the newly licensed bank, where appropriate.
Description and findings re EC1	Article 4(1)(a) of the SSMR establishes the ECB as the exclusive competent authority for the authorization of credit institutions (as defined in the CRR/CRD IV) in Euro Area Member States, whether the institutions are SIs for whom the ECB is also the supervisory authority, or LSIs directly supervised by the NCAs. The ECB is also the exclusive competent authority for the withdrawal of such authorizations. Authorization and withdrawal of authorization are two of the three tasks (referred to as “common procedures”) conferred on the ECB with regard to all Euro Area credit institutions (SIs and LSIs); assessment of acquisitions of qualifying holdings is the third (see CP 6). Nonetheless, the NCAs are fully integrated in the authorization process and authorization decisions are taken on the basis of applicable national law. NCAs represent the entry point for applications for authorizations and maintain contacts with the applicants; analysis of all applications takes place initially at the NCAs; and only viable applications are forwarded to the ECB. If the applicant complies with all conditions of authorization, the NCA prepares a draft decision for the Governing Council, which is deemed to be adopted unless the Governing Council objects to it within ten working days (extendable once in justified cases). In the case of LSIs, where the licensing authority and primary supervisor are separate agencies, this authorization mechanism ensures that the right of the supervisor to have its views and/or concerns about an application is addressed. Withdrawals of authorizations can be taken at the initiative of the NCAs or the ECB itself. In the latter case, the ECB must consult with the NCA concerned, at least 25 working days before the date on which it plans to make the decision: in urgent cases, the timeframe can be reduced to five working days. Resolution authorities may object to the ECB’s intention to withdraw an authorization of an institution entering resolution if they consider that this would affect resolution or financial stability. The ECB has not, to date, taken the initiative to withdraw an authorization. Article 6(2) of the SSMR underlines that the ECB and NCAs are subject to a duty of cooperation in good faith, and an obligation to exchange information. Accordingly, the ECB and the relevant NCA share all relevant findings during the assessment of an application for an authorization, and the content of the draft decision reflects this active coordination and exchange of information. Any information that the ECB has in its capacity as licensing authority that may be material to the NCA in its capacity as supervisory authority, is shared with the latter.
EC2	Laws or regulations give the licensing authority the power to set criteria for licensing banks. If the criteria are not fulfilled or if the information provided is inadequate, the licensing authority has the power to reject an application. If the licensing authority or-supervisor determines that the license was based on false information, the license can be revoked.
Description and findings re EC2	Minimum conditions for authorization of a credit institution are set out in Articles 10 to 14 of CRD IV. These cover the institution’s program of operations, structural organization, initial capital, fit-and-proper requirements for management and shareholders, absence of “close links” that may prevent effective supervision, and the “co-location” of the head office and the registered office or jurisdiction where business is actually carried out. Detailed requirements giving effect to these criteria are set out in national laws implementing CRD IV. Member States have the power to specify additional criteria, provided that they are not assessing the economic need for the bank to exist, which is prohibited under Article 11 of CRD IV. For example, credit institutions established in Ireland must comply with the Corporate Governance Code for Credit Institutions and Insurance Undertakings adopted by the Central Bank of Ireland. As the final decision on an authorization is based on the NCA’s draft proposal, in practice the ECB applies any additional licensing criteria included in the national laws of the participating Member States. The power to reject an application is implied by Articles 11 to 15 of CRD IV, which state that the NCA will only grant authorization if criteria are complied with; information on a rejection needs to be communicated to applicants within 12 months. An application for authorization may be rejected by the NCA and by the ECB. However, the ECB may only object to the NCA draft proposal to grant an authorization—and thus reject the authorization—where the conditions for authorization set out in relevant EU law are not met. Germany is one Member State in which the criteria for rejecting an application, which distinguish between mandatory and discretionary reasons for refusal, are explicit in national law. The information requirements necessary for authorization are covered by Articles 8, 10, and 14 of CRD IV. Both the NCA and the ECB have the right to ask an applicant to provide all relevant information in order to assess whether the applicant meets the requirements for authorization. In July 2017, the EBA released the RTS specifying the information to be provided to NCAs in applications for authorization as a credit institution, detailing requirements applicable to shareholders and members with qualifying holdings, and addressing obstacles to the effective exercise of supervisory functions. The power to revoke an authorization found to have been granted on the basis of false information or other irregular means is set out in Article 18(b) of CRD IV. If the ECB becomes aware of such, it may withdraw the license. The same applies for the NCA, in accordance with the relevant national law. In September 2017, the ECB released for public consultation a guide to the assessment of license applications from fintech credit institutions. For the purposes of the guide, a fintech credit institution is defined as having “a business model in which the production and delivery of banking products and services are based on technology-enabled innovation.” A fintech entity that meets the legal definition of a credit institution in terms of CRR/CRD IV (i.e., whose activities include taking deposits or other repayable funds from the public and granting credits for its own account) must seek authorization as a credit institution and will be subject to the same authorization requirements and assessment procedures as other credit institutions. The purpose of the guide is to enhance transparency for potential fintech bank applicants and increase their understanding of the ECB’s procedures and criteria for assessing license applications.
EC3	The criteria for issuing licenses are consistent with those applied in ongoing supervision.
Description and findings re EC3	Although not explicitly stated in EU law, the criteria for authorization are generally consistent with those applied in ongoing supervision. Pursuant to Article 18 of CRD IV, one of the possible reasons for withdrawing an authorization is that the credit institution “no longer fulfils the conditions under which authorization was granted.” As a result, all conditions for obtaining a license—including the conditions specified by national law— need to be fulfilled on an ongoing basis by the licensed bank (except for the demand for a program of operations). In certain cases (Spain), national law specifies other possible reasons for withdrawing an authorization, but these are closely linked to conditions with which credit institutions need to comply on an ongoing basis. The ECB may withdraw an authorization in the cases set out in relevant EU law on its own initiative, following consultations with the NCA, or on a proposal from the NCA.
EC4	The licensing authority determines that the proposed legal, managerial, operational, and ownership structures of the bank and its wider group will not hinder effective supervision on both a solo and a consolidated basis.50 The licensing authority also determines, where appropriate, that these structures will not hinder effective implementation of corrective measures in the future.
Description and findings re EC4	Under CRD IV, the conditions for granting authorization include the fitness and propriety of the management of the institution, and the existence of a direct link between the Member States where the institution is incorporated and where it is supervised. Authorization will be refused: if the licensing authority is not satisfied as to the suitability of the shareholders or members; where any close links between the credit institution and other natural or legal persons prevent the effective exercise of supervisory functions;51 and where the laws, regulations, or administrative provisions of a third country governing one or more natural or legal persons with which the credit institution has close links, or difficulties involved in the enforcement of those laws, regulations, or administrative provisions, prevent the effective exercise of supervisory functions. These conditions have been broadly transposed to national laws implementing CRD IV. In Italy, however, transposition is awaiting implementation and fit-and-proper assessments are bound by the current legal framework, which is not consistent with CRD IV. In this case, ECB banking supervision has been working with the NCA to overcome assessment gaps and to ensure the suitability of board members through supervisory dialogue with relevant banks. Developing a complete understanding of the proposed legal, managerial, operational, and ownership structures of the bank, both on solo and consolidated basis, is an essential component of the licensing process at the ECB and generally also at the NCAs. If impediments exist or arise, the supervisor may take appropriate remedial measures, including withdrawal of the license. The EBA’s recent RTS on information to be provided in authorization application addresses the identification of obstacles that could prevent the effective exercise of supervisory functions, including the nature of close links between the credit institution and other natural or legal persons, such as politically exposed persons, and the nature of interactions with third country authorities, if any, supervising these persons. To this point, concerns about these types of close links have not provided the basis for rejection of an application for authorization of a credit institution, but have been the basis for rejecting applications for acquisition of qualifying holdings (see CP 6).
EC5	The licensing authority identifies and determines the suitability of the bank’s major shareholders, including the ultimate beneficial owners, and others that may exert significant influence. It also assesses the transparency of the ownership structure, the sources of initial capital and the ability of shareholders to provide additional financial support, where needed.
Description and findings re EC5	Article 14 of CRD IV addresses the suitability of a bank’s major shareholders, including those that can exercise significant influence. The suitability requirements include reputation, knowledge, skills and experience, and financial soundness. As part of the NCA assessment process—and accordingly applied by the ECB as well— applicants are required to identify prospective shareholders, whether direct or indirect, natural or legal persons, that have a qualifying holding and the amounts of that holding or, where there are no qualifying holdings, the 20 largest shareholders. A background check is conducted both on the suitability and the financial soundness of these shareholders, including a check on the existence of reasonable grounds to suspect that there is a risk related to money laundering or terrorist financing. This check therefore identifies the sources of initial capital and ensures transparency of ownership. The EBA’s recent RTS on information to be provided in authorization applications requires the applicant to provide an explanation of the available funding sources for capital and, where available, evidence of the availability of those funding sources. This includes a summary of the use of private financial resources (including their availability and source). As a matter of supervisory practice, the NCAs and the ECB assess whether the financial soundness of shareholders is sufficient to ensure the sound and prudent operation of the credit institution for the first three years of business, taking into account the capital expected to be readily available once the credit institution commences its activities and the private financial resources of shareholders.
EC6	A minimum initial capital amount is stipulated for all banks.
Description and findings re EC6	Article 12 of CRD IV specifies a minimum initial capital amount for an authorized credit institution of EUR 5 million. The initial capital, which must be held in the form of common equity tier 1, is a floor below which an institution may not fall. In a small number of cases (mainly arising out of grandfathering arrangements), the minimum capital is EUR 1 million, but a ratchet applies. That is, any increase in common equity tier 1 becomes the new floor until the institution’s capital exceeds EUR 5 million. On top of the required minimum initial capital, NCAs generally require a level of own funds that is commensurate with the expected business plan of the applicant institution; this level is accordingly applied by the ECB. For example, a minimum initial capital requirement of EUR 8.7 million applies in Luxembourg, EUR 18 million in Spain and Greece (although in the case of Greece, the Bank of Greece can reduce that threshold to EUR 5 million), and EUR 20 million in Slovakia (EUR 30 million for mortgage banks). Under its “policy stance” on authorizations, ECB banking supervision generally requires new credit institutions to have sufficient initial capital to cover the minimum requirement set out in CRD IV, plus losses over the first three years of operation projected on the basis of a severe but plausible adverse scenario in the business plan. Where new credit institutions are subject to higher minimum initial requirements under national legislation, the “add on” may be limited to one year’s losses.
EC7	The licensing authority, at authorization, evaluates the bank’s proposed Board members and senior management as to expertise and integrity (fit-and-proper test), and any potential for conflicts of interest. The fit-and-proper criteria include: (i) skills and experience in relevant financial operations commensurate with the intended activities of the bank; and (ii) no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold important positions in a bank.52 The licensing authority determines whether the bank’s Board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks.
Description and findings re EC7	Under Article 13 of CRD IV, authorization of a credit institution can be granted only where at least two persons effectively direct the business of the institution. That is, there must be a clear distinction in the governance structure between risk-taking activities and risk management. Article 91 of the CRD IV establishes fit-and-proper requirements for the members of a credit institution’s “management body,” that is, the body empowered to set the institution’s strategy, objectives, and overall direction, and which oversees and monitors management decision-making. Authorization will be refused if the members of the management body do not meet the requirements that at all times they be, inter alia, of sufficiently good repute and possess sufficient knowledge, skills and experience to perform their duties. Member States must ensure that the management body defines, oversees and is accountable for the implementation of the governance arrangements that ensure effective and prudent management of an institution, including the segregation of duties in the organization and prevention of conflicts of interest. A key principle is that the management body must have the overall responsibility for the institution and approve and oversee the implementation of the institution’s strategic objectives, risk strategy, and internal governance. The EBA/ESMA has issued joint Guidelines on the assessment of the suitability of members of the management body and key function holders, which will apply from June 30, 2018. Record of criminal activities and adverse regulatory judgments are mentioned in Guideline 8 regarding reputation, honesty, and integrity, while Guideline 6 addresses knowledge, skills, and experience. The new Joint Guidelines include discussion of the assessment of the collective suitability of the management body. As part of the authorization process, the NCAs and the ECB carefully evaluate proposed directors with respect to fitness and propriety. The applicant must demonstrate that each prospective member of the management body has sufficient competence, experience, and ability to direct the policies of the bank in a safe and sound manner, taking into account the circumstances and plans of the organization. The ECB has responsibility for taking decisions on the appointment of all members of the management bodies of SIs that fall under its direct supervision, and of LSIs in the case of licensing or qualifying holdings. To promote harmonization of supervisory practices and convergence in fit-and-proper assessments in the Euro Area, the ECB issued a Guide to fit-and-proper assessments in May 2017. This serves as a guide for the suitability assessment of board members conducted by the NCAs and the ECB and covers all assessment criteria: (1) reputation, (2) time commitment, (3) experience, (4) independence of mind/conflicts of interest, and (5) collective suitability of the management body. The Guide also covers the criteria for conditional approvals and interviews with candidates; in addition, an SSM methodology for fit-and-proper interviews has been approved by the Supervisory Board. In its opinion of November 2017, the ECB recommended that EU law be amended to further harmonize the processes for fit-and-proper assessments.
EC8	The licensing authority reviews the proposed strategic and operating plans of the bank. This includes determining that an appropriate system of corporate governance, risk management, and internal controls, including those related to the detection and prevention of criminal activities, as well as the oversight of proposed outsourced functions, will be in place. The operational structure is required to reflect the scope and degree of sophistication of the proposed activities of the bank.53
Description and findings re EC8	Applications for authorization must be accompanied by a program of operations setting out the types of business envisaged and the structural organization of the credit institution. The content of such a program is specified in Article 6 of the EBA’s July 2017 RTS on information to be provided in authorization applications. The program must cover the first three years of operations, on a base case and stress scenario basis, and include information on the geographical distribution of activities, the viability of the business model, the organizational structure and the internal control framework; the latter must include the budgetary and human resources devoted to the compliance, risk management, and internal audit functions.
EC9	The licensing authority reviews pro forma financial statements and projections of the proposed bank. This includes an assessment of the adequacy of the financial strength to support the proposed strategic plan as well as financial information on the principal shareholders of the bank.
Description and findings re EC9	Applications for authorization must be accompanied by a range of information on the financial situation of the institution. This information, set out in Article 5 of the July 2017 RTS, must inter alia include: forecasts on a base case and stress scenario of balance sheets; profit and loss accounts and cash flow statements for the first three complete business years; planning assumptions for these forecasts; forecast calculations of own funds requirements; funding profile and diversification; internal liquidity adequacy assessment; and an outline of any indebtedness incurred or expected to be incurred prior to commencement of its activities as a credit institution. Information to be provided on the suitability of the principal shareholders of the applicant institution is specified in Article 11 of the RTS. This information includes the reputation and the financial soundness of these shareholders, particularly in relation to the type of business expected to be undertaken by the institution.
EC10	In the case of foreign banks establishing a branch or subsidiary, before issuing a license, the host supervisor establishes that no objection (or a statement of no objection) from the home supervisor has been received. For cross-border banking operations in its country, the host supervisor determines whether the home supervisor practices global consolidated supervision.
Description and findings re EC10	Under Article 17 of CRD IV, no authorization is required for branches of credit institutions established in another Member State. The credit institution must notify the home supervisor, and the home supervisor may oppose the passporting if it has reason to doubt the adequacy of the administrative structure or the financial situation of the credit institution, taking into account the activities envisaged (Article 35.3 of CRD IV). If it does not so oppose, it will communicate that information to the NCA in the host Member State within three months and inform the credit institution accordingly. In the case of subsidiaries of authorized credit institutions established in another Member State, Article 16 of CRD IV requires the host authority to consult the home supervisor before granting any authorization. Authorization will not be granted if the laws, regulations, or administrative provisions of a third country governing one or more natural or legal persons with which the credit institution has close links, or difficulties involved in the enforcement of those laws, regulations or administrative provisions, prevent the effective exercise of supervisory functions. In respect of authorizing a subsidiary or branch of a credit institution that is authorized in a third country (non-EU or EEA) and subject to consolidated supervision, Articles 47 and 48 of CRD IV state that, on the basis of an agreement concluded between the Union and the respective third country, NCAs are allowed to cooperate with that country regarding the means of exercising supervision on a consolidated basis. Currently, Euro Area branches of non-EU or EEA banks, unlike their subsidiaries, are neither subject to CRD IV/CRR (and related EBA RTS/ITS and guidelines), nor to consolidated supervision at the EU level. They are regulated by national laws and regulations and supervised directly by local NCAs; they are not authorized or supervised by the ECB. Such branches may not be subject to more preferential treatment than would or does apply to an EU Member State branch. As at end-March 2017, there were 77 third-country branches in the Euro Area, belonging to 54 third-country banking groups; 17 of these groups were operating via branches in more than one Euro Area country. This number could increase once the exit of the United Kingdom from the EU becomes effective.
EC11	The licensing authority or supervisor has policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the license approval are being met.
Description and findings re EC11	Once a new credit institution is authorized, its ongoing supervision if it is an SI is conducted in terms of the SEP set up by the relevant JST (see CP 9). The SEP determines the minimum set of activities that JSTs are required to perform, as well as any additional activities needed to address the particular characteristics of the institution. In principle, these characteristics would be expected to include the newness of the institution, but there are no specific requirements in the SSM Supervisory Manual on this point. If there are conditions attaching to the authorization of the credit institution, monitoring in the case of SIs is entrusted to the relevant JST and is carried out as part of ongoing supervision; if the conditions are based on national law, monitoring is entrusted to the relevant NCA in coordination with the JST.
Assessment of Principle 5	Largely Compliant
Comments	Within the SSM, the ECB has become the licensing authority for new credit institutions, and EU law establishes clear criteria for granting or withdrawing authorizations. However, ECB decisions are taken on the basis of applicable national laws and NCAs are fully involved in the authorization process. This process has been supported by publication, over the past year, of various EBA, EBA/ESMA and ECB guidance on different aspects of the authorization process, including for potential fintech bank applications, and by detailed procedures set out in the SSM Supervisory Manual. Taken together, the legal framework and complementary material provide a comprehensive basis for supervisory assessments of applications for authorization. Since the establishment of the SSM, the ECB has granted 49 authorizations of credit institutions and withdrawn 108 authorizations. The assessors saw evidence of the thoroughness of the authorization process, including supporting documentation for draft decisions prepared by different NCAs. The Commission’s recent report on the SSM acknowledged that the common procedures for authorizations represented a challenging task for the ECB, given inter alia the complexity of assessing proposals prepared by NCAs based on the different national legal frameworks. The report concluded that “… the ECB and NCAs have done a remarkable job and managed to create tools and procedures that help the ECB deliver on its tasks within the applicable constraining timeframe.” The ECB does not have authority to authorize and supervise Euro Area branches of non-EU or EEA banks. These branches are not subject to CRD IV/CRR (and related EBA RTS/ITS and guidelines), nor to consolidated supervision at the EU level; they are regulated by national laws and regulations and supervised directly by local NCAs. These arrangements create regulatory and supervisory arbitrage opportunities for non-EU banks, which can, inter alia, establish a presence in the Euro Area through branches and avoid ECB supervision. The Commission’s recent report on the SSM drew attention to these arbitrage risks. As part of its review of CRR/CRD IV, the Commission has proposed that third country banking groups with two or more institutions established in the EU be required to establish intermediate EU parent undertakings, thus allowing consolidated supervision and the application of prudential requirements on a consolidated basis. The ECB has welcomed this proposal, but has argued in its opinion of November 2017 that, in order to avoid regulatory arbitrage, the requirement should apply to third country credit institutions and branches and that, once an intermediate EU parent undertaking is established, existing branches of the same third country banking group exceeding a certain threshold should be re-established as branches of a credit institution authorized by the ECB.
Principle 6	Transfer of significant ownership. The supervisor54 has the power to review, reject, and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties.
Essential criteria
EC1	Laws or regulations contain clear definitions of “significant ownership” and “controlling interest.”
Description and findings re EC1	Under the CRR, a “qualifying holding” is defined as a direct or indirect holding in an undertaking which (i) represents 10 percent or more of the capital or of the voting rights; or (ii) makes it possible to exercise a significant influence over the management of that undertaking. A qualifying holding includes a controlling interest. “Control” is defined as the relationship between a parent undertaking and a subsidiary, or the accounting standards to which an institution is subject, or a similar relationship between any natural or legal person and an undertaking. Member States cannot impose more stringent requirements for notification to, or approval by, the competent authorities of direct or indirect acquisitions of voting rights or capital. According to the December 2016 EBA/ESMA/EIOPA’s Joint Guidelines on the prudential assessment of acquisitions and increases of qualifying holdings in the financial sector, which became effective from October 2017, the supervisor of the target undertaking (target supervisor) should take a number of factors into account in assessing whether significant influence may be exercised, including: the existence of material and regular transactions between the proposed acquirer and the target undertaking; the ownership structure of the target undertaking; and the proposed acquirer’s ability to participate in the operating and financial strategy of the target undertaking. The Joint Guidelines also sets out the relevant tests for assessing if a qualifying holding is acquired indirectly and the size of such holding when: (a) a natural or legal person acquires or increases a direct or indirect participation in an existing holder of a qualifying holding; or (b) a natural or legal person has a direct or indirect holding in a person which acquires or increases a direct participation in a target undertaking.
EC2	There are requirements to obtain supervisory approval or provide immediate notification of proposed changes that would result in a change in ownership, including beneficial ownership, or the exercise of voting rights over a particular threshold or change in controlling interest.
Description and findings re EC2	Articles 22 and 25 of CRD IV deal with acquisitions, increases, and divestitures of qualifying holdings. The proposed acquirer(s) has(ve) to indicate to the competent authority the size of the intended holdings and provide relevant information, as specified in Article 23(4) of CRD IV. These requirements have been transposed into national legislation. Legal and natural persons wishing to acquire, directly or indirectly, a qualifying holding in a credit institution or to further increase, directly or indirectly, such a qualifying holding as a result of which the proportion of the voting rights or of the capital held would reach or exceed 20 percent, 30 percent, or 50 percent or so that the credit institution would become its subsidiary (the “proposed acquisition”), need to notify the target NCA in advance, and the NCA may decide to oppose the acquisition. If a holding is acquired despite opposition by the competent authorities, Member States must provide either for the exercise of the corresponding voting rights to be suspended, or for the annulment of votes cast or for the possibility of their annulment. The ECB is the competent authority for both SIs and LSIs for approval of acquisitions or disposals of qualifying holdings in a credit institution (though not in the case of a bank in resolution). As with the other “common procedures,” the NCAs are fully integrated in the approval process. The assessment of the application is carried out by the target NCA on the basis of national law. Throughout the assessment, the NCA coordinates with and informs ECB banking supervision about progress; it also collects the views/objections of other NCAs involved in the supervision of the applicant (if it is a credit institution or other regulated financial undertaking). National laws set out their own due process requirements, in particular with regard to information required by the NCA, and to the corporate holding structures that need to be notified if they are considered to be a direct or indirect acquirer of a qualifying holding. These process requirements need to be taken into consideration, provided that they do not contradict EU law. The NCA forwards a proposal to the ECB, which may include conditions to be fulfilled by the applicant. Strict timelines apply to the approval process. The ECB has adopted internal rules for proposed acquisitions of qualifying holdings that set out the recommended approach on how to impose binding conditions or obligations, as well as non-binding recommendations. These rules also clarify when such provisions may be used, their impact on the timeline and the cases in which the right to be heard should be granted. The main task of ECB banking supervision is to ensure that NCAs follow common procedures regarding qualifying holdings as laid down in the SSMFR and the SSM Supervisory Manual, and that the application complies with the requirements set out in EU law. According to the EBA/ESMA/EIOPA’s 2016 Joint Guidelines, target supervisors should take the following non-exhaustive list of elements into account in order to assess whether a decision to acquire has been made: (a) whether the proposed acquirer was aware or, considering information to which it could have had access, should have been aware of the acquisition/increase of a qualifying holding and the transaction giving rise to it; and (b) whether the proposed acquirer had the ability to influence, to object to or to prevent the proposed acquisition or increase of a qualifying holding. Should shareholders cross a threshold involuntarily, they must notify the competent authorities immediately upon becoming aware of such an event, even if they intend to reduce their level of shareholding to below the threshold level.
EC3	The supervisor has the power to reject any proposal for a change in significant ownership, including beneficial ownership, or controlling interest, or prevent the exercise of voting rights in respect of such investments to ensure that any change in significant ownership meets criteria comparable to those used for licensing banks. If the supervisor determines that the change in significant ownership was based on false information, the supervisor has the power to reject, modify or reverse the change in significant ownership.
Description and findings re EC3	Article 23(2) of CRD IV sets out the conditions under which an application may be rejected, namely if there are reasonable grounds for doing so on the basis of five criteria set out in Article 23(1) or if the information provided by the proposed acquirer is incomplete. The five criteria are (i) reputation of the proposed acquirer; (ii) the reputation, knowledge, skills and experience of the proposed new managers of the target institution; (iii) the financial soundness of the acquirer; (iv) the prudential Impact on the target; and (v) whether there is any suspicion of money laundering or terrorist financing activities. Member States cannot reject the application based on economic needs of the market (Article 23(3)). The EBA/ESMA/EIOPA’s 2016 Joint Guidelines outline supervisory practices for assessing an applicant against these five criteria. ECB banking supervision applies more stringent assessment processes for acquirers with a high level of complexity (i.e., private equity funds, hedge funds, sovereign funds, large nonbanking groups, acquirers from third countries). In such cases, the assessment seeks to ensure that the credit institution will not be put under stress because part of the acquisition was financed by debt that needs to be repaid by the institution. Where applicable, ECB banking supervision seeks to prevent the proposed acquirer from financing the acquisition through any immediate asset or capital outflow from the targeted credit institution. Depending on the circumstances, specific acquirers may need to provide commitments relating to the minimum holding period of the participation and the absence of dividend distribution during a reasonable period following the acquisition, and/or the provision of additional funding on demand. Detailed analysis of the specific acquirer’s corporate governance is also required. Where relevant, the acquirer could be required for supervisory purposes (subject to the principle of proportionality) to simplify the holding chain by limiting the number of intermediary levels, their localization, and the sharing of economic and legal rights. Where applicable, a sufficient number of members of the supervisory board of the target credit institution (ideally 50 percent) should be independent from the specific acquirer. As noted in EC 2, the ECB has also developed internal rules and supervisory practices to be used as a reference in the prudential assessment of acquisitions of qualifying holdings in credit institutions. Some of these are related to the procedural rules prescribed under Articles 22(2) to 22(6) of CRD IV. Article 26(2) of CRD IV deals with the measures a Member State may take in cases where the applicant for a change in qualifying holdings has failed to provide the required notification or a qualifying holding has been acquired despite the opposition of the supervisor (see EC 5 below). However, there are no specific measures relating to the provision of false information. The response in such a case will depend on national legislation, and may require the suspension of voting rights and subsequent disposal of the qualifying holding on the basis of the lack of integrity of the shareholder.
EC4	The supervisor obtains from banks, through periodic reporting or onsite examinations, the names and holdings of all significant shareholders or those that exert controlling influence, including the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership.
Description and findings re EC4	Pursuant to Article 26(1) of CRD IV, credit institutions whose shares are listed on a regulated market are required to inform the competent authorities, at least annually, of the names of holders of qualifying holdings and of the size of such holdings. Administrative penalties and other administrative measures apply for breaches of this requirement. Credit institutions are also required to inform these authorities upon becoming aware of acquisitions or disposals of holdings in their capital that cause the holdings to exceed or fall below a relevant threshold. Not all details will necessarily be covered, however. For instance, depending on the applicable national law, identification of the ultimate beneficial owners is not always required. According to AML Directive (Directive (EU) 2015/849), there is an obligation for all companies in the EU to “obtain and hold adequate, accurate, and current information on their beneficial ownership, including the details of the beneficial interests held.” In the assessment of applications, and in the case of credit institutions whose shares are listed on a regulated market, all beneficial owners, limited partners, and all intermediaries within the holding chain must disclose their identity, i.e., their names and stakes. Participants holding participations above five percent in the (acquiring) funds would be asked to provide detailed information (CVs, criminal records, assessments from other authorities). For non-listed credit institutions, an assessment is needed of natural persons and (managers of) legal persons holding indirect participation of more than 10 percent, or a lower percentage if that allows them to exercise significant influence in the target.
EC5	The supervisor has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisor.
Description and findings re EC5	Article 26(2) of CRD IV deals with the measures a Member State may take in cases where the applicant for a change in qualifying holdings has failed to provide the required notification or a qualifying holding has been acquired despite the opposition of the supervisor. In the first case, the measures may include injunctions, penalties against members of the management body and managers, or the suspension of the exercise of the voting rights attached to the shares held by the shareholders or members of the credit institution in question. In the second case, Member States may provide either for exercise of the corresponding voting rights to be suspended, or for the annulment of votes cast or for the possibility of their annulment. These measures have been broadly transposed into national law. Article 66 (1) of CRD IV stipulates that Member States shall ensure that their laws, regulations and administrative provisions provide for administrative penalties and other administrative measures at least in respect of, inter alia, the acquisition, directly or indirectly, of a qualifying holding in a credit institution or a further increase, directly or indirectly, of such a qualifying holding as a result of which the proportion of the voting rights or of the capital held would reach or exceed the thresholds referred to in EC 2 above or so that the credit institution would become its subsidiary, without notifying in writing the supervisor of that institution during the assessment period, or against the opposition of the competent authorities, in breach of Article 22(1) of CRD IV. The sanctions for such a breach include possible pecuniary penalties; order to cease the conduct and desist; and suspension of voting rights. There are no specific requirements relating to the modification or reversal of a change of control that took place without proper authorization.
EC6	Laws or regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest.
Description and findings re EC6	There are no specific requirements in the CRR or CRD IV for credit institutions to notify the supervisor as soon as they become aware of any material information that may negatively affect the suitability of a major shareholder or a party that has a controlling interest. The application of a notification requirement in national laws is not consistent. In Latvia, the obligation on banks to notify the supervisor about material information is explicit in national law, while in the Netherlands, the obligation to notify the supervisor about any change in the reputation of a major shareholder applies to the major shareholder itself. In Spain, banks must ensure the suitability of qualifying shareholders at all times, and compliance with this requirement is monitored as part of ongoing supervision. In Germany and Austria, there are no explicit legal requirements on banks dealing with material information about the suitability of major shareholders, but there are obligations on bank auditors to report to the supervisor any observations which may be of supervisory relevance, including facts concerning qualifying shareholders. In other Member States, the notification requirement is more general. For example, in Greece any change in the data and information submitted for obtaining authorization of a bank that occurs during its operation has to be notified to the supervisor.
Assessment of principle 6	Largely Compliant
Comments	EU law, as transposed into national laws, establishes a clear basis for approving acquisitions or disposals of qualifying holdings in a credit institution by the ECB, the competent authority in this area. As with the other “common procedures,” the NCAs are fully integrated in the approval process and conduct assessments of applications on the basis of national laws, which have various due process requirements. The approval process is supported by the EBA/ESMA/EIOPA 2016 Joint Guidelines, ECB internal rules and detailed procedures set out in the SSM Supervisory Manual. The assessors saw evidence of the approval process, involving complex proposals and preparation of draft decisions by different NCAs. The conclusions in the Commission’s recent report on the SSM that the ECB and NCAs had done a “remarkable job” in implementing the common procedures for authorizations also applied to assessment of the acquisition of qualifying holdings. The legal framework does not, however, address all the Essential Criteria in this Core Principle. In particular, there are no specific EU requirements for credit institutions to notify the supervisor as soon as they become aware of any material information that may negatively affect the suitability of a major shareholder or a party that has a controlling interest, while notification requirements in national law are not consistent. Unless the supervisory relationship with individual SIs encourages a “no surprises” approach, information about a deterioration in the suitability of a major shareholder may take time to surface. In addition, there is no consistent requirement for periodic reporting by credit institutions of the ultimate beneficial owners of qualifying holdings, nor are there specific requirements for administrative penalties in respect of the modification or reversal of a change of control that took place without proper authorization.
Principle 7	Major acquisitions. The supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision.
Essential criteria
EC1	Laws or regulations clearly define: (a)what types and amounts (absolute and/or in relation to a bank’s capital) of acquisitions and investments need prior supervisory approval; and (b)cases for which notification after the acquisition or investment is sufficient. Such cases are primarily activities closely related to banking and where the investment is small relative to the bank’s capital.
Description and findings re EC1	Acquisitions in undertakings outside the financial sector Acquisitions by a credit institution in an undertaking outside the financial sector, or in an undertaking that does not carry on activities considered as a direct extension of banking, ancillary to banking, or in leasing, factoring, the management of unit trusts, the management of data processing services or any other similar activity, are subject to Articles 89 to 91 of the CRR, both in respect of type and amount of the acquisition. Neither supervisory approval nor pre-notification under these rules is required under the CRR, if the amount of the significant ownership in the nominal capital of the undertaking does not exceed 15 percent of the eligible capital of the credit institution, or the total amount of such significant ownerships held by the institution does not exceed 60 percent of the eligible capital (Tier 1 plus Tier 2 limited to 1/3 of Tier 1) of the institution. For any acquisition above the 15 percent threshold, or where the sum of such acquisitions exceeds 60 percent of eligible capital, credit institutions must apply a risk weight of 1,250 percent to the amounts in excess of these thresholds, or deduct those amounts from Common Equity Tier 1. Some national laws have notification or approval requirements for these types of acquisitions. In Ireland, certain prior approval requirements (for major acquisitions) and prior notification requirements (for other acquisitions) have been applied by the supervisor by means of a license condition. Where jurisdictions have notification/approval requirements, they are aimed mainly at safeguarding the sound and prudent management of the acquiring credit institution, and assessments address the impact of the acquisition on the capital and liquidity situation of that institution. Acquisitions in an EU financial sector entity The acquisition by a credit institution of a qualifying holding in another EU credit institution (or other EU financial regulated entity such as an investment firm, insurance company, etc.) is covered in Articles 22–27 of CRD IV. In contrast to acquisitions in undertakings outside the financial sector, these Articles grant power to the supervisor of the target institution and aim primarily at safeguarding the sound and prudent management of the target undertaking. Hence, approval and notification requirements are determined by reference to the size of voting rights/capital of the target undertaking and the assessment is made from the perspective of that undertaking. These requirements in the case of credit institutions are described in CP 6. Acquisitions of a non-EU bank Such acquisitions are not covered by the CRR or CRD IV. Article 22 of CRD IV only regulates the acquisition of qualifying holdings in a credit institution established in the EU but does not include explicit provisions on the acquisition of holdings in non-credit institutions or in credit institutions outside the EU. A small majority of Euro Area Member States provide for powers regarding the approval of acquisitions by credit institutions of holdings in a non-credit institution or a credit institution outside the EU. Such powers exist, for example, in Belgium, Finland, Italy, Netherlands, Portugal, and Spain, but are absent in a number of other Member States. The Supervisory Board has clarified that, as from January 1, 2017, supervisory powers related to the acquisition of holdings in a non-credit institution or a credit institution (also outside the EU) are to be directly exercised by the ECB for SIs, with the main purpose being to ensure the sound and prudent management of the acquiring credit institution. Use of these powers, in accordance with the SSMR, CRD IV, and the national laws of some Member States, is intended to ensure compliance with prudential requirements in the areas of own funds, liquidity and leverage. Where national laws do not specify any requirements for supervisory approval of such acquisitions, the ECB can assess the acquisitions only against the general requirement under Article 16 (1) (c) of the SSMR that the strategies of the acquiring institution should ensure a sound management and coverage of its risks.
EC2	Laws or regulations provide criteria by which to judge individual proposals.
Description and findings re EC2	There are no harmonized procedures or criteria at EU level for assessment of acquisitions by credit institutions. Only in a few Member States (e.g., Ireland, Slovenia) do national laws specify assessment criteria. However, as explained above, the ECB directly exercises supervisory powers related to the acquisition of holdings in a non-credit institution or a credit institution (also outside the EU) by SIs when national law provides for such power. Additionally, an acquisition by a credit institution may impact on the 15/60 thresholds and will therefore be subject to the relevant EU provisions (See EC 1). If the credit institution acquires another EU credit institution (or other EU financial regulated entity), a qualifying holding procedure as described in CP 6 will be conducted by the target supervisor. The criteria for assessing this acquisition are set out in Article 23(1) of CRD IV (See AC 1).
EC3	Consistent with the licensing requirements, among the objective criteria that the supervisor uses is that any new acquisitions and investments do not expose the bank to undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.55 The supervisor can prohibit banks from making major acquisitions/investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows deemed necessary for adequate consolidated supervision. The supervisor takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis.
Description and findings re EC3	There are no harmonized criteria at EU level relating to these specific requirements. In most Member States, national law is silent on such criteria. In Spain, the competent authority may refuse an application from a bank seeking to open a branch in a non-EU country if it considers that the activities of the branch will not be subject to effective control by the supervisory authority in the host country, or because of the existence of legal or other impediments preventing or hindering the control and inspection of the branch by the competent authority. Similar criteria apply in Ireland (regulation), and in Finland, Luxembourg, and Slovenia (national law). However, ECB banking supervision has clearly communicated to SIs, on an individual basis, that it needs to be aware of transactions that materially affect the risk profile of an institution in order to assess them prior to completing the transaction. In its assessment, ECB banking supervision seeks to obtain a comprehensive view of the impact of the transaction on the overall risk profile of the institution, including but not limited to capital and liquidity, governance and organizational aspects. Where ECB banking supervision is of the view that the transaction would negatively affect the institution, it can take measures under Article 16 (2) of the SSMR, including capital and liquidity add-ons, governance and organizational reinforcements, and can require divestment of activities that pose excessive risk. The possibility of such measures is a clear incentive for institutions to work with the ECB in advance of the conclusion of a transaction to avoid having to unwind the transaction. In addition, the impact of acquisitions will figure prominently in the SREPs following such transactions and may lead to requirements in the SREP decision.
EC4	The supervisor determines that the bank has, from the outset, adequate financial, managerial, and organizational resources to handle the acquisition/investment.
Description and findings re EC4	There are no specific requirements for assessment of the adequacy of the financial, managerial or organizational resources of the bank prior to it making an acquisition. In the case of investment in a nonfinancial sector entity, the risks are managed through the 15/60 percent thresholds as set out in Articles 89–91 of the CRR, but there is no requirement or limit for acquisitions of non-EU banks (see EC 1 above). National law in Germany has the general requirement that institutions have an organizational structure and risk management adequate to their size, complexity, and business structure on a single entity basis and on a group-wide basis. Similar general requirements apply in Ireland (through license conditions) and Slovenia (national law). As noted in EC 3 above, however, ECB banking supervision has clearly communicated to SIs that it needs to be aware of transactions that materially affect the risk profile of an institution in order to assess them prior to completing the transaction. In its assessment, ECB banking supervision seeks to obtain a comprehensive view of the impact of the transaction on the overall risk profile of the institution, including but not limited to capital and liquidity, governance, and organizational aspects.
EC5	The supervisor is aware of the risks that nonbanking activities can pose to a banking group and has the means to take action to mitigate those risks. The supervisor considers the ability of the bank to manage these risks prior to permitting investment in nonbanking activities.
Description and findings re EC5	ECB banking supervision is aware of the risks that nonbanking activities can pose to a banking group. Nonbanking risks are assessed as part of the SREP and the entire range of qualitative and quantitative supervisory measures at the disposal of the ECB may be taken to mitigate such risks. Such an assessment and reaction is also possible outside the SREP, as explained in EC 3 above. Where ECB banking supervision is aware of a transaction in advance of its completion, it will also consider the ability of the bank to manage nonbanking risks and take appropriate measures where it is not convinced. In Austria, acquisition of participations in nonbank business does not need supervisory approval. However, an acquisition is only permitted up to a limited amount of own funds; any amount in excess of that limit must be fully covered by own funds. In Spain, national law permits the competent authority to limit certain activities when deemed appropriate according to the bank’s solvency situation. In Ireland, risks that nonbanking activities can pose to a banking group are taken into account in license conditions.
AC1	The supervisor reviews major acquisitions or investments by other entities in the banking group to determine that these do not expose the bank to any undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.56 Where necessary, the supervisor is able to effectively address the risks to the bank arising from such acquisitions or investments.
Description and findings re AC1	There is no specific authorization procedure in the EU framework regarding acquisitions by other entities (subsidiaries) in the banking group. However, when the target of the acquiring credit institution is a supervised institution located in the EU (another credit institution, an insurance company or an investment firm), the competent authority of the acquiring credit institution may request cooperation from the target supervisor (Article 24 of CRD IV). In a few Member States (Belgium, Finland, Ireland), credit institutions must notify the NCA of major acquisitions by unregulated members of the banking group. In other Member States (Germany, France, Slovenia), requirements in national law relating to the acquisition of a participating interest in another enterprise apply for direct participating interests as well as for indirect participating interests.
Assessment of Principle 7	Materially Non-Compliant
Comments	EU law does not provide an adequate or consistent basis for ECB banking supervision to approve or reject, and impose prudential conditions on, major acquisitions or investments by a credit institution. In particular: there are no prior notification or approval requirements for acquisitions in an undertaking outside the financial sector; requirements relating to the acquisition of a qualifying holding in another EU credit institution are focused on safeguarding the sound and prudent management of the target, not the acquiring, institution; there are no explicit requirements on the acquisition of holdings in credit institutions outside the EU; and there are no harmonized procedures or criteria at EU level for assessment of major acquisitions by credit institutions, including whether the acquisitions expose the credit institution to undue risks or hinder effective supervision. National laws in a number of Member States have granted the relevant NCA supervisory powers to impose various notification and approval requirements, but the coverage is neither consistent nor complete across the Euro Area. The ECB has clarified that, where such powers exist, it is exclusively and directly competent to exercise them. The ECB can also assess major acquisitions against the general requirement that the acquisition should not jeopardize the sound and prudent management of the acquiring institution but, in the absence of pre-notification requirements, there can be no assurance that such assessments will have any ex ante influence on the acquisition. In its opinion on the Commission’s proposed amendments to CRR/CRD IV, the ECB noted that despite the recent clarification of its competence in this area, providing the NCAs’ existing supervisory powers with a common legal basis in EU law would trigger a requirement for their transposition and would foster a level playing field in EU banking supervision through the harmonization of supervisory powers. To achieve this, the ECB has argued that EU law should include a clear reference to additional supervisory powers in relation to material acquisitions in third countries. The reference would state that: “Member States shall require any credit institution that has taken a decision to undertake, directly or indirectly, a material acquisition or investment within or outside of the Union (the proposed transaction) to notify the competent authority in writing in advance of the proposed transaction. The competent authority shall have the power to approve or reject the proposed transaction.”
Principle 8	Supervisory approach. An effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess, and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become non-viable.
Essential criteria
EC1	The supervisor uses a methodology for determining and assessing on an ongoing basis the nature, impact and scope of the risks: (a)which banks or banking groups are exposed to, including risks posed by entities in the wider group; and (b)which banks or banking groups present to the safety and soundness of the banking system. The methodology addresses, among other things, the business focus, group structure, risk profile, internal control environment, and the resolvability of banks, and permits relevant comparisons between banks. The frequency and intensity of supervision of banks and banking groups reflect the outcome of this analysis.
Description and findings re EC1	The main tool for assessing on an ongoing basis the nature, impact and scope of risks for credit institutions is the SREP. In application of the CRD and its national implementation, the ECB as the competent authority is required to carry out a SREP and to take decisions for SIs. Within a group, this applies at the consolidated, sub-consolidated and single-entity levels unless an entity has been waived from supervision on an individual basis in accordance with Articles 7, 8, 10 of the CRR. In the case of a financial conglomerate, the SREP decisions also need to consider the outcome of the supplementary supervision as required by FICOD. The SSM SREP is based on a harmonized methodology developed along the lines of the EBA Guidelines on common procedures and methodologies for the SREP (EBA/GL/2014/13). It is applied in a proportionate manner to institutions depending on the nature, scale, and complexity of their activities, and, when relevant, on their situation within a group, its overseas and interbank ties, its significance for the overall market or a relevant subsegment of the market, and the institution’s overall risk situation, taking into account all relevant risks, its risk management processes and its capital and liquidity. The SREP methodology is in continuous development to reflect international and European regulatory work and best practices and encompasses evolving banks’ practices. The EBA is also undertaking a consultation and review of its current SREP Guidelines: https://www.eba.europa.eu/regulation-and-policy/supervisory-review-and-evaluation-srep-and-pillar-2. The ECB is also looking at streamlining the SREP without limiting its effectiveness. The SREP methodology relies extensively on quantitative and qualitative analysis. It combines data and expert judgment following a principle of “constrained judgment,” with a view to ensuring that the SREP decision fits best with an institution’s risk profile (and is not a “mechanical” process), takes into account the risks which banks or banking groups present to the safety and soundness of the banking system while also ensuring consistency and accountability across the SSM. The assessment of the risks which banks or banking groups present to the safety and soundness of the banking system is based on the clusters used by ECB banking supervision to identify banks’ riskiness. This clustering is regularly updated and benefits from the ongoing monitoring of markets and financial stability developments by the SSM Risk Analysis Division. The SSM SREP is built on four elements (see the following Figure): View Full Size Download Figure Download figure as PowerPoint slide business model and profitability assessment; internal governance and risk management assessment; risk-by-risk assessment of risks to capital; risk-by-risk assessment of risks to liquidity and funding. The assessments performed for the four elements result in an overall SREP assessment, which underpins a wide range of possible supervisory actions, including the decisions on the institution’s capital or liquidity adequacy or other qualitative or quantitative measures. There is a direct link between the supervisory assessment, the necessary supervisory measures, and the SEP. The SREP score drives the intensity of the supervision—level of engagement—on an institution. This overall architecture facilitates comparisons across banks. For each element, the assessment can also be tailored to the specific situation of each institution. The various assessments are performed at different frequencies (MELs), defined as a result of the SREP in the SEP, which can be fine-tuned by the SEP for each individual institution. The JST is expected to update its assessments and remediation actions whenever it is warranted by new information. The assessments performed by the JST are documented in the ECB’s Information Management System (IMAS) on an ongoing basis. At least once a year, a SREP decision is taken. Examples of SREP decisions, including one with identified deficiencies, were provided to the assessors. The decisions describe the findings in detail and where appropriate establish enforceable prudential requirements for the institution. Assessors saw evidence of a direct link between offsite supervision and follow up with the institution reflected in the SEP. With respect to the assessment of resolvability, see EC6.
EC2	The supervisor has processes to understand the risk profile of banks and banking groups and employs a well defined methodology to establish a forward-looking view of the profile. The nature of the supervisory work on each bank is based on the results of this analysis.
Description and findings re EC2	The SREP methodology establishes a forward-looking view of the profile since JSTs shall take all necessary actions in a timely manner to ensure institutions’ future viability (See EC1). The assessments need to be carried out taking into account a forward-looking perspective. The SREP assesses an institution’s viability at a 12-month horizon, in the medium term (3 to 5 years), and over the cycle. To do so, ECB banking supervision relies on a wide range of backward and forward-looking, quantitative and qualitative information, such as stress testing. The ECB’s RAS supports the JST’s day-to-day supervisory work. It is used for evaluating banks’ risk levels and controls, their business model, their internal governance, their capital adequacy and their liquidity adequacy on an ongoing basis. The assessment of an institution’s capital, and liquidity needs is based on the outcome of the ongoing RAS, supplemented with a periodic more comprehensive review of the institution’s capital and liquid positions, in the light of the latter’s own assessments (internal capital adequacy assessment processes (ICAAP)/ILAAP) taking into account normal and stressed conditions. To that purpose, supervisors may challenge the ICAAP/ILAAP of the bank based on its own quantification (supervisory “proxies”) as well as supervisory stress tests (such as those conducted by the EBA or the ECB’s comprehensive assessments). These various dimensions provide supervisors with both a static and forward-looking perspective on the bank. The assessments of the first two elements (business model and profitability, and governance and risk management assessments) (see Figure shown in EC1), together with the assessments of risks to capital and to liquidity are conducted on the basis of regular reporting, such as common reporting (COREP) and financial reporting (in the EU) (FINREP), qualitative information, and also ad hoc information received by JSTs from various sources on an ongoing basis: other data (e.g., STE data), reports (e.g., external audit reports), meetings, etc. The outcome of this analysis is a risk analysis with short narratives summarized in scores that facilitate comparison and internal communication. The outcome of the SREP is taken into account together with ECB banking supervision analysis of the risk environment as well as other factors such as changes in the regulatory landscape to identify supervisory priorities and derive a SEP. The SEP defines the supervisory activities for ongoing supervision, onsite inspections, and internal model investigations to be carried at the SI over a predetermined time horizon (typically one year for ongoing activities and for the onsite inspections and internal model investigations). Pursuant to Article 12 of the SSMR, and as part of the SEP, in order to carry out the tasks assigned to it by the SSMR, the ECB appoints onsite inspection teams as laid down in Article 144 of Regulation 468/2014 of the ECB of April 16, 2014 (SSMFR) to conduct all necessary onsite inspections on the premises of a legal person as referred to in Article 10(1) of the SSMR (SSMFR Article 143). The fundamentals of the ECB’s methodological framework for supervision are sound. It also has been refined through the experience gained since its initial launch in 2015. This process of continual assessment and improvement should continue as the SREP matures.
EC3	The supervisor assesses banks’ and banking groups’ compliance with prudential regulations and other legal requirements.
Description and findings re EC3	The relevant Articles in CRD IV include Articles 73, 97, 98, and 99. In addition, in accordance with Article 10 of the SSMR, the ECB has the power to require institutions and parent undertakings to provide all information that is necessary in order to carry out its supervisory tasks. Part of the ECB’s mandate is to ensure that banks comply with the relevant Union law that imposes prudential requirements on credit institutions in the areas of own funds requirements, securitization, large exposure limits, liquidity, leverage, and reporting and public disclosure of information on those matters (See Article 4(1)(d) of the SSMR). The ECB also is charged with ensuring that banks comply with the relevant Union law requiring credit institutions to have in place robust governance arrangements, including “fit-and-proper” requirements for the persons responsible for the management of credit institutions, risk management processes, internal control mechanisms, remuneration policies, and practices and effective ICAAP, including Internal Ratings-Based (IRB) models. ECB banking supervision must assess whether the institutions of the group have implemented appropriate arrangements, strategies, processes, and mechanisms to comply with all requirements of CRD IV and CRR that set out the relevant prudential and other requirements. The assessment of banks’ and banking groups’ compliance with prudential regulations and other legal requirements is made on a regular basis in the context of the SREP. In particular, for each relevant risk category there is an assessment of compliance with the applicable laws and regulations covering own funds requirements; securitization; large exposure limits; liquidity; leverage; and reporting and public disclosure of information on those matters, governance arrangements, including the fit-and-proper requirements for the persons responsible for the management of credit institutions, risk management processes, internal control mechanisms, remuneration policies and practices, and effective ICAAP, including IRB models. A credit institution’s written SREP decision from the ECB tells the institution whether it has correctly implemented the arrangements, strategies, processes, and mechanisms necessary to comply with all requirements of CRD IV and CRR. If the ECB has evidence that the credit institution is likely to breach the requirements of the relevant union law within the next 12 months, it may at an early stage exercise the powers provided for by Article 16(2) of the SSMR. If an institution is rated 3 minus or 4, the SRB is granted automatic access to IMAS data on the institution. The entity’s internal governance assessment also assesses the compliance function. The compliance function is assessed in the following areas: (i) whether the institution is prepared for future regulation and evaluates the impact that regulation will have on its activities. This relates to both the rules resulting from the institution’s own policy in this area and those resulting from banking law and its implementing regulations, along with other legal and regulatory provisions applicable to the banking sector (for instance, transparency, AML, etc.) as well as litigation and reputational risk; (ii) whether the institution adheres to the aforementioned procedures and instructions on an ongoing basis (including a comprehensive incident database and analysis); reports periodically the results of such monitoring and awareness testing to the institution’s management body in its management function and management body in its supervisory function. Please refer to CP 25 for a discussion of AML as an operational risk factor. In addition, during onsite inspections one of the aims is to assess the institution’s compliance with banking regulation. The JST engages with SIs on an ongoing basis through regular meetings, onsite examinations, and thematic reviews and through the receipt of information sources such as internal and external audit reports. Discussions between assessors and JSTs from a cross-section of institutions show a high level of engagement with business line and senior management as well as risk managers. The availability of adequate resources for onsite supervision continues to be a challenge for the ECB. Resource related issues may vary by NCA and supervision program. While cooperation, planning, and coordination between the ECB and NCAs has improved, these efforts should continue. Otherwise, this may impact the ability of the ECB to fulfill their supervision responsibilities (See CP 2). The ECB conducts thematic reviews of significant areas on a horizontal basis (See EC 4). In 2017, the ECB launched the Targeted Review of Internal Models (TRIM) exercise, with the overall objective to enhance the credibility and to confirm the adequacy and appropriateness of approved Pillar I internal models for credit, market, and CCR of all SIs using internal models within the SSM with a view to ensure compliance with regulatory requirements and to harmonize supervisory practices. In this connection, the exercise aims to reduce the non-risk-based variability of risk-weighted assets calculated with internal models and foster a level playing field within the SSM. TRIM is an SSM-wide project jointly performed by the ECB and NCAs, with consultancy support, and it is planned to run until 2019. Overall, about 200 onsite investigations are expected to be conducted in the context of the project, reviewing all internal models for market and counterparty credit risk, and reviewing the most material and critical models for credit risk, ensuring coverage of at least 60 percent of total IRB Exposure at Default and risk-weighted assets of SIs. A draft General Topics chapter to the ECB Guide to Internal Models was published in October 2017: fhttps://www.bankingsupervision.europa.eu/press/pr/date/2017/html/ssm.pr170727.en.html A public consultation on the General Topics, which will reflect the results of TRIM’s internal model assessments, is expected at the end of the first quarter of 2018.
EC4	The supervisor takes the macroeconomic environment into account in its risk assessment of banks and banking groups. The supervisor also takes into account cross-sectoral developments, for example in nonbank financial institutions, through frequent contact with their regulators.
Description and findings re EC4	Article 97 of CRD IV requires the competent authorities to evaluate the risks institutions are or might be exposed to, risks that an institution poses to the financial system, and risks revealed by stress-testing taking into account the nature, scale, and complexity of an institution’s activities. Key Institutions’ internal arrangements to be reviewed as part of this SREP comprise the ICAAP as set out by Article73 of CRD IV and the ILAAP as set out by Article 86 of CRD IV. The macroeconomic situation and macroprudential considerations are taken into account in microprudential supervision through the strategic planning exercise, as well as in the SREP. The strategic planning exercise, conducted by the DG MS IV Planning Division with input from the Risk Analysis Division, is conducted yearly and includes a broad stocktaking of risks, which takes into account the viewpoints of NCAs/macroprudential authorities, several Directorates General of the ECB (e.g., DG-MF) and international bodies (e.g., the ESRB, the EBA and the IMF) to complement the Risk Analysis Division’s own research. Therefore, macro views are an important driving factor in the determination of supervisory priorities within the SSM and an input for the minimum engagement levels in the operational planning process. Risks stemming out of the external environment, such as sectoral risks, conduct risks, or cybercrime, come into play in SREP, either when assessing a specific risk category or in the holistic approach, taking all information available to arrive at the final assessment of the risk profile of the bank. In addition, there are risks that reflect another dimension: global/European (risks that could affect all banks and do not stem from a specific country or sector, e.g., cybercrime or reversal of the search for yield); cross-border sectoral (risk stemming from a specific sector, e.g., credit risk stemming from the global shipping sector); domestic country-wide (non-sectoral risks specific to a country, e.g., a credit-rating downgrade of the government of country Y); or domestic sectoral (sectoral risk in one country, e.g., deteriorating SME loans in country X). In the case of country and/or sector specific risks, JSTs need only assess those risks where the supervised bank has significant exposures. The JST assesses the institution’s capacity to cover its capital needs from a forward-looking perspective, assuming stressed economic, and financial developments. This is done using a wide range of information sources, including the institution’s internal stressed projections, SSM’s stressed supervisory proxies, and the outcome of supervisory (bottom-up and/or top-down) stress tests when available. Following the clarification of the EBA of July 2016 on the use of the 2016 EU-wide stress test results in the SREP process, the ECB has reflected the quantitative outcome of the stress test in capital guidance (See CP 9). The on-going supervision that is conducted by the JST and supported by the ECB and NCAs’ horizontal divisions includes the review of prudential returns and of financial statements. With regard to providing a forward-looking assessment of an institution’s capital position, the supervisor relies on an institution’s internal stress test, on the supervisor’s micro stress and sensitivity analysis, and on system-wide supervisory stress tests when available. Institutions usually rely on a wide range of internal stress tests and sensitivity analyses to determine their capital trajectory and their ability to raise own funds over a certain horizon. This helps them identifying backstop actions that may be warranted at an early stage should adverse scenarios materialize. To review these stress tests, ECB banking supervision follows the principles and recommendations of international supervisory bodies. Supervisors should expect institutions to analyze at least a baseline scenario and a stressed scenario, and make projections of its main balance sheet, profit and loss, and off-balance sheet items in view of the institution’s strategic plan, including the capitalized profit, dividends, share issues, subordinated capital issues, and capital charges in line with the expected business growth, changes in the Pillar 1 risk profile, other risks assessed in the ICAAP, regulatory changes, one-off transactions, etc. Stress tests should be conducted as part of the ICAAP to identify those events or changes in the market conditions in which institutions operate that may adversely affect their future solvency. At least one comprehensive adverse scenario, reflecting severe but plausible adverse developments of the institution’s operating conditions, should be used for capital planning. Supervisors should assess the underlying assumptions and the adequacy of the translation of these assumptions into stressed capital and risk projections over at least the upcoming three years. Furthermore, any embedded management actions should be scrutinized. The Risk Analysis Division is responsible for taking into account cross-sectoral developments through quantitative impact studies (not covered by the Methodology and Standards Development Division) and cross-sectional analysis of results, and institution-specific quantitative impact analysis of the macroprudential policies that use microprudential instruments (which is generally the case). The Risk Analysis Division and the ECB’s macroprudential function cooperate closely by exchanging views on risks and vulnerabilities e.g., in regular meetings. The ECB also established cooperation arrangements with other regulators, including insurance and market regulators (See CP 3). The ECB maintains frequent contact with NCAs and international bank regulatory authorities through supervisory colleges (See CP 13). It also maintains contact with other nonbank financial regulators such as securities and insurance supervisors in a variety of fora to discuss a common view of risks in the particular banking group supervised, supervisory approaches, and potential concerns on the banking group or subsidiaries (See CP 12).
EC5	The supervisor, in conjunction with other relevant authorities, identifies, monitors, and assesses the build-up of risks, trends, and concentrations within and across the banking system as a whole. This includes, among other things, banks’ problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs). The supervisor incorporates this analysis into its assessment of banks and banking groups and addresses proactively any serious threat to the stability of the banking system. The supervisor communicates any significant trends or emerging risks identified to banks and to other relevant authorities with responsibilities for financial system stability.
Description and findings re EC5	ECB banking supervision’s SREP strives for high-quality supervision and to ensure financial stability within the SSM. This entails enhancing institutions’ resilience to shocks. The JSTs are expected to carry out their assessment in a conservative manner, acting in a fair but tough manner, taking into account horizontal developments that may affect institutions under the ECB’s supervision. As the SREP is performed simultaneously for all SIs under the ECB’s direct supervision, the ECB is in a unique position to identify common trends likely to affect all or part of the institutions under its responsibility. Moreover, in order to ensure consistency and identify common trends, horizontal analyses are integral to the SREP methodology. This approach permits peer comparisons and the consistent application of supervision practices. Horizontal analyses are performed by the ECB’s horizontal function—mainly the MSD and RIA divisions. Their results are communicated to the Supervisory Board, which takes them into account in making final SREP decisions. The structure of the ECB’s decision-making bodies ensures that where appropriate, the identification of significant trends or emerging risks is communicated to the central banking and financial stability functions of the ECB. Horizontal analysis or ad-hoc thematic analysis may give rise to immediate communication to and/or actions by the institutions, when needed. Where individual measures are addressed to institutions, they should result in a forward-looking view of the situation of the bank and minimize the risk of underestimation of risks (See Assessment of CP 9). Assessments of the ECB’s supervision of specific substantive areas are found in: CP 18 on problem assets; CP 21 on country risk; CP 22 market risk; CP 23 on interest rate risk; CP 24 on liquidity; and, CP 25 on operational risk. The assessors identified a gap area in the ECB’s identification of a build-up of risks. The ECB should consider the risk management risk, and operational risk and liquidity impacts of high risk business models even though the activity may involve substantive areas regulated by NCAs or national authorities such as AML (See CP 25).
EC6	Drawing on information provided by the bank and other national supervisors, the supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability where appropriate, having regard to the bank’s risk profile and systemic importance. When bank-specific barriers to orderly resolution are identified, the supervisor requires, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational and ownership structures, and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business.
Description and findings re EC6	The EU legal framework for resolution planning (e.g., the SRM Regulation and BRRD), gives the resolution authority the responsibility for resolution planning, including the assessment of the bank’s resolvability and the taking of measures to address impediments to its resolvability. The ECB, as the competent supervisory authority, has a consultative role in the drawing up of resolution plans for SIs and in the assessment of resolvability. The ECB cooperates with the SRM under the framework of the BRRD and the SRM Regulation for resolution planning. The ECB shares relevant information on SIs with the SRB for the purpose of resolution planning in line with Article 30 SRMR. The SRB is required to consult the ECB with respect to the resolution plans and respective resolvability assessment of individual SIs, in line with Article 8 and 10 SRMR. The assessors saw written examples of this consultation between the ECB and SRB. If the SRB after consulting the ECB determines that there are substantive impediments to the resolvability of that SI, the SRB shall notify in writing that determination to the institution concerned, to the ECB and to the resolution authorities of the jurisdictions in which significant branches are located. Within four months of the date of receipt of a notification, the institution shall propose to the SRB possible measures to address or remove the substantive impediments identified in the notification. The SRB, after consulting the ECB, assesses whether those measures effectively address or remove the substantive impediments in question. If the measures proposed by the entity or parent undertaking concerned do not effectively reduce or remove the impediments to resolvability, the SRB shall take a decision, after consulting the ECB and, where appropriate, the designated macroprudential authority, indicating that the measures proposed do not effectively reduce or remove the impediments to resolvability, and instructing the national resolution authorities to require the institution, the parent undertaking, or any subsidiary of the group concerned, to take the below listed alternative measures. In identifying alternative measures, the SRB is required to demonstrate how the measures proposed by the institution would not be able to remove the impediments to resolvability and how the alternative measures proposed are proportionate in removing them. The SRB also must take into account the threat to financial stability of those impediments to resolvability and the effect of the measures on the business of the institution, its stability and its ability to contribute to the economy. For the purposes described above, SRB shall have the power to take any of the following measures: (a) require the institution to revise any intragroup financing agreements or review the absence thereof, or draw up service agreements, whether intra-group or with third parties, to cover the provision of critical functions; (b) require the institution to limit its maximum individual and aggregate exposures; (c) impose specific or regular additional information requirements relevant for resolution purposes; (d) require the institution to divest specific assets; (e) require the institution to limit or cease specific existing or proposed activities; (f) restrict or prevent the development of new or existing business lines or sale of new or existing products; (g) require changes to legal or operational structures of the institution or any group entity, either directly or indirectly under its control, so as to reduce complexity in order to ensure that critical functions may be legally and operationally separated from other functions through the application of the resolution tools; (h) require an institution or a parent undertaking to set up a parent financial holding company in a Member State or a Union parent financial holding company; (i) require an institution to issue eligible liabilities to meet the requirements of Article 45 of the BRRD; (j) require an institution to take other steps to meet the minimum requirement for own funds and eligible liabilities under Article 45 of the BRRD; and (k) where an institution is the subsidiary of a mixed-activity holding company, requiring that the mixed-activity holding company set up a separate financial holding company to control the institution. Before identifying any of the above-mentioned measures, the SRB, must consult with the ECB and, if appropriate, the designated national macroprudential authority, and is required to consider the potential effect of those measures on the particular institution, on the internal market for financial services, on the financial stability in other Member States and Union as a whole. In case of a Union parent undertaking, the joint decision process described in Article 18 of the BRRD applies. The ECB should continue to work with the SRB to develop and refine appropriate operational policies and procedures to implement their respective resolution planning roles (See EC7).
EC7	The supervisor has a clear framework or process for handling banks in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner.
Description and findings re EC7	The ECB’s crisis management framework covers several phases depending on the specific situation of the credit institution. It ranges from preparatory activities in the ongoing supervision to involvement in decisions on resolution. However, during the resolution process, the main decision-makers are the resolution authorities (i.e., the SRB and the NRAs). Within this context, the ECB plays an advisory role and cooperates with NRAs/SRB on any necessary follow-up actions (See EC6). A successful resolution requires a high level of coordination and information sharing between the SRB, ECB banking supervision, and liquidity providers. The robustness and feasibility of an SI’s liquidity contingency funding plans are essential (See CP 24 EC 6). The ECB’s ongoing supervision includes the early identification and remediation of emerging risks, and the assessment of recovery plans and the use of stress tests. The framework for stress testing by the ECB is further explained in EC4. Moreover, the ECB performs regular risk assessments and monitors the risk profile of an institution including whether the conditions required for authorization to continue exist, pursuant to Articles 97 and 107 of CRD IV. When the financial situation of an institution deteriorates, the ECB determines the appropriate supervisory action and the relevant JST steps up the supervisory activity for the institution, following an escalation process.57 The ECB escalation process should be understood by both ECB and SRB staff. Information that is relevant to the resolution process should be shared promptly. Advance preparation of resolution actions can prevent value destruction. Preliminary staff level discussions between the ECB and the SRB should occur shortly after a SI is projected to fail within a 12-month time horizon and well before the ECB forms a crisis management team (CMT). The ECB and SRB should adopt policies and operational arrangements to ensure that formal FOLTF determinations and the ‘resolution weekend’ are closely coordinated and can be prescheduled allowing for advance resolution preparation and the problem bank can be seamlessly transferred from the ECB to the SRB On the operational side, the ECB has designed an Emergency Action Plan that includes the operational steps for crisis management and crisis mitigation for SIs in the context of the ECB crisis management framework set out in the SSM Supervisory Manual. The ECB’s intermediate structures and horizontal divisions are informed about the deterioration in the risk profile. In particular, when the JST coordinator sees that the financial situation of a bank deteriorates materially either in a short period of time or gradually with a clear trend, the JST coordinator shall inform the head of the Crisis Management Division, while NCAs will be automatically involved through the JST. As a result, the Crisis Management Division will start monitoring the situation and cooperate with the JST. Those banks with a potential deterioration of liquidity or capital situation will be monitored more closely. Expert support is provided by the Crisis Management Division as regards both the analysis of the financial situation of the credit institution/banking group and the preparation of a draft decision proposal on remedial actions. In particular, the Crisis Management Division will share its knowledge and experience from other comparable situations and from its interaction and cooperation with the relevant crisis management functions of the NCAs. Before selecting the most appropriate intervention tools, the JST and the Crisis Management Division gather any analysis prepared by the DG MS IV Risk Analysis Division based on its monitoring of the SSM banking system. In a crisis situation, the JST coordinator and the head of the CRM may propose the establishment of an institution-specific CMT. The institution-specific CMT acts as the central internal coordination body with respect to necessary institution-specific supervisory actions within the SSM to mitigate a crisis situation. It is also the central hub for information sharing and coordination of the ECB supervisory response. While it is not a formal decision-making body, the IS CMT allocates concrete tasks and proposes draft decisions to be considered by the ECB decision-making bodies, as well as monitors progress, effectiveness, and efficiency of crisis management activities at the working level. Further, the IS CMT coordinates interactions with the institution in difficulty via the JST coordinator and relevant Banking Union NCAs. Cooperation with relevant representatives of NRAs and the SRB is then coordinated by CRM. Each IS CMT is composed of: the Chair and Vice-Chair of the Supervisory Board; the JST coordinator; his Head of Division and Director General; the Head of Division of CRM as well as the DG of DG MS IV; the Secretary of the Supervisory Board; and the Supervisory Board member(s) of the NCA(s) directly affected. Other senior representatives of Banking Union NCAs, including Supervisory Board members of directly affected NCAs, other ECB banking supervision staff (the non-affected DG MS I or II and DG MS III) and ECB divisions at DG level can be invited to IS CMT meetings. Where appropriate, other relevant ECB divisions (e.g., DG Communications, DG Market Operations) are debriefed after the IS CMT meeting on a need-to-know basis. In case of emergencies, the Chair of the Supervisory Board shall convene a meeting in time to take the necessary decisions; as appropriate, this can also be by means of teleconferencing under derogation from the general rules. The assessors note that the Supervisory Board has used emergency procedures for expedited decisions in time-sensitive situations. The relevant ECB DG submits, where necessary in cooperation with other competent DGs, to the Secretariat of the Supervisory Board, a proposal for a complete draft decision stating that an emergency decision is required. When a DG is preparing a proposal for a complete draft decision, the opinions of the NCAs are captured within the process. The ECB follows a specific decision-making procedure. This procedure respects the EU Treaty rules governing decision-making within the ECB, which assign decision-making powers exclusively to the Governing Council and the Executive Board. Under this procedure, the Supervisory Board proposes ‘complete draft decisions’ to the Governing Council, but the Supervisory Board cannot take legally binding ECB decisions of its own initiative, nor can decision-making powers be delegated to it. The Supervisory Board meeting is convened either in person, via conference call, or through written procedure, for a swift decision. The Supervisory Board is responsible for assessing all proposals for complete draft decisions submitted for approval through the Directorates General and to decide on the final proposal to be transmitted to the Governing Council. The decision is adopted by the Governing Council in the context of a physical meeting, via conference call, or through written procedure. The Governing Council cannot change complete draft decisions but only approve or object to them. Approval can also occur tacitly in the sense that complete draft decisions proposed to the Governing Council are considered adopted where it does not object within a defined time period (non-objection procedure). Overall, in crisis or emergency situations, decision-taking is speeded up significantly via a specific “fast-track” procedure. Where process steps are sequential, they are undertaken back-to-back. In the case of a cross-border banking group, the ECB, as the consolidating supervisor, plans and coordinates the supervisory activities (e.g., early intervention measures) within the supervisory college framework. Where appropriate, the ECB informs resolution authorities of any material deterioration in the financial soundness of an institution and of the implementation of early intervention measures (See Articles 27 and 30 of the BRRD). In accordance with Article 32(1)(a) of the BRRD and Article 18(1) of the SSMR, the ECB coordinates consultation with the SRB on the determination of failing or likely to fail. Where a “failing or likely to fail” determination is taken, the ECB informs all relevant stakeholders (e.g., the SRB and the Commission in line with Article 18(1) of the SSMR, other external stakeholders in line with Article 81(3), e.g., the relevant deposit guarantee scheme(s), the competent ministries, etc.). The ECB demonstrated to the assessors that this expedited approval process was used effectively in 2017 in connection with the resolutions of failed institutions. While a formal resolution framework is in place, the timeliness and level of coordination and collaboration between the ECB and SRB could be improved. The ECA assessed the operational efficiency of the management of the ECB in crisis management. (Special Report No. 02/2018: The Operational Efficiency of the ECB’s Crisis Management for Banks, 16/01/2018). The audit found that while the ECB has established a substantial framework for crisis management, it noted some design flaws and inefficient implementation that should be addressed. The audit recommended making better use of recovery plan assessments and developing operational guidance for crisis management activities and to enhance management reporting systems. Internal ECB processes should be reviewed for effectiveness in light of recent resolution experience. The assessors recommend that the ECB and SRB forge closer working relationships in recovery and resolution planning. Ongoing negotiations to revise the existing MoU should conclude as soon as possible. Automatic information sharing with the SRB has been established at the assignment of certain SREP ratings. Discussions about shared information should occur early in the process, well before formal “early intervention” and “failure or likely to fail” notifications are required to facilitate seamless recovery and resolution planning.
EC8	Where the supervisor becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw the matter to the attention of the responsible authority. Where the supervisor becomes aware of banks restructuring their activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this.
Description and findings re EC8	Where the ECB becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter or of banks restructuring their activities to avoid the regulatory perimeter, the ECB brings the matter to the attention of the responsible authority if such authority exists. The assessors note that the ECB lacks express authority to legally constrain activities outside its remit. The ECB cannot address directly the issue of jurisdiction-specific bank-like activities being conducted without adequate licensing authorities. The ECB cannot mitigate this gap without express Union powers or the authority to enforce national laws or regulations addressing the activity in question. Where SIs, intentionally or negligently, breach a requirement under relevant Union law, the ECB may impose administrative pecuniary penalties or fines (hereafter “sanctions”) to penalize the misconduct of business by the credit institution (Article 18(1) of the SSMR) or, in the cases specified in Article 18(5) of the SSMR, require NCAs to do so. In the case of a breach of ECB regulations or decisions, the ECB may sanction supervised entities with fines. In cases of ongoing breaches of regulations or national laws implementing relevant directives or ECB decisions, the ECB may impose enforcement measures to compel entities to comply with regulatory or supervisory requirements, make use of enforcement measures available to NCAs under national transposition of EU law or instruct NCAs to use their purely national enforcement powers, when available (See CP11).
Assessment of Principle 8	Largely Compliant
Comments	The fundamentals of the ECB’s methodological framework for supervision are sound. The main elements of the supervision methodology—SREP, RAS, and SEP—are well in in place. The methodology has been refined through the experience gained since its initial launch in 2015. This process of continual assessment and improvement should continue as the SREP, RAS and SEP mature over time. The greater emphasis on quantitative analysis is consistent with the EBA’s SREP Guidelines. The methodology meets the requirements of CP 8 as being a forward-looking risk-based assessment of individual banks and banking groups, proportionate to their systemic importance. The ECB’s supervisory approach identifies risks within banks and the banking system as a whole. The ECB should seek a balance between thematic and ongoing supervision after its level setting effort. ECB decision-making processes are complex and may impede timely supervisory action in the ordinary course. Furthermore, the volume, quality and availability of resources for the supervision of SIs are in some instances beyond the ECB’s control. In exigent circumstance, the Supervisory Board and the Governing Council, however, have demonstrated an ability to act. These bodies adopted emergency procedures that have been successfully tested in recent resolutions. It is important to address these constraints, even though some of them are structurally imbedded. The assessors reviewed the ECB’s supervisory histories for recent resolutions of SIs. The ECB in conjunction with the SRB and NRAs is a key participant in the Euro Area’s early intervention and resolution framework. Additional work, however, is required in the recovery and resolution planning area. Internal ECB processes should be reviewed in light of recent resolution experience. While a formal resolution framework is in place, the timeliness and level of coordination and collaboration between the ECB and SRB could be improved. Based upon the assessors’ review of the supervisory histories, the ECB’s crisis management function could make better use of recovery plan assessments and developing operational guidance for crisis management activities and to enhance management reporting systems (See also Special Report No. 02/2018: The Operational Efficiency of the ECB’s Crisis Management for Banks, 16/01/2018). The assessors recommend that the ECB and SRB forge closer working relationships in recovery and resolution planning at the earliest possible time. Ongoing negotiations to revise the existing MoU should conclude as soon as possible. Automatic information sharing with the SRB has been established at the assignment of certain SREP ratings. Informal discussions about information gaps, liquidity and preliminary resolution strategies should occur early in the process, well before formal “early intervention” and “failure or likely to fail” processes are required, to facilitate seamless recovery and resolution planning.
Principle 9	Supervisory techniques and tools. The supervisor uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of banks.
Essential criteria
EC1	The supervisor employs an appropriate mix of onsite58 and offsite59 supervision to evaluate the condition of banks and banking groups, their risk profile, internal control environment and the corrective measures necessary to address supervisory concerns. The specific mix between onsite and offsite supervision may be determined by the particular conditions and circumstances of the country and the bank. The supervisor regularly assesses the quality, effectiveness and integration of its onsite and offsite functions, and amends its approach, as needed.
Description and findings re EC1	The relevant EU legislation pertaining to the mix of onsite and offsite supervision is contained within Articles 97, 98 and 99 of CRD IV (See CP 8 EC1–2). In addition, the EBA guidelines on common procedures and methodologies for supervisory review and evaluation (SREP guidelines) provide detailed instructions on the risk assessment process. The EBA is undertaking a consultation on and review of these guidelines. Article 99 of CRD IV sets out the minimum expectations for NCAs to, at least annually, adopt a supervisory assessment program. According to Article 99, the program must include a plan for the activities and resources (paragraph 1(a)), identification of institutions for enhanced supervision (paragraph 1(b)) and a plan for onsite examinations (paragraph 1 (c)). Furthermore, the requirements of CRD IV provide for supervisors to adjust the intensity of supervision depending upon the risks identified, including a permanent onsite presence of the NCA (paragraph 3(b)), more frequent reporting (paragraph 3c)), and thematic inspections (paragraph 3(e)). The ECB is empowered: (i) to carry out offsite supervision in accordance with Article 4 of the SSMR; (ii) to adopt supervisory measures in accordance with Article 16 of the SSMR; (iii) to carry out onsite inspections in accordance with Article 12 of SSMR and Articles 143 to 146 of the SSMFR. The ECB communicates its broad supervisory priorities to the banking industry and the general public. In 2017 it identified three priority risk areas: business models and profitability drivers; credit risk, with a focus on NPLs and concentrations; and risk management. These messages were delivered in a variety of media and fora. Examples include the ECB’s SSM website; meetings with trade groups (e.g., European Banking Association meeting on January 23, 2017); and conference calls with banks, analysts, and journalists (e.g., December 15, 2017 SREP and Supervisory priorities conference call). The assessors believe that transparency on supervisory expectations, concerns, techniques, and strategies, to the extent permitted by confidentiality requirements, assists sound supervision. ECB banking supervision’s supervisory process starts with the planning of the regular supervisory activities, which is laid down in the SEP. The SEP covers the tasks and activities related to offsite ongoing supervision and onsite missions, in line with available resources. The appropriate mix between onsite and offsite supervision for a given institution and Euro Area-wide results from the SEP, which is defined in accordance with the process below. Offsite ongoing supervision entails a number of activities that are conducted regularly or on an ad hoc basis and that are aimed at checking compliance with prudential regulation, assessing the risk profile through the SREP and adopting capital, liquidity, or qualitative measures as appropriate. For SIs, these tasks fall under the responsibility of the JSTs. In addition, horizontal thematic reviews, in-depth reviews and ad hoc reviews are conducted on certain topics by offsite analyses and dedicated onsite missions. Examples are the 2015–2016 Governance and Risk Appetite and the 2017–2019 Internal Model (TRIM) thematic reviews and investigations. The onsite inspections are typically carried out by an inspection team, which—while organizationally independent—works in close cooperation with the JST (see EC 4). The various supervisory activities typically result in supervisory measures (e.g., recommendations, requirements, decisions) in the form of an operational act directed to the SI. Final decisions are taken at the level of the Supervisory Board and the Governing Council. Supervisory activities and decisions are typically followed by a number of routine steps including communication to the institution, the hearing of the institution, the monitoring of compliance and, if necessary, enforcement and sanctioning (See CP 11). CRD IV provides that supervision must be both risk-based and proportionate to the institutions concerned. The overall supervisory resources (i.e., resources available for ongoing supervision, onsite inspections, and horizontal work) therefore need to be allocated to the supervision of the different institutions in a way that considers these two objectives (See CP1 EC8). This leads to a different supervisory engagement—defined here as the type, intensity, and frequency of supervisory work (e.g., offsite analysis, meetings, ad hoc data requests, and onsite inspections)—for different types of institutions. SIs are grouped into five different categories to each of which a different level of supervisory engagement applies. The grouping of an institution reflects both the potential impact of its demise on financial stability (first step of the categorization) and its intrinsic riskiness (second step of the categorization). The categorization is updated annually or whenever there are new developments changing the assessment of the impact, supervisory complexity, or riskiness (e.g., the purchase of another bank). In a first step, “impact” is assessed in the same way as in the Financial Stability Board context for Systemically Important Financial Institutions, taking into account five dimensions: size, complexity and geographical diversification, substitutability, interconnectedness, and implicit groups. Size and complexity (including geographical diversification and some business model-related aspects) are relatively easy to measure and are used as the leading indicators. As these two dimensions do not necessarily provide a comprehensive view of each bank’s impact on the Euro Area financial system, additional, more specific, but harder to measure, information is incorporated into the analysis. The impact categorization also may be adjusted to reflect other aspects such as the complexity of supervising an institution (e.g., a financial conglomerate or a bank using many sophisticated internal models) or thematic reviews conducted by the ECB. The Step 1 categorization is to be performed jointly by the DGs responsible for the microprudential supervision of the individual institution and by DG MS IV. As a result, institutions are grouped into five different clusters. In a second step, the outcome of Step 1 (Cluster) is combined with the “riskiness” of the institution, the latter based on the last available RAS overall rating assigned by the JST, to provide the supervisory overall engagement level. An assessment matrix is provided by the Planning Division within DG MS IV. A different level of supervisory engagement applies to each of these categories in terms of (i) supervisory expectations and (ii) resources allocated (especially with regard to JST resources), with both dimensions being interrelated. In practice, the de facto supervisory engagement may differ from the ex-ante required supervisory engagement in the event of unforeseen developments. The matrix determines for each combination of cluster and riskiness the overall supervisory engagement level to be applied. The bigger, more complex and riskier institutions are allocated a higher engagement level. The engagement level defines the minimum set of supervisory activities to be performed in the SI and therefore is directly linked to (i) supervisory work/expectations and (ii) resources allocated (especially with regard to JST resources), with both dimensions being interrelated. In practice, the de facto supervisory engagement may differ from the ex-ante required supervisory engagement in the event of unforeseen developments. In practice, the de facto supervisory engagement may differ from the ex-ante required supervisory engagement in the event of unforeseen developments. In such cases, ad-hoc tasks to address the most urgent issues should be prioritized when necessary, overruling the initial plan. Adjustments to the adopted program of onsite inspections and internal model examinations for reasons of optimization of resources and adaption to new priorities are approved by the Supervisory board and approved by the Governing Council under nonobjection procedures. The Supervisory Board also receives periodic status reports on the SEP for SIs. The same approach is used for each RAS risk category, in order to fine-tune the level of engagement to be applied on a risk-by-risk basis. In this way, each institution will have an overall supervisory engagement level, according to which overall supervisory expectations and resource allocation are to be made, as well as a supervisory engagement level per risk category, according to which the minimum intensity and frequency of supervisory work and types of supervisory actions are defined per risk category. For significant subsidiaries two engagement levels have been defined according to the SREP approach.
EC2	The supervisor has a coherent process for planning and executing onsite and offsite activities. There are policies and processes to ensure that such activities are conducted on a thorough and consistent basis with clear responsibilities, objectives, and outputs, and that there is effective coordination and information sharing between the onsite and offsite functions.
Description and findings re EC2	The process for planning and executing onsite and offsite activities is defined in the confidential SSM Supervisory Manual. The JST sets up an individual SEP for the SI it supervises. The SEP defines the supervisory activities for offsite on-going supervision, onsite inspections, and internal model investigations to be carried at the SI over a predetermined time horizon (typically one year for offsite on-going activities and for the onsite inspections and internal model investigations). The SEPs must be aligned with the determined Supervisory Priorities and follow the principles of a risk-based approach and proportionality. This is accomplished through the establishment of MELs (see EC 1) by the Planning and Coordination of SEP Division in close cooperation with other Divisions in DGMS IV and DGMS I and II. For on-going SEP activities, Planning and Coordination of SEP Division formulates a first draft proposal of on-going SEPs activities that includes the minimum engagement level activities (MEL activities) for each SI. Then JSTs assess this proposal on a comply or explain basis and include in the draft SEPs on-going “additional SEP” activities to address the needs and specificities of the institution. For onsite SEP activities (onsite inspections and internal model investigations), the JSTs formulate a first draft proposal, taking into account the available resources. Following unforeseen developments, amendments to the individual SEP throughout the year are possible. The SEP may be subject to ex post reviews by the DG MS IV SQA Division, although primarily it is the responsibility of management and staff of operating units to ensure permanent compliance with the SSM Manual. Based on the available input and macro evidence, draft SEPs are formulated in detail by the JSTs for each SI. In practice, the macro-calendar of supervisory activities regarding on-going supervision, onsite inspections, and internal model investigations is defined in a horizontal way. The JST also considers information provided by non-SSM competent authorities for other entities within the group, in cases where the consolidated supervision of the group in question is the responsibility of an EEA home supervisor. All these activities, except in exceptional cases, are undertaken to comply with the minimum engagement level defined in the strategic planning process by the Planning and Coordination Division. The activities must be prioritized to allow for a replacement buffer for possible ad hoc needs. The SEP is discussed in the core JST. The individual SEP proposal should be associated with a first evaluation of the allocation of tasks and needed resources, including an estimation of the number of resources to be requested for onsite inspection teams and the specialized expertise functions (e.g., specialists on risk analysis or internal models). These additional resources may be supplied by the ECB or from the NCAs’ horizontal functions. In its 2016 review of the SSM, the ECA noted indications that staffing levels in ECB banking supervision at that time were insufficient and recommended that the ECB substantially increase the presence of its own staff in onsite inspections. The ECB accepted this recommendation (See CP 2). JSTs need to clear their draft SEPs with their ECB intermediate structures and senior management (i.e., Heads of Division and Directors General) before submitting them to the Planning and Coordination of SEP Division. This process step may include feedback on and revision of individual SEPs. In addition, there is a dialogue between the ECB and NCA senior management that provides input to the establishment of the SEP, especially regarding diverging views not yet resolved by the core JST. The individual SEPs are submitted to the Planning and Coordination of SEP Division, which will perform a final check for compliance with the MELs and consistency across similar SIs. This may result in some adjustments to the original individual SEPs to be discussed and agreed with the respective JSTs. The Planning and Coordination of SEP Division will then translate the proposals of the individual SEPs into a single consolidated SEP. At this point, the Centralized Onsite Inspections (COI) and Internal Models Divisions will also perform content quality checks on the requests for onsite inspections and internal model investigations. This may result in some adjustments to the individual SEPs to be discussed and agreed with the respective JSTs. The draft consolidated SEP will be consolidated accordingly. The ECB horizontal divisions liaise with their counterparties in the NCAs to plan the onsite inspections and internal model investigations to be performed, taking into account the “prioritized demand” for missions required by the JSTs and the availability of resources to carry them out in the ECB, NCAs, and if necessary, by external providers. One should note that in principle, onsite inspections are planned with a time-horizon of one year. However, specific inspections may be requested by the JST on an ad hoc basis. The onsite inspection (OSI) planning strategy is designed around the Targeted Engagement Level (TEL) for onsite inspections. The TEL is a flexible framework tool taking into account both Supervisory Priorities, SREP reviews (RAS scoring and cluster of the individual SI) and the historical perspective; the TEL provides indicative expectations about the number of OSIs and their related risk focus and as such serves as a base-line tool for JSTs when requesting OSIs; it is also used as an indicative benchmark for prioritizing requests from DG-MS I and DG-MS II Senior Management. This process may require some amendments to the individual SEPs to be discussed and agreed with the respective JSTs. The draft consolidated SEP will be consolidated accordingly. The onsite inspections and internal model investigations resulting from this step (selected missions to be approved by the Supervisory Board and carried out during the next year) must be confirmed by the Heads of Division, Senior Management of DG MSF I, DG MS II, and DG MS IV and the NCAs. The planning process is concluded with a meeting (or alternative form of contact) of the Head of the Planning and Coordination Division, other HDs/Senior Management involved, and the ECB intermediate structures in charge of DGs MS I, II, and IV. The purpose of this meeting (or alternative form of contact) is to settle any remaining issues relating to conflicting plans or resource constraints regarding the draft integrated SEP. This may be achieved by reprioritizing, rescheduling, or cancelling certain activities or by requesting the allocation of additional resources from NCAs. The Planning and Coordination of SEP Division will finalize the consolidated SEP with the support of the COI and Internal Model Divisions. The consolidated SEP, with separate details for each SI, is submitted for information to the Supervisory Board. The list of onsite inspections and internal model investigations included in the consolidated SEP, with separate details for each SI, is submitted for approval to the Supervisory Board and the Governing Council will be invited to adopt it under the non-objection procedure. Its approval (including potential changes) is notified to the JST coordinators and NCAs. In order to ensure a pragmatic implementation of the onsite program, the optimal use of available resources and a fast adaptation to new priorities, proposals for adjustments of the approved list may be submitted on a monthly basis to the Supervisory Board. Such adjustments may include changes to previously approved missions as well as new missions to be carried out. The SEPs are implemented by the JSTs, the onsite inspections and the internal model investigation teams, with the support of the Planning and Coordination of SEP Division and other horizontal divisions involved, according to the defined schedules. A monitoring process is established, encompassing checks on the SEPs’ adoption and implementation. The Planning and Coordination of SEP Division, in close cooperation with the COI and Internal Models Divisions, monitors the execution of the program semi-annually. On this basis, the JST coordinators, the COI and Internal Models Divisions cooperate with the Planning and Coordination of SEP Division also on the implementation of the SEPs, providing information on any possible issues that could prevent the fulfillment of the planned tasks (e.g., limited capacity, a change in priorities, sudden events to be taken into account, etc.), so that back-up measures can be devised. The Planning and Coordination of SEP Division may act to ensure that SEPs are implemented, coordinating with the JSTs, the COI and Internal Models Divisions and the NCAs any necessary adjustments to the SEPs.
EC3	The supervisor uses a variety of information to regularly review and assess the safety and soundness of banks, the evaluation of material risks, and the identification of necessary corrective actions and supervisory actions. This includes information, such as prudential reports, statistical returns, information on a bank’s related entities, and publicly available information. The supervisor determines that information provided by banks is reliable60 and obtains, as necessary, additional information on the banks and their related entities.
Description and findings re EC3	In accordance with Article 10 of the SSMR, the ECB has the power to require institutions and parent undertakings to provide all information that is necessary to carry out its supervisory tasks. Additional legal support is found in Articles in 73, 97, 98, and 99 of CRD IV. The supervisory assessments are performed based on a wide range of information sources, from a quantitative and qualitative nature. Quantitative data are of particular importance to foster consistency and comparability. Key sources of quantitative information include: (i)risk indicators based on FINREP and COREP data (available on a consolidated level since mid-2014); (ii)risk indicators from sources other than FINREP/COREP (e.g., from the ECB’s STE data collection); (iii)indicators on economic and market conditions (GDP, sector NPL, market volatility etc.); (iv)other regulatory data, not harmonized (central credit register, etc.); (v)a bank’s internal estimates (ICAAP, ILAAP, stress tests, internal reports); (vi)financial statements, Pillar 3 disclosures; (vii)peer group indicators; (viii)supervisory stress test results; and (ix)market views (external ratings, investors’ quantitative analyses, etc.) Quantitative reporting to ECB banking supervision management and senior management is managed in cooperation with ECB’s DG-Statistics, which is responsible for performing data consistency and quality checks. Qualitative information is also necessary for identifying weaknesses and includes: (i)supervisory findings (onsite inspection reports, meeting reports, etc.) (ii)institutions’ internal documents (ICAAPs/ILAAPs, financial statements, board memos, organizational charts, internal audit reports, whistle-blower reports, etc.) (iii)business and risk management reports (dashboards, limit reports, etc.) (iv)reports on the environment in which they operate (risk trends, new areas of focus, analysts’ reports, rating agencies’ reports, equity analyst recommendations, news, etc.). Please refer to CP 10 for a discussion of the ECB’s Supervisory Reporting Manual and possible data gaps.
EC4	The supervisor uses a variety of tools to regularly review and assess the safety and soundness of banks and the banking system, such as: (a)analysis of financial statements and accounts; (b)business model analysis; (c)horizontal peer reviews; (d)review of the outcome of stress tests undertaken by the bank; and (e)analysis of corporate governance, including risk management and internal control systems. The supervisor communicates its findings to the bank as appropriate and requires the bank to take action to mitigate any particular vulnerabilities that have the potential to affect its safety and soundness. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC4	Under CRD IV, the ECB as the competent authority is required to carry out a SREP and to take decisions for SIs (See CP 8 for a complete discussion). Within a group, this applies at the consolidated, sub-consolidated and single-entity levels unless an entity has been waived from supervision on an individual basis in accordance with Articles 7, 8, 10 of the CRR. In a case of a financial conglomerate, the SREP decisions also need to take into account the outcome of the supplementary supervision as required by FICOD. The SREP is the main tool to regularly review and assess the safety and soundness of banks and the banking system. It is a harmonized methodology developed on the basis of the EBA guidelines on SREP. It is applied in a proportionate manner to institutions depending on the nature, scale, and complexity of their activities, and, when relevant, on their situation within a group. The SREP methodology relies extensively on quantitative and qualitative analysis. It combines data and expert judgment following a principle of “constrained judgment,” with a view to ensuring that the SREP decision fits best with an institution’s risk profile (and is not a “mechanical” process) while also ensuring consistency and accountability across the SSM. Please refer to CP 8 for a full description of the SREP methodology. The assessments performed for the four elements result in an overall SREP assessment, which underpins a wide range of possible supervisory actions, including the decisions on the institution’s capital or liquidity adequacy or other qualitative or quantitative measures. There is a direct link between the supervisory assessment, the necessary supervisory measures, and the SEP. This overall architecture facilitates comparisons across banks. For each element, the assessment can also be tailored to the specific situation of each institution. The various assessments are performed at different frequencies, defined as a result of the SREP in the SEP’s “MELs,” which can be fine-tuned by the SEP for each individual institution. The JST is expected to update its assessments and remediation actions whenever it is warranted by new information: The analysis of financial statements and accounts, apart from their use to perform the SREP, is carried out by JSTs on an on-going basis. The annual financial statements are certified by external auditors. Annual accounts are complemented by interim financial information on a risk-oriented basis. With FINREP, a harmonized financial reporting exists on a quarterly basis. In addition, for those banks or groups using nGAAP instead of IFRS, a reporting framework has been introduced on a solo basis since March 2014 and on consolidated basis since September 2014. For more detailed information see CP 27. The assessment of an institution’s business model is split into three parts: (i) its business model viability (or the institution’s ability to generate an acceptable return over the next 12 months); (ii) its business model sustainability (i.e., its ability to generate an acceptable return over the next three years); and (iii) its business model sustainability over a full business/economic cycle (i.e., its ability to generate an acceptable return over periods longer than three years). Business model analysis may also give rise to targeted horizontal analysis on an ad hoc basis. A horizontal peer review is an essential part of ECB banking supervision’s supervisory approach and is an integral part of the SREP. The overall SREP score is based on the integration of the four SREP elements following a common approach for all banks with the need for JSTs—where appropriate—to adjust the overall score based on: (i) their knowledge of the bank; (ii) peer comparisons; (iii) the macro environment under which the institution operates; (iv) its capital/liquidity planning to ensure a sound trajectory towards the full implementation of CRD IV/CRR; and (v) the SSM risk tolerance. Peer comparison is also part of the assessment of business model viability indicators. The objective is to assess the viability of the current business model by means of a quantitative analysis of several risk indicators at the consolidated level and the comparison to peers. These aspects taken together should give the analyst a full picture of the real and concrete strategy pursued from the bank and the key metrics regarding profitability at the consolidated level. The assessors note that the ECB has successfully benchmarked in a number of areas. A pan European view was unavailable prior to the creation of the SSM. The consolidated annual accounts of at least the past three years, and the most recent monthly/quarterly management reports for the current year budget (including year-to-date realization) should be used. All available information from FINREP and COREP, data and indicators available in IMAS, as well as data from SNL Financial, an external data provider, forms the starting point of the analysis. These data should be used to understand how the main risk indicators have developed over time and how their current levels and volatility compare to the peer group. When assessing peer comparisons, the JSTs should understand the reasons behind the level of difference from peers bearing in mind that the differences may be reasonable and acceptable when fully understood but also surprising and unacceptable depending on the context. When assessing business model sustainability, peer review plays a role in the forward-looking business environment. The business environment is the context in which an institution operates and seeks to generate profits and influences both the bank and its peers. The scope of the business environment analysis is determined by the hypotheses and should include a number of key areas. One is the macroeconomic environment, as measured by key macroeconomic variables that may have an impact on the area of the bank under assessment. Another is the competitive landscape—consider the activities of the main players and competitors of the institution or business area being analyzed (the peer group), and assess how the competitive landscape is likely to evolve. ECB banking supervision also relies on peer review in the context of thematic reviews. Dedicated horizontal analysis may be launched on specific topics—e.g., governance. JSTs analyze on the basis of a common methodology common issues for all—or a subset of— SSM SIs. The outcome of these thematic reviews may give rise to specific recommendations or measures addressed to institutions either through dedicated decisions or in the context of the annual SREP decision. The stress tests undertaken by banks are used by the JSTs to assess the institution’s capacity to cover its capital needs from a forward-looking perspective, assuming stressed economic and financial developments. This is done using a wide range of information sources, including the institution’s internal stressed projections, the SSM’s stressed supervisory proxies, and the outcome of supervisory (bottom-up and/or top-down) stress tests when available. To provide a forward-looking assessment of an institution’s capital positions, the supervisor relies on an institution’s internal stress test, on the supervisor’s micro stress and sensitivity analysis, and on system-wide supervisory stress tests when available. To review these stress tests, ECB banking supervision follows the principles and recommendations established by international supervisory bodies. Supervisors should expect institutions to analyze at least a baseline scenario and a stressed scenario, and make projections of its main balance sheet, profit and loss, and off-balance sheet items in view of the institution’s strategic plan, including the capitalized profit, dividends, share issues, subordinated capital issues, and capital charges in line with the expected business growth, changes in the Pillar 1 risk profile, other risks assessed in the ICAAP, regulatory changes, one-off transactions, etc. Stress tests should be conducted as part of the ICAAP to identify those events or changes in the market conditions in which institutions operate that may adversely affect their future solvency. At least one comprehensive adverse scenario, reflecting severe but plausible adverse developments of the institution’s operating conditions, should be used for capital planning. JSTs should assess in this regard the underlying assumptions (Sufficiently severe? Plausible?) and the adequacy of the translation of these assumptions into stressed capital and risk projections over at least the upcoming three years. Furthermore, any embedded management actions should be scrutinized. Discussions of corporate governance, risk management, and internal control requirements are found in CP 14, 15, and 26. The analyses and assessments by JSTs are performed and documented in IMAS on an ongoing basis. At least once a year, a SREP decision including appropriate supervisory measures is taken and communicated to the bank. JSTs may also communicate findings, decisions or recommendations to the institutions under their responsibility whenever necessary after having complied with the SSM’s decision-making procedures. Onsite supervision is conducted through inspections, which are in-depth investigations of risks, risk controls, and governance that follow specific procedures described within the SSM Supervisory Manual. The scope and frequency of onsite inspections takes into account the supervisory strategy, the characteristics of the credit institution (size, nature of activities, and risk culture) and the specific areas of the credit institution perceived as more vulnerable. Onsite inspections are conducted in an independent manner, in close liaison with the JSTs, based on a coordinated approach steered by ECB banking supervision. Both on-going supervision and onsite inspections are essential for effective supervision. They are complementary and cannot substitute for the other. Supervisors must have a permanent in-depth knowledge of the institution. This knowledge is obtained through on-going supervision, which mainly relies on the information reported by the institution (regulatory, external, and internal reporting), complemented by onsite inspections to check inter alia the accurateness of the information used by on-going supervision. Accordingly, in the SSM organizational model, the onsite inspections function is embedded and anchored in the overall SSM framework without jeopardizing its independence or allowing that independence to imply isolation. This principle of independent inspections is made operational through a separation in the performance of the two types of supervision: (i) the JST performs on-going supervision; and (ii) independent inspection teams conduct the onsite inspections. The close liaison between the JSTs and the onsite inspections is achieved by permitting JST members to participate in inspections. However, JSTs are not allowed to act as head of onsite inspection teams. Onsite inspections can be conducted on a number of different levels. An inspection can be done at a group level, in which case the scope includes the parent entity as well as some or all of the subsidiaries and branches of that group or; it can be conducted at an individual level of the group member in which case the inspection is of a subsidiary of a group. An individual subsidiary inspected may be located within the SSM, or in an EU non-SSM Member State, or in a third-party country. The rationale for performing onsite inspections is to gain a more in-depth knowledge of the respective institution by interacting with the key individuals responsible for the management of business or risk areas subject to inspection and having access to and the ability to test the underlying documentation found in regulatory reports and the institution’s information management and reporting systems. By doing so, the inspection team is given the opportunity to assess, inter alia, processes, systems and quality of management across the institution, enabling the team to challenge the senior management and management body in an informed way, based on this more in-depth assessment of the institution, gained by verification in situ. Onsite inspections are carried out based on a predefined scope, timeline and resources, and use investigating and inspecting techniques to test controls and substantive procedures, following certain standards. The outcome of onsite inspections is a report that includes an executive summary, the list of facts and findings, and the body of the report. Appendices should be added. In particular, onsite inspections aim at: examining and assessing the level, nature and features of the inherent risks, also taking into account the risk culture; examining and assessing the appropriateness and quality of the institution’s corporate governance and internal control framework in view of the nature of its business and risks; assessing the control systems and risk management processes, focusing, in particular, on detecting weaknesses or vulnerabilities that can have an impact on the own funds of the institution; examining the quality of balance sheet items and the financial situation of the institution; and assessing compliance with banking regulation. In line with the supervisory principles for the functioning of the SSM, inspections are risk-based, proportional, intrusive, and forward-looking. Onsite inspections are limited in time and performed to reach a pre-defined objective following a focused, comprehensive and coordinated approach. They can be classified in several ways, depending on the aspects taken into account. More than one type of inspection may apply: full scope vs. targeted inspection; thematic inspections; program versus ad hoc inspections; follow-up inspections. Onsite inspections are an important part of the ECB’s integrated supervisory approach. They also keep the JST informed on the key dimensions of the institution. Hence, the scope of the inspections must be aligned as much as possible with the methodology used by the ongoing supervision (RAS and SREP concepts) and with the assessment and division of work decided by the respective JST. This alignment is ensured by the respective Directorates General of the ECB. Following the list of issues mentioned in the RAS, the main topics inspections can cover are: business model and profitability; internal governance and risk management; credit risk and counterparty credit risk; market risk; operational risk; IRRBB; capital adequacy; liquidity and funding risk. These aspects are not mutually exclusive; on the contrary, an inspection may explicitly cover several of them and good onsite work is characterized by being attentive to all of them, particularly to how the transactions or areas under review affect the overall situation of the inspected legal entity regarding liquidity, capital or profit, and compliance with regulations. The overall inspection life cycle involves the following phases: planning, pre-inspection, investigation, reporting, consistency review, follow-up. The onsite inspection teams are, in principle, led by NCA staff. These staff members can either be staff members from the NCA of the country in which the inspection takes place or staff members from any other NCA within the SSM. This does not preclude the possibility of the ECB taking the lead of any inspection. In order to ensure that onsite inspections are conducted in an independent manner, the Head of Mission (HoM) cannot be held by a JST member or by an external expert. The choice of a HoM is based on a combination of technical and non-technical competences, including: the type of expertise needed for a specific mission, managerial capabilities (especially for international teams), soft skills necessary to constructively interact with a large number of stakeholders (e.g., the institution, JST Coordinators, ECB COI Division team responsible for on-going monitoring, teams performing the consistency reviews of reports, etc.). Due attention must be paid to the general principle of rotation of the HoMs. The composition of the team, in terms of size, skills, expertise, and seniority, is commensurate with the inspection entrusted to it. The inspection team is composed by at least two persons, including the HoM. The ECB’s IPCS Division appoints the team members after consultation with all the concerned parties. To this aim the ECB’s IPCS Division is informed of the resources available for inspections. The composition of the team must be in line with the SEP, while taking into account the evolution of the portfolio or area to inspect since the SEP was adopted. In addition, COI Division may appoint its own staff as members to join the onsite inspection team. Upon request of the JST Coordinator, JST members may join an inspection team. To safeguard the efficiency and the independence of judgment of the onsite inspection, the JST members assigned to the team should be placed under the functional authority of the HoM for the duration of their involvement in the mission. The onsite inspection teams may be composed of professionals coming from NCAs, ECB staff members, as well as external experts.
EC5	The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and mitigate any emerging risks across banks and to the banking system as a whole, potentially including conducting supervisory stress tests (on individual banks or system-wide). The supervisor communicates its findings as appropriate to either banks or the industry and requires banks to take action to mitigate any particular vulnerabilities that have the potential to affect the stability of the banking system, where appropriate. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC5	The SREP framework sets out the risk factors to be assessed as part of the supervisory review, the topics to be included, and the supervisory measures to be implemented based on the identification of risk. The framework includes risks to the bank as well as risks to the system as required for in Article 97 (see paragraph 1(b) and Article 99 paragraph 2(b)) of CRD IV. In terms of the identification and assessment of emerging risks throughout the EU area, one of the responsibilities of the EBA is to ensure the orderly functioning and integrity of financial markets and the stability of the financial system in the EU. To this end, the EBA is mandated to monitor and assess market developments as well as to identify trends, potential risks and vulnerabilities stemming from the microprudential level. One of the primary supervisory tools to conduct such an analysis is the EU-wide stress test exercise. The EBA Regulation gives the Authority powers to initiate and coordinate the EU-wide stress tests, in cooperation with the ESRB. The aim of such tests is to assess the resilience of financial institutions to adverse market developments, as well as to contribute to the overall assessment of systemic risk in the EU financial system. Building upon this work, the ECB’s specific horizontal risk analysis function is in charge of supporting other ECB banking supervision operating units (such as other DGs, horizontal divisions, and JSTs) by providing up-to-date information on current risks and vulnerabilities affecting the SSM; conducting regular in-depth risk analysis and broader microprudential analysis and research on the banking sector; and identifying on a timely basis trends, developments and emerging risks affecting multiple banks for further supervisory review and action. Furthermore, the SSM methodologies for SREP contain specifics for the use of stress testing as an input into the supervisory assessment process for individual credit institutions. In particular, in Element 3—Assessment of risks to capital—the JST assesses, among other things, the institution’s capacity to cover its capital needs from a forward-looking perspective, assuming stressed economic and financial developments. This is done using a wide range of information sources, including the institution’s internal stressed projections, ECB stressed supervisory proxies, and the outcome of supervisory (bottom-up and/or top-down) stress tests when available. In Element 4—Assessment of risks to liquidity and funding—the JST assesses, among other things, the institution’s capacity to cover its liquidity needs from a forward-looking perspective, assuming stressed economic and financial developments (See CP 24). This is done using a wide range of information sources, including the institution’s internal stressed projections, ECB stressed supervisory proxies, and the outcome of supervisory (bottom-up and/or top-down) stress tests when available—e.g., a stress scenario based on a deposit run and no access to wholesale markets for a prolonged period. The assessments of these features contribute to the overall SREP assessment, which underpins a wide range of possible supervisory actions, including decisions on the institution’s capital or liquidity adequacy or other qualitative or quantitative measures. Since 2016, following the EBA clarification on the use of the 2016 EU-wide stress test results in the SREP process (link), the ECB has introduced a pillar 2 capital guidance that is used to take account the outcome of system-wide supervisory stress tests in the SREP. There is a direct link between the supervisory assessment, the necessary supervisory measures, and the SEP. ECB banking supervision communicates the outcome of the risk assessment via informal supervisory dialogue with the institutions, using a comprehensive set of information. ECB banking supervision also organizes horizontal communications and workshops held every year with CEOs. In addition, the key aspects of the SSM SREP methodology and the outcomes of each SREP cycle are published on the ECB website. Moreover, comprehensive assessments—including assets quality review and stress tests— are performed on new SIs or periodically if deemed appropriate.
EC6	The supervisor evaluates the work of the bank’s internal audit function, and determines whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk.
Description and findings re EC6	Articles 97 and 98 of CRD IV provide the legal basis for supervisors to evaluate the work of the independent audit function within the supervisory assessment. The work of the internal audit function is evaluated within Element 2—Internal governance and risk management—of the SREP (see CP 26). Internal audit reports are key sources of qualitative information to perform SREP assessments. In addition, the internal audit function may be subject to onsite inspection to obtain assurance that the function meets generally accepted principles on internal audit with respect to governance, status and organization, scope of activity, and internal audit life cycle. Based on the assessment of the internal audit function carried out during the SREP and onsite inspection, JSTs determine whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk (See CP 26).
EC7	The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s Board, non-executive Board members and senior and middle management (including heads of individual business units and control functions) to develop an understanding of and assess matters such as strategy, group structure, corporate governance, performance, capital adequacy, liquidity, asset quality, risk management systems, and internal controls. Where necessary, the supervisor challenges the bank’s Board and senior management on the assumptions made in setting strategies and business models.
Description and findings re EC7	Article 98 of CRD IV establishes the legal underpinnings for supervisors to review and evaluate governance arrangements of institutions, their corporate culture and values, and the ability of members of the management body to perform their duties (see paragraph 7). In conducting that review, the supervisor examines at a minimum agenda, supporting documentation for meetings of the management body and its committees, and the results of internal and external performance evaluations. The assessors were provided samples of such internal governance reviews presentation, agendas, and other materials. The ECB maintains ongoing and effective communication and engagement with SI’s Board, non-executive Board members and senior and middle management. JSTs oversee all external written and oral communication with the SI. Usually, JSTs interact extensively with the banks through requests for information or meetings with bank representatives. Meetings are used to get to know the management and gather information on the bank’s strategies and activities, as well as to complement and crosscheck the data used in the supervisory process. Meeting with the bank to discuss strategic planning is a critical component of the offsite process. A top-level meeting is held with heads of the supervisory board and/or management board and/or risk managers to discuss the bank’s condition, its strategic and operational perspectives, governance issues, and the business policies (also with reference to specific sectors), with particular regard to risk management, capital and organizational safeguards related to risks, and internal controls. JSTs may challenge the adequacy of the bank’s strategies and business model and request further information from the board and senior management. Where appropriate, JSTs may also participate in board meetings. The ECB expects independent supervisory board members to be active and informed so as to provide a credible challenge to management (See CP 14). Governance and Risk Management is one of the four pillars of the SREP assessment process. The SREP along with the recommendations of the ECB’s thematic review on governance and risk appetite has made supervisory board involvement more robust (See CP 8 and CP 14). Meetings also are held with mid-level management and are technical and operational in nature focusing on areas such as risk management methodologies, self-assessment of capital adequacy, and control systems.
EC8	The supervisor communicates to the bank the findings of its on- and offsite supervisory analyses in a timely manner by means of written reports or through discussions or meetings with the bank’s management. The supervisor meets with the bank’s senior management and the Board to discuss the results of supervisory examinations and the external audits, as appropriate. The supervisor also meets separately with the bank’s independent Board members, as necessary.
Description and findings re EC8	Onsite: The reporting phase commences when the HoM is of the view that the conclusions of the onsite inspection are firm and can be presented to the JST and to any other level of the SSM framework. Based on individual notes, the inspection team prepares a draft report containing facts and findings. The HoM leads the preparation of the draft report and gives guidance with the aim of ensuring that the findings are clear, concise, and to the point. At any time, the inspection team may consult the JST to clarify issues, as well as to keep the team informally informed on the findings of the inspection. Based on the draft report of the inspection, the HoM calls an exit meeting with the institution. This meeting is the last meeting of the onsite inspection where the facts and the findings described in the draft report are presented. The objective of this meeting is to gain assurance on the accuracy of the facts and findings and to check the degree of awareness of the institution. To allow the inspected legal entity to prepare for the meeting the draft report is sent 3-5 days in advance. If the inspected legal entity is the subsidiary of a parent located in the SSM, the draft report may be sent to the parent as well as the subsidiary. The draft report is discussed at the exit meeting and the inspected legal entity is granted a 2-week period to submit written comments on a standardized template (3-column-table) which are then assessed by the HoM. If necessary, the HoM will revise the report. The feedback template including the HoM’s answers to the inspected bank’s feedback are then attached to the final report as annex. The inspected entities comments should focus on the executive summary, the findings and on possible factual errors. The report must be clear, concise, and to the point and contain an executive summary, findings and an overall assessment of the topics covered by the mission. The length of the document should be commensurate with the scope and magnitude of the inspection. The reports are produced in English, whereby the annexes can be kept in the original languages, unless produced by the inspection team (i.e., if the annexes include documents produced by the bank, they can be kept in the original language), in accordance with the SSM provisions for language-related issues. A finding contains the following elements: Criteria (What should be); Condition (What is); Root Cause(s) (Why did it happen); and Effect (What are the consequences and the potential risks). As an onsite inspection is a point in time exercise, findings are based on the actual situation at a given time. As a result, deficiencies for which the institution has taken corrective measures during the inspection must be documented accordingly in the report but flagged as a finding. By contrast, no findings should be reported in respect of deficiencies that had already been corrected before the inspection began. Where appropriate, this could be mentioned in the report. Prior to the exit meeting, the HoM sends the draft report for a consistency review to the ECB’s COI Division. The consistency review process focuses on the internal consistency of the report; its consistency with other reports with comparable scope, throughout the SSM; and its consistency with the SSM Supervisory Manual, in particular the methodology for onsite inspections, and with relevant European legislation and standards. The aim of this review is not to replicate onsite activities. Although COI Division is ultimately responsible for all consistency reviews of SSM onsite draft reports, the ECB recently instituted a joint consistency review process that also consists of NCA personnel. Only staff members that have not been members of the respective inspection team will be entrusted with consistency reviews, otherwise they will not be regarded as independent. The joint consistency review teams improve efficiency and foster mutual understanding among NCA and ECB staff. If the HoM decides not to accept the COI Division’s recommendations, he/she must provide a reasoned rationale. All consistency review workflows are archived. The HoM is expected to support the COI Division’s consistency efforts to ensure homogeneity and the implementation of common standards. The HoM signs the report and sends it to the JST Coordinator, COI Division, and the NCAs concerned. This signed version of the report contains the final version of the findings. Based on the report, the JST is responsible for drafting a follow-up letter including recommendations and an action plan, comprising deadlines or supervisory measures as the results of the onsite inspection. The signed final report, together with the draft follow-up letter, is then sent by the ECB COI Division to the institution and a closing meeting with the institution’s senior management takes place. This meeting is held by the JST Coordinator (the HoM might participate, as an observer). After the closing meeting, the JST conveys the final recommendations to the institution and to the respective NCA(s). After receiving the follow-up letter, the institution is requested to send an official response with its proposed action plan explaining how it intends to address the recommendations within specific timeframes. A follow-up procedure is needed to guarantee that the institution’s action plan is appropriate. The JST is responsible for assessing this official response, if needed in consultation with the HoM. During this phase, several follow-up steps may occur: a request for additional information, the implementation of additional corrective measures, a request for a readjustment of the institution’s plan, or the preparation of a complete draft decision for consideration by the Supervisory Board and the Governing Council. When the JST has verified and concludes that the mitigation measures recommended to the institution have been implemented, the follow-up process is closed. The assessors were provided with anonymized onsite inspection reports, Supervisory Board decisions and follow-up materials from a random sampling of SIs. Offsite: The decision on adequate levels of capital and liquidity as well as any additional supervisory measures, as set out in Article 104 of CRD IV and Article 16 of the SSMR, is communicated to the institution (both the parent company of the group and the single entities concerned) following the formal decision-making process of the ECB. The draft decision is sent to the institution, which has the right to be heard in accordance with Article 31 of the SSMFR. However, before starting the formal decision-making process, the JST coordinator organizes a dialogue on decisions with the management body of the SSM area parent institution and the relevant subsidiaries. The level of hierarchy for the participation of ECB and NCA management is discussed and decided in the core JST. JSTs may organize meetings with the independent members of the Board as deemed necessary.
EC9	The supervisor undertakes appropriate and timely follow-up to check that banks have addressed supervisory concerns or implemented requirements communicated to them. This includes early escalation to the appropriate level of the supervisory authority and to the bank’s Board if action points are not addressed in an adequate or timely manner.
Description and findings re EC9	Supervisory measures (e.g., recommendations, requirements, or other decisions) are monitored though a dedicated IT tool. It is the responsibility of the JSTs to decide on how to monitor (including reporting) implementation of remedial measures by the relevant parties. Moreover, JSTs must include the follow-up of supervisory measures in the supervisory calendar for the relevant institution. The length of time an SI has for taking corrective measures is dependent upon the nature and complexity of the matter. If an institution does not comply with a supervisory measure within the specified timeframe, the JST must consider taking additional action against the institution. JSTs have a wide range of possible responses that can be initiated. They range from informal notifications to the institution concerned, or the use of additional supervisory powers, to enforcement measures or even sanctions, depending on the nature of the original supervisory measure and the extent of the non-compliance. Every monitoring task is performed by the JSTs. The follow-up of decisions may be based on periodical or ad hoc reports only or may take place through a closer interaction with the institution. The closer interaction procedure may involve specific meetings with the institution’s management, or follow-up inspections to monitor the implementation activities of the institution. Based on the information provided, the JST assesses whether progress on implementation of the supervisory measure(s) is adequate. In this regard, the JST produces regular follow-up notes describing the progress in implementing the supervisory recommendations, requirements or decisions and forwards the information to the ECB’s horizontal divisions, and to the Supervisory Board and/or the Governing Council, if deemed relevant. The NCA is kept informed too. Based on these follow-up notes provided by the JST, the Supervisory Board and the Governing Council, as well as the relevant ECB functions and the NCAs, may wish to issue recommendations to the respective JST. If the institution does not start implementing remedial measures, the JST refers the case to the Enforcement and Sanctions Division if it considers that an enforcement measure is needed or that there is reason to suspect that a breach has been committed. If the JST considers that additional supervisory action—other than enforcement measures or sanctions—is needed, it prepares a note to the Supervisory Board and the Governing Council detailing which supervisory action should be taken against the institution. Any non-material adjustment to the supervisory measures to be implemented by the institution can be directly endorsed by the JST. A discussion of the ECB’s supervisory remediation powers and its formal enforcement and sanctioning authorities against institutions is found in CP 11.
EC10	The supervisor requires banks to notify it in advance of any substantive changes in their activities, structure and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements.
Description and findings re EC10	The ECB expects but does not require banks to notify it in advance of all substantive changes in their activities, structure, and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements. This topic is described in greater detail in CP 4 to CP 7. Breaches of any legally required notifications are subject to mandatory referral to the ECB’s independent enforcement and sanctions unit for review and potential action if it is institution related (see Article 18 of the SSMR). Breaches regarding individuals or violations of Directives transposed into national laws are referred to the appropriate NCA for further action (see CP 11). The assessors recommend that the ECB seek a mandatory notification requirement for all substantive changes in an institution’s activities, structure, and overall condition, or as soon as they become aware of any material adverse developments.
EC11	The supervisor may make use of independent third parties, such as auditors, provided there is a clear and detailed mandate for the work. However, the supervisor cannot outsource its prudential responsibilities to third parties. When using third parties, the supervisor assesses whether the output can be relied upon to the degree intended and takes into consideration the biases that may influence third parties.
Description and findings re EC11	The ECB onsite function operates under a joint ECB and NCA staffing model. Onsite inspections are ordinarily performed by staff from the NCAs and/or the ECB. Nevertheless, the ECB can use external experts when it is deemed advisable or appropriate. External experts are appointed as ECB team members and carry out the tasks assigned under the lead of a HoM supplied by the NCAs or from COI Division. The ECB has used consultancy firms and auditors as members of internal model investigations missions under the TRIM initiative. The use of external experts is permitted under Article 12 (2) of the SSMR. External consultants may participate in onsite inspection and internal model investigation missions in case there is a lack of appropriate resources within the inspection team, following the COI Division guidelines. To ensure that the responsibility is not outsourced, external consultants can only participate as team members and cannot act as a HoM. Prior to the appointment of external consultants, the HoM provides a sound rationale, which must be appropriately approved, for the need for external consultants and a description of the expected tasks and outputs to be produced. To ensure the independence of the external provider, the audit firm must provide the ECB with some background information about its relationship with the inspected entity as well as its self-assessment about the potential existence of a conflict of interest. Based on this information, COI Division will review the self-assessment and officially clear the firm prior to accepting any offer and submitting the legally binding order. Depending of the fees, the contract is then signed at different management levels according to the generic provision of delegation of power. During the onsite inspection, external consultants perform the same tasks as ECB banking supervision staff and apply the SSM methodology under the supervision and direction of the HoM. Their presence is transparently communicated to the institution. The ECB’s quality assurance program and the HoM’s direct oversight of all team members, including any external consultants, permits the use and reliance on such consultants’ work product.
EC12	The supervisor has an adequate information system which facilitates the processing, monitoring and analysis of prudential information. The system aids the identification of areas requiring follow-up action.
Description and findings re EC12	Directorate General Information Systems provides, maintains, and develops the information and communications systems necessary for ECB banking supervision to carry out its tasks. This includes the provision of information governance and security. The unit is also responsible for providing support services for end-users as well as quality, supplier, and license management. DG Statistics ensures the availability of reliable and accurate supervisory data across the SSM for supervision and statistics purposes. The data is made available to end-users according to the SSM Information Security Policies and IT system entitlements. DG Statistics checks the completeness and data accuracy of each report received as well as the presentation of the information to ensure that different reporting entities use the same format (allowing for data consistency and making historical or sector-wide analysis easier). In addition, it monitors compliance with the submission deadline for each report. These different processes are computerized to ensure a sound and efficient follow-up on the reports, as their number is quite significant. On the issues of erroneous data, missing data, or reports and failures to meet submission deadlines, DG Statistics liaises closely with the reporting entities as well as with the NCAs. It keeps track of all its requests to the reporting entities to be sure to have received a satisfactory reply to each of them. In cases where, after a certain predetermined period (as set out in the reporting schedules), no response is received, DG Statistics sends a reminder to the reporting entity concerned. Thereafter, it ensures that the database always contains the last and most correct version of the reports; historical data is kept in the database but should be clearly marked as such. The Directorate General informs end-users whenever new updates of supervisory data are available. In cases where it receives an amendment to a report that has already been released, DG Statistics informs the end-users and provides them with an updated version of the report as soon as possible. To facilitate the processing, monitoring, and analysis of prudential information and assist the identification of areas requiring follow-up action, ECB banking supervision and the NCAs rely on the IMAS system. It provides an integrated supervisory tool facilitating the analysis of prudential data, the prioritization and monitoring of tasks, as well as the performance of SREP. Please refer to CP 10 for additional information and recommendations for enhancing the ECB’s supervisory reporting.
Additional criteria
AC1	The supervisor has a framework for periodic independent review, for example by an internal audit function or third party assessor, of the adequacy and effectiveness of the range of its available supervisory tools and their use, and makes changes as appropriate.
Description and findings re AC1	ECB banking supervision’s supervisory activities are performed under the ECB internal control framework, which relies on a three-lines-of-defense model. It is the responsibility of the ECB’s operational management to establish appropriate systems of internal controls. Thus, operational management acts as the first line of defense. The risk management, control, compliance, and oversight functions established and deployed by management represent the second line of defense. The Supervisory Quality Assurance (SQA) Division has been set up to provide regular feedback to ECB banking supervision managers on the quality of their supervisory output in terms of consistency and effectiveness. The SQA Division operates by means of desk reviews, interviews with stakeholders and factual checks and analysis. Once a year the SQA Division issues a “lessons learned” report for discussion by the Supervisory Board, which may decide on further actions. The ECB’s Directorate Internal Audit (D/IA) provides independent and objective assurance and consulting services designed to add value and to improve the ECB’s operations. D/IA acts as a third, independent line of defense within the ECB governance framework. The D/IA helps the ECB in accomplishing its objectives by bringing a systematic disciplined approach to evaluate and improve the effectiveness and efficiency of risk management, control, and governance processes. All activities, operations and processes of the ECB may be subject to internal auditing. Moreover, D/IA coordinates and performs audit work under the umbrella of the Internal Auditors Committee (IAC). The scope of the IAC covers the performance of the euro system/ESCB and SSM tasks and activities as defined in the Statute of the ESCB and the ECB and in the SSMR, including their enabling processes and risks associated with them, and/or activities decided by the Executive Board, Governing Council, or General Council. The supervisory activities of the ECB are reviewed by the European Commission and the ECA, which reviews SSM operations with a specific focus on operational efficiency. The assessors reviewed the Commission’s review of the ECB’s implementation of CRD IV (Report from The Commission to The European Parliament and The Council, on the SSM established pursuant to Regulation (EU) No 1024/2013, October 11, 2017). The Commission gave an overall positive assessment of the application of the SSMR and the first years of the ECB acting in its supervisory capacity, especially in terms of levelling the playing field and fostering confidence from the integrated supervision of credit institutions. The ECA also assesses the ECB supervisory activities. The assessors reviewed the ECA report on the ECB’s SSM operations. (Special Report No. 29/2016: SSM—Good start but further improvement needed, November 18, 2016). The Court of Auditors examined the SSM’s governance, accountability, and offsite and onsite inspection programs. The report assessed the SSM’s reliance on the NCA for resources (See CP 2 EC6). The ECA also assessed the operational efficiency of the ECB in crisis management. (Special Report No. 02/2018: The Operational Efficiency of the ECB’s Crisis Management for Banks, 16/01/2018). The audit found that while the ECB has established a substantial framework for crisis management, it noted some design flaws and inefficient implementation that should be addressed. The audit recommended making better use of recovery plan assessments and developing operational guidance for crisis management activities and to enhance management reporting systems. The ECB formally responded to the findings and recommendations of both reports. The assessors found that the ECB supervisory functions operate under an effective internal control environment that is augmented by oversight from external bodies, which include the European Parliament, the European Commission, and the ECA.
Assessment of Principle 9	Compliant
Comments	The ECB, through the SREP, uses a mix of offsite analysis and onsite inspections that focus on both horizontal risk themes and vertical assessments of institution-specific risks. The techniques and tools to implement the supervisory approach appear to be appropriately designed, as evidenced by the confidential SSM Supervisory Manual and Appendices. The SEPs and onsite inspections also appear to be appropriately calibrated according to institutions’ risk profiles and systemic importance. Further refinements to the supervision program should be adopted incrementally as the ECB gains additional experience over time. The availability and allocation of staff for the joint JST and onsite inspection teams are assessed in CP 2. The assessors’ limited interviews with JSTs, senior staff members and experts in DGI, DGII, and DGIV, the SSM Supervisory Manual, sample SREP decisions, examples of onsite inspections, memoranda, presentations, and other related materials appear to support this assessment. The ECB should consider streamlining its internal reporting lines to ensure the timely communication of supervisory and other information. The assessors recommend that the ECB seek a mandatory notification requirement rather than the current expectation that institutions report all substantive changes in their activities, structure, and overall condition, or as soon as they become aware of any material adverse developments. The assessors recommend that the ECB be more transparent about its supervisory expectations, approaches, and techniques through the publication of guides on supervisory topics. The July 2017 Guide to onsite inspections and internal model investigations is a good primer on the ECB’s supervisory activities that is suited for public consumption. Supervision is enhanced, and potential issues are eliminated if the ECB’s identifies and communicates to SIs and interested parties its priorities and any emerging concerns it discerns from its ongoing and horizontal supervision of SIs and their activities. This also is an international best practice adopted by other supervisors of large banking institutions. The ECB’s practice of publishing guides on important supervisory topics should be continued. A condensed version of the SSM Supervisory Manual was published in March 2018 after the assessors’ onsite visit. The published manual removed much of the detail on supervisory techniques or information. Such transparency helps institutions comply with the ECB’s expectations and assures the public that the SSM operates under well designed supervisory processes. The ECB is in the process of reviewing additional elements of the Supervisory Manual for later publication.
Principle 10	Supervisory reporting. The supervisor collects, reviews and analyses prudential reports and statistical returns61 from banks on both a solo and a consolidated basis, and independently verifies these reports through either onsite examinations or use of external experts.
Essential criteria
EC1	The supervisor has the power62 to require banks to submit information, on both a solo and a consolidated basis, on their financial condition, performance, and risks, on demand and at regular intervals. These reports provide information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector, geography, and currency), asset quality, loan loss provisioning, related party transactions, interest rate risk, and market risk.
Description and findings re EC1	The core of supervisory reporting requirements in the EU is established in the CRR and detailed in the EC Implementing Regulation (or ITS) N. 680/2014, on supervisory reporting; it constitutes the sole EU-wide legal framework for supervisory reporting and a maximum harmonization instrument. As clarified by the EBA in a Q&A, “This means that, with regard to the scope of application of the Implementing Regulation, competent authorities cannot add nor delete data to be reported, nor can they require the reporting of that data in a different format nor in a different (less or more granular) breakdown, nor in a combination, other than in accordance with the CRR and with Directive 2013/36/EU (‘CRD IV’). The opposite would lead to different ways of application of the Implementing Regulation across the Union, thus leading to ‘less than maximum harmonization’ and would defeat the purposes of the Regulation as a legal instrument (as opposed to a Directive), and would be contrary to the will of the EU legislators as explicitly provided in Article 99 CRR. The Implementing Regulation shall only be modified by adopting amendments by the EBA and endorsement of the Commission.” The harmonized reporting includes information on: Solvency/COREP (capital adequacy) Financial information/FINREP (on- and off-balance sheet assets and liabilities, profit and loss, asset quality (NPLs, forbearance), loan loss provisioning, related party transactions, geographical, sectoral concentration) Large exposures (concentration per counterparty sector and region) Losses from immovable property Leverage ratio Liquidity (LCR and NSFR (with detail of significant currencies) and additional monitoring metrics) Asset encumbrance Supervisory benchmarking Funding plans Remuneration policies Reporting is required both on a consolidated (prudential scope of consolidation) and on a solo basis; it covers on- and off-balance sheet items. The frequency varies between reporting from monthly (liquidity) to quarterly and semi-annual or annual for some individual templates. While FINREP was originally mandatory only for IFRS institutions on a consolidated level, Regulation (EU) 2015/534 of the ECB gradually extends the financial supervisory reporting to institutions under other accounting standards (national GAAP or nGAAP) and on a solo level. The amount of information reported takes into account the proportionality principle (i.e., institutions with a low level of complexity not surpassing certain thresholds are allowed to submit fewer data points). Competent authorities can also, under certain conditions explicitly spelled out in the CRR, waive institutions from reporting on an individual level. Approximately 250 supervised entities belonging to SI groups have been granted a waiver for reporting of own funds on a solo basis; most of these are also exempted from FINREP. Other areas not addressed by the EBA ITS on Supervisory Reporting can be covered via additional data collections: as explained in the abovementioned EBA Q&A, “In other areas of reporting, not covered by the scope of the Implementing Regulation as defined in Article 1 of the Implementing Regulation, competent authorities and/or central banks may be in a position to require further reporting by institutions in these other areas, as the case may be and depending on the legal basis available.” Having identified the SREP as one of these areas, the ECB launched in 2015 a data collection named Short-term Exercise (STE), aimed at supporting the SSM activities leading to the SREP with data not available in the ITS reporting framework. The legal basis for the data collection by the ECB is represented by Article 10 of the SSMR (power to require credit institutions and other legal or natural persons to provide all information necessary to carry out its tasks, including information to be provided at recurring intervals and in specified formats for supervisory and related statistical purposes) and Article 141 of the SSMFR (“the ECB may require supervised entities to report additional supervisory information whenever such information is necessary for the ECB to carry out the tasks conferred on it by the SSMR. Subject to the conditions set out in relevant Union law, the ECB may specify in particular the categories of information that should be reported as well as the processes, formats, frequencies, and time limits for provision of the information concerned”). The STE covers all SIs plus some significant subsidiaries; it encompasses, among others, the following information needs: Profitability (budget and planned data on income and expenses) Credit Risk (breakdown of exposures and loan loss provisions by classification, type of collateral, loan-to-value and transition matrices) Concentration risk (100 largest exposures of all counterparties) Market risk (sensitivities to interest rate, equity, commodity, credit spread, and FX risks) IRRBB Sovereign risk (direct and indirect exposures to sovereigns in both the banking and trading book) Liquidity risk (NSFR, funding plans) Operational risk The needs for STE data collections are reviewed every year; as soon as certain information collected through the STE become available as ITS reporting, the respective STE templates will be discontinued. Over the medium to long term, the ECB aims to propose to the EBA appropriate amendments to the ITS reporting framework and to reduce accordingly the STE for SREP data collection. The ESCB has launched initiatives for BIRD and IReF—focusing mainly on ESCB statistical requirements for the moment—that could lead to the creation of a single, common, ultra-granular data source for users’ multiple information needs. This would grant flexibility in the extraction of the relevant information from the same source, improving cross-consistency among different reports and, potentially, their data quality. Through time these initiatives could lead to a reduction in the overall reporting burden on banks.
EC2	The supervisor provides reporting instructions that clearly describe the accounting standards to be used in preparing supervisory reports. Such standards are based on accounting principles and rules that are widely accepted internationally.
Description and findings re EC2	According to Article 24 of the CRR, the valuation of assets and off-balance sheet items shall be affected in accordance with the applicable accounting framework. According to Article 99(2) of the CRR, SIs that prepare their consolidated accounts in conformity with IFRS are required to provide FINREP reporting templates for supervisory purposes. For other supervised entities, the ECB has issued Regulation (EU) 2015/534 to require supervisory financial information for non-IFRS reporters and at solo level. In eight member states, SIs with no securities traded on regulated markets are allowed to report on a consolidated basis according to their national GAAPs (though in two of these states nGAAP is considered fully compatible with IFRS); there are currently 11 SIs (representing 3 percent of total assets and 2 percent of RWAs in the SSM) that use nGAAP for reporting on a consolidated level. According to Article 24(2) of the CRR, the ECB could require those non-IFRS SIs to apply IFRS at a consolidated level; however, this would require such SIs to maintain two different accounting regimes in place. The ECB regulation on reporting of supervisory financial information uses templates designed by the EBA that form part of Commission Implementing Regulation (EU) No 680/2014. In particular, there are dedicated national GAAP reporting templates that harmonize the reporting of entities under these accounting standards while respecting their differences vis-à-vis IFRS. The ECB is collaborating with the NCAs to provide national GAAP banks with further guidance to facilitate their reporting.
EC3	The supervisor requires banks to have sound governance structures and control processes for methodologies that produce valuations. The measurement of fair values maximizes the use of relevant and reliable inputs and is consistently applied for risk management and reporting purposes. The valuation framework and control procedures are subject to adequate independent validation and verification, either internally or by an external expert. The supervisor assesses whether the valuation used for regulatory purposes is reliable and prudent. Where the supervisor determines that valuations are not sufficiently prudent, the supervisor requires the bank to make adjustments to its reporting for capital adequacy or regulatory reporting purposes.
Description and findings re EC3	Article 76(2) of CRD IV requires the management body to devote sufficient time to the consideration of risk issues as well as the valuation of assets, the use of external credit ratings, and internal models relating to those risks. To the extent that the applicable accounting framework is IFRS, the measurement of fair values and valuation rules are determined on the grounds of IFRS requirements (IAS 39, IFRS 13). In relation to internal modeling approaches, Article 78 of CRD IV requires that, at least annually, competent authorities assess the consistency and comparability of risk-weighted assets produced by institutions’ internal modeling approaches (except for operational risk) which competent authorities have granted permission to use for capital purposes. EBA RTS (EBA/RTS/2015/01) provide supervisors with a benchmarking tool to enable competent authorities to compare the outcomes of banks’ models. The ITS specify the benchmarking portfolios as well as the templates, definitions, and IT solutions that should be applied in the benchmarking exercise for market and credit risk. The RTS for prudential valuation (EBA/RTS/2014/06/rev1) establishes approaches for prudential valuation adjustments as required by the CRR (see CP 22, EC4). The EU-wide legislation does not cover the capacity for the supervisor to require a bank to make adjustments to its reporting for capital adequacy or regulatory reporting in order to impose a specific provision if valuations are deemed not sufficiently prudent. However, the ECB has the power to influence the provisioning policy of a bank within the limits of accounting standards. The ECB is also entitled to require credit institutions to apply specific adjustments (deductions, filters, or similar measures) to own funds calculations where the accounting treatment applied by the bank is considered not prudent from a supervisory perspective. In other words, the ECB has the power—for the purposes of own funds calculations (i.e., only for determining the capital ratios for prudential purposes)—to go beyond the accounting treatment when this is considered not prudent.
EC4	The supervisor collects and analyses information from banks at a frequency commensurate with the nature of the information requested, and the risk profile and systemic importance of the bank.
Description and findings re EC4	EU harmonized supervisory reporting is subject to the following minimum frequencies: Solvency/COREP (quarterly with some templates semi-annually) Financial information/FINREP (quarterly with some templates semi-annually or annually) Large exposures (quarterly) Losses from immovable property (semi-annually) Leverage ratio (quarterly) Liquidity (monthly) Asset encumbrance (quarterly) Supervisory benchmarking (annually) Funding plans (annually) Remuneration policies (annually) The frequency of collection and analysis of information from banks can be adjusted depending on the risk profile and systemic importance of the bank as per Article 104 paragraph a of CRD IV. Currently there are approximately 50 SIs that are subject to additional reporting requirements (including an increased reporting frequency). Most STE data is collected quarterly.
EC5	In order to make meaningful comparisons between banks and banking groups, the supervisor collects data from all banks and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates (stock data) and periods (flow data).
Description and findings re EC5	ECB banking supervision has direct supervisory competence in respect of credit institutions, financial holding companies, mixed financial holding companies established in participating Member States, and branches in participating Member States of credit institutions established in non-participating Member States that are significant. The perimeter of the entities included in the prudential scope of consolidation is defined in the CRR (Chapter 2, “Prudential consolidation”) and is applied to all institutions supervised within the SSM. The ITS on supervisory reporting provides harmonized reporting requirements for all these entities (FINREP only for IFRS institutions at the consolidated level). In order to ensure comparability between banks with different year-ends, according to Article 2 of Commission Implementing Regulation (EU) No 680/2014: “Where institutions are permitted by national laws to report their financial information based on their accounting year-end which deviates from the calendar year, reporting reference dates may be adjusted accordingly, so that reporting of financial information is done every three, six, or twelve months from their accounting year-end, respectively.” There are currently eight entities (part of SI groups) allowed to report their year-end results at dates not coinciding with calendar year-ends.
EC6	The supervisor has the power to request and receive any relevant information from banks, as well as any entities in the wider group, irrespective of their activities, where the supervisor believes that it is material to the condition of the bank or banking group, or to the assessment of the risks of the bank or banking group or is needed to support resolution planning. This includes internal management information.
Description and findings re EC6	Article 4 of CRD IV regarding the designation of powers to the competent authorities provides the legal basis for supervisors to have access to all relevant information from credit institutions as well as entities in the wider group. Paragraph 3 states that Member States shall ensure that appropriate measures are in place to enable the competent authority to obtain the information needed to assess the compliance of institutions, and of financial holding companies and mixed financial holding companies. Paragraph 5 states that Member States shall also ensure that internal control mechanisms and administrative accounting procedures of the institution permit the checking of their compliance with such rules at all times. Article 10 of the SSMR allows the ECB to require all information necessary to carry out the tasks of prudential supervision conferred on in by that Regulation, including: compliance with prudential requirements (Article 4.1d); and compliance with requirements on robust governance arrangements, including the fit-and-proper requirements for the persons responsible for the management of credit institutions, risk management processes, internal control mechanisms, remuneration policies and practices and effective ICAAP, including IRB models (Article 4.1.e). The assessors saw evidence of the capacity of JSTs to obtain, from banks and entities in the wider group, internal management information and any supplementary information needed for its assessment of the bank or banking group condition.
EC7	The supervisor has the power to access63 all bank records for the furtherance of supervisory work. The supervisor also has similar access to the bank’s Board, management, and staff, when required.
Description and findings re EC7	Article 11 of the SSMR allows the ECB to “examine the books and records of the persons referred to in Article 10(1) and take copies or extracts from such books and records,” and “obtain written or oral explanations from any person referred to in Article 10(1) or their representatives or staff.” The (legal and natural) persons referred to in Article 10(1) are the following: a)credit institutions established in the participating Member States; b)financial holding companies established in the participating Member States; c)mixed financial holding companies established in the participating Member States; d)mixed-activity holding companies established in the participating Member States; e)persons belonging to the entities referred to in points (a) to (d); f)third parties to whom the entities referred to in points (a) to (d) have outsourced functions or activities.
EC8	The supervisor has a means of enforcing compliance with the requirement that the information be submitted on a timely and accurate basis. The supervisor determines the appropriate level of the bank’s senior management is responsible for the accuracy of supervisory returns, imposes sanctions for misreporting and persistent errors, and requires that inaccurate information be amended.
Description and findings re EC8	Article 67 of CRD IV, in paragraphs (e) to (m), establishes the capacity for the competent authority to enforce compliance with the requirement that information submitted for regulatory purposes is accurately and timely. The ECB decision of July 2, 2014 (ECB/2014/29) specifies that the ECB will ensure compliance with the provisions of Union law that impose prudential requirements on credit institutions as regards reporting. Article 3 specifies the remittance dates to the ECB, with different deadlines according to the nature of the reporting entity. SIs directly supervised by the ECB have an earlier remittance date than LSIs. Article 4 requires NCAs to monitor and ensure the quality and reliability of the data made available to the ECB, by applying the validation rules specified in Annex XV of the EBA ITS on supervisory reporting, and to apply the additional data quality checks defined by the ECB in cooperation with the NCAs. Further, the information must be complete: existing gaps must be acknowledged, explained to the ECB and, if applicable, filled in without undue delay. Article 18(1) of the SSMR empowers the ECB to open infringement proceedings against and impose administrative pecuniary penalties on SIs for breaches, inter alia, of the reporting obligations stemming from the CRR. The ECB may also, pursuant to Article 18(5) of the SSMR, request NCAs to open proceedings in order to impose non-pecuniary penalties on SIs and/or sanctions against natural persons belonging to these entities. Moreover, on the basis of Article 9(1) second paragraph of the SSMR and for the exclusive purpose of carrying out the supervisory tasks conferred on it by that regulation, the ECB is empowered to directly impose on SIs the national enforcement measures stemming from the transposition of the relevant Directives; likewise and according to Article 9(1) third paragraph of the SSMR and Article 22(1) of the SSMFR, where national laws provide NCAs with enforcement powers, the ECB may require, by way of instructions, these authorities to make use of their enforcement powers with respect to breaches of reporting obligations. In case the reporting obligations breached are contained in an ECB decision or regulation, the ECB may also impose on SIs and LSIs periodic penalty payments (PPPs) and fines provided for in Article 122 of the SSMFR. As a result of the data quality process carried out by the ECB (Supervisory Statistics Division within the Directorate General Statistics) together with the NCAs, banks can be requested to resubmit their reports when the information received is found to be incomplete or inaccurate. In the EU framework, there is no indication of the appropriate level of the bank’s senior management to be held responsible for the accuracy of supervisory returns.
EC9	The supervisor utilizes policies and procedures to determine the validity and integrity of supervisory information. This includes a program for the periodic verification of supervisory returns by means either of the supervisor’s own staff or of external experts.64
Description and findings re EC9	The ITS reporting framework developed by the EBA defines data items and binding validation rules that ensure consistent application of the requirements. In addition, the EBA has developed additional quality checks for use by NCAs when reviewing the reported information. According to Article 140(4) of the SSMFR, “the ECB shall organize the processes relating to collection and quality review of data reported by supervised entities subject to, and in compliance with, relevant Union law and EBA implementing technical standards.” Therefore, the ECB organizes the quality review of the data and the NCAs monitor and ensure the quality and reliability of the data made available to the ECB. The Banking Supervision Data Division (BSDD) is responsible for carrying out these tasks, as established in the SSM Supervisory Manual. The main objective of BSDD is to ensure that the ECB has reliable and accurate supervisory data. Therefore, the function maintains close cooperation with NCAs’ reporting units, which are the first recipients of prudential reporting by credit institutions and which perform the first data quality checks on this data. BSDD collaborates with NCAs (and supervised entities in case of direct reporting to the ECB) through the sequential approach with the objective of putting into place efficient processes for the collection and the data quality assessment of the supervisory reports. The BSDD also ensures that reporters follow reporting deadlines established in the EBA ITS. Additionally, the BSDD assesses whether the data are submitted in a timely manner, and forwards the received reports—overnight—to end-users, such as JSTs and horizontal functions within the ECB. Upon receipt, selected data is also forwarded to the EBA. The data is made available to end-users according to the SSM Information Security Policies and IT-system entitlements. The BSDD produces regular supervisory statistics, KRIs, reports and dashboards for end-users. The BSDD is solely responsible for planning and executing its own tasks and activities. In cases of reporting errors (missing reports, false reports, or missed deadlines) that require further action, and where a reporting agent does not respond to repeated requests, the BSDD liaises with the JSTs and the Enforcement and Sanctioning Division as necessary. This process is currently under review with the objective of letting the BSDD have more direct contact with reporting agents in these matters. The STE reporting is also subject to data quality controls, but subject to a lower number of validation rules and according to a less structured process.
EC10	The supervisor clearly defines and documents the roles and responsibilities of external experts,65 including the scope of the work, when they are appointed to conduct supervisory tasks. The supervisor assesses the suitability of experts for the designated task(s) and the quality of the work and takes into consideration conflicts of interest that could influence the output/recommendations by external experts. External experts may be utilized for routine validation or to examine specific aspects of banks’ operations.
Description and findings re EC10	In cases where external experts are required to support the ECB in carrying out its prudential supervisory tasks, including the direct supervision of SIs, the rules followed are those that apply generally within the ECB. The ECB initiates the tender process by means of a contract notice published in the Official Journal of the EU with highly qualified external providers. The aim is to have the appropriate expertise and resources available when required, including at short notice, to assist the ECB’s head of supervisory assignments. The selection process is conducted in compliance with ECB Decisions (for example Decision ECB/2007/5 for the 2015 process), laying down the Rules on Procurement. The publication is followed by a selection and an award phase. The ECB evaluates the tenders received based on the formal requirements and award criteria in order to select the economically most advantageous tender, i.e., offering the best price/quality ratio, taking into account the award criteria. In light of the information collected, the framework agreement to be entered into with a selected entity further elaborates on the conditions under which a contractor may be considered to be subject to a conflict of interest and would therefore not be deployed for certain supervisory assignments. In addition, according to Article 24(4) of the Decision, the ECB may exclude tenderers from participation at any time if they or their management, staff, or agents are subject to a conflict of interest. To this end, tenderers are requested to certify that they are not subject to such a conflict of interest and/or provide such evidence specified in the contract notice. If such circumstances arise in the course of the procedure, the tenderer concerned shall inform the ECB without undue delay. When such external contractors are used, they would be contractually required to work in accordance with SSM methodologies and in close collaboration with ECB staff, and the head of the supervisory assignment, in particular. The quality of work of external experts is closely monitored and assessed by the ECB/SSM staff working on the specific task before taking it into account for supervisory conclusions. External contractors would be subject to the same professional secrecy requirements as ECB staff members when they provide services related to the discharge of supervisory duties. Furthermore, as with all of the ECB’s other activities, the use of external contractors is guided by the principle of prudent management of resources and by the goal of finding effective and cost-efficient solutions. External contractors are to be used only in limited circumstances. In the past two years they have been used in support of onsite missions and internal model investigations, in support of the preparatory and execution phases of TRIM, and in support of the preparatory and execution phases of EBA and SREP stress test exercises. In the cases of onsite missions or internal models investigations, a central ECB team, together with the SSM HoMs, assesses the suitability of each proposed external expert for the specific task. The SSM HoM reviews the output delivered by the expert team(s) and remains in charge and responsible for the mission team’s deliverables. Feedback from the HoMs is collected centrally and regularly for each mission and discussed in regular meetings with the experts’ employers.
EC11	The supervisor requires that external experts bring to its attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes.
Description and findings re EC11	In cases where external experts are required to support ECB banking supervision in its supervisory duties, the rules followed are those applied by the ECB. When such external contractors are used, they are contractually required to work under the instructions of ECB staff, and the HoM in particular. The integration of external experts into the assessment teams and their frequent interaction with the HoM ensure that any material shortcoming of banks’ compliance is promptly brought to the attention of the HoM.
EC12	The supervisor has a process in place to periodically review the information collected to determine that it satisfies a supervisory need.
Description and findings re EC12	The SSM is represented in the relevant bodies responsible for the establishment of reporting requirements, such as the EBA Reporting Subgroup and the EBA Standing Committee on Accounting, Reporting, and Auditing (as regards EBA ITS data) and the ECB Statistical Committee (as regards statistical data). It also coordinates various SSM networks involving NCAs, where the users’ needs on supervisory reporting are discussed: e.g., the network ‘User requirements of Supervisory Reporting’ discusses on a regular basis additional data gaps that could be discussed with the EBA when considering future enhancements of the EBA ITS reporting. As regards the EBA ITS data, there is no EU-wide framework for competent authorities to periodically review the information collected from banks and to determine whether it still satisfies supervisory needs. No framework has been established so far for competent authorities to perform an assessment of the information that has been collected to meet supervisory needs. However, Article 99(7) of the CRR allows competent authorities to notify the EBA whenever they believe that additional information should be included in the ITS on supervisory reporting. Accordingly, the EBA ITS is periodically updated to follow regulatory developments and to close data gaps identified by supervisors. As regards the information not included in the EBA ITS collected by the ECB, the reporting requirements are periodically discussed in the various networks and groups of the SSM. For example, the STE is reviewed on a yearly basis to take into account changes in activities and risks that would require modifications of the corresponding information collected for Pillar 2 purposes as well as areas entering into the EBA ITS scope.
Assessment of Principle 10	Largely Compliant
Comments	The ITS on supervisory reporting, published by the EBA after approval by the EC, is aimed at monitoring compliance with requirements established by the CRR (mostly Pillar 1 requirements); it represents the sole EU-wide legal framework for supervisory reporting in a number of areas and is a “maximum harmonization” instrument. This means that “with regard to the scope of application of the Implementing Regulation, competent authorities cannot add nor delete data to be reported, nor can they require the reporting of that data in a different format nor in a different (less or more granular) breakdown, nor in a combination, other than in accordance with the CRR and with [CRD],” as explained by the EBA. The ECB complements this information, for areas beyond the scope of application of the ITS to address specific and delineated needs. For instance, the STE data collections cover fundamentally some of the data needs for SREP (e.g., assets and liabilities by repricing date, for IRRBB estimation). The legal basis for this form of data collection is Article 10 of SSMR. STE reporting and surveys are necessary to give the ECB some flexibility in addressing its data needs to perform sound supervision. The ECB can also request data in its capacity as central bank, as it does for its ANACREDIT project, a Euro Area-wide collection of granular data on corporate loans. While allowing the ECB some room for flexibly, this provision does not allow the ECB to autonomously and promptly address any substantial data gaps that may emerge in areas already covered by the ITS. Currently, the only way to cover the need for new or more granular standardized data in such areas would be through a revision of the ITS, a much lengthier and more complex process. In addition, the STE data are not subject to the same quality control routines as for ITS reporting, which is likely to lead to lower data quality. The maximum harmonization principle is considered a fundamental safeguard for the development of the single market in the EU, both by creating a level playing field among institutions and by reducing the reporting burden (and, hence, the related costs). As such and taking into account the still existing differences in supervisory approaches across the EU, it is not necessarily fully supporting individual supervisory authorities’ interest in nimbly adapting the reporting to dynamically evolving needs. So far, the ECB has, in specific areas, complemented its data collection with tailored additional requests (e.g., the recently introduced supervisory reporting related to NPLs); going forward, the process to amend and integrate the harmonized supervisory reporting should be streamlined and expedited, as to reduce the need for the ECB to keep a host of supplementary data collections in place for long times. In the longer term, the initiatives for BIRD and IReF might contribute to ensuring harmonization of reporting while allowing for more flexibility in its uses: the introduction of a single, common, ultra-granular data source for users’ multiple information needs could support streamlining the current reporting requirements and, consequently, reduce the reporting burden on banks while increasing data quality. The ECB should further promote its development and widespread adoption. The EU-wide legislation does not cover the capacity for the supervisor to require a bank to make adjustments to its reporting for capital adequacy or regulatory reporting in order to impose a specific provision if valuations are deemed not sufficiently prudent (EC 3). However, the ECB has the power to influence the provisioning policy of a bank within the limits of accounting standards. The ECB is also entitled to require credit institutions to apply specific adjustments (deductions, filters, or similar measures) to own funds calculations where the accounting treatment applied by the bank is considered not prudent from a supervisory perspective. In other words, the ECB has the power—for the purposes of own funds calculations (i.e., only for determining the capital ratios for prudential purposes)—to go beyond the accounting treatment when this is considered not prudent. In the EU framework, there is no indication of the appropriate level of the bank’s senior management to be held responsible for the accuracy of supervisory returns (EC 8). As regards the EBA ITS data, there is no EU-wide framework for competent authorities to periodically review the information collected from banks and to determine whether it still satisfies supervisory needs. Considering the sizeable currency transformation operated by some internationally active banks, some with considerable presence in non-Euro markets, the ECB should ensure that the ITS include adequately granular and frequent breakdown of those banks’ cash flows in material non-Euro currencies and that the JSTs monitor it on a regular basis (see also CP 24). Regular reporting of a maturity ladder with a breakdown also by significant currency started in March 2018.
Principle 11	Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking license or to recommend its revocation.
Essential criteria
EC1	The supervisor raises supervisory concerns with the bank’s management or, where appropriate, the bank’s Board, at an early stage, and requires that these concerns be addressed in a timely manner. Where the supervisor requires the bank to take significant corrective actions, these are addressed in a written document to the bank’s Board. The supervisor requires the bank to submit regular written progress reports and checks that corrective actions are completed satisfactorily. The supervisor follows through conclusively and in a timely manner on matters that are identified.
Description and findings re EC1	The ECB is empowered to require banks, financial holding companies or mixed financial holding companies to take necessary measures (See CP 1 EC 3). The main tool used by the ECB are Decisions (legal acts) and operational acts (informal communication. Decisions result from the annual SREP, which is the most used supervisory tool. The ECB supervisory decisions, as defined in Article 2(26) of the SSMFR, must be adopted following the provisions set forth in Article 22 of the SSMR and Articles 25 et seqq. of the SSMFR. ECB supervisory decisions are in writing. According to Article 35 of the SSMFR, the ECB’s supervisory decisions can be delivered to SI’s governing board. Before making use of supervisory powers, the ECB employs a progressive remedial process. The ECB will employ non-binding routine or ad hoc requests, letters, statements, meetings with the management of the credit institution or a letter of intervention (collectively “operational acts”) if they will address an issue satisfactorily. If an SI does not comply with the ECB’s recommendations, or the seriousness of the problem identified, or deficiency so requires, the process will involve a formal supervisory measure. Such measures require a decision by the Supervisory Board and the Governing Council. The supervisory measure maybe included in the annual SREP decision addressed to the SI or may be in a separate decision. In practice, the SREP decision is the most often used Decisions are followed up by periodical/ad hoc reports only, or more frequent interaction with the SI, including follow-up inspections. The ECB also may seek to impose an enforcement measure to compel the SI to restore compliance, or a sanction, to punish the infringement. Referral to the ECB’s Enforcement and Sanctions Division is mandatory if the supervisors have reason to suspect that a breach of a prudential requirement or of an ECB regulation or decision is being or has been committed (See EC4). The decisions on enforcement measures and sanctions are taken by the Supervisory Board and the Governing Council. For LSIs, any material supervisory procedures or draft supervisory decisions should be notified to the ECB.
EC2	The supervisor has available66 an appropriate range of supervisory tools for use when, in the supervisor’s judgment, a bank is not complying with laws, regulations or supervisory actions, is engaged in unsafe or unsound practices or in activities that could pose risks to the bank or the banking system, or when the interests of depositors are otherwise threatened.
Description and findings re EC2	The powers of the ECB are laid down in Chapter III of the SSMR (Articles 9 to 18). Apart from the supervisory powers listed in Article 16(2) of the SSMR, the ECB can directly exercise powers conferred on the national authorities by national law transposing Union law directives. It can also require the NCAs, to the extent necessary, and by way of instructions, to make use of their powers, under and in accordance with the conditions of national law, where the SSMR does not confer such powers on the ECB. This is relevant, since the CRD-transposed powers do not cover all the breaches of requirements established by CRR—in that case, the ECB necessarily must resort to instruct NCAs to use purely national powers to deal with the issue. The assessors had access to files when this was the case. The ECB can act in two different ways to address shortcomings: (a) Informal dialogue with the credit institution (or operational acts), which does not require a Supervisory Board and Governing Council decision and is not legally binding; and (b) formal supervisory measures, which require decisions by the Supervisory Board and the Governing Council. These powers include, among others, the power to draw up an action program and a timetable for its implementation, to replace one or more managers, to request the management to convene a shareholders’ meeting and to appoint a special manager. The ECB may also impose an enforcement measure to compel the SI to restore compliance, or a sanction, to punish the infringement (see EC4).
EC3	The supervisor has the power to act where a bank falls below established regulatory threshold requirements, including prescribed regulatory ratios or measurements. The supervisor also has the power to intervene at an early stage to require a bank to take action to prevent it from reaching its regulatory threshold requirements. The supervisor has a range of options to address such scenarios.
Description and findings re EC3	The ECB has broad powers granted by Article 16 of the SSMR. These powers are available not only when the institution is breaching requirements but also when the ECB has evidence that the bank is likely to breach applicable legal requirements specified in Article 4(3) of the SSMR within the next 12 months; or when, based on the SREP, the ECB considers that the arrangements, strategies, processes, and mechanisms implemented by the institution and the own funds and liquidity held by it do not ensure a sound management and coverage of its risks. The ECB’s supervisory processes and powers are generally sufficient to resolve issues. In the event an institution remains noncompliant, the ECB may resort to enforcement and sanctions. However, the ECB’s enforcement powers are limited and misaligned with supervisory objectives. The ECB may employ non-pecuniary enforcement tools to affirmatively compel supervised entities to comply with applicable supervisory or legal requirements only when they are provided for in national transposition of CRD IV or as purely national measures. Pecuniary penalties are the only enforcement tool directly available to the ECB in every jurisdiction.
EC4	The supervisor has available a broad range of possible measures to address, at an early stage, the scenarios described in EC 2. These measures include the ability to require a bank to take timely corrective action or to impose sanctions expeditiously. In practice, the range of measures is applied in accordance with the gravity of a situation. The supervisor provides clear prudential objectives or sets out the actions to be taken, which may include restricting the current activities of the bank; imposing more stringent prudential limits and requirements; withholding approval of new activities or acquisitions; restricting or suspending payments to shareholders or share repurchases; restricting asset transfers, barring individuals from the banking sector; replacing or restricting the powers of managers, Board members, or controlling owners; facilitating a takeover by or merger with a healthier institution; providing for the interim management of the bank; and revoking or recommending the revocation of the banking license.
Description and findings re EC4	The ECB has at its disposal a broad range of possible measures to address, at an early supervisory stage, deficiencies and weaknesses at SIs, as described in EC 2 above. These measures are comparable to those available to competent authorities pursuant to Articles 103-106 of CRD IV and include the ability to require a SI to take timely corrective action through the ECB Supervisory Board decision process. The formal imposition of sanctions is not expeditious due to the complex legal framework. Internal ECB process improvements should be undertaken even if there are other legal impediments to timely action. The ECB can require the SI to take timely corrective action by applying the broad supervisory powers available to the ECB. According to Article 16(2) of the SSMR, the ECB has the power to: require institutions to hold additional own funds; require the reinforcement of the arrangements, processes, mechanisms and strategies; require institutions to present a plan to restore compliance with supervisory requirements; require institutions to apply a specific provisioning policy or treatment of assets in terms of own funds requirements; restrict or limit the business, operations or network of institutions or to request the divestment of activities that pose excessive risks to the soundness of an institution; require the reduction of the risk inherent activities, products or systems of institutions; require institutions to limit variable remuneration as a percentage of net revenues; require institutions to use net profits to strengthen own funds; restrict or prohibit distributions of interest payments by an institution to shareholders, members or holders of Additional Tier 1 instruments; impose specific liquidity requirements, including restrictions on maturity mismatches between assets and liabilities; require additional disclosures; remove at any time members from the management body of credit institutions who do not fulfil the requirements set out in relevant Union law. The ECB has the power to require SIs to take necessary measures at an early stage if a SI is likely to breach prudential requirement within the next 12 months or if sound management and coverage of risks is not ensured (See EC 2 and EC 3). Article 16 of the SSMR also authorizes the ECB to directly exercise all powers conferred on the NCAs by national law transposing Union law directives in order to carry out its supervisory tasks. It also may require a NCA to make use of their national powers, where the SSMR does not confer such powers on the ECB (See EC 2). Thus, the ECB can directly or indirectly apply the powers NCAs have under and in accordance with the conditions set out in national law. Under Article 14(5) of the SSMR, the ECB also has the power to withdraw a credit institution’s authorization if circumstances warrant (See CP 5). The ECB can also impose sanctions. The allocation of sanctioning tasks between the ECB and the NCAs vis-à-vis SIs depends on three main elements: (i) type of regulation allegedly infringed (i.e., directly applicable Union law; national law implementing Directives, ECB decisions, or regulations; national law relating to tasks not conferred on the ECB); (ii) entity to be penalized (i.e., supervised entity or natural person); (iii) sanction to be imposed (i.e., pecuniary or non-pecuniary). In general, the ECB can only apply non-pecuniary sanctions and sanction natural persons through an NCA. The table below summarizes the allocation of sanctioning powers between the ECB and the NCAs based on the nature of the infringement: View Full Size ECB / NCA SANCTIONING POWERS Citation: IMF Staff Country Reports 2018, 233; 10.5089/9781484369715.002.A001 Download Figure Download figure as PowerPoint slide Where SIs intentionally or negligently breach a requirement under relevant directly applicable Union law in relation to which administrative penalties are available to competent authorities, the ECB may under Article 18(1) of the SSMR impose administrative pecuniary penalties of twice the amount of the profits gained or losses avoided because of the breach where those can be determined or up to 10 percent of the total annual turnover in the proceeding business year. In case of breach of ECB regulations or decisions, the ECB may under Article 18(7) of the SSMR impose fines against supervised entities of the same maximum amount. The ECB has the power to impose periodic penalty payments of up to five percent of the average daily turnover per day of infringement in order to enforce ECB decisions or regulations. The ECB can require NCAs to open proceedings if penalties for breaches of national law transposing EU Directives, penalties against natural persons or non-pecuniary penalties are to be imposed (See Article 18(5) of the SSMR, Article 134 of the SSMFR). Beside the application of these supervisory powers and sanctions, the ECB has the power to impose enforcement measures to compel a SI to comply with (i) an ECB supervisory decision or regulation or (ii) an obligation under relevant Union law. The ECB can also impose enforcement measures against LSIs for ongoing breaches of ECB decisions or regulations imposing an obligation vis-á-vis the ECB. The allocation of enforcement powers between the ECB and the NCAs is as follow: View Full Size ECB ENFORCEMENT POWERS Citation: IMF Staff Country Reports 2018, 233; 10.5089/9781484369715.002.A001 Download Figure Download figure as PowerPoint slide As regards the types of enforcement measures available, the ECB is empowered to directly impose on SIs periodic penalty payments (PPPs) provided for in Council Regulation (EC) No 2532/98 in cases of ongoing breaches of ECB supervisory decisions or regulations. The upper limit of PPPs shall be five percent of the average daily turnover per day of infringement for a maximum period of six months. In addition, according to Article 9(1) paragraph 2 of the SSMR for the exclusive purpose of carrying out its tasks, the ECB shall have all the powers and obligations which NCAs shall have under the relevant Union law. Based on this Article, the ECB may also adopt directly those measures that NCAs shall have under the relevant Union law which are considered as enforcement measures in the national legislation implementing relevant directives. For example, cease-and-desist orders could be included in this category depending on the Member State’s implementation of CRD IV. The ECB provided the assessors with a mapping of national enforcement and sanctioning powers compiled by the NCAs. Unless powers are expressly labeled as enforcement under CRD IV transposition, the ECB cannot exercise these directly and needs to instruct NCAs to exercise these pure national powers. For example, in Germany, there are few powers directly available to the ECB as the powers available to BaFin are not considered to be enforcement measures under CRD IV but as administrative measures under German law. Other jurisdictions more closely follow the provisions of CRD IV in terms of the availability and size of pecuniary penalties. Procedural processes vary widely among Member States with regard to assessing penalties against individuals, and some breaches under national law need to observe precise thresholds for trigger. Some national laws also impose procedural processes or approvals before the ECB may exercise a national law tool. Cyprus is an example of where the imposition of national law sanctions requires the agreement of the Minister of Finance. Moreover, differences in national laws governing breaches may result in potentially inconsistent outcomes for similar breaches. This does not foster consistency and a level playing field.
EC5	The supervisor applies sanctions not only to the bank but, when and if necessary, also to management and/or the Board, or individuals therein.
Description and findings re EC5	The ECB may impose sanctions only on legal entities (SIs), but it does not have the power to directly impose sanctions on natural persons pursuant to recital 53 and Article 18(1) of the SSMR. In contrast, under CRD IV (Article 65 on Administrative penalties and other administrative measures), Member State competent authorities are authorized to impose sanctions on credit institutions as well as to members of management bodies and other individuals. The ECB may, however, require NCAs to open proceedings with a view to taking action to ensure that appropriate national law penalties are imposed for breaches of prudential requirements under Article 18(5) of the SSMR. (Sanctioning powers between ECB and NCAs are discussed in BCP 11 EC 4). Pursuant to Article 134 of the SSMFR, NCAs may impose sanctions upon natural persons belonging to SIs only at the ECB’s request and shall inform the ECB of the outcome of the proceedings. NCAs also may ask the ECB to request them to open proceedings to impose a sanction on natural persons belonging to a SI. The level of sanctions has gradually increased since the inception of the SSM. Only four proceedings were initiated in 2015 (3 sanctioning proceedings and 1 enforcement proceeding; 2 sanctioning proceedings were completed in 2015). In 2016, the ECB launched 41 sanctioning proceedings and one enforcement proceeding. The ECB handled 44 proceedings in 2016 (including two ongoing 2015 proceedings), 42 of them regarding sanctions and two related to enforcement measures. Altogether, 30 out of the 42 sanctioning proceedings handled in 2016 relate to suspected breaches of directly applicable EU law (ECB decisions and regulations included). These proceedings concern 26 SIs and relate to the areas of own funds, reporting, public disclosure, liquidity and large exposures. The remaining 12 out of the 42 sanctioning proceedings are related to suspected breaches of national law transposing CRD IV provisions and concern SIs or natural persons. These proceedings involved suspected breaches regarding governance, including internal control mechanisms, management body functions and remuneration. During 2016, the ECB also addressed three requests to NCAs to open sanctioning proceedings within the remit of their national competences. The two enforcement proceedings handled in 2016 concerned a suspected breach of national remuneration rules and non-compliance with an ECB supervisory decision (See ECB Annual Report on Supervisory Activities 2016). In addition, the ECB has the competence pursuant to Article 16(2)(m) of the SSMR to remove members of the management body of SIs who do not fulfill the fit-and-proper requirement under its supervisory authorities at any time. The removal powers of NCAs vary under national laws. Some Member States lack the power to remove individual management body members. Others only allow the imposition of penalties upon natural persons. Enforcement proceedings against individuals are brought under national laws, appeals of any such enforcement actions or sanctions are directed to national courts where the ECB may not have legal standing.
EC6	The supervisor has the power to take corrective actions, including ring-fencing of the bank from the actions of parent companies, subsidiaries, parallel-owned banking structures, and other related entities in matters that could impair the safety and soundness of the bank or the banking system.
Description and findings re EC6	The ECB is empowered by Article 16 of the SSMR to require SIs to take the necessary corrective measures at an early stage. The measures available to the ECB are broad and encompass the actions specified in EC6. They are described in more detail in EC 1, EC 2, and EC 4. In addition to those direct supervisory measures, the ECB can also use the existing purely national structural powers (indirectly exercised by way of instructions pursuant to Article 9(1) 3rd paragraph of the SSMR). The ECB possesses early intervention authorities. An intensive interaction between the ECB and SRB takes place when early intervention measures are planned to be taken by the ECB regarding an institution for which SRB is the resolution authority. Notable differences exist between the scope of the direct supervision of the ECB and the remit of entities falling under the competence of the SRB. The latter has a more extended scope that includes cross-border LSIs not directly supervised by the ECB. Furthermore, there is some overlap between the early intervention powers in the BRRD and the supervisory powers listed in the SSMR, each backed by different procedures (See Commission Staff Working Document https://ec.europa.eu/info/sites/info/files/171011-ssm-review-report-staff-working-document_en.pdf).
EC7	The supervisor cooperates and collaborates with relevant authorities in deciding when and how to effect the orderly resolution of a problem bank situation (which could include closure, or assisting in restructuring, or merger with a stronger institution).
Description and findings re EC7	The legal framework for crisis management and bank resolution for SIs is established under the BRRD and the SRMR. The framework defines in detail the cooperation arrangements between the ECB and the SRB during the resolution process. If the ECB determines after consulting with the SRB that the institution is failing or likely to fail, or if the ECB receives such a determination from an institution itself, the ECB must notify, inter alia, the SRB. Before it decides that an institution is failing or likely to fail, the SRB must first inform the ECB that it intends to make this determination and allow the ECB three calendar days to make an assessment. The ECB and SRB have signed an MoU, which should ensure early and effective coordination and information sharing. (MoU, between the SRB and the ECB in respect of cooperation and information exchange). At the resolution stage, the BRRD envisages certain tasks to be performed by the supervisor. The ECB will perform these tasks in accordance with the national transposition of the BRRD. For example, in case a bridge institution is set up by the resolution authority, it may submit a request for a temporary exemption of the conditions for authorization. In these cases, the ECB would grant authorization and could become the competent authority for the bridge bank.
Additional criteria
AC1	Laws or regulations guard against the supervisor unduly delaying appropriate corrective actions.
Description and findings re AC1	The ECB is required to take timely supervisory action under Article 16(2) of the SSMR. The assessors saw evidence that the SSM identified deficiencies and initiated timely corrective action through the supervisory process. This is accomplished primarily through progressive remedial measures starting with “operational acts” and culminating in the issuance of formal ECB decisions. The subsequent initiation of formal post-remediation enforcement and sanction actions is less timely. This is due to substantive and procedural legal limitations. With respect to sanctions, the ECB provided the assessors with its June 23, 2016 Guidance for the referral of suspected breaches to the ECB’s independent Enforcement Division. According to this detailed guidance, without prejudice to the adoption of any of the above-mentioned supervisory measures, JSTs and/or other business areas in charge of day-to day supervision must refer to the ECB’s independent investigating unit every identified suspected breach of prudential requirements. Breaches of quantitative prudential requirements do not entail a margin of supervisory judgement and must be referred immediately. The identification of breaches of qualitative prudential requirements may entail a margin of supervisory judgment. Those breaches shall be referred only when, based on expert supervisory judgment, the JST or the relevant business area identified non-compliance with supervisory requirements. The ECB’s independent investigating unit shall assess the referred breaches and decide whether to open a sanctioning procedure according to the criteria set out in the ex-ante Supervisory Board Guidance. In case the independent investigating unit decides to open a sanctioning procedure, it will consider the distribution of sanctioning powers between the ECB and the NCAs.
AC2	When taking formal corrective action in relation to a bank, the supervisor informs the supervisor of nonbank related financial entities of its actions and, where appropriate, coordinates its actions with them.
Description and findings re AC2	There is no express provision requiring the ECB to communicate with NCAs or other nonbank EU or national regulatory authorities when taking formal corrective action against a bank that has nonbank related financial entities supervised by it. When the NCA is an integrated supervisory authority for all regulated financial sector entities and sits at the Supervisory Board at the ECB, who approves all supervisory measures, it will be informed. In addition, in this case, the NCA members in the JSTs are generally responsible for the liaison and communication of material issues. This indirect communication process with nonbank national regulators may unnecessarily slow any coordinated response. The ECB is encouraged to develop protocols for communication with insurance and financial market regulators of nonbank entities to coordinate actions, since not all NCAs are integrated supervisors.
Assessment re principle 11	Materially Non-Compliant
Comments	The ECB uses the SREP methodology and its SEPs to identify unsafe or unsound practices at SIs at an early stage. Once deficiencies are identified, a progressive remedial process is followed. Ongoing supervision by the JSTs identifies issues and recommends specific corrective actions within defined time periods to SI management informally and in writing. Article 16.2 of the SSMR lists a broad range of authorities that permit the imposition of both affirmative obligations and significant consequences to correct deficiencies. Written communications from the JSTs are “operational acts.” These communications carry significant moral suasion weight even though they are not legally binding at this stage. The ECB’s standard practice is to escalate a matter to the ECB Supervisory Board for a formal decision if an SI does not comply with an operational act. The Supervisory Board decision is legally binding upon a SI and is enforceable, as noncompliance constitutes a breach that is subject to sanctions. Assessors saw evidence of this process working effectively in practice. The national laws of several Member States and the SSMR provide a broad range of actions that can be taken by supervisors in their respective responsibilities. Direct enforcement powers and sanctions of the ECB are limited; however, the ECB can make direct use of the enforcement powers available to NCAs, if they derive from the transposition of CRD, and request NCAs to open proceedings with a view to taking action in order to ensure that appropriate penalties are imposed for breaches of national law transposing CRDIV. When the powers available to NCAs exist only under purely national law, the ECB can instruct the NCA to use such powers. Assessors had access to evidence of such indirect actions, where the ECB instructed NCAs to apply local sanctioning powers according to the national legislation. The legal framework for enforcement and sanctions, therefore, is complex and contains substantive and procedural gaps that should be addressed to meet CP 11 standards. Assessors note the complex legal enforcement framework may make it operationally difficult and time consuming for the ECB to impose formal enforcement actions and sanctions in some countries, where some powers may not be available. In addition, CRD IV powers do not cover all breaches of the CRR. Some common breaches—such as misreporting of financial statements—are not covered by CRD transposition and therefore cannot be subject to enforcement or sanctioning measures directly by the ECB in all jurisdictions. As noted above, the ECB may impose enforcement measures and sanctions only on legal entities (SIs), but it does not have the power to directly impose enforcement measures and sanctions on natural persons. In contrast, under CRD IV Member State competent authorities are authorized to impose enforcement measures and sanctions on credit institutions as well as to members of management bodies and other individuals. In order to fully ensure deterrence and a level playing field, the ECB’s enforcement and sanctioning powers should be fully aligned to its supervisory responsibilities, including the possibility to directly impose sanctions for breaches of national law implementing EU directives and to sanction managers, and its enforcement and sanctioning toolkit should be completed with non-pecuniary measures The current lack of harmonization in the scope and approach to enforcement and sanctions results in similar breaches being addressed asymmetrically. The ECB should have a comparable authority to impose direct enforcement measures and sanctions upon individuals, as is the case with NCAs, and on entities regarding all breaches of the CRR. While the ECB has effectively used its authorities under Article 16.2 to effect necessary remedial measures at SIs, express authority to impose non-pecuniary sanctions, such as enforceable cease and desist orders with affirmative covenants, would provide an additional supervisory tool that could be used in appropriate circumstances. The ECB initiated 44 sanctioning cases since 2015 as of year-end 2016. The ECB should consider measures to reduce the backlog of the 35 remaining sanctioning cases. It is noted that only two matters were brought to a successful conclusion during this period and that only three cases were referred to NCAs to open proceedings under national law. https://www.bankingsupervision.europa.eu/banking/sanctions/html/index.en.html. The assessors were shown a detailed schematic of the ECB’s enforcement and sanction process. It is complex and may involve a high level of coordination with NCAs. Streamlining the process and procedures could result in a timelier resolution of referred breaches.
Principle 12	Consolidated supervision. An essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide.67
Essential criteria
EC1	The supervisor understands the overall structure of the banking group and is familiar with all the material activities (including nonbanking activities) conducted by entities in the wider group, both domestic and cross-border. The supervisor understands and assesses how group-wide risks are managed and takes action when risks arising from the banking group and other entities in the wider group, in particular contagion and reputation risks, may jeopardize the safety and soundness of the bank and the banking system.
Description and findings re EC1	The ECB is the competent authority under the CRD and the SSMR to carry out a SREP and to take decisions for SIs. Supervision is conducted at the consolidated, sub-consolidated, and single-entity levels within a group unless an entity has been waived from supervision on an individual basis in accordance with Articles 7, 8, 10 of the CRR. In case of a financial conglomerate, the SREP decisions also take into account the outcome of the supplementary supervision as required by FICOD. This means that the supervisor must understand both the group-wide view as well as gain an understanding of all material activities conducted by the various entities within the group. To achieve this goal in case s where supervision has not been waived, the ECB carries out a SREP. Consolidated supervision generally consists of the following elements: the day-to-day supervision of each supervised group is carried out by a JST, comprised of staff from both the ECB and NCAs and coordinated by an ECB JST coordinator; supervision at the consolidated level is carried out by the JST with a high degree of involvement of ECB staff; solo/sub-consolidated supervision of parent companies, banking subsidiaries, and significant branches follows the same supervisory model as consolidated supervision, but with greater involvement by the local JST members. For solo/sub-consolidated supervision of subsidiaries and branches established in non-participating Member States, the model used is based on the supervisory college framework as set out in the CRD. For solo/sub-consolidated supervision of subsidiaries and branches established in third countries (outside the EU), the model is based on MoUs, and if possible on colleges as set out in CRD IV. If the parent entity is established in a non-Euro Area Member State or third country, the JSTs conduct sub-consolidated/solo supervision on the entities established in the participating Member-States. For SIs, the JSTs conduct the SREP in accordance with the SSM methodology and ensure compliance with the requirements of CRD IV and the CRR. The interaction between consolidated and sub-consolidated/single entity supervision is mainly relevant for large cross-border credit institutions. The model adopted by ECB banking supervision is designed for those institutions but, in principle, can also apply to smaller cross-border groups. For unconsolidated and consolidated supervision, a matrix model applies under which NCA staff remain employed in their own institutions, although for the fulfilment of the JST tasks, a reporting line exists with the JST coordinator, who is able to give instructions to all JST members for the purpose of internal coordination. In addition, sub-coordinators can be used to efficiently manage the JST and to facilitate cooperation with the NCAs. The assessors met with JST team members of consolidated banking groups with numerous subsidiaries and foreign subsidiaries or operations to get a practical understanding of the ECB’s supervisory approach to consolidated entities. The SSM Supervisory Manual Chapter 7 on Conglomerates, and relevant supervisory analysis, reviews and other materials were provided to the assessors. Consolidated supervision Consolidated supervision builds on the findings of sub-consolidated or single entity (i.e., solo) supervision. The model adopted is depicted schematically in Figure 1 below. View Full Size Consolidated Supervision Citation: IMF Staff Country Reports 2018, 233; 10.5089/9781484369715.002.A001 Download Figure Download figure as PowerPoint slide Consolidated supervision is at the center of SSM supervision. The role of the JST coordinator is pro-active. The JST coordinator utilizes ECB delegated experts and NCA experts directly. He or she can, on his or her own initiative, also direct the sub-coordinator of the parent company to manage or perform specific tasks. The core JST also plays a role in consolidated supervision with respect to information exchange and the organization of work. It reviews the consolidated assessment, taking into account the results of the analysis at national level, and acts as a first level of mediation in case of conflict between NCAs or between NCAs and the ECB. View Full Size Download Figure Download figure as PowerPoint slide The respective sub-coordinator, as the competent organizational manager for the parent-company NCA staff in the JST, is involved in discussions on strategic issues related to the supervisory program. The JST coordinator liaises with him or her on important supervisory decisions, such as SREP decisions. The experts working on consolidated supervision are ECB supervisors, supervisors from the previously responsible authority for the parent company, and supervisors responsible for material subsidiaries. In order to successfully avoid competing teams and potential overlap between ECB and NCA supervisors, they are organized as one cross-border team. Solo/sub-consolidated supervision The role of the sub-coordinators is more prominent regarding solo and sub-consolidated supervision. The JST coordinators, however, retain the right to have direct contact with the employees working in sub-consolidated or single entity supervision at the national level. Together with their team, they have the main role in the planning for and preparing the necessary supervisory activities. In the case of the parent entity and material subsidiaries, the teams can be supported by ECB staff also working at the national level. Figure 2: Solo/sub-consolidated supervision Risks arising from participation in consolidated entities that are not supervised as credit institutions by ECB banking supervision (i.e., supervised by other authorities such as insurance supervisors, financial market regulators, or not supervised at all) are also considered. Financial conglomerate The SREP for a financial conglomerate, established on the basis of the FICOD criteria, includes an assessment of the potential impact of nonbanking activities on the banking part of the group, its risk profile of the group, its profitability, and its capital and liquidity position, and assesses the overall situation at the conglomerate level. During the assessment, JSTs need to understand the risks from nonbanking activities (e.g., underwriting risk and the mitigation of this risk are specific to insurance entities), and the mechanisms through which these activities could affect the credit institution part of the conglomerate. This assessment, and the issuance of any requirements arising from it, takes place at the end of the process. The conglomerate approach takes into account the different sectoral regulations. In cases where a mixed financial holding company (MFHC) is subject to equivalent provisions under CRD IV and FICOD, there is the option to apply only the provisions of FICOD to the MFHC. Decisions are made on a case-by-case basis (see Articles 4, 108(3) and 120 of CRD IV). Because separate regulatory requirements exist for each sector, groups may have separate risk databases for banking, insurance, and other activities. The lack of common databases may make it more difficult for both management and the JSTs to fully understand the risks to the consolidated group and may impede effective consolidated supervision. Some consolidation of risks is, however, performed at group level and is presented in groups’ internal risk dashboards. As coordinator, the ECB may receive the conglomerate’s data from the supervised banking entity. If banking, nonbanking and other risks are managed in a fully integrated manner by the supervised institution, the information provided may be used in the assessment. The ECB may also receive information from the competent insurance supervisors. FICOD provides that the competent authorities are responsible for the supervision of regulated entities in a financial conglomerate and the competent authority appointed as the coordinator should share information which is essential or relevant for the exercise of the other authorities’ supervisory tasks under the sectoral rules and FICOD. Supervisory intensity The proper allocation of supervisory work between the “central” parent/group and the “local” subsidiary/sub-consolidated level requires, as a precondition, a thorough awareness of the group’s structure, business model(s) and operational features. The assessors were provided several examples of the ECB’s analysis of a banking group’s structure and its management of group-wide domestic and cross-border risks. The axis to bear in mind while mapping the group’s perimeter includes, as a minimum, the following: (a)Degree of relevance of the subsidiary/sub-consolidated group: “Relevance” indicates the importance that a given subsidiary/sub-consolidated group has within the significant group it belongs to. There are different quantitative indicators deemed suitable to measure “relevance,” such as percentage of total assets, income contribution, contribution to the consolidated capital requirements, risks, etc. Qualitative information may be considered as well, as in the case where a local subsidiary manages an important production process or business area within the group (e.g., subsidiaries managing the credit card business or the custodian bank function) or develops complex activities. (b)Degree of significance of the subsidiary/sub-consolidated group: “Significance” indicates the importance that a given subsidiary/sub-consolidated group holds in the local market, for example in terms of market share of loans, deposits, etc. As is the case for the relevance criterion, significance may also be assessed on the basis of qualitative information; for example, a subsidiary may be considered locally significant if it manages a “core” infrastructure in the local payment system. There may, of course, be cases where the statuses of significance and relevance do not correspond to each other. (c)Degree of centralization/decentralization of strategy, business, operations, risk governance and controls: Institutions’ organization structures exhibit different degrees of centralization or decentralization. Situations may exist where the parent company plays a considerable role in setting strategies, providing binding business guidelines, managing and controlling risks, and providing operational and support services (e.g., IT, accounting, back-up and central processing services, etc.). On the other hand, there are cases where the local subsidiaries/sub-consolidated entities enjoy greater autonomy when following the guidelines and principles issued by the parent company. Therefore, knowing the degree of centralization opted for is of key importance in defining the supervisory model to be adopted on a solo basis. Indeed, the higher the degree of centralization, the less significant the contribution to the analysis on a solo basis, at least potentially, and vice-versa. (d)Level of perceived risk: The level of risk of the subsidiary/sub-consolidated group being assessed has to be taken into account in defining the intensity of supervision, based on the principle that entities deemed to be particularly risky within cross-border groups can have potentially destabilizing effects—at least on a reputational level—on the group as a whole. This mapping is an important part of the supervisory planning process and in principle allows for the identification of two subsets of subsidiaries/sub-consolidated groups: those which are significant and/or relevant and/or more autonomous and/or riskier (material subsidiaries). This subset of entities warrants a level of supervisory intensity comparable to that applied at the consolidated level; the remaining entities (non-material subsidiaries), for which the supervisory intensity may be lower. The mapping, to be performed along the aforementioned dimensions, is the JST’s responsibility supported by DG MS IV and NCAs where needed. An annual review of the mapping is carried out by the JST coordinator, who requests updates from the NCAs. The objective of the assessment of business model viability indicators on a consolidated level is to assess viability by means of a quantitative analysis of several risk indicators at the consolidated level, and a comparison to peers. Taken together, these and other indicators should give the analyst a full picture of the real and concrete strategy pursued by the bank and the key metrics regarding profitability at the consolidated level. The consolidated annual accounts of at least the past three years, and the most recent monthly/quarterly management reports for the current year budget (including year-to-date realization) should be used. All available information from FINREP and COREP, data and indicators available in IMAS as well as SNL data will form the starting point of the analysis. A bank should be able to provide detailed bottom-up forecasts of performance for the short-to-medium term (one to three years) and, at least, top-down forecasts for the longer term (two to five years). The assumptions used by the bank to generate forecasts for key drivers should be identified and understood. These are usually found in the bank’s strategic assessment and planning documents and Board papers/documents regarding strategic and financial planning. It is necessary to distinguish between assumptions applied at the consolidated level and assumptions applied to business lines. Additional objectives have been established with regard to cross-sector supervision of financial conglomerates, which requires specific institutional arrangements (including at the national level when there is distinct sector supervision). Within the EU, cooperation among sector supervisors is governed by FICOD, which provides the framework for the supplementary supervision of credit institutions, insurance undertakings, and investment firms in a financial conglomerate. This supplementary supervision is understood as supervision that does not substitute the sectorial supervision but builds on it and addresses those risks that stem from the activities of a group in the other financial sectors. Supplementary supervision addresses the “Five Cs”: (i)Capital adequacy at group level (i.e., avoidance of “double gearing” across the sectors); (ii)Contagion (i.e., supervising intra-group transactions); (iii)Concentration (i.e., supervising risk concentration across business lines); (iv)Conflict of interest (i.e., issues with respect to corporate governance); (v)Complexity. For cooperation with other authorities please refer also to BCP 3.
EC2	The supervisor imposes prudential standards and collects and analyses financial and other information on a consolidated basis for the banking group, covering areas such as capital adequacy, liquidity, large exposures, and exposures to related parties, lending limits, and group structure.
Description and findings re EC2	Prudential standards established by the CRR/CRD (Pillar 1 and Pillar 2 requirements) are imposed at the consolidated, sub-consolidated and individual basis. According to the CRR: (a)’consolidated situation’ means the situation that results from applying the requirements of this Regulation in accordance with Part One, Title II, Chapter 2 to an institution as if that institution formed, together with one or more other entities, a single institution; (b)‘sub-consolidated basis’ means on the basis of the consolidated situation of a parent institution, financial holding company or MFHC, excluding a sub-group of entities, or on the basis of the consolidated situation of a parent institution, financial holding company or MFHC that is not the ultimate parent institution, financial holding company, or MFHC. Articles 11, 13, and 14 of the CRR state that parts 2 (Own Funds), 3 (Capital requirements), 4 (Large Exposures), 5 (Exposures to Transferred Risk), 6 (Liquidity), 7 (Leverage), and 8 (Disclosure) are to be complied with on a consolidated basis. For large exposures, Article 11(1) of the CRR stipulates that parent institutions in a Member State of the EU shall comply, to the extent and in the manner prescribed in Article 18 of the CRR, with the large exposures obligations laid down in Part Four of the CRR on the basis of their consolidated situation. According to Article 11(1) of the CRR, the parent undertakings and their subsidiaries set up a proper organizational structure and appropriate internal control mechanisms in order to ensure that the data required for consolidation are duly processed and forwarded. In particular, they ensure that subsidiaries which are not subject to the CRR implement arrangements, processes, and mechanisms to ensure a proper consolidation. With respect to parent financial holding companies, Article 11(2) of the CRR stipulates that institutions controlled by a parent financial holding company or a parent MFHC in a Member State of the EU shall comply, to the extent and in the manner prescribed in Article 18 of the CRR, with the large exposure obligations laid down in Part Four of the CRR on the basis of the consolidated situation of that financial holding company or MFHC. Article 6 of the CRR states that parts 2 (Own Funds), 3 (Capital requirements), 4 (Large Exposures), 5 (Exposures to Transferred Risk), 6 (Liquidity), 7 (Leverage), and 8 (Disclosure) are to be complied with on individual basis, unless waivers under Article 7, 8, or 10 apply. CRR provisions on reporting in Articles 99–100 (reporting on own funds on consolidated basis based on accounting standards), 394 (large exposures), 415–416 (liquidity), 430 (leverage), as specified by the EBA’s ITS on reporting, require that information shall be reported on both a solo and consolidated basis, unless a waiver from reporting on a solo basis under articles 7, 8, or 10 applies. The ECB has adopted Regulation (EU) 2015/534 of March 17, 2015 on reporting of supervisory financial information (See CP 10). The regulation lays down the requirements regarding reporting on supervisory financial information to be submitted to NCAs and the ECB by supervised banks. This reporting includes information on balance sheet items such as financial assets, nonperforming exposures (NPEs), and financial liabilities as well as on income and expenses such as impairment due to credit losses. CP 12 EC 1 applies regarding the supervision of the different levels of institutions. The supervisor collects and analyses information on a consolidated basis for the banking group covering various business areas. When assessing this information for the banking group, the supervisor ‘maps’ several components. This model used is complemented by a detailed centrally coordinated planning process that defines the supervisory priorities and the level of involvement of the JSTs, the ECB staff and the level of assistance provided by the NCA within the JSTs for all major supervisory tasks to be carried out (See EC 1). The ECB provided the assessors examples of its consolidated financial review and analysis of banking groups’ capital, liquidity, concentrations, exposures to related parties, lending limits, and group structure. The materials included ECB “operational act” onsite inspection letters and subsequent correspondence following up on specified recommendations.
EC3	The supervisor reviews whether the oversight of a bank’s foreign operations by management (of the parent bank or head office and, where relevant, the holding company) is adequate having regard to their risk profile and systemic importance and there is no hindrance in host countries for the parent bank to have access to all the material information from their foreign branches and subsidiaries. The supervisor also determines that banks’ policies and processes require the local management of any cross-border operations to have the necessary expertise to manage those operations in a safe and sound manner, and in compliance with supervisory and regulatory requirements. The home supervisor takes into account the effectiveness of supervision conducted in the host countries in which its banks have material operations.
Description and findings re EC3	The ECB has implemented a group-wide supervisory approach when assessing management’s oversight of its foreign operations. The supervisor gathers all relevant information concerning the risk management and internal governance on a group-wide level, while risk category specific areas are covered by the related methodological documents on the individual risk categories. The results from those assessments feed into the reliability assessment for capital and liquidity determinations. In the case of home/host relationships, the coordination and cooperation, including exchange of information, is organized through the colleges of supervisors. Additional information on the effectiveness of supervision conducted in the host countries in which its banks have material operation is found in CP 13. The assessors were provided with sample supervisory reviews of the adequacy of SI groups’ oversight of their foreign operations. The ECB actively assesses SIs’ oversight of foreign operations. Resources and the intensity of supervisory activity are based upon risk and systemic importance (See EC1). The sample of onsite “operational act” letters assessed internal governance, risk management, compliance, internal audit, and financial activities at the entities’ foreign operations.
EC4	The home supervisor visits the foreign offices periodically, the location and frequency being determined by the risk profile and systemic importance of the foreign operation. The supervisor meets the host supervisors during these visits. The supervisor has a policy for assessing whether it needs to conduct onsite examinations of a bank’s foreign operations, or require additional reporting, and has the power and resources to take those steps as and when appropriate.
Description and findings re EC4	The legal basis for ECB onsite inspections is Article 12 of the SSMR and Title 5 of the SSMFR. The ECB is empowered, based on an ECB decision, to conduct all necessary onsite inspections at the business premises of the legal persons referred to in Article 10(1) of the SSMR and any other undertaking included in supervision on a consolidated basis where the ECB is the consolidating supervisor. Colleges of supervisors are the primary vehicles for cooperation and coordination among the authorities responsible for and involved in the supervision of the different components of cross-border banking groups (see CP 13). The assessors reviewed several agendas and minutes of supervisory college meetings where entities with cross borders operations were discussed with home/host supervisors. Topics discussed included supervisory findings, financial results, organizational changes, business model changes, and substantive international policy issues. The supervisory colleges are maturing.
EC5	The supervisor reviews the main activities of parent companies, and of companies affiliated with the parent companies, that have a material impact on the safety and soundness of the bank and the banking group, and takes appropriate supervisory action.
Description and findings re EC5	The ECB has the authority and responsibility to understand and assess the risks of cross-border companies and subsidiaries (See CP13 EC 1, EC 3, and EC 4). Additional information on the supervision of nonbanking activities within a financial conglomerate is found in EC 2. Information on cooperation and the supervision of parent companies is found in EC 5 and EC 8 of CP 8. The assessors note that the SSM framework requires supervisors to review the activities of companies affiliated with parent companies which may have an impact on the safety and soundness of the group only in the case these are classified as “institutions,” i.e., have an investment firm or credit institution license. This EC refers to activities of companies affiliated with parent companies, which may not be supervised entities at all. The lack of authority to review such activities in national law may hinder the ECB’s ability to assess whether such parent’s activities may have a material impact on the safety and soundness of the bank and the banking group and its ability to take appropriate supervisory action if warranted. The ECB’s ability to rely on national law is limited to the extent that not all Member States have enacted laws that permit the NCA to review and limit or restrict a parent company and their affiliates’ activities or to require divesture.
EC6	The supervisor limits the range of activities the consolidated group may conduct and the locations in which activities can be conducted (including the closing of foreign offices) if it determines that: (a)the safety and soundness of the bank and banking group is compromised because the activities expose the bank or banking group to excessive risk and/or are not properly managed; (b)the supervision by other supervisors is not adequate relative to the risks the activities present; and/or (c)the exercise of effective supervision on a consolidated basis is hindered.
Description and findings re EC6	Article 16(2) of the SSMR grants the ECB supervisory authorities over consolidated entities of a credit institution. It is empowered to ensure compliance with applicable substantive requirements on own funds, securitization, large exposure limits, liquidity, leverage, and reporting and disclosure. It also governs internal governance, including fit-and-proper requirements for the persons responsible for the management of credit institutions, risk management processes, internal control mechanisms, remuneration policies and practices and effective ICAAP, including IRB models. Based upon SREP, the ECB may require an increase in the own funds and liquidity held by a consolidated group to ensure sound management and coverage of its risks. The ECB can exercise, among others, the following powers: to restrict or limit the business, operations or network of institutions or to request the divestment of activities that pose excessive risks to the soundness of an institution and to require the reduction of the risk inherent in the activities, products and systems of institutions (see CP 8, EC3). The ECB’s ability to rely on national law is limited to the extent that not all Member States have enacted laws that permit the NCA to limit or restrict a parent company and their affiliates’ activities or to require divesture. In addition, the ECB has the power to grant authorization to take up business as a credit institution (licensing); if the applicable national law allows, when issuing the decision, the ECB can limit the range of activities that are conducted and the locations in which they can be conducted within the consolidated group and of individual institutions. The aim of an authorization assessment is to ensure that applying entities meet relevant requirements, in particular on governance, conduct of business, prudential requirements and business model (program of operations), and fulfil the applicable national requirements. The assessment consists of a detailed review and evaluation of the information in the application and other documentation requested by the NCA. Another power of authorization the ECB has regards the use as a remedial measure. An authorization may be withdrawn by the ECB on its own initiative (or on basis of a proposal from the NCA of the participating Member State where the credit institution is established).
EC7	In addition to supervising on a consolidated basis, the responsible supervisor supervises individual banks in the group. The responsible supervisor supervises each bank on a standalone basis and understands its relationship with other members of the group.68
Description and findings re EC7	The ECB, in addition to supervising on a consolidated basis, also supervises on the individual level in the group in order to gain a better understanding of the group dimension. Within the SREP, the various assessments are performed at different frequencies, through MELs which can be fine-tuned by the SEP for each individual institution. This allows the supervisor to assess institutions on a stand-alone basis and these assessments are then consolidated into a single SEP (See CP12 EC1–EC2).
Additional criteria
AC1	For countries which allow corporate ownership of banks, the supervisor has the power to establish and enforce fit-and-proper standards for owners and senior management of parent companies.
Description and findings re AC1	Only general criteria exist under Article 23 of CRD IV to assess the suitability of a corporate acquirer (See EC 5). There are no express fit-and-proper requirements for owners/senior managers of the corporate/legal person which has acquired the bank unless those persons “will direct the business of the credit institution as a result of the proposed acquisition.” Any requirements for non-regulated entity ownership and their managers are defined at national level. Holding companies are not required to be authorized under EU law.
Assessment of Principle 12	Largely Compliant
Comments	The ECB is the consolidated supervisor for all SIs. The ECB utilizes its SREP and SEP programs to monitor consolidated parents and affiliates and applies its prudential standards to all aspects of the business conducted by the banking group worldwide to the extent permitted by law. The assessors note that the lack of integrated data systems and different regulatory reporting requirements between banking and other regulated financial activity may impede effective consolidated supervision (See EC1). The availability of a unique, universal, and permanent identifier for each legal entity client is a fundamental prerequisite for the correct identification of the perimeter of banking group. As recommended by the EBA, competent authorities should request that all institutions under their supervisory remit that are subject to reporting obligations obtain Legal Entity Identifier (LEI) codes for themselves and for all entities within their group on which information is required under their reporting obligations. In an elaboration on a sample of 29 SIs, 6 of these had, on average, two-thirds of the financial entities within their group not identifiable through a LEI. The SSM framework requires supervisors to review the activities of companies affiliated with parent companies which may have an impact on the safety and soundness of the group only in the case these are classified as “institutions,” i.e., have an investment firm or credit institution license. The assessors note that a gap may exist with the activities of certain affiliates and parent companies, which may not be supervised entities at all, although CRD (Articles 119(3) and 122) set forth rules on requests on information and inspections for certain unregulated subsidiaries and parents. The lack of authority to review or directly regulate such activities in national law may hinder the ECB’s ability to assess whether such parent’s activities may have a material impact on the safety and soundness of the bank and the banking group and its ability to take appropriate supervisory action if warranted. The ECB’s ability to rely on national law is limited to the extent that not all Member States have enacted laws that permit the NCA to review and limit or restrict a parent company and their affiliates’ activities or to require divesture. The assessors also note that potential gaps in the ECB’s fit-and-proper supervisory authority may exist where there is corporate ownership of the group and there is no governing national law. The ECB is the lead supervisor for 27 financial conglomerates under FICOD. Article 2(15) of Directive 2002/87defines an MFHC as a “parent undertaking, other than a regulated entity, which, together with its subsidiaries (…), constitutes a financial conglomerate.” Although a MFHC may be part of the banking consolidation perimeter and subject to banking consolidated supervision, MFHCs do not require authorization from regulators. This may imply a constrained capacity to identify related parties, or nonfinancial entities that may impact conglomerates and as a practical matter include them in the supervisory perimeter. Thresholds for conglomerate definition also are based on fixed percentages of balance sheet and do not include off-balance-sheet assets and provide no supervisory discretion to include other assets or to deem a group a conglomerate based on risk. There is no framework for the resolution of an international conglomerate, which may impede its orderly resolution.
Principle 13	Home-host relationships. Home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisors require the local operations of foreign banks to be conducted to the same standards as those required of domestic banks.
Essential criteria
EC1	The home supervisor establishes bank-specific supervisory colleges for banking groups with material cross-border operations to enhance its effective oversight, taking into account the risk profile and systemic importance of the banking group and the corresponding needs of its supervisors. In its broadest sense, the host supervisor who has a relevant subsidiary or a significant branch in its jurisdiction and who, therefore, has a shared interest in the effective supervisory oversight of the banking group, is included in the college. The structure of the college reflects the nature of the banking group and the needs of its supervisors.
Description and findings re EC1	The ECB is the exclusive competent authority for the supervision of SIs. Rather than establishing colleges of supervisors for Member State NCAs, the SSM has integrated the NCAs into the supervision of SIs through its JSTs. JSTs are set up for all SIs in those EU Member States which participate in the SSM. According to Article 3 of the SSMFR, each JST must be composed of staff members from the ECB and from the NCAs, including NCBs where the NCA is not a central bank but cooperates with the NCB in supervision based on national law. The composition of the JSTs integrates pan-European and national perspectives into the supervision of SIs. The ECB establishes colleges of supervisors for subsidiaries of SIs located outside the SSM, with the relevant NCAs and other third-country supervisors to facilitate the exchange of information, to coordinate supervisory activities and to ensure a consistent application of prudential requirements. (The ECB chairs the college of supervisors as consolidating supervisor.) In this case, NCAs participate in the colleges as observers. Supervisory college tasks are performed at least on an annual basis (See Article 116 of CRD IV). The ECB currently participates in 45 supervisory colleges and, as the consolidating supervisor, is responsible for the operation of 26 of these colleges. The ECB’s 2017 Report on the SSM noted that supervisory colleges are viewed as particularly important where the ECB is host supervisor for subsidiaries of groups headquartered outside the Euro Area or for non-Euro Area branches that are considered SIs (See CP3). The participation of third-country authorities in EU colleges depends upon the evaluation of the equivalence of their confidentiality regime to the EU confidentiality regime. Under CRD IV, members of the colleges are to reach an agreement on equivalence. The ECB has confirmed its compliance with the EBA Recommendations on the equivalence of confidentiality regimes. The decision on college membership or observer status of supervisory authorities is based on a mapping exercise. This identifies the entities (subsidiaries, branches, other financial sector entities) of a cross-border banking group and it determines and notes the significance of these entities for the local markets and the group. The EBA is invited as a college member. Members of the colleges may include the competent authorities responsible for the supervision of subsidiaries of an EU parent institution or of an EU parent financial holding company or of an EU parent MFHC, and the competent authorities of host Member States where significant branches as referred to in Article 51 of CRD IV are established, as well as ESCB central banks of Member States that are involved in accordance with their national law in the prudential supervision of the legal entities but which are not competent authorities. Competent authorities of host EU Member States where nonsignificant branches are established, and third-country supervisory authorities (from countries which are not EU Member States) and other relevant authorities may be invited to participate in the colleges as observers. The ECB invites potential members and observers to the college. Membership and observer status is acquired upon acceptance of the invitation. College members discuss and agree on the scope and level of involvement of observers, if any, in the college. Colleges are structured depending on the size of the banking group and its activities. All college members and observers attend a general or European College, which is the basic form for colleges. If needed, other possible college structures besides the European College are the Core College (no third-country supervisors, supervisors of the most important group entities attending), the Crisis Management Group and Cross Border Stability Groups (see EC 5), Resolution Colleges, as well as subgroups depending on the specific needs (for instance, Liquidity Subgroup). A list of the SSM’s supervisory colleges was provided to the assessors. The establishment and the operating framework for supervisory colleges are detailed in WCCAs, which specify arrangements for information exchange and cover observers’ participation in the college. The ECB establishes regular cooperation with college members that can take the form of meetings (at least annually) or other activities. Sample agendas of European and core supervisory college meetings with relevant Member State and third country supervisors were provided to the assessors. Where the ECB acts as host supervisor, it participates in the college as a member. Depending on the ultimate decision of the home supervisor, the JST’s NCAs participate as observers. Finally, NCAs participate in the colleges as observers (Article 9(1) of the SSMFR).
EC2	Home and host supervisors share appropriate information on a timely basis in line with their respective roles and responsibilities, both bilaterally and through colleges. This includes information both on the material risks and risk management practices of the banking group69 and on the supervisors’ assessments of the safety and soundness of the relevant entity under their jurisdiction. Informal or formal arrangements (such as MOUs) are in place to enable the exchange of confidential information.
Description and findings re EC2	As a principle, the ECB shares relevant information on SIs on a regular and on an ad hoc basis with other supervisory authorities. This includes, but is not limited to, phone calls, emails, and meetings, and is done in either a bi-lateral or multilateral setting. Colleges of supervisors are an important forum for the exchange of information, as explained below. This principle is applied independently from the role of the ECB as being either home or host supervisor, respectively. In the European context, as required by Article 117 of CRD IV, the ECB cooperates closely with other supervisory authorities and facilitates the sharing of relevant information for the exercise of supervisory tasks. In its capacity as consolidating supervisor for SIs, the ECB established a framework for the exchange of information in going concern and emergency situations governed by a college-specific WCCA (Article 115 of CRD IV). Under the WCCA framework, the ECB coordinates the gathering and dissemination of relevant information in going concern and emergency situations with other supervisory authorities, as well as oversight bodies, who participate in the college. The authorities supply one another with the necessary information on management and ownership of the institutions they supervise and additional information that is useful to facilitate their monitoring (Article 55 of CRD IV). Information sharing is particularly relevant to liquidity, solvency, deposit guarantee, large exposures, administrative and accounting procedures, internal control mechanisms, and other factors that may influence the systemic risk posed by such institutions. The same arrangements are in place where the ECB acts as the host supervisor and relevant information is shared with the home supervisor accordingly. Within colleges, the ECB and the members of the college exchange all information necessary to facilitate the exercise and coordination of supervisory activities and the joint decisions on institution-specific prudential requirements (Articles 112 and113 of CRD IV). All essential information is exchanged regardless of whether received from a group entity, a competent or supervisory authority or any other source. This information exchange is adequate, accurate, and timely, thereby enabling and facilitating the efficient, effective, and full performance of the supervisory tasks of the college members. Information sharing is subject to the confidentiality regime of Article 54 of CRD IV, which mandates that the competent authorities receiving confidential information shall only use this information in furtherance of their official duties (e.g., when imposing penalties). The assessors reviewed examples of the ECB’s coordinated supervision plans with foreign supervisors. Competent authorities may transmit to monetary authorities and authorities overseeing payment systems information that is related to their role and function. The sharing of information on the liquidity of SIs is particularly important in the case of weak or troubled SIs. The information normally exchanged includes the outcomes of the SREP and a set of commonly agreed indicators. Some NCAs had entered into MoUs with non-SSM Member States and third countries prior to the SSM’s creation. In order to ensure continuity with the cooperation framework and supervisory practices before the SSM, the ECB under “step in” arrangements became a principal in the MoUs that individual NCAs already had in place with some third country authorities. As of September 2017, the ECB has become part of the MoUs and similar arrangements that 49 third countries had in place. Executing an MoU can be a lengthy process. The ECB has not finalized agreements with all international supervisors of globally significant banking institutions. Coordination and cooperation with these supervisors only exists under ad hoc arrangements. The ECB should strive to conclude these international MoUs as quickly as possible (See CP 3).
EC3	Home and host supervisors coordinate and plan supervisory activities or undertake collaborative work if common areas of interest are identified in order to improve the effectiveness and efficiency of supervision of cross-border banking groups.
Description and findings re EC3	Under the WCCA framework, the ECB and the members of the college discuss and agree on the content of the college SEP that contains at least: (i) the areas of joint work identified as a result of the SREP or as a result of any other colleges activities undertaken; (ii) the areas of focus of the college’s work and its planned supervisory activities, including ongoing activities, onsite inspections and internal model investigations; (iii) the respective SEPs of the consolidating supervisor and the members of the college; (iv) the members of the college responsible for undertaking the planned supervisory activities; and (v) the expected timelines, both in terms of timing and duration. As a host supervisor, the ECB shares and discusses its SEP with the home supervisor. Planned activities and onsite missions are discussed on a college level as well as bilaterally. Where relevant, the home supervisor may participate as an observer or as an additional resource in scheduled missions. Furthermore, through the establishment of MoUs with third country authorities (non-EU), the ECB also manages its relationship with the third-country supervisors/regulators that participate in the colleges as observers (See CP3).
EC4	The home supervisor develops an agreed communication strategy with the relevant host supervisors. The scope and nature of the strategy reflects the risk profile and systemic importance of the cross-border operations of the bank or banking group. Home and host supervisors also agree on the communication of views and outcomes of joint activities and college meetings to banks, where appropriate, to ensure consistency of messages on group-wide issues.
Description and findings re EC4	In the case of SIs, the ECB has established a college communication policy with the college participants and sets this out in a WCCA. The communication policy includes the scope, frequency, and channels of communication. Under this policy, the ECB is responsible for communicating, including requesting information, with the EU parent undertaking. The other members of the college are responsible for communicating, including requesting information, with the EU institutions and EU branches within their supervisory remit. This applies to the outcomes of joint activities and college meetings, which are communicated to the parent undertaking by the consolidating supervisor, whereas host supervisors convey these messages to the entities under their respective supervision. As regards information sharing and communication among the involved authorities, the ECB established an on-going information sharing regime for SIs. For this purpose, the ECB maintains and shares with the competent authorities of a host Member State an up-to-date list for each institution containing the relevant contacts, including emergency contacts, for exchange of information (Article 4 of the CRR). College meetings are held at least annually. For significant banks, semi-annual meetings are routinely scheduled. In addition, the college holds conference calls to exchange the information specified in EC 2. Written information is exchanged via secured emails and secure supervisory college websites.
EC5	Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities, develops a framework for cross-border crisis cooperation and coordination among the relevant home and host authorities. The relevant authorities share information on crisis preparations from an early stage in a way that does not materially compromise the prospect of a successful resolution and subject to the application of rules on confidentiality.
Description and findings re EC5	Within the Euro Area, the framework for cross-border crisis cooperation and coordination among home and host authorities for the management of a cross-border financial crisis has been significantly improved because of the creation of the SSM and the SRM, as well as the adoption of the BRRD. A December 22, 2015 MoU between the ECB and the SRB established a framework for cooperation and information exchange. The ECB also provided evidence that it responded to the SRB consultations on draft group resolution plans pursuant to their MoU. The ECB participates as home or host authority for significant banking groups in supervisory colleges, which provide the framework for cooperation and coordination between competent authorities both in normal times and in crises situations. In the college framework, the assessment of recovery plans, early intervention measures and the overall planning of the supervisory response of home and host authorities in preparation for and during emergency situations is performed in a coordinated way. The specific procedures for the planning and coordination of supervisory activities in preparation for and during emergency situations, including the minimum set of information to be exchanged during an emergency, are laid out in WCCAs for each college. These WCCAs also include provisions regarding the framework for providing coordinated input to the resolution college. Such a framework addresses, inter alia, the group resolution plans, the assessment of the group resolvability, and powers to address or remove impediments to the group resolvability, as set out in the BRRD. With specific reference to cross-border crisis cooperation and coordination, the ECB has concluded and is in the process of negotiating a number of MoU, stepping-in arrangements and other agreements for establishing frameworks for the exchange of information in connection with their respective supervisory responsibilities with foreign authorities (See CP 3). The ECB, together with the competent authorities of subsidiaries and of significant branches, review the group recovery plan in the framework of the college. The assessment of the recovery plan is made in accordance with the procedure established in Articles 6 and 8 of the BRRD through a joint decision process. This assessment also involves input from the appropriate resolution authority on potential actions in the recovery plan that may adversely impact the resolvability of the institution. In an emergency, the ECB, when acting as a consolidating supervisor, coordinates the assessment of the emergency in cooperation with the members of the college. The ECB, and the members of the college that supervise group entities that are affected or likely to be affected by the emergency, monitor and exchange information on the implementation of the coordinated supervisory response, and coordinate to the extent possible their external communications. Regarding coordination of early intervention measures, where the conditions for early intervention or the appointment of a temporary administrator are met in relation to a group, the ECB, as a consolidating supervisor, consults the other competent authorities within the supervisory college and notifies the college of any early intervention measures (See, respectively, Articles 27 and 29 of the BRRD). Where the conditions for early intervention or the appointment of a temporary administrator are met in relation to a subsidiary for which the ECB is a host authority, the ECB consults the consolidating supervisor on any measure it intends to take. A general principle under the BRRD and CRD IV is that competent and resolution authorities should cooperate with each other to ensure that decisions are made, and actions taken in a coordinated and efficient manner. Once the ECB has determined that the preconditions for early intervention measures have been met in relation to an institution, relevant resolution authorities are notified without delay.70 Moreover, the ECB should inform relevant resolution authorities about any crisis prevention measures (including for example the exercise of powers to direct removal of deficiencies or impediments to recoverability and the application of early intervention powers) and any actions taken pursuant to Article 104 of CRD IV.71 Furthermore, if an emergency emerges at an institution, the ECB is required to alert the EBA, the NCB and the responsible ministry as soon as practicable and provide these authorities with all information essential for the fulfillment of their tasks.72 Where the coordinated supervisory response to an emergency is likely to be more efficient by involving the group-level resolution authority, resolution authorities of subsidiaries, or resolution authorities of jurisdictions in which significant branches are located, central banks, competent ministries, and deposit guarantee schemes, the ECB shall consider the involvement of these authorities. The ECB also participates in resolution colleges in accordance with Article 88 of the BRRD. Resolution colleges provide a framework of cooperation between the group-level resolution authority, the other resolution authorities and, where appropriate, competent authorities and consolidating supervisors concerned in order to perform the following tasks: (a) exchanging information relevant for the development of group resolution plans, for the application to groups of preparatory and preventative powers and for group resolution; (b) developing group resolution plans pursuant to Articles 12 and 13; (c) assessing the resolvability of groups pursuant to Article 16(d) exercising powers to address or remove impediments to the resolvability of groups pursuant to Article 18; (e) deciding on the need to establish a group resolution scheme (Article 91 or 92); (f) reaching the agreement on a group resolution scheme; (g) coordinating public communication of group resolution strategies and schemes; (h) coordinating the use of financing arrangements; and (i) setting the minimum requirements for groups at consolidated and subsidiary level under Article 45. In addition, resolution colleges can be used as a forum to discuss any issues relating to cross-border group resolution. The ECB also participates as home and host authority of banking groups designated as G-SIIs by the Financial Stability Board in numerous institution-specific Crisis Management Groups (CMGs) for the purposes of developing recovery plans and resolution plans for such firms (crisis preparation). Within those CMGs, the ECB has concluded cooperation agreements that govern the activities and information sharing in some CMGs. Cooperation between the ECB and the third countries is based on Article 93 of the BRRD. The Commission may submit to the Council proposals for the negotiation of agreements with one or more third countries regarding the means of cooperation between the resolution authorities and the relevant third-country authorities. The cooperation concerns, inter alia, information sharing for recovery and resolution planning. Further, Article 97 of the BRRD entrusts the EBA with concluding non-binding framework cooperation arrangements with relevant third-country authorities to promote, inter alia, information sharing needed for the development of resolution plans (See also CP 3).
EC6	Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities and relevant host authorities, develops a group resolution plan. The relevant authorities share any information necessary for the development and maintenance of a credible resolution plan. Supervisors also alert and consult relevant authorities and supervisors (both home and host) promptly when taking any recovery and resolution measures.
Description and findings re EC6	The framework for developing resolution plans is established by the BRRD and Regulation 2014/806/EU. In line with this framework, the ECB, as a competent authority, is not responsible for drafting resolution plans. In line with Articles 10 and 12 of the BRRD, the (group) resolution authority oversees drawing up (group) resolution plans, after consulting the competent authority. For SIs within the Banking Union, the SRB as the competent (group) resolution authority draws up the resolution plan and consults with the ECB. The ECB works closely with the nonbanking Union NRAs and the SRB for the development of resolution plans, but the ultimate responsibility in this respect does not rest with the ECB. Importantly, the ECB is required to cooperate with the SRB and the nonbanking Union NRAs in order to provide relevant information to them for the drawing-up of resolution plans. The actual implementation of cooperation and information exchange in this respect with the SRB is set out in the MoU between the SRB and the ECB. In accordance with Article 10 of the BRRD, resolution plans should include, quantified whenever appropriate and possible: (a) a summary of the key elements of the plan; (b) a summary of the material changes to the institution that have occurred after the latest resolution information was filed; (c) a demonstration of how critical functions and core business lines could be legally and economically separated, to the extent necessary, from other functions so as to ensure continuity upon the failure of the institution; (d) an estimation of the timeframe for executing each material aspect of the plan; (e) a detailed description of the assessment of resolvability; (f) a description of any measures required pursuant to Article 17 of the BRRD to address or remove impediments to resolvability; (g) a description of the processes for determining the value and marketability of the critical functions, core business lines, and assets of the institution; (h) a detailed description of the arrangements for ensuring that the required information for drawing up resolution plans is up to date and at the disposal of the resolution authorities at all times; (i) an explanation by the resolution authority as to how the resolution options could be financed; (j) a detailed description of the different resolution strategies that could be applied; (k) a description of critical interdependencies; (l) a description of options for preserving access to payments and clearing services and other infrastructures and an assessment of the portability of client positions; (m) an analysis of the impact of the plan on the employees of the institution; (n) a communication plan; (o) the minimum requirement for own funds and eligible liabilities and a deadline to reach that level, where applicable; (p) where applicable, the minimum requirement for own funds and contractual bail-in instruments, and a deadline to reach that level, where applicable; (q) a description of essential operations and systems for maintaining the continuous functioning of the institution’s operational processes; and (r) where applicable, any opinion expressed by the institution in relation to the resolution plan. Banking Union parent undertakings shall submit the information that may be required for the drawing up of resolution plans in accordance with Article 11 of the BRRD to the group-level resolution authority, which is responsible for sharing this information. The information provided by the group-level resolution authority to the resolution authorities and competent authorities of subsidiaries, resolution authorities of the jurisdiction in which any significant branches are located, and to the relevant competent authorities, shall include at a minimum all information that is relevant to the subsidiary or significant branch. The information provided to the EBA shall include all information that is relevant to the role of the EBA in relation to the group resolution plans. In the case of information relating to third-country subsidiaries, the group-level resolution authority shall not be obliged to transmit that information without the consent of the relevant third-country supervisory authority or resolution authority. Group-level resolution authorities, acting jointly with the resolution authorities of subsidiaries, after consulting the relevant competent authorities, including the competent authorities of the jurisdictions of Member States in which any significant branches are located, adopt resolution plans within the framework of resolution colleges. Group-level resolution authorities may, at their discretion, and subject to the necessary confidentiality requirements, involve in the drawing-up and maintenance of group resolution plans third-country resolution authorities of jurisdictions in which the group has established subsidiaries or financial holding companies or significant branches. Group resolution plans are adopted through a Joint decision of the resolution college (in line with Article 13) within four months. The ECB participates in the resolution colleges as the competent supervisor. Group resolution plans are reviewed, and where appropriate updated, at least annually, and after any change to the legal or organizational structure, to the business or to the financial position of the group including any group entity, that could have a material effect on or require a change to the plan. With respect to early intervention actions, consultation with the relevant competent authorities and for the provision of relevant information to the resolution authority is required (See EC 5).
EC7	The host supervisor’s national laws or regulations require that the cross-border operations of foreign banks are subject to prudential, inspection, and regulatory reporting requirements similar to those for domestic banks.
Description and findings re EC7	Under Article 4(2) of the SSMR, the ECB is responsible for the supervision of branches of credit institutions established in EU Member States that do not participate in the SSM. As a host supervisor, the ECB is responsible for assessing the risks, capital adequacy, and liquidity position of its supervised local entities following its own process and methodology for SREP. The ECB, as host supervisor, is also responsible for sharing all relevant and essential information with the home supervisor. Within the EU, the EU-wide application of CRD IV and the CRR ensures that, for every Member State, the operations of banks whose parent is incorporated in other Member States are subject to prudential, inspection, and regulatory reporting requirements similar to those for domestic banks. This implies, for example, that the ECB may require credit institutions that have branches under its supervision to report periodically to it on their activities (Article 40 of CRD IV). Local subsidiaries of foreign banks need to be authorized by the ECB according to national requirements (See CP 5). Foreign branches, however, are authorized by each country and observe different requirements in different jurisdictions. They are supervised by NCAs under national law. Such branches are not subject to ECB supervision regardless of their size, complexity, or interconnectedness of their operations. The cross-border operations of foreign banks, including through branches, are subject to NCA prudential and supervision requirements. If a foreign bank’s operations occur in a subsidiary that meets the definition of a SI it would be supervised by the ECB.
EC8	The home supervisor is given onsite access to local offices and subsidiaries of a banking group in order to facilitate their assessment of the group’s safety and soundness and compliance with customer due diligence requirements. The home supervisor informs host supervisors of intended visits to local offices and subsidiaries of banking groups.
Description and findings re EC8	In practice, the ECB as a home supervisor informs the host supervisor individually and via the college about planned activities/visits for the group and individual subsidiaries as relevant. This also includes, for instance, intended participation of the home supervisor as an observer or supporting resource in onsite missions conducted by the host supervisor. In the case of foreign subsidiaries and branches of a banking group where the ECB acts as the consolidating supervisor, the ECB is empowered to conduct all necessary onsite inspections at the business premises of the supervised entities based on Article 12 of the SSMR. The ECB as home supervisor carries out onsite inspections after having informed the host supervisory authorities, based on Article 52 of CRD IV. In this respect, when the ECB as home supervisor wishes to check the information concerning an institution situated in another Member State, it may ask the host supervisor to have the check carried out. The host supervisor can (but is not obliged to) allow the home supervisor to carry it out directly. In addition, the ECB can decide to have recourse to external experts when this is considered appropriate. External experts will be appointed as team members and will carry out the tasks assigned under the lead of a HoM coming from NCAs or from the ECB’s COI Division. Regarding onsite inspections in countries that do not participate in the SSM, or within countries that participate in the SSM but where the ECB acts as host supervisor, the right to inspect branches and subsidiaries would usually be granted based on MoUs (See CP 3). The ECB consults with the host authority before it visits the local offices and subsidiaries of banking groups. In general, the host authority is invited to a preparatory meeting and can request participation in the onsite inspection. The assessors were provided evidence that host supervisors are informed of inspections.
EC9	The host supervisor supervises booking offices in a manner consistent with internationally agreed standards. The supervisor does not permit shell banks or the continued operation of shell banks.
Description and findings re EC9	The ECB is empowered to authorize credit institutions and withdraw such authorizations (Article 4 para 1(a) of the SSMR). Banking licenses are granted subject to the conditions set out in the relevant national law. Applicants must comply with all conditions. Under EU law, the ECB grants a banking license only where at least two persons effectively direct the business of the applicant and the bank has its head office in the same Member State as its registered office or in the Member State where it is licensed, and it actually carries out its business (Article 13 of CRD IV). The ECB has stated that it does not permit shell banks that only serve as a booking office. Apart from the notification requirements of Article 13 of CRD IV, there are no specific legal requirements that authorize the ECB or NCAs to explicitly prohibit shell banks or the continued operation of shell banks, although it is possible to withdraw the banking license in case of credit institutions that do not make use of the authorization within 12 months or ceases to engage in business for more than 6 months (Article 18(a) CRD). There is also no clear mandate to supervise booking offices in a manner consistent with internationally agreed standards. There are no provisions on booking branches such as those contained in the BCBS 2003 document on shell banks and booking offices (p. 3) and it is unclear whether it is sufficient, in order to avoid the establishment of shell banks, that applicants for a banking license guarantee that at least two persons effectively direct the business.
EC10	A supervisor that takes consequential action on the basis of information received from another supervisor consults with that supervisor, to the extent possible, before taking such action.
Description and findings re EC10	The ECB consults with the competent authority or authorities in the other EU Member States before it takes extraordinary or significant supervisory actions (or immediately after having taken the decision, in case of urgency or if a consultation could jeopardize the effectiveness of the measure decided). Examples of post-supervisory action notifications where the need for urgency was present were provided to the assessors.
Assessment of Principle 13	Largely Compliant
Comments	The ECB-led supervisory colleges appear to serve their intended purpose in practice. Evidence provided to the assessors shows that they enhance effective oversight by considering the risk profile and systemic importance of the banking group and the corresponding needs of its supervisors in the case of subsidiaries of SIs located within and outside the SSM. The ECB has not finalized agreements with all international supervisors of G-SIBs. Coordination and cooperation with these supervisors exists under ad hoc arrangements. The ECB should strive to conclude international MoUs as quickly as possible given their systemic importance. The EU framework for cross-border crisis cooperation and coordination among home and host authorities for the management of a cross-border financial crisis has been significantly improved because of the creation of the SSM and the SRM, as well as the adoption of the BRRD. The MoU between the ECB and the SRB established a framework for cooperation and information exchange. Both entities should build on this framework in the planned MoU revision so as to further advance their respective important missions. The spirit of cooperation should become part of the culture of both the ECB and SRB, especially in the advanced planning stage of resolution strategies. Any operational or other issues should be identified and resolved in advance of a cross-border crisis. The ECB’s participation as home or host authority for significant banking groups in supervisory colleges fosters coordination between competent authorities in crisis situations. The assessment of recovery plans, early intervention measures and the overall planning of the supervisory response of home and host authorities in preparation for and during emergency situations is performed in a coordinated way through the supervisory colleges. The specific procedures for the planning and coordination of supervisory activities in preparation for and during emergency situations, including the minimum set of information to be exchanged during an emergency, are laid out in WCCAs for each college. These WCCAs also include provisions regarding the framework for providing coordinated input to the resolution college. Such a framework addresses, inter alia, the group resolution plans, the assessment of the group resolvability, and powers to address or remove impediments to the group resolvability. The ECB has stated that it does not permit shell banks that only serve as a booking office. There are no specific legal requirements that authorize the ECB or NCAs to expressly prohibit shell banks or the continued operation of shell banks, although it is possible to withdraw the banking license in case of credit institutions that do not make use of the authorization within 12 months or ceases to engage in business for more than 6 months (Article 18(a) CRD) There is also no clear mandate to supervise booking offices in a manner consistent with internationally agreed standards. There are no provisions on booking branches such as those contained in the BCBS 2003 document on shell banks and booking offices and it is unclear whether it is sufficient, to avoid the establishment of shell banks, that applicants for banking license guarantee that at least two persons effectively direct the business. The ECB should seek express authority to prohibit shell banks or to limit the use of foreign branches as mere booking offices.