EU as regards supervisory powers, sanctions, third-country branches, and environmental, social and governance risks - Main contents

Please note

This page contains a limited version of this dossier in the EU Monitor.

dossier	COM(2021)663 - Amendment of Directive 2013/36/EU as regards supervisory powers, sanctions, third-country branches, and environmental, ...
document	COM(2021)663
date	October 27, 2021

(1) Competent authorities, their staff and members of their governance bodies should be independent of political and economic influence. Risks of conflicts of interest undermine the integrity of the Union financial system and harm the goal of an integrated banking and capital markets union. Directive 2013/36/EU should provide more detailed provisions for Member States to ensure that the competent authorities, including their staff and management, act independently and objectively. In this context, minimum requirements should be laid down to prevent conflicts of interests. The European Banking Authority (EBA) should issue guidelines addressed to competent authorities on the prevention of conflicts of interests, based on international best practices.

(2) Competent authorities should have the necessary power to withdraw the authorisation granted to a credit institution where such a credit institution has been declared failing or likely to fail and, at the same time, has not met the other conditions for resolution set out by Directive 2014/59/EU of the European Parliament and of the Council ⁴³ or by Regulation (EU) No 806/2014 of the European Parliament and of the Council ⁴⁴ . In such a situation, a credit institution should be wound up in accordance with the applicable national insolvency proceedings, or in other types of proceedings laid down for those institutions under national law, and should therefore discontinue the activities for which the authorisation had been granted.

(3) The provision of banking services in the Union is conditional upon the credit institution’s having previous authorisation and a physical presence through a legal person or a branch in its territory. Only in that way credit institutions may be subject to effective prudential regulation and supervision that are necessary to minimise the risk of failure and, when it occurs, to manage that failure in order to prevent it from spreading in a disorderly manner and leading to the collapse of the financial system (contagion risk by e.g. a bank run or a bank failure triggered by imprudent lending). The provision of banking services in the Union without such physical presence would increase the presence and prevalence in the financial markets where credit institutions are closely involved of risk segments not subject to Union’s prudential regulation and supervision, that may eventually threaten the financial stability of the Union or of its individual Member States. The financial crisis of 2008-2009 is the latest historical precedent, which underlines how small market segments may become the source of significant threats to the financial stability of the Union and its Member States if left outside the scope of prudential regulation and supervision. Hence, it is necessary to lay down an explicit requirement in Union law that undertakings established in a third country and seeking to provide banking services in the Union should at least establish a branch in a Member State and that such branch be authorised in accordance with Union legislation, unless the undertaking wishes to provide banking services in the Union through a subsidiary. However, that requirement to establish a branch should not apply to cases of reverse solicitation of services, as in this case it is the customer that approaches the undertaking in the third country to solicit the provision of the service.

(4) Supervisors of credit institutions should have all the necessary powers that enable them to perform their duties and that cover the various operations conducted by the supervised entities. To that end and to increase the level playing field, supervisors must have at their disposal all the supervisory powers enabling them to cover material operations that can be undertaken by the supervised entities. The European Central Bank and national competent authorities should therefore be notified in case a material operation, including acquisitions by supervised entities of material holdings in financial or non-financial entities, material transfers of assets and liabilities from or to a supervised entities, and mergers and divisions involving a supervised entities, undertaken by a supervised entity raises concerns over its prudential profile, or over possible money laundering and terrorist financing activities. Furthermore, the ECB and national competent authorities should have the power to intervene in such cases.

(5) Concerning mergers and divisions, the Directive (EU) 2017/1132 lays down harmonised rules and procedures, in particular for cross-border mergers and divisions of limited liability companies. Therefore, the assessment procedure by the competent authorities stipulated in this directive should be complementary to the Directive (EU) 2017/1132 and should not contradict any of its provisions. In case of those cross-border mergers and divisions which fall under the scope of Directive 2017/1132, the motivated opinion issued by the competent supervisory authority should be part of the assessment of the compliance with all relevant conditions and the proper completion of all procedures and formalities required for the pre-merger or pre-division certificate. The motivated opinion should therefore be transferred to the designated national authority responsible for issuing the pre-merger or pre-division certificate under Directive 2017/1132.

(6) In order to ensure that competent authorities can intervene before one of these material operations is undertaken, they should be notified ex ante. That notification should be accompanied by information necessary for the competent authorities to assess the planned operation from a prudential and anti-money laundering and counter-terrorist financing perspective. That assessment by competent authorities should commence at the moment of the receipt of the notification including all the requested information and, in the case of the acquisition of a material holding or the material transfer of assets and liabilities, should be limited in time.

(7) In the case of the acquisition of a qualifying holding, or the material transfer of assets or liabilities, the conclusion of the assessment could lead the competent authority to decide to oppose to the operation. In the absence of opposition from the competent authorities within a given period, the operation should be deemed approved.

(8) In order to ensure proportionality and avoid undue administrative burden, those additional powers of competent authorities should be applicable only to operations deemed material. Only operations consisting in mergers or divisions should be treated automatically as material operations, as the newly created entity can be expected to present a significantly different prudential profile from the entities initially involved in the merger or division. Also, mergers or division should not be concluded by entities undertaking them before a prior positive opinion is received from the competent authorities. Other operations (including acquisition of holding and transfers of assets and liabilities), when considered material, should be assessed by the competent authorities based on a tacit approval procedure.

(9) In some situations (for instance when entities established in various Member States are involved), operations might require multiple notifications and assessments from different competent authorities, requiring an efficient cooperation among those authorities. It is therefore necessary to precise cooperation obligations, in particular early cross notifications, smooth exchange of information and coordination in the assessment.

(10) It is necessary to align provisions related to the acquisition of a qualifying holding in a credit institution with provisions on the acquisition of a qualifying holding by an institution, in case both assessments have to be undertaken for the same operation. Indeed, without proper articulation these provisions could lead to inconsistencies in the assessment undertaken by competent authorities, and ultimately the decisions taken by them. It is therefore necessary to provide for similar additional time provided to competent authorities to acknowledge receipt of the notification when the operation is considered complex).

(11) EBA should be mandated to develop regulatory technical standards and implementing technical standards to ensure an appropriate framing of the use of those additional supervisory powers. Those regulatory technical standards and implementing technical standards should, in particular, specify the information to be received by the competent authorities, the elements to be assessed, and cooperation when more than one competent authorities are involved. Those various elements are crucial to ensure that a sufficiently harmonised supervisory methodology allows provisions on the additional powers to be implemented efficiently, with the minimum possible additional administrative burden.

(12) It is crucial that credit institutions, financial holding companies and mixed financial holding companies comply with the prudential requirements to ensure their safety and soundness and preserve the stability of the financial system, both at the level of the Union as a whole and in each Member State. Therefore, the ECB and national competent authorities should have the power to take timely and decisive measures where those credit institutions, financial holding companies and mixed financial holding companies and their effective managers fail to comply with the prudential requirements or supervisory decisions.

(13) To ensure a level playing field in the area of sanctioning powers, Member States should be required to provide for effective, proportionate and dissuasive administrative penalties, periodic penalty payments and other administrative measures in relation to breaches of national provisions transposing this Directive and breaches of Regulation (EU) No 575/2013 of the European Parliament and of the Council ⁴⁵ . In particular, Member States can impose administrative penalties where the relevant breach is also subject to national criminal law. Those administrative penalties, periodic penalty payments and other administrative measures should meet certain minimum requirements, including the minimum powers that should be vested on competent authorities to be able to impose them, the criteria that competent authorities should take into account in their application, publication requirements or the levels of administrative penalties and periodic penalty payments. Member States should lay down specific rules and effective mechanisms regarding the application of periodic penalty payments.

(14) Administrative pecuniary penalties should have a deterrent effect in order to prevent the natural or legal person in breach of national provisions transposing Directive 2013/36/EU or in breach of Regulation (EU) No 575/2013 from engaging in the same or similar conduct in the future. Member States should be required to provide for administrative penalties, which are effective, proportionate and dissuasive. Furthermore, competent authorities should have regard to any previous criminal penalties that may have been imposed on the same natural or legal person responsible for the same breach when determining the type of administrative penalties or other administrative measures and the level of administrative pecuniary penalties. This is to ensure that the severity of all the penalties and other administrative measures imposed for punitive purposes in case of accumulation of administrative and criminal proceedings is limited to what is necessary in the view of the seriousness of the breach concerned. To that end, it is essential to enhance the cooperation between competent authorities and judicial authorities in the case of accumulation of administrative and criminal proceedings against the same persons responsible for the same breach. Member States should lay down specific rules and mechanisms to facilitate such cooperation.

(15) Competent authorities should be able to impose administrative penalties on the same natural or legal person responsible for the same acts or omissions. However, such accumulation of proceedings and penalties on the same breach should pursue different objectives of general interest. Member States should lay down rules to provide for an appropriate coordination between administrative and criminal proceedings. Such rules should limit the imposition of accumulative penalties in relation to the same breach on the natural or legal person concerned to the strictly necessary in order to meet those different objectives. Furthermore, Member States should lay down rules to ensure that the severity of all the administrative and criminal penalties and other measures imposed in cases of accumulation of proceedings are limited to what is necessary in view of the seriousness of the breach concerned. Member States should also ensure that such duplication of proceedings and subsequent penalties comply with the ne bis in idem principle and that the rights of the natural or legal person concerned are duly protected.

(16) Administrative pecuniary penalties on legal persons should be applied consistently, in particular as regards the determination of the maximum amount of administrative penalties, which should take into account the total annual net turnover of the relevant undertaking. However, the current definition of the total annual net turnover in Directive 2013/36/EU is neither exhaustive enough nor sufficiently clear and complete to ensure a level playing field in the application of administrative pecuniary penalties. Therefore, it is necessary to clarify several elements of the current definition of total annual net turnover in order to avoid an inconsistent interpretation.

(17) In addition to administrative penalties, competent authorities should be empowered to impose periodic penalty payments on credit institutions, financial holding companies, mixed financial holding companies and their effective managers for failure to comply with their obligations under Directive 2013/36/EU, Regulation (EU) No 575/2013 or a decision issued by a competent authority. Those enforcement measures should be imposed where a breach of a requirement or supervisory decision of the competent authority is continuing. Competent authorities should be able to impose those enforcement measures without having to address a prior request, order or warning to the party in breach. Since the purpose of the periodic penalty payments is to compel natural or legal persons to terminate an ongoing breach, the application of periodic penalty payments should not prevent competent authorities from imposing subsequent administrative penalties for the same breach.

(18) It is necessary to lay down administrative penalties, periodic penalty payments and other administrative measures in order to ensure the greatest possible scope for action following a breach and to help prevent further breaches, irrespective of their qualification as an administrative penalty or other administrative measure under national law. Member States should therefore be able to provide for additional penalties and higher level of administrative pecuniary penalties.

(19) Competent authorities should impose periodic penalty payments that are proportionate and effective. Accordingly, the competent authority should take into account the potential impact of the periodic penalty payment on the financial situation of the legal or natural person in breach, and seek to avoid that the penalty would cause the legal or natural person in breach to become insolvent, lead it to serious financial distress or represent a disproportionate percentage of its total annual turnover.

(20) Where the legal system of the Member State does not allow the administrative penalties provided for in this Directive, the rules on administrative penalties may be applied in such a manner that the penalty is initiated by the competent authority and imposed by judicial authorities. Therefore, it is necessary that those Member States ensure that the application of the rules and penalties has an effect equivalent to the administrative penalties imposed by the competent authorities. When imposing such penalties, judicial authorities should take into account the recommendation by the competent authority initiating the penalty. The penalties imposed should be effective, proportionate and dissuasive.

(21) In order to provide for appropriate sanctions for breaches of national provisions transposing Directive 2013/36/EU and Regulation (EU) No 575/2013, the list of breaches subject to administrative penalties, periodic penalty payments and other administrative measures should be supplemented. Therefore, the list of breaches under Article 67 of Directive 2013/36/EU should be amended.

(22) The regulation of branches established by undertakings in a third country to provide banking services in a Member State is subject to national law and only harmonised to a very limited extent by Directive 2013/36/EU. While third country branches have a significant presence in Union banking markets, they are currently subject only to very high level information requirements, but not to any Union-level prudential standards or supervisory cooperation arrangements. The complete absence of a common prudential framework leads to third country branches’ being subject to disparate national requirements of varying level of prudence and reach. Furthermore, competent authorities lack comprehensive information and the necessary supervisory tools to properly monitor the specific risks created by third country groups operating in one or various Member States through both branches and subsidiaries There are currently no integrated supervisory arrangements in relation to them and the competent authority responsible for the supervision of each branch of a third country group is not obliged to exchanging information with the competent authorities supervising the other branches and subsidiaries of the same group. Such fragmented regulatory landscape creates risks to the financial stability and market integrity of the Union which should be properly addressed through a harmonised framework on third country branches. Such a framework should comprise minimum common requirements on authorisation, prudential standards, internal governance, supervision and reporting. This set of requirements should build on those that Member States already apply to third countries branches in their territories and should take into account similar or equivalent requirements that third countries apply to foreign branches, with the aim of ensuring consistency between Member States and aligning the Union third country branches framework with the prevailing international practices in this field.

(23) For reasons of proportionality, the requirements on third country branches should be catered relative to the risk that they pose to the financial stability and market integrity of the Union and the Member States. Third country branches should, therefore, be categorised as either class 1, where they are deemed riskier, or, otherwise, as class 2, where they are small and non-complex and do not pose a significant financial stability risk (consistently with the definition of “small and non-complex institution” in Regulation (EU) No 575/2013). Accordingly, third country branches with booked assets in the Member State in an amount equal to or in excess of EUR 5 000 000 000 should be regarded as posing such a greater risk due to their larger size and complexity, because their failure could lead to a significant disruption of the Member State’s market for banking services or of its banking system. Third country branches authorised to accept retail deposits should also be regarded similarly as riskier regardless of their size, insofar as their failure would affect highly vulnerable depositors and could lead to a loss of confidence in the safety and soundness of the Member State’s banking system to protect citizens’ savings. Both of those types of third country branches should, therefore, be categorised as class 1.

(24) Third country branches should also be classified as class 1 where the undertaking in the third country that is their head office (the “head undertaking”) is subject to regulation, oversight and implementation of such regulation that are not determined to be at least equivalent to Directive 2013/36/EU and Regulation (EU) No 575/2013 or where the relevant third country is listed as a high-risk third country that has strategic deficiencies in its regime on anti-money laundering and counter terrorist financing in accordance with Directive (EU) 2015/849 of the European Parliament and of the Council ⁴⁶ . Those third country branches pose a significant risk to the financial stability of the Union and of the Member State of establishment because the banking regulatory or anti-money laundering frameworks that apply to their head undertaking fail to adequately capture or permit a proper monitoring of the specific risks that arise from the activities conducted by the branch in the Member State or of the risks to counterparties in the Member State that arise from the third country group. For the purposes of determining the equivalence of the third country’s banking prudential and supervisory standards to the Union’s standards, the Commission should be able to instruct EBA to conduct an assessment in accordance with Article 33 of Regulation (EU) No 575/2013. EBA should ensure that the assessment is conducted in a rigorous and transparent manner and in accordance with a sound methodology. Furthermore, EBA should also consult and cooperate closely with the third countries’ supervisory authorities and government departments in charge of banking regulation and, where appropriate, private sector parties, endeavouring to treat those parties fairly and to give them the opportunity to submit documentation and make representations within reasonable timeframes. Furthermore, EBA should ensure that the report issued in accordance with Article 33 of Regulation (EU) No 575/2013 is adequately reasoned, sets out a detailed description of the assessed matters and is delivered within a reasonable timeframe.

(25) Competent authorities should have an explicit power to require on a case-by-case basis that third country branches apply for authorisation in accordance with Title III, Chapter 1 of Directive 2013/36/EU, at a minimum where those branches engage in activities with counterparts in other Member States in contravention of the internal market rules or where they pose a significant risk to the financial stability of the Union or of the Member State where they are established. Moreover, competent authorities should be required to periodically assess whether third country branches holding assets on their books in an amount equal to or higher than EUR 30 000 000 000 have systemic importance. All the third country branches that belong to the same third country group established in one Member State or across the Union should be jointly subject to such periodic assessment. That assessment should examine, in accordance with specific criteria, whether those branches pose an analogous level of risk to the financial stability of the Union or its Member States as institutions defined as “systemically important” under Directive 2013/36/EU and Regulation EU No 575/2013. Where competent authorities conclude that the third country branches are systemically important, they should impose requirements on those branches that are appropriate to mitigate the risks to financial stability. For those purposes, competent authorities should be able to require the third country branches to apply for authoritisation as subsidiary institutions under Directive 2013/36/EU in order to continue conducting banking activities in the Member State or across the Union. Moreover, competent authorities should be able to impose other requirements, in particular an obligation to restructure the third country branches’ assets or activities in the Union so that those branches stop being systemic, or a requirement to comply with additional capital, liquidity, reporting or disclosure requirements, where that would be sufficient to address the risks to financial stability. Competent authorities should have the possibility not to impose any of those requirements on third country branches assessed as systemic only where the competent authorities can justify that the risks that those branches pose to the financial stability and market integrity of the Union and the Member States would not significantly increase in the absence of such requirements for a period not exceeding one year.

(26) To ensure the consistency of supervisory decisions on a third country group with branches and subsidiaries across the Union, a lead competent authority should be designated to conduct the assessment of systemic importance. That role should correspond to the consolidated supervisor of the third country group in the Union, where Article 111 of Directive 2013/36/EU applies, or to the competent authority that would become the consolidated supervisor in accordance with that Article, should the third country branches of that group be treated as its subsidiaries. Where the relevant consolidated supervisor has not been determined or where the lead competent authority has not started the assessment of systemic importance within three months. EBA should, instead, perform that assessment. The lead competent authority, or, where applicable, EBA, should consult and cooperate fully with the competent authorities responsible for supervising the relevant third country group’s subsidiaries and branches across the Union. The lead competent authority and those competent authorities should take a joint decision on whether to impose requirements on the third country branches assessed as systemic. For reasons of due process, the lead competent authority or, where applicable, EBA should ensure that the third country branches’ right to be heard and to make representations are respected during the assessment of systemic importance.

(27) Competent authorities should conduct regular reviews of third country branches’ compliance with relevant requirements under Directive 2013/36/EU, and take supervisory measures on those branches to ensure or restore compliance with those requirements. To facilitate the effective supervision of the requirements on third country branches and allow for a comprehensive overview of third country groups’ activities within the Union, common supervisory and financial reporting should be made available to competent authorities in accordance with standardised templates. EBA should be mandated to develop draft implementing technical standards setting out those templates and the Commission should be empowered to adopt those draft implementing technical standards. Furthermore, it is necessary to implement appropriate cooperation arrangements between competent authorities to ensure that all the activities of third country groups operating in the Union through third country branches are subject to comprehensive supervision, to prevent the requirements applicable to those groups under Union law from being circumvented and to minimise the potential risks to the financial stability of the Union. In particular, class 1 third country branches should be included within the scope of the colleges of supervisors of third country groups in the Union. Where such a college does not exist already, competent authorities should set up an ad hoc college for all class 1 third country branches of the same group where it operates in more than one Member State.

(28) The Union’s third country branches framework should be applied without prejudice to the discretion that Member States may currently have to require on a general basis that third country undertakings from certain third countries conduct banking activities in their territory solely through subsidiary institutions authorised in accordance with Title III, Chapter 1 of Directive 2013/36/EU. That requirement may refer to third countries that apply banking prudential and supervisory standards that are not equivalent to the standards under the Member State’s national law or to third countries that have strategic deficiencies in its regime on anti-money laundering and counter terrorist financing.

(29) Following the introduction of IFRS 9 on 1 January 2018, the outcome of the expected credit losses calculations, which is based on a modelling approaches, directly affects the amount of own funds and the regulatory ratios of institutions. The same modelling approaches are also the basis for the expected credit losses calculation where institutions apply national accounting frameworks. As a result, it is important that competent authorities and EBA have a clear view of the impact that those calculations have on the range of values for risk-weighted assets and own funds requirements that arise for similar exposures. To that end, the benchmarking exercise should cover also those modelling approaches. Given that institutions calculating capital requirements in accordance with the standardised approach for credit risk may also use models for the calculation of expected credit losses within the IFRS 9 framework, those institutions should also be included in the benchmarking exercise, taking into account the principle of proportionality.

(30) Regulation (EU) 2019/876 ⁴⁷ amended Regulation (EU) No 575/2013 by introducing a revised market risk framework developed by the Basel Committee for Banking Supervision. The alternative standardised approach that is part of that new framework allows institutions to model certain parameters used in the calculation of risk-weighted assets and own funds requirements for market risk. It is therefore important that competent authorities and EBA have a clear view of the range of values for risk-weighted assets and own funds requirements that arise for similar exposures not only under the alternative internal model approach, but also under the alternative standardised approach. As a result, the market risk benchmarking exercise should cover the revised standardised and internal model approaches.

(31) The global transition towards a sustainable economy as enshrined in the Paris Agreement ⁴⁸ , as concluded by the Union, and the United Nations 2030 Agenda for Sustainable Development will require a profound socio-economic transformation and will depend on the mobilisation of significant financial resources from the public and private sectors. The European Green Deal ⁴⁹ commits the Union to becoming climate-neutral by 2050. The financial system has a relevant role to play in supporting that transition, which relates not only to capturing and supporting the opportunities that will arise but also to properly managing the risks that it may entail.

(32) The unprecedented scale of transition towards a sustainable, climate-neutral and circular economy will have considerable impacts on the financial system. In 2018, the Network of Central Banks and Supervisors for Greening the Financial System ⁵⁰ acknowledged that climate-related risks are a source of financial risk. The Commission’s Renewed Sustainable Finance Strategy ⁵¹ emphasises that environmental, social and governance (ESG) risks, and risks steaming from the physical impact of climate change, biodiversity loss and the broader environmental degradation of ecosystems in particular, pose an unprecedented challenge to our economies and to the stability of the financial system. Those risks present specificities such as their forward-looking nature and their distinctive impacts over short, medium and long-term time horizons.

(33) The long-term nature and the profoundness of the transition towards a sustainable, climate-neutral and circular economy will entail significant changes in the business models of institutions. The adequate adjustment of the financial sector, and of credit institutions in particular, is necessary to achieve the objective of net-zero greenhouse gas emissions in the Union’s economy by 2050, while maintaining the inherent risks under control. Competent authorities should, therefore, be enabled to assess this process and intervene in cases where institutions’ manage climate risks, as well as risks stemming from environmental degradation and biodiversity loss, in a way that endangers the stability of the individual institutions, or the financial stability overall. Competent authorities should also monitor and be empowered to act, when there is a misalignment of institutions’ business models and strategies with the relevant Union policy objectives and broader transition trends towards a sustainable economy, resulting in risks to their business models and strategies, or to the financial stability. Climate and, more broadly, environmental risks, should be considered together with social risks and governance risks under one category of risks to enable a comprehensive and coordinated integration of these factors, as they are often intertwined. ESG risks are closely linked with the concept of sustainability, as ESG factors represent the main three pillars of sustainability.

(34) To maintain adequate resilience to the negative impacts of ESG factors, institutions established in the Union need to be able to systematically identify, measure and manage ESG risks, and their supervisors need to assess the risks at the level of the individual institution as well as at the systemic level, giving priority to environmental factors and progressing to the other sustainability factors as the methodologies and tools for the assessment evolve. Institutions should assess the alignment of their portfolios with the ambition of the Union to become climate-neutral by 2050 as well as avert environmental degradation and biodiversity loss. Institutions should set out specific plans to address the risks arising, in the short, medium and long term, from the misalignment of their business model and strategy with relevant policy objectives of the Union, included in the Paris Agreement, the Fit for 55 package ⁵² [and the post-2020 Global Biodiversity Framework]. Institutions should be required to have robust governance arrangements and internal processes for the management of ESG risks and to have in place strategies approved by their management bodies that take into consideration not only the current but also the forward-looking impact of ESG factors. The collective knowledge and awareness of ESG factors by the management body and institutions’ internal capital allocation to address ESG risks will also be key to drive the change within each and single institution. The specificities of ESG risks as well as their relative novelty means that understandings, measurements and management practices can differ significantly across institutions. To ensure convergence across the Union and a uniform understanding of ESG risks, appropriate definitions and minimum standards for the assessment of those risks should be provided in prudential regulation. To achieve this objective, definitions are laid down in Regulation (EU) No 575/2013 and the EBA is empowered to specify a minimum set of reference methodologies for the assessment of the impact of ESG risks on the financial stability of institutions, giving priority to the impact of environmental factors. Since the forward-looking nature of ESG risks means that scenario analysis and stress testing, together with plans for addressing those risks, are particularly informative assessment tools, EBA should be also empowered to develop uniform criteria for the content of the plans to address those risks and for the setting of scenarios and applying the stress testing methods. Environment-related risks, including risks stemming from environmental degradation and biodiversity loss, and climate-related risks in particular should take priority in light of their urgency and the particular relevance of scenario analysis and stress testing for their assessment.

(35) ESG risks can have far-reaching implications for the stability of both individual institutions and the financial system as whole. Hence, competent authorities should consistently factor those risks into their relevant supervisory activities, including the supervisory evaluation and review process and the stress testing of those risks. The European Commission, via its Technical Support Instrument, has been providing support to national competent authorities in developing and implementing stress testing methodologies and stands ready to continue to provide technical support in this respect. However, the stress testing methodologies for ESG risks have so far mainly been applied in an exploratory manner. To firmly and consistently embed stress testing of ESG in supervision, the EBA, European Insurance and Occupational Pensions Authority (EIOPA) and the European Securities and Markets Authority (ESMA) should jointly develop guidelines to ensure consistent considerations and common methodologies for stress testing ESG risks. Stress testing of those risks should start with climate and environment-related factors, and as more ESG risk data and methodologies become available to support the development of additional tools to assess their quantitative impact on financial risks, competent authorities should increasingly assess the impact of those risks in their adequacy assessments of credit institutions. In order to ensure convergence of supervisory practices, EBA should issue guidelines regarding the uniform inclusion of ESG risks in the supervisory review and evaluation process (SREP).

(36) The provisions in Article 133 of Directive 2013/36/EU on the systemic risk buffer framework may already be used to address various kinds of systemic risks, including risks related to climate change. To the extent that the relevant competent or designated authorities, as applicable, consider that risks related to climate change have the potential to have serious negative consequences for the financial system and the real economy in Member States, they should introduce a systemic risk buffer rate for those risks where they consider the introduction of such rate effective and proportionate to mitigate those risks.

(37) Members of the management body may undergo the suitability assessment only after a significant time after their appointment or, in the case of key function holders, not at all. Thus, members of the management body who do not meet the suitability criteria may have exercised their duties for a long time, which is problematic especially for large institutions. Moreover, cross-border institutions must navigate through a wide diversity of national rules and processes, which does not make the current system efficient. The existence of different requirements as regards the suitability assessment across the Union is a particularly acute issue in the context of the Banking Union. As a result, it is important to provide a set of rules at Union level to put in place a consistent and predictable “fit-and-proper” framework. This will foster supervisory convergence, enabling further trust between competent authorities and give more legal certainty to institutions. Having a robust “fit-and-proper” framework for assessing the suitability of members of the management body and key function holders is a crucial factor to ensure that institutions are adequately run and their risks appropriately managed.

(38) The purpose of assessing the suitability of members of management bodies is to ensure that those members are qualified for their role and are of good repute. Having the primary responsibility for assessing the suitability of each member of the management body, institutions should carry out the suitability assessment, followed by a verification by the competent authorities that may perform it before or after the member of the management body takes up the position. However, due to the risks posed by large institutions resulting in particular from potential contagion effects, unsuitable members of management body should be prevented from influencing the running of such large institutions with potential serious detrimental effects. It is therefore appropriate that, safe in exceptional circumstances, the competent authorities assess the suitability of members of the management body of large institutions before those members exercise their duties.

(39) Not only members of the management body, but also key function holders have a significant influence in ensuring the sound and prudent management of an institution on a day-to-day basis. Because Directive 2013/36/EU does not currently define key function holders, Member States have diverging practices across the Union, which impedes an effective and efficient supervision and prevents a level playing field. It is therefore necessary to define key function holders. In addition, the responsibility for assessing the suitability of key function holders should primarily belong to institutions. However, due to the risks posed by the activities of large institutions, the suitability of the heads of internal control functions and the chief financial officer in such large institutions should be assessed by competent authorities before those persons take up their positions.

(40) In order to ensure legal certainty and predictability for the institutions, it is necessary to establish an efficient and timely process for verifying the suitability of members of the management body and key function holders by competent authorities. Such process should enable competent authorities to request any additional information where necessary, but also ensure that those competent authorities are able to handle the suitability assessments within the prescribed timeframe. Institutions, from their side, should provide the competent authorities with correct and complete information within the allocated time and respond quickly and in good faith to requests for additional information from the competent authorities.

(41) In light of the role of the suitability assessment for the prudent and sound management of institutions, it is necessary to provide competent authorities with new tools, such as statements of responsibilities and a mapping of duties, to assess the suitability of members of the management body and key function holders. Those new tools will also support the work of competent authorities when reviewing the governance arrangements of institutions as part of the supervisory review and evaluation process. Notwithstanding the overall responsibility of the management body as a collegial body, institutions should be required to draw up individual statements and a mapping that clarify the duties held by members of the management body, senior management and key function holders. Their individual duties are not always clearly or consistently laid down and there may be situations where two or more roles overlap or where areas of duties are overlooked because they do not fall neatly under the remit of a single person. The scope of each individual’s duties should be well defined and no areas of duties should be left without ownership. Those tools should ensure further accountability of the members of the management body, senior management and key function holders.

(42) In order to safeguard financial stability, competent authorities should be able to take and implement decisions swiftly. In the context of early intervention measures or resolution action, competent authorities and resolution authorities may consider it appropriate to remove or replace members of the management body or senior management. To take into account such situations, competent authorities should perform the suitability assessment of members of the management body or key function holders after those members of the management body or key function holders have taken up their position.

(43) Upon becoming bound by the output floor laid down in Regulation (EU) No 575/2013, the nominal amount of an institution’s additional own funds requirement set by the institution’s competent authority in accordance with Article 104(1), point (a), of Directive 2013/36/EU to address risks other than the risk of excessive leverage should not immediately increase as a result, all else being equal. Furthermore, in such case, the competent authority should review the institution’s additional own funds requirement and assess, in particular, whether and to what extent such requirement captures model risk from the use of internal models by the institution. Where that is the case, the institution’s additional own funds requirement should be regarded as overlapping with the risks captured by the output floor in the own funds requirement of the institution and, consequently, the competent authority should reduce that requirement to the extent necessary to remove any such overlap for as long as the institution remains bound by the output floor.

(44) Similarly, upon becoming bound by the output floor, the nominal amount of an institution’s CET1 capital required under the systemic risk buffer should not increase where there has been no increase in the macroprudential or systemic risks associated with the institution. In such cases, the institution’s competent or designated authority, as applicable, should review the calibration of the systemic risk buffer rates and make sure that they remain appropriate and do not double-count the risks that are already covered by virtue of the fact that the institution is bound by the output floor. More in general, competent and designated authorities, as applicable, should not impose systemic risk buffer requirements for risks which are already fully covered by the output floor.

(45) Furthermore, when an institution designated as an ‘other systemically important institution’ becomes bound by the output floor, its competent or designated authority, as applicable, should review the calibration of the institution’s O-SII buffer requirement and make sure that it remains appropriate.

(46) To enable the timely and effective activation of the systemic risk buffer it is necessary to clarify the application of the relevant provisions and simplify and align the applicable procedures. Setting a systemic risk buffer should be possible for designated authorities in all Member States to enable the recognition of systemic risk buffer rates set by authorities in other Member States and to ensure that authorities are empowered to address systemic risks in a timely and effective manner. Recognition of a systemic risk buffer rate set by another Member State should require only a notification from the authority recognising the rate. To avoid unnecessary authorisation procedures where the decision to set a buffer rate results in a decrease or no change from any of the previously set rates, the procedure laid down in Article 131(15) of Directive 2013/36/EU needs to be aligned with the procedure laid down in Article 133(9) of that Directive. The procedures laid down in Article 133(11) of that Directive should be clarified and made more consistent with the procedures applying for other systemic risk buffer rates, where relevant.