International Financial Tremors Test the Robustness of the EU’s Regulatory Framework

A-Team Group recently met up with EU financial services regulatory expert, David Doyle, to get his take on the turmoil in financial markets and its impact on financial institutions. In particular, we covered the likely ramifications of recent cross-Atlantic events on EU regulatory developments in Brussels and Frankfurt.

But this is not 2008, which saw the introduction of a more robust supervisory and regulatory architecture in the wake of the financial crisis. “Today, EU banks are better capitalised, hold more liquidity and are more rigorously supervised at national, regional and pan-EU level,” Doyle comments.

This week, European Central Bank President Christine Lagarde reassured MEPs from the Economic and Monetary Affairs Committee that “the EU banking sector remains strong in terms of its aggregate, capital and liquidity provision … Liquidity ratios on average are clearly above minimum requirements and even above pre-pandemic levels”. Further, the ECB is “ready to respond as necessary to preserve price stability and financial stability in the euro area”.

Changes to regulatory priorities 

Regulatory priorities, however, will be affected, says Doyle. “This will accelerate need to complete an EU-wide deposit insurance scheme for banks”.  After years of EU institutional negotiations, the EU has yet to make progress on an EU-wide European Deposit Guarantee Fund designed to render banks more resilient for future crises and guarantee bank deposits across the EU to mitigate bank runs. Should a fresh crisis materialise in the EU, each member state will have to deal individually with bank runs.

Doyle’s other predictions include targeted regulatory reviews by the EC, the ECB, and beyond. He says: “This will prompt regulators, on both sides of the Atlantic, to revisit the ‘too big to fail’ orthodoxy for even mid-to-small-sized regional, local and prominent national banks. Consideration of the definition of systemic banks only in terms of the size of assets ignores the contagion impact that can occur when small financial entities fail.”

He noted that some clarification will be needed from the EU Single Resolution Board on the use of the ATI – alternative Tier 1 bonds – designed to be written-off when the issuing bank encounters trouble, and challenged in the case of the Swiss bank. These contingent convertibles rank as senior to equity but junior to other debts on the balance sheet. He comments: “European parliamentary members will seek reassurances that the EU oversight architecture provides a safe and sound banking sector with sustainable business models, seen as being indispensable for a well-functioning economy, especially in the EU where a significant proportion of SME’s rely on bank funding intermediation.”

In the non-bank sector, the events of the past month have triggered heightened supervisory attention to some familiar challenges, notably, requiring a review of liquidity adequacy lines, monitoring of over-leveraged sectors, and more insights into those entities with rate-sensitive assets and concentration exposures.

This comes alongside scheduled, targeted EU regulatory interventions: deepening the European banking market; restoring banks’ profitability; addressing climate and environmental risks; and tackling IT and cyber risks posed by technological disruption.

Key regulatory developments

So, what are the key regulatory developments that should feature on the financial services industry’s horizon scanning framework?

Doyle lists a few areas coming fast down the legislative pipeline:

EU bank prudential framework

A standardized and advanced approach across all bank sizes and risk types:

• Credit risk – revision of the standardised approach to include unrated, low-probability of default corporations, reduction of the scope of internal ratings-based approaches (IRB) and credit risks mitigation measures
• Market risk – introduction of FRTB approaches to calculate own fund requirements
• Operational risk – introduces a new single, non-model-based standardised approach, with entities holding a Business Indicator Component (BIC) in excess of  a €750 million balance sheet to calculate and disclose annual operational risk losses
• Credit valuation adjustment – revised definition now embraces both credit spread risk of counterparty and market risk of portfolio traded with counterparty
• A new third-country bank regime imposing mandatory registration of branches in each EU member state, capital, liquidity, governance and reporting rules, a ban on cross-border activities by branches, and member state level oversight
• Output floor provisions, which impose a 72.5% floor over how far the output of bank internal models can diverge from the EC standardised approach on exposures
• Fit and proper rules for bank directors at EU harmonised level – minimum requirements for key function holders
• Harmonising supervisory powers and tools
• Reduced administrative costs of disclosures and improved access to prudential data
• Supervision of fintechs that include a banking component, capital regimes for crypto-assets exposures (see below).

CRD5/CRR3

CRD5/CRR3 introduces a detailed environmental risk and management assessment framework impacting all banks that must systematically identify, disclose and manage ESG risks within the bank’s risk management framework. This will introduce requirements for:

• An assessment by supervisors on ESG risks as part of regular supervisory reviews
• he inclusion of short, medium and long-term horizons of ESG risks in bank’s strategies and processes for evaluating internal capital needs as well as adequacy of internal governance systems
• Consideration by the management body to specifically review current and forward-looking impacts of ESG risks and develop concrete plans to address these risks
• The introduction of a ‘sustainability dimension’ in the prudential framework to ensure a better management of ESG risks and incentivise a better allocation of bank funding across sustainable projects

Other CRD/CRR provisions

The leverage ratio will be subject to:

• Treatment of client-cleared derivatives
• Removal of minimum conservation factor of 10% for certain off-balance sheet items

Other banking regulatory developments

EU Payments Services Directive

Version 3 of the EU Payments Services Directive is under way with the Commission expected to adopt a legislative proposal on PSD3 in 2Q 2023.

Many of the revisions will be inspired by EBA recommendations to the EC proposing certain targeted measures to address regulatory gaps. The EBA identified the following areas for improvement:

• Merging the PSD2 and Electronic Money Directive 2
• Clarifying the application of strong customer authentication (SCA) and the transactions in scope
• Addressing new security risks for customers arising from social engineering fraud where customers are deceived into making a payment or transfer
• Addressing concerns about authentication approaches, ie, based on smartphones, that has resulted in exclusion of certain vulnerable groups of society from using online payment services
• Addressing underlying issues and obstacles to the provision of payment initiation services (PIS) and account information services (AIS), including the proposals for (i) AIS providers to apply their own SCA with their customers instead of relying on the authentication procedures by banks, (ii) empower customers to remain in control of their data; and (iii) support the development of high-quality interfaces across the EU
• Moving from ‘Open banking’ to ‘Open finance’ and identifying the opportunities and potential challenges associated with it, based on the PSD2 experience
• Addressing the enforcement shortcomings in relation to the implementation and application of SCA for e-commerce card-based transactions and the removal of obstacles to the provision of AIS and PIS
• Addressing unwarranted de-risking practices by banks affecting payment and e-money institutions
• Adjusting the prudential requirements, in particular in relation to initial capital, own funds, the use of professional indemnity insurance, the proposal for recovery and wind-down for significant payment institutions and possible consolidation group supervision.

Open Banking and Open Finance

The EC will continue to work to expand the benefits of open banking to share access and reuse of personal and non-personal data for the purposes of wider financial services.

The EC believes that further steps to enhance data openness across sectors will create opportunities for customers and data driven innovation. A recent report from the Expert group on the European financial data space, asserted that a core focus of open finance should be “to improve financial products and services and to create opportunities for consumer and firms to obtain better targeted advice and personalised services”.  Potentially, this could include:

• Customer experience – a broader choice for customers and easier identification of the best options through access to a more tailored and personalised range of services and products, as well as an easier ability to access and use those products
• Financial inclusion – improving access and use of financial services for all segments of consumers and firms, including SMEs and access for financially excluded people
• Customer control – giving customers meaningful control over how their data is shared and reused, in line with data protection rules, providing consumers and firms with greater transparency about how their data is used and accessed
• Innovation – facilitating the interoperability of data in open finance, as well as supporting the development of Artificial Intelligence / Machine Learning models to build services and products for consumers and firms including more accurate prudential risk management
• Horizontal approach – embed the open finance approach of customer-centric services in a general cross-sectoral framework.

The European Commission is expected to publish a framework for Open Finance in Q2 of 2023.

EU Digital Strategy

ESMA has now taken an assertive role in the digital transformation of the financial services sector, with a blend of proposed legislative and non-legislative measures.

One promising technology providing a diverse range of use cases in the financial services space is Distributed Ledger Technology (DLT), which is capable of making settlement cycles quicker, more efficient and more transparent. This month, ESMA has launched the application of the DLT Pilot Regime. The pilot is built around the development of the trading and settlement scheme of DLT-based financial instruments, providing a controlled environment for  multilateral trading facilities (MTFs) and central securities depositories (CSDs) using DLT. ESMA believes that based on the systems being operationally reliable, “such projects have the scope to benefit markets and, ultimately, investors”.

Under the scope of this DLT pilot, national supervisors authorise and supervise firms, with ESMA acting in a coordination and convergence role. ESMA is poised to issue guidance on several aspects of the pilot and intends to be available to offer opinions on national authorisations.

MICA Crypto-Asset regime

An important milestone in the EU Digital Strategy is the Regulation on Market Infrastructures in Crypto-Assets (MiCA), which introduces a comprehensive framework for crypto-assets, crypto-assets issuers, service providers, trading platforms, and custodian wallet providers. A detailed set of rules will apply to issuance of asset-referenced token, e-money tokens and other crypto-assets. The different types of service providers will be subject to tailored capital requirements, and rules on organisation structures and governance.

For the first time, Crypto Asset Service Providers will be subject to authorisation and supervision by national supervisors, with ESMA deploying new product intervention powers, somewhat similar to those under the MiFIR regime. MICA is expected to be applicable mid-2024.

With its key focus on the dual object of investor protection and financial stability, MICA applies a broader definition of the scope compared to other regions in the world: trading, advice, transmitting orders, custody, crypto-to-crypto, crypto-to-fiat exchange etc. MICA comes with two important requirements: it imposes liability on CASPs for custody losses, i.e., cyberattacks on digital wallets; and the emergence of a robust anti-money laundering dimension, i.e., due diligence on transfer of funds (Transfer Rule).

The question many analysts are asking is whether the implementation of MiCA will unintentionally favour larger firms and be too over-burdensome for smaller firms, i.e., fintech start-ups, thereby hindering competition and innovation.

One outstanding and problematic issue related to MICA is the potential capital charges on banks with exposures to crypto-assets. Last December, the Basel Committee on Banking Supervision (BCBS) issued a final report on the prudential treatment of crypto-assets exposures, with potential implementation in all jurisdictions by January 2025. BCBS differentiates between two groups of crypto-assets:

• Group 1 covers less volatile crypto-assets that are either (a) tokenised traditional assets or (b) have effective stabilisation mechanisms, i.e., regulated and backed stable coins
• Group 2 covers crypto-assets that are classified as either (a) having limited level of authorised hedging or (b) contain cases of non-recognised hedging.

Group 1 assets would be subject to the present Basle prudential framework, whereas Group 2 assets, considered more risky, would have a 100% capital charge where hedging is authorised. In the case of non-authorised/recognised hedging, a capital charge of 1250% of risk-weighted assets is proposed.

DORA

Finally, the Digital Operational Resilience Act (DORA), now in force, addresses another risk factor in the EU digital space – cyberattacks and ICT disruptions in the EU financial sector.

A long overdue piece of consolidated legislation, DORA removes a patchwork of sectoral rules on ICT risk management, incident handling and resilience testing. Critically, and central to the thrust of DORA, it also recognises the reliance of financial services entities on third-party ICT service providers, with the ESAs overseeing their activities.

ESMA has started drafting technical standards, with DORA entering into force on 16 January 2023 and expected to apply from 17 January 2025.

Want to find out more about the latest EU financial services regulatory developments?

A-Team Group is launching a series of live quarterly updates that will ensure you are up to date on key legislation being negotiated in Brussels by the EC, EU Parliament and Council, and covering banks, fund management and the wider financial services sector. These updates have been developed by A-Team with our partner David Doyle, an EU policy advisor, expert and speaker specialising in EU financial services regulation at the heart of Europe.