banking regulation 2019...“mint”, for that matter) derives from the coin manufacture activities...

Banking Regulation

2019Contributing Editors:

Peter Hsu & Rashid Bahar

GLOBAL LEGAL INSIGHTS - BANKING REGULATION 2019, SIXTH EDITION

Contributing Editors Peter Ch. Hsu & Rashid Bahar, Bär & Karrer Ltd.

Production Sub Editor

Andrew Schofield

Senior Editors Caroline Collingwood

Rachel Williams

General Consulting Editor Alan Falach

Publisher

Rory Smith

We are extremely grateful for all contributions to this edition. Special thanks are reserved for Peter Hsu & Rashid Bahar for all of their assistance.

Published by Global Legal Group Ltd.

59 Tanner Street, London SE1 3PL, United Kingdom Tel: +44 207 367 0720 / URL: www.glgroup.co.uk

Copyright © 2019

Global Legal Group Ltd. All rights reserved No photocopying

ISBN 978-1-912509-63-8

ISSN 2051-9621

This publication is for general information purposes only. It does not purport to provide comprehensive full legal or other

advice. Global Legal Group Ltd. and the contributors accept no responsibility for losses that may arise from reliance

upon information contained in this publication. This publication is intended to give an indication of legal issues upon

which you may need advice. Full legal advice should be taken from a qualified professional when dealing with specific

situations. The information contained herein is accurate as of the date of publication.

Printed and bound by CPI Group (UK) Ltd, Croydon, CR0 4YY

March 2019

CONTENTS

Preface Peter Ch. Hsu & Rashid Bahar, Bär & Karrer Ltd.

General chapter Redefining banking in the post-crisis world

Daniel Tunkel, Memery Crystal LLP 1

Country chapters

Andorra Miguel Cases & Marc Ambrós, Cases & Lacambra 9

Angola Hugo Moredo Santos & Filipa Fonseca Santos, Vieira de Almeida 26

Austria Peter Knobl, Cerha Hempel Spiegelfeld Hlawati 35

Brazil Bruno Balduccini & Ana Lidia Frehse, Pinheiro Neto Advogados 50

Canada Pat Forgione, Darcy Ammerman & Alex Ricchetti, McMillan LLP 61

China Dongyue Chen, Zhong Lun Law Firm 74

Czech Republic Libor Němec & Jarmila Tornová, Glatzova & Co., s.r.o. 83

Germany Jens H. Kunz & Klaudyna Lichnowska, Noerr LLP 99

Hong Kong Ben Hammond & Colin Hung, Ashurst Hong Kong 112

India Shabnum Kajiji & Nihas Basheer, Wadia Ghandy & Co. 126

Indonesia Luky I. Walalangi, Miriam Andreta & Hans Adiputra Kurniawan, Walalangi & Partners (in association with Nishimura & Asahi) 136

Italy Marco Penna, Giovanna Tassitano & Gabriele Conni, Legance – Avvocati Associati 148

Korea Thomas Pinansky, Joo Hyoung Jang & Hyuk Jun Jung, Barun Law LLC 157

Liechtenstein Daniel Damjanovic & Sonja Schwaighofer, Marxer & Partner, attorneys-at-law 168

Luxembourg Denis Van den Bulke & Nicolas Madelin, VANDENBULKE 179

Mozambique Nuno Castelão, Guilherme Daniel & Gonçalo Barros Cardoso,

Vieira de Almeida 190

Netherlands Bart Bierman & Eleonore Sijmons, Finnius 199

Nigeria Dr. Jennifer Douglas-Abubakar & Ikiemoye Ozoeze, Miyetti Law 210

Portugal Benedita Aires, Maria Carrilho & David Nogueira Palma,

Vieira de Almeida 222

Russia Alexander Linnikov, Sergei Sadovoy & Leonid Karpov, Linnikov & Partners 234

Singapore Ting Chi Yen & Poon Chow Yue, Oon & Bazul LLP 247

South Africa Angela Itzikowitz & Ina Meiring, ENSafrica 259

Spain Fernando Mínguez Hernández, Íñigo de Luisa Maíz & Rafael Mínguez Prieto, Cuatrecasas 269

Switzerland Peter Ch. Hsu & Rashid Bahar, Bär & Karrer Ltd. 288

Timor-Leste Nuno Castelão, João Cortez Vaz & Rita Castelo Ferreira, Vieira de Almeida 305

Uganda Kefa Kuteesa Nsubuga & Richard Caesar Obonyo, KSMO Advocates 317

United Kingdom Simon Lovegrove & Alan Bainbridge, Norton Rose Fulbright LLP 326

USA Reena Agrawal Sahni & Timothy J. Byrne, Shearman & Sterling LLP 343

PREFACE

Banking has a global reach. It is also a heavily regulated industry. Simply staying abreast of the ongoing developments is a challenge, even for the most dedicated specialist. For example, it is difficult to

anticipate whether or to what extent Fintech will disrupt the industry. However, it requires a thorough analysis from a legal and regulatory perspective in the individual case, and has triggered initiatives for regulatory change in numerous jurisdictions.

This is where this book comes in. It provides general counsels, regulators and lawyers with a comprehensive insight into banking regulation in 28 jurisdictions around the world. The chapters have been written by leading practitioners in each jurisdiction, who provide their analysis and views on the current state of regulation and ongoing developments. To facilitate comparisons, the structure of each chapter is the same: It starts by introducing the reader to the architecture of banking regulation in each jurisdiction, covering both the rules that are applicable to banks and the regulators in charge of supervising and enforcing them, followed by an overview of new trends and legal developments in the area of banking. The authors further describe the key requirements for governance of the board of directors and senior executive management, as well as the internal control environment of the entire financial institution. The chapters then extend to presenting regulatory capital requirements, analysing the role of national and international standards in defining these requirements, as well as the impact of international initiatives to improve capital and liquidity requirements in the jurisdictions that are surveyed. Finally, the rules protecting clients are reviewed, covering not only rules that apply to the conduct of banks when dealing with clients, but also rules on cross-border services and anti-money laundering initiatives. Overall, our hope is that this book will prove a stimulating and insightful read, which will prepare banks and their advisers not only to overcome but to master the challenges they and their clients are facing at a global level. Peter Ch. Hsu & Rashid Bahar Bär & Karrer Ltd.

Redefining banking in the post-crisis world

This is a book about banking regulation. It divides into a series of chapters, arranged alphabetically by jurisdiction. The contributors are acknowledged legal experts in their fields, working as partners or associates with leading national and international firms. This book is now into its sixth edition, and the publishers felt that it therefore merited an introductory chapter, something not featured previously – not merely a preface or foreword, however, but something more substantial.

But this chapter cannot be an overview or summary of the rest of this book. The chapters that follow can and will speak for themselves. I would like to offer something a little different – something that may help to place the rapidly changing world of banking and bank regulation into a broader context.

The shifting relationship between banking regulation and regulation of other financial services

The relationship of banking to other facets of the financial services sector in recent generations has been close at times, yet strangely non-correlated in terms of regulation. Banking is older, by far, than activities such as stock-broking or insurance. There is evidence of both lending and deposit-taking activity from the ancient world, well predating the concept of money, in fact.

The arrival in more recent centuries of securities markets, companies that issue their own shares, collective asset and fund management, and the entire concept of insurance, has stimulated the bankers into becoming involved in these newer market features, as facets of their own core business of lending and taking deposits. Over time, it has led to a complex relationship between these various activities and their principal actors. Needless to say, modern technology, and the far greater interconnectedness of international markets, have greatly complicated the process of practical regulation.

In the last 33 years, we have moved through various regulatory iterations in the UK:

Formal securities regulation was imposed in the UK under the Financial Services Act •1986. Various organs sprang up to regulate shares, debt, funds, derivatives and insurance, all at that stage operating alongside a semi-statutory framework for the regulation of banks, still controlled by the Bank of England.1 All of these components were designed to regulate themselves.

Various factors2 led by 1997–8 to a desire for formal statutory regulation, and a single •regulator to oversee everything. With the coming into force on 1 December 2001 of

Daniel Tunkel Memery Crystal LLP

GLI – Banking Regulation 2019, Sixth Edition www.globallegalinsights.com1

© Published and reproduced with kind permission by Global Legal Group Ltd, London

the Financial Services and Markets Act 2000, this regulator was the Financial Services Authority. The FSA even absorbed the function of regulating banks for the first time.3

The 2007–9 Financial Crisis demonstrated flaws in the FSA regime. Thus, from 2013, •the UK system officially reverted to one of two regulators. Responsibility for the prudential regulation of banks was retransferred to a facet of the Bank of England, constituted as the Prudential Regulation Authority. A pared-back version of the FSA, now called the Financial Conduct Authority, was left to look after everything else.4

Even this has not settled matters, as from the coming into force of the Financial •Services (Banking Reform) Act 2013, a third regulator was added to the mix – the Payment Systems Regulator – with a range of powers to compel financial institutions to do various things to ensure that payment systems operate in a fair and competitive fashion. The PSR has been fully operational since April 2015.

We are sure to see further recalibration with time. But it will be immediately apparent from all of this that each of these iterations has had at least something to do with the difficulty in reconciling a system which regulates banks and bankers with another that regulates practically everything else. It would be unrealistic – and frankly incorrect – to build a picture that omits reference to the impact of non-bank-related failings on the evolving regulatory system.

Failures in the UK to properly regulate pension funds, split level investment trusts, and the distribution of certain retail insurance products, have dogged the regulatory system as well, led to substantial payments in investor compensation, and had nothing to do per se with the alleged demerits of banks. Yet the friction between how to regulate a bank, and how to fit this into the larger overall regulatory picture, has been a consistent theme over the last three decades.

Nor is any of this unique to the UK. Building somewhat on the dissonances implicit in this brief description, I will aim in this chapter to offer a conceptual overview to the world of banking regulation, and perhaps develop some ideas for how this may be taken (propelled, dragged) forward in years to come.

The historic balance between depositors and borrowers

I commend a comprehensive article available from Wikipedia5 that summarises the history of banking, tracing it as a concept from the most ancient of periods down to modern times. The concept of a loan, now in exchange for a repayment with interest or profit at a later date, is not even dependent upon money as we know it.6 And we see examples of temples and other state enterprises of the ancient world used as depositories of valuable items, affording the creation of a deposit system against which the value of loans could be offset.

Money (coin) emerges into history at about the same time (7th century BCE) simultaneously in China, India and Greece/Asia Minor. This is specifically minted coin, as opposed to representative tokens that existed somewhat earlier. The term “money” (and “mint”, for that matter) derives from the coin manufacture activities associated with the ancient Roman temple to the Goddess Moneta.7 In time, coin came to be represented by forms of note, and a bank’s pledge to pay coin to the value of a note transformed that note into a thing of actual rather than purely representative value.

Today’s system proffers institutions calling themselves “banks”, that posture to accept deposits and use these to finance lending activities. The term itself is from the Italian “banco”, meaning a bench, specifically a merchants’ bench, where the lender and the

Memery Crystal LLP Banking in the post-crisis world



borrower would sit at each end and the subject matter of the loan or its repayment would lie between them, while the negotiations took place for its advance and repayment.

And this is very much the point. Banking has always been a matter of a balance between those who deposit and those who borrow, and banking regulation has therefore assisted in marshalling this process and seeking to maintain that balance. Banking, like pretty much anything else, follows the ebb and flow of economic fortune, and history records that attempts to regulate this balance have often misfired, or been over-reactive.8

The balance changes…

Since the Financial Crisis in 2007–9, this balanced model has started to show signs of significant change. There are those who resist change. We are not fond of contemplating change, because it is much simpler to fix the model (or feign to do so) than to replace it. Something as fundamental as the balance between deposit and credit surely cannot be about to change – can it? Why should the correct reaction to the Financial Crises be anything more than placing obligations on banks (those that survived) to build up their regulatory capital buffers?

What is happening? What are people perhaps missing? And what could we be doing to anticipate this? The key fundamental is there for all to see; it is that, while loans will always still be needed, deposits are going to become a thing of the past. We are witnessing the rise of a system that does not need to create loan capital ballast (or, frankly, regulatory capital to support the banking business proposition) derived from asking people to deposit their money or assets. There are other ways to address this concept, derived from technology and public interest. And with regard to the operation of “payment accounts” (as the EU Second Payment Services Directive refers to them9), these will serve very well for conventional bank current accounting purposes.

Something rather unusual seems to have happened through, and as a corollary of, the Financial Crisis. Readers will recall how everybody vilified bankers, individuals who did rash things with their financial institutions and imperilled the balance of the economy; yet the banks themselves, we somehow came rather to admire. We found ourselves discussing the concept of the “bank too big to fail”, and although Lehman Brothers turned out not to be one such in the end, fragments of other failed or failing institutions were forced together to create survivable entities. From the perspective of the free market economy, a vehicle like Royal Bank of Scotland, 75% or more owned by the UK taxpayer 10 years from the Crash and still not in profit, very much has failed as an institution. It has failed in its mission to be a true independent player in that balanced market between depositors and borrowers. Yet there seems to be a residual reverence for that institution which goes some way beyond the recovery of the tax-payers’ cash that was used to bail it out.

This sort of commercial failure has demonstrated something else. The survivor banks from before the Crash are relatively poor at lending. But somehow this appears not to matter all that much. Perhaps this is because there is, in fact, a “bank” that is too large to fail, which we can properly refer to as the Bank of the General Public. It has no licence from the PRA; it offers no contracts or other services; strictly speaking, it does not even carry on business; and one can think of it as operating from more separate branches than the mind can readily contemplate. It is diffuse, unwieldy, complicated to get and stay in touch with; but – and this is critical – it is just one text or email away from significant financial activity. What we have seen develop in the last few years are devices that




recognise all of these facts and premises. It is now straightforward to liberate the value in the cash and assets that all these millions of people hold and make this available as loan capital for the benefit of all manner of potential borrowers.

Payment services versus traditional current accounting

First, we must consider the rise and rise of the payment services provider (and his close relation, the e-money issuer). What matters to a payments firm is the transactional function of payment and money transfer rather than the holding of money for those purposes. A “payment account” is a means to an end, transitioning money to the intended recipient, broadly speaking, as swiftly as possible. An account as a means of making payments and, necessarily, receiving cash from which such payments are to be made, looks remarkably like a current (or checking) account at a bank. But the cost base is far lower, chiefly since there will, at least in theory, be no requirement for long-term deposit of cash, and therefore much reduced risk of default. In principle, every person using a current account at a bank for the processing of payments should prefer this model, on grounds of cost saving alone. That we have not reached this tipping point yet is perhaps due to residual reverence for banks, noted above, and the fact that a lot of bank account users are still a little internet-shy. As bank branches continue to disappear from high streets, expect this to change. And the days of the cheque book are similarly numbered.10

There is another more important consideration, and this is relevant to a book about regulation as opposed to a study of changing social habits in personal finance. Banks in most countries are generally subject to some form of state-backed compensation scheme to protect account-holders (depositors) in the case of bank failure. At £85,000 per retail account holder, the UK’s Deposit Protection scheme is among the most generous. There is no compensation scheme for users of payment or e-money firms. That is to say, the relevant Directives within the EU do not mandate this, and whatever individual European Member States decide to do domestically is left to their law-makers. Payment firms are obliged to clarify this in their contracts and sales literature, and that may deter folk from using their services in lieu of traditional banking arrangements.

We can perhaps expect this to move over time, as people become more accustomed to using payment firms. The question of whether payment firms ought to be placed under some sort of “deposit” protection scheme has been raised, though the clue as to why this has not found favour is in the terminology. They do not accept deposits, and so there is nothing for that sort of a protection scheme to bite upon.

Peer-to-peer lending (P2P) versus traditional lending

P2P is a more complex proposition altogether. The premise of lending (even where security is taken) is not complex in itself. But, just as the payment services provider does not depend on an institution that holds capital from which to resource payments, the operator of a P2P service need hold no deposited cash either.

P2P for lending has taken off in the UK and various other parts of the world, regulatory teething problems notwithstanding. The idea was first used for typical forms of unsecured personal finance, but secured real estate finance models have more recently come to the fore. And the model is well suited to other forms of financial arrangement.

What is remarkable about the P2P concept is just how extensible it is. We are seeing, or soon will see, P2P routinely used for insurance,11 consumer finance12 and even mortgages.13 It represents a practical and very useful way for the spreading of risk over a wide range of individuals. They are happy to each make perhaps modest amounts of personal money




available for syndication into larger projects, because these offer return rates that are far more attractive than bank deposits or fixed income notes.

But there is a regulatory catch here as well. The simplest way to express this is to say that, hitherto, rather too many P2P operators have presented their offering as remarkably low-risk. Some have even offered protection funds to return cash to lenders whose borrowers have defaulted (and used this as a device to claim a remarkably high non-default rate that has, in practice, never seen the protection fund drawn upon). The issue of lending or financing via a P2P service not being risk-free or low-risk has exercised the FCA in the UK, which is now looking for devices to underpin this element.

We may be moving to a structure that requires lenders to prove that the loans they intend to make are suitable (this has never yet been required in relation to P2P lending). This approach will make the entire service much more expensive to administer. More to the point, one wonders if there is any extra investor protection through this regulatory intervention that could not be achieved through better information and fairer disclosure by the operators.

The essential missing ingredient, however, is once again that there is no protection scheme for investors who lose their money. But is it logical that there should be a protection scheme for lenders whose borrowers have defaulted? Why should this form of unpaid debt lead to a compensation cheque when none is due if the issuer of a bond (or equities, for that matter) goes into insolvency?

There is another fallacy at large here. There is a broad supposition that a bank deposit account is as simple a product as you can imagine, while P2P lending operates under some often quite complex agreements. The latter is true and largely unavoidable. But bank deposits are very much more complex than they may seem. Few retail account customers read the “small print” in their terms of business; they really ought to. Interest rates are structured to reflect the manifold tensions of a bank’s businesses, the derivatives it enters into to fix rates in the market and the risks it absorbs when its debtors do not pay: but the retail depositor is aware of none of this. Because P2P is newer and called attention to itself in the current regulatory climate, much more attention is paid by the Regulators to the manner of a P2P operator’s model. Yet actually, the substance of a P2P lending service when compared with the complex architecture of a banker’s all-encompassing risk model is not all that complicated. In time, this should become more apparent.

And commercial lending?

All we need say here is that this market is evolving rapidly as well. Banks are no longer the unchallenged sources of principal debt finance. In fact, there is a clear intersect with the P2P market, in that even if retail lenders are involved in the regulated P2P model, commercial lenders and financial institutions exist to oil the machinery of the lending scheme.

So what needs to happen?

We need nothing short of a radical review of the whole market – a review that recognises:

that deposit-taking is waning in importance; •

that cash-sourcing via the internet means the cash stays with its principal lenders – •the general public – until needed; and

that functions of lending and payment-making that were the banker’s monopoly for •generations have been effectively upstaged by new and far less expensive models.




But those models need to be better integrated into regulation and recognised for what they are: the banks, lenders and payment systems of the future. The intelligent and integrated approach should see at least the following start to emerge:

Complete regulatory parity for all entities offering payment accounts. If a protection •scheme is desirable for users whose service providers cease to trade, then this needs to apply uniformly across the whole sector. However, it is probably better to say that it should not apply across any of the sector once banks, as we know them, have evolved into mere manufacturers of payments, with no deposits to risk falling victim to another financial crash.

Very possibly a fundamental separation of the payment and the lending side of a bank. •Some steps have been taken to separate out routine from “risk” banking in the UK and elsewhere, though this was intended to ensure only that the basic depositor did not suffer if the other side of his bank engaged in high-risk trading of some sort. The next logical stage will be for a bank to split off its payment service, so that this can operate in the same low-cost environment that the payment firms enjoy. This will increase market competition and bring down the cost of service to bank customers, and that can only be for the best.

Broad equivalence in several respects in the treatment of lending through a P2P •service and lending by a bank. Perhaps there is not a case for a compensation or protection scheme in the P2P sector, unless the P2P entity is actually holding deposited cash. Presently, the P2P operators do not do so (as cash in client accounts is held at a bank in the ordinary way). But as, in time, the Bank of the General Public comes to be the largest-value direct lender via P2P services, we will need to consider if the structure, documentation and regulation of lending as such should be recast.

A much clearer understanding of what is disclosed to customers of any of these •entities, so that they have a properly informed structure for taking their decisions. This needs to happen among all of the players. And a part of this is the need for better overall understanding of the way investments, loans, etc. actually work. The FCA has a didactic objective, but seldom approaches this in a generic or discursive manner (preferring only to speak about specific issues as they arise). That, too, has to change; and it is a challenge for regulators around the world to act likewise.

Fairer and more dependable price comparison services and service providers. There •is no regulation that monitors the way that these comparisons are made, and there is material concern that some who offer this service are actually skewing the results they provide and rendering the comparison service materially unfair.14

The bank as a lender has a future in competition with these newer forms of lending service. As a deposit taker, its days are rather more limited (as will be its actual functions over time). And as a current/payment account operator, its survival will depend upon moving its operation into the sphere of the payment services firms and thereby reducing its cost base. It has to be said, though, that so profound has been the technological investment by the new players in the payments market that it is even now not certain that there is room for the old-fashioned banks to set themselves up for this move.

These are interesting and rapidly changing times. A final point to note is that at the time of writing, we have yet to take any of the new models for payments and lending through a full credit cycle, and – in spite of everything said or gestured so far – we may yet find that the P2P players, for example, are not as robust as they need to be to survive a downturn.




Endnotes

1. Under the Banking Acts 1979 and 1987. Insurance underwriting was regulated under its own legislation, the Insurance Companies Act 1982; consumer credit under the Consumer Credit Act 1974; building societies under the Building Societies Act 1986, and so forth. Some aspects, such as insurance brokerage and mortgage lending, were barely regulated at all till then. And the entire pensions industry was, as yet, not touched by statute, though that would change significantly from the 1990s onwards.

2. For example, the scandal over the capacity of Robert Maxwell to raid his companies’ pension funds (which came to light only after his death in controversial circumstances in November 1991), and the collapse of banks such as BCCI in July 1991 and Barings in February 1995.

3. Under the Bank of England Act 1998.

4. Still a colossal mandate, made larger yet with the addition of mortgages, consumer credit and, from April 2015, benchmarks.

5. http://en.m.wikipedia.org/wiki/history_of_banking.

6. See Genesis 47:23-24, for Joseph’s deal with the Egyptian farmers regarding grain for planting and their obligations to the Pharaoh at harvest time.

7. Wikipedia again informs: http://en.m.wikipedia.org/wiki/history_of_money.

8. Or perhaps overly permissive, if one presumes that in repealing the Glass-Steagall Act of 1933, the Gramm-Leach-Bliley Act of 1999 afforded American banks too much control over the securities industry that the 1933 Act had come into force to restrict after the Great Crash.

9. Payment Services Regulations 2017 reg. 2(1): “payment account” means an account held in the name of one or more payment service users which is used for the execution of payment transactions. There are dependent definitions of some of the jargon in this one, but it is pretty clear from its terms what it means.

10. Where there is need for a longer-term deposit of cash, currently a bank or equivalent institution is still going to be needed. Payment firms operate on low margins in their regular markets, so the availability of a structure such as a capital-raising exercise, with money held for the medium term and disbursed on the closing of a fund or contract, is attractive. For the time being, though, a bank has to hold the suspense cash. We shall see whether this changes with time.

11. For an operating example, see www.friendsurance.com.

12. See www.my-payz.com – quotes for individual purchases on credit at checkout sourced from the Crowd.

13. See e.g. www.landbay.com, which holds itself out as a buy-to-let mortgage finance service.

14. For example, the announcement of a Competition and Markets Authority investigation into www.comparethemarket.com in the UK in September 2017, leading to a further announcement in November 2018 that this operator may have broken the law.





GLI – Banking Regulation 2019, Sixth Edition© Published and reproduced with kind permission by Global Legal Group Ltd, London

www.globallegalinsights.com8

Daniel Tunkel

Tel: +44 207 421 7310 / Email: [email protected]

Daniel Tunkel has a career of 32 years in regulatory financial services, 19 as

a partner with a range of London firms. He has headed financial regulation

and investment funds for Memery Crystal since moving to that firm in August

2018. He advises clients across the whole range of UK financial regulation

activities, and has particular involvement in the last five years or so with peer-

to-peer lending, crowd funding, payment services and e-money.

165 Fleet Street, London EC4A 2DY, United Kingdom

Tel: +44 207 242 5905 / URL: www.memerycrystal.com

Memery Crystal LLP

Andorra

Introduction

The Principality of Andorra (“Andorra”) is a microstate situated in the southwest of Europe, embedded in the eastern side of the Pyrenees, bordered by Spain and France. Andorra has a unique institutional system headed by two co-princes, the Bishop of Urgell and the President of the French Republic. In 1993, the Constitution was approved by referendum, which allowed Andorra to achieve international recognition and become a member of the United Nations and the Council of Europe. In this sense, Andorra, which is structured into seven administrative regions known as ‘parishes’, established itself as a parliamentary democracy with a Head of Government elected by the General Council, its Parliament and, as mentioned above, with the co-princes as its Head of State.

Andorra has historically based its significant economic prosperity on a competitive model based on tourism, trade, construction and its capacity as a financial hub.

The 2008 financial crisis, which affected the bordering states, was the starting point of a transition from a rather closed tax haven to a competitive, open and low-taxation jurisdiction. The change in the economic model has been accompanied by a new regulatory environment in line with the international standards, the liberalisation of foreign investment and human capital and competitiveness.

Therefore, Andorra has opted for a standardisation of the level playing field with other European countries and the recommendations of the OECD, but modulating certain distinctive features in order to enable Andorra to be more competitive in the offered services, particularly in trade and tourism, and also enable the country to become one of the most attractive jurisdictions in Europe with respect to the development of investment projects and business initiatives worldwide.

Andorra’s new economic model, based on the liberalisation of foreign investment, provides a host of international strategic opportunities at both corporate and individual levels, which is complemented by a competitive tax framework and an exceptional living standard.

Andorra has a very strong financial industry, with a local financial system that makes it one of the most relevant financial investment hubs, comparable to Luxembourg or Switzerland. The Andorran financial sector is the backbone of the Andorran economy, its core being the banking sector. To the extent that Andorra has a significant banking sector which operates in close connection with EU member countries, relevant EU banking and financial legislation is in force, such as legislation concerning the prevention of money laundering, terrorist financing and fraud, statistical reporting requirements, investors’ protection, among others.

On June 2011, Andorra signed a Monetary Agreement with the European Union. The

Miguel Cases & Marc Ambrós Cases & Lacambra



Monetary Agreement not only recognises the euro as the official currency of Andorra, but also the right to issue euro coins and the obligation to grant legal tender status to euro banknotes and coins issued by the Eurosystem. The Monetary Agreement represents the cornerstone of the legal changes envisaged for the next 10 years, as it requires Andorra to adopt within certain timeframes a substantial part of all the EU financial legislation. Furthermore, on September 2013, the International Organization of Securities Commissions (“IOSCO”) protocol for multilateral agreement on consultations was signed.

To this extent, the Andorran legal system has been changed since the Monetary Agreement came into effect on 1 April 2012, as it allowed reciprocal cooperation, assistance and exchange of information at an international level with the regulatory and supervisory authorities of global markets.

The negotiations between Andorra and the EU for reaching an Association Agreement started in April 2014. As of today’s date, it continues under negotiation, with some key areas being discussed (e.g. freedom to provide services and free movement of goods and persons).

The normal functioning of the Andorran economy needs the Andorran banking sector to be prepared for the future challenges, including the supervisory authority and other bodies involved in investment and financing activities in the Andorran jurisdiction. This is a critical point to transform a potential threat into an opportunity to adapt its services and processes to international standards.

Accordingly, Andorran banking entities are continuously monitoring the most up-to-date significant developments in banking regulation, such as good practice requirements defined by the Basel Committee, and the challenges of ensuring financial and insurance products, corporate governance, among others, with the clear purpose of positioning themselves within the global markets.

The progressive convergence of the Andorran and EU legal framework by means of the Monetary Agreement – which foresees the implementation of MiFID II, MiFIR and the EMIR framework within 2019 and 2020 – will be a tectonic shift from the previous framework in regulatory terms, which will impose increasing regulatory and adaptation costs on Andorran financial entities. On top of that, Andorran financial entities will be obliged to concentrate significant resources on technological innovation and digital transformation. This upcoming scenario may open wide the doors for the entry of new players into the Andorran financial system.

Lastly, national elections will be conducted in the first quarter of 2019.

Regulatory architecture: Overview of banking regulators and key regulations

Andorran banking regulators

Under the Andorran Constitution, the legislative initiative lies jointly with the General Council (“Consell General”) and the Andorran Government. The General Council exercises legislative power in the Andorran jurisdiction and is composed of 28 general councillors, elected by universal suffrage for a period of four years. By law, the General Council can delegate the exercise of legislative function to the Andorran Government. In case of extreme urgency and necessity, the Government may submit to the General Council a draft articulated text for its approval as a law, within 48 hours.

The Andorran Financial Authority (“AFA”) is the regulatory and supervisory authority of the Andorran financial system; AFA is granted with powers to issue, among others, technical communications and recommendations in order to develop regulations and

Cases & Lacambra Andorra



standards regarding the exercise of banking activities. Furthermore, its constitutive law grants AFA the ability to set the applicable fallback of international standards for interpretational and prudential supervision purposes.

As the authority of the Andorran financial system, its functions include: (i) to promote and ensure the functioning of the Andorran financial system; (ii) to ensure the stability and safeguard the reputation of the Andorran financial system; (iii) to ensure adequate protection of clients and investors; (iv) to promote the competitiveness of the Andorran financial system; and (v) to reduce systemic risk arising from the instability of the financial markets.

In addition, the AFA: (i) has the power to carry out all the actions that are necessary to ensure the correct development of its supervision and control functions to the entities which compose the Andorran financial system (and their consolidated groups); (ii) exercises disciplinary and sanctioning power over these entities; (iii) provides treasury and public debt management services; (iv) manages customer complaints which are submitted to the AFA; (v) is responsible for the international relations with central banks and other supervisory authorities; and (vi) submits reports and opinions on financial legislation to the Andorran Government.

On 17 September 2013, the AFA was accepted as a new ordinary member of the IOSCO.

There are other bodies involved in financial activities whose functions are not strictly regulatory, but their role is essential for the adequate functioning of the Andorran financial system.

The Andorran Financial Intelligence Unit (“UIFAND”) is an independent body created to promote and coordinate measures to prevent money laundering and terrorist financing. This unit was created in 2000 under the Law for international cooperation on criminal matters and the fight against money laundering arising from international crime, following recommendations of the European Council’s MONEYVAL Committee and the 40 recommendations from the Financial Action Task Force (“FATF”).

The UIFAND has the following functions: (i) manages and promotes the activities of prevention and the fight against the use of the financial system for money laundering or terrorist financing; (ii) issues technical communications; (iii) requests any information or documents to reporting subjects, including Andorran banking entities; (iv) conducts on-site inspections; (v) requests and receives certificates from the competent judicial authorities for criminal records; (vi) receives and analyses the statements and all written or oral communications from reporting subjects; (vii) cooperates with other foreign organisations; (viii) sanctions minor administrative offences; (ix) submits to the Public Prosecutor all appropriate cases where there are reasonable suspicions of having committed a criminal offence; and (x) submits proposed regulations to the Andorran Government relating to the fight against money laundering and terrorist financing.

The State Agency for the Resolution of Banking Institutions (“AREB”) is a public institution created by Law 8/2015, on urgent measures to introduce mechanisms for the recovery and resolution of banking institutions of 2 April (Law 8/2015). This law attributes to this agency the management of the processes for the winding-up and resolution of banking entities.

The Andorran Fund for the Resolution of Banking Institutions (“FAREB”) was created for the purpose of financing the measures agreed by the AREB in the application of Law 8/2015. This institution, which does not have legal personality, is managed by the AREB.

The Andorran Data Protection Agency (“APDA”), created by the Andorran Data Protection Act 15/2003 of 18 December 2003, is a public institution which exercises independent authority over the treatment of personal information provided by individuals,




private entities and Andorra’s public administration in order to ensure respect for the fundamental rights of individuals in all automated or manual processes involving an exchange of information.

The Commerce and Consumer Unit (“UCiC”) is responsible for the development, promotion and implementation of policies in order to improve the Andorran commercial sector as well as the rights and protection of consumers. The UCiC is composed of three specific institutions: the Registry of Commerce; the Commerce and Consumer Affairs Inspectorate; and the Consumer Affairs Service.

The Association of Andorran Banks (“ABA”) was founded on 11 November 1960. The ABA is an association which represents the collective interests of all its members, the Andorran banking entities, while guaranteeing good banking practices. The ABA provides information for its members and the public in general, proposes appropriate recommendations and promotes cooperation among its members.

Lastly, as Andorran banking entities operate in international markets, the supervision and verification of the origin and destination of funds deposited in the Andorran banking entities is guaranteed by the International Monetary Fund and the European Council.

The key legislation or regulations applicable to banks in the Andorran jurisdiction

The Andorran banking system is based on a universal banking model, in which Andorran banking entities offer a complete range of banking services (retail and private banking), asset management, brokering, credit transactions, equity management and other financial services.

Andorran legislation strictly prohibits opaque structures, such as trusts or private foundations, to promote offshore investment structures, which prevent the identification of beneficiaries.

The Andorran legal framework is aligned with neighbouring EU countries and regulates banking and finance issues related to banking entities’ regime, solvency, capital requirements, supervision, anti-money laundering and terrorist financing, and investor protection.

Since the Monetary Agreement was signed between Andorra and the European Union in 2011, Andorra has implemented several European regulations on banking and financial issues. The most important European regulations already transposed to Andorran legislation are the following:

Council Directive 85/611/EEC of 20 December 1985 on the coordination of laws, •regulations and administrative provisions relating to undertakings for collective investment in transferable securities (“UCITS I”).

Directive 94/19/EC of the European Parliament and of the Council of 30 May 1994 on •deposit guarantee schemes.

Directive 2002/47/EC of the European Parliament and of the Council of 6 June 2002 •on financial collateral arrangements.

Directive 2004/39/EC of the European Parliament and of the Council of 21 April 2004 •on markets in financial instruments (“MiFID Directive”).

Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May •2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (Fourth Money Laundering Directive).

Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May •2015 on information accompanying transfers of funds (Funds Transfer Regulation).

Directive 2007/64/EC of the European Parliament and of the Council of 13 November •2007 on payment services in the internal market (“PSDI”).




Directive 2009/110/EC of the European Parliament and of the Council of 16 September •2009 on the taking-up, pursuit and prudential supervision of the business of electronic money institutions (“Electronic Money Directive”).

Directive 2014/49/EU of the European Parliament and of the Council of 16 April 2014 •on deposit guarantee schemes.

Directive 97/9/EC of the European Parliament and of the Council of 3 March 1997 on •investor-compensation schemes.

Furthermore, please note that the implementation of Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms (“CRDIV”), Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012 (“CRR”) and, partially, Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments (“MiFID II”), is projected in a draft bill which currently is in the later stages of parliamentary procedure. Its approval and entry into force is expected between today’s date and first quarter of 2019.

Regime for banking entities

Law 35/2010 on the legal regime for authorising the creation of new operating entities within the Andorran financial system, dated 3 June 2010 (Law 35/2010). The law regulates the legal regime for authorising the creation of new Andorran operating entities.

Law 7/2013 on the legal regime of the entities operating within the Andorran financial system and other provisions regulating the exercise of financial activities in the Principality of Andorra, dated 9 May 2013 (Law 7/2013). The law sets out the legal regime of entities operating within the financial system and regulates financial activities within the Principality of Andorra.

Law 8/2013 on the organisational requirements and the operational conditions of entities operating within the financial system, investor protection, market abuse and contractual netting arrangements, dated 9 May 2013 (Law 8/2013). The law establishes: the organisational requirements and operating conditions for the exercise of the activities of entities operating within the financial system; the minimum requirements to be followed by these entities to safeguard investor protection; the obligations, prohibitions and the penalties system for market abuse; and the regulatory framework of the contractual netting agreements.

In accordance with the aforementioned legislation, the composition of the Andorran financial system is as follows:

The financial activities regulated and exercised by the entities operating within the •Andorran financial system, which are: (i) banking entities; (ii) financial investments entities (financial investment companies, financial investment agencies, asset management companies, financial consultants); (iii) management companies of collective investment undertakings; (iv) non-banking financial institutions, in specialised credit; (v) payment entities (“entitats de pagament”); and (vi) electronic money institutions (“entitats de diner electrònic”).

Financial agents (“agents financers”) acting on behalf of any of the entities listed above •and Andorran insurance or reinsurance entities (“entitats asseguradores i reasseguradores”) are also operating entities in the Andorran financial system.

The Andorran financial markets. •




Other activities related to the entities operating within the financial system and the •Andorran financial markets, including professional associations in the financial sector.

Law 10/2008 regulating Andorran collective investment undertakings, dated 12 June 2008 (Law 10/2008). The law includes the constitution of investment undertakings in the Principality of Andorra, and regulates their functioning and distribution. Depending on the type of investor, purpose of the vehicle and advertising involved, we can find fully regulated collective investment vehicles to closed alternative investments funds.

Supervision

Law 10/2013 of the Andorran National Institute of Finance (“AFA”), dated 23 May 2013 (Law 10/2013). The law regulates the nature and legal status of the AFA, its objectives, functions, competences and responsibilities, as well as its organisation, the obligation to secrecy and international cooperation. Law 10/2013 was modified this year, in order to change the denomination from “INAF” to “AFA”. This regulatory body supervises the Andorran insurance and reinsurance sector from 2018.

Law 8/2015 on urgent measures to introduce mechanisms for the recovery and resolution of banking entities, dated 2 April 2015 (Law 8/2015). This piece of legislation is based on the provisions within Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014, establishing a framework for recovery and resolution processes to ensure financial stability. In addition, the law regulates the nature and legal status of the AREB as the competent authority and the FAREB, with the aim of financing the measures agreed by the AREB.

The Memorandum of Understanding (“MoU”) was signed between Andorra and Spain on 4 April 2011. The MoU: (i) constitutes an agreement for a consolidated cooperation in the supervisory framework between the AFA and the Bank of Spain “Banco de España”; (ii) establishes the terms of the protocol for the relationship and collaboration between both authorities; and (iii) enables the supervisory authority of the country of origin to request information of consolidated risks of banking groups from the relevant authority of the country where the entity has subsidiaries.

Financial system

Law 20/2018 of 13 September, regulating the Andorran Guarantee Deposit Fund and Andorran Investment Guarantee System (Law 20/2018). This law adapts Andorran legislation to the requirements of the European Union and establishes a regime designed to protect the robustness and capital adequacy of the Andorran financial system in relation to the depositors. The maximum amount covered is €100,000 per depositor and €100,000 per investor for each entity (based on an “ex post” guarantee system).

Law regulating the disciplinary regime of the financial system, dated 27 November 1997 (Disciplinary Law). The law establishes the disciplinary regime applicable to the entities that compose the Andorran financial system in order to guarantee its stability and solvency.

Law regulating the capital adequacy and liquidity criteria of financial institutions, dated 29 February 1996 (“Capital Adequacy Law”). The law establishes the capital adequacy ratio at a minimum of 10%, and the liquidity ratio at a minimum of 40%. As referred to above, the draft bill implementing CRR and CRDIV provisions on prudential, solvency and liquidity requirements is still going through parliamentary procedure.

Decree approving the accounting framework for entities and collective investment undertakings created under Andorran law operating in the Andorran financial system,




dated 22 December 2016, which requires entities operating in the Andorran financial system and Andorran collective investment undertakings to prepare their individual and consolidated annual accounts in accordance with the international financial reporting standards adopted by the European Union (“IFRS-EU”).

Insurance sector

Law 12/2017, on regulation and supervision of insurances and reinsurances on the Principality of Andorra, dated 22 June 2017 (Insurance Law). The law establishes the applicable regulation for the insurance and reinsurance Andorran market, with the aim of creating a modern, comprehensive and efficient regulatory framework in order to align its regulatory system with the changes produced in the European regulatory environment, and guarantees challenges to come for the Andorran financial system. Under the Insurance Law, supervision over the Andorran insurance and reinsurance market, jointly with the banking and financial investment sector, will be conducted by the AFA, which emerges as a macroprudential supervisory authority.

International cooperation on criminal issues and anti-money laundering/terrorist financing provisions

Law 14/2017, on prevention and fight against the money or securities laundering and the terrorism financing, dated 22 June 2017 (AML Law). The law establishes procedures to identify customers, adequate procedures and controls to detect suspicious operations arising from organised crime, the training of personnel in specific money-laundering prevention programmes, and an external auditor to review the level of anti-money laundering compliance. This law implements the Fourth Money Laundering Directive provisions and the recommendations provided by the Financial Action Task Force (FATF) to adapt the Andorran legal framework to the latest international standards in these areas. The regulation for development of AML Law (AML Regulation) was passed this year and entered into force on 6 June.

Miscellaneous

Law 20/2014, regulating electronic contracting and operators which develop their economic activity in a digital space, dated 16 October 2014 (Law 20/2014). The law establishes: the obligations of operators, the regime of liability of operators and, in particular, providers of brokerage of such services; the regime of electronic commercial communications; and includes provisions regarding extrajudicial conflict-resolution and the use of instruments of self-regulation, codes of conduct and guarantees. The aim of the law is to establish a basic legal framework for the development of economic activities in the digital space and electronic contracting, particularly, electronic commercial communications, the process of formation and perfection of the contracts, and the conditions for its enforcement.

Law 13/2013, which regulates effective competition and consumer protection, dated 13 June 2013 (Law 13/2013). The law aims to improve conditions for consumer protection and market efficiency, with the ultimate goal of having a system that provides an adequate legal instrument to protect consumers. The provisions regulate antitrust, unfair competition and consumer protection. In the area of antitrust, the objective is to get companies operating independently in the market. Regarding unfair competition, the law seeks to limit unfair and dishonest practices in industrial and commercial fields. In the area of consumer protection, the law intends to modernise the existing regulations in the Principality of Andorra that will guarantee efficient access of citizens to goods and services.




Decree regulating the cessation of payments and insolvency, dated 4 October 1969 (Insolvency Law), which is the insolvency provision of Andorra. The Decree regulates the premises for the declaration of insolvency, through an arrangement with creditors or the liquidation of the company.

Law 9/2005 which regulates the Andorran Criminal Code, dated 21 February 2005, includes the violation of professional secrecy as a criminal offence, and it is punished with imprisonment for three months to three years.

Law 15/2003 on the protection of personal data, dated 18 December 2003 (Law 15/2003), which is intended to guarantee and protect the fundamental rights of natural persons and, in particular, their personal and familiar privacy with regard to the processing of data. The law establishes not only general principles applicable to all processing of personal data but also specific requirements governing the collection and processing of data carried out by both persons and private entities as well as the Andorran Public Administration. Please note that Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) could impact on transfer of personal data carried out from Andorra due to its extraterritorial scope of application.

Law 10/2012 on Foreign Investments, dated 21 June 2012 (Law on Foreign Investments). The aim of the law is to liberalise foreign investment in Andorra. The law removes the previous requirement whereby a local partner had to be prior authorised to invest in any kind of business, corporation or assets located in Andorra. Currently, the only requirement is a prior authorisation of the Andorran Government for foreign investments which exceed a 10% stake in a local company. This authorisation is given within 30 days of the application being submitted. There are three requirements to be fulfilled: (i) the partners’ identity; (ii) the invested capital; and (iii) the business plan. Its impact on foreign banking entities which aim to set up in the Andorran jurisdiction is related to the fact that prior authorisation of the Andorran Government is needed for its constitution.

Law 19/2016, on International Automatic Exchange of Information in Tax Matters, dated 30 November 2016 (Tax Information Exchange Law) entered into force within the Principality of Andorra in 1 January 2017, in order to implement internally the Common Reporting Standard (CRS) approved by the OECD on July 2014 and, especially, the International Protocol executed on 12 February 2016 between the European Union and the Principality of Andorra introducing the automatic exchange-of-tax information standard between Andorra and the 28 member countries of the European Union.

The reporting parties under the Tax Information Exchange Law are Andorran financial entities, described by law as follows: (i) banking entities; (ii) investment financial entities; (iii) investment financial agencies; (iv) asset management firms; and (v) collective investment management entities. The basic criteria for the exchange of tax information will be based on the tax residence of the owner/s or person/s who exercise/s control over the legal person, or the owner/s of the current account/deposit account/securities/life insurance “cash value” at the end of each calendar year.

The scope of the automatic exchange of tax information is limited by the Organisation for Economic Co-operation and Development (“OECD”) to financial matters and, therefore, does not affect non-financial assets (e.g. real estate, works of art or precious metals). Therefore, the tax residence must be audited by the compliance departments of the respective financial institutions obliged by the law on 31 December of each calendar year, in order to verify whether an account/person/entity (or controlling persons of entities) is subject to reporting.




The subjective scope of reporting will be as follows: (i) individuals; (ii) individuals controlling entities that are considered as non-financial passive investment entities; and (iii) companies carrying out business activities (active entities). The law does not introduce any particularity in relation to non-reportable accounts out of the general CRS/OECD standard. Moreover, the Automatic Exchange of Tax Information Law includes an open clause that allows the Andorran Government to exclude in the future other financial accounts that are not relevant according to the spirit of the law and CRS. In terms of deadlines for the reporting, there are different dates in relation to the amount of the account (major or low value accounts) and the kind of accountholders that must be reported.

In this regard, the dates are focused on the actual reporting of the financial information to the country of tax residence, but this does not necessarily mean that those are the dates as from when the information will be collected and reported (“cut-off date”): (i) the Andorran financial entities shall forward the information of pre-existing accounts owned by individuals of more than US$ 1 million (high-value accounts) to the Government until 30 June 2018 (and the Government will report for the first time to the tax-residence country in September/October 2018); (ii) pre-existing accounts owned by individuals of less than US$ 1 million (low-value accounts) to the Government until 30 June 2019 (the Government will report for first time in September/October 2019); and, finally, (iii) information of pre-existing non-financial passive entities, regardless of the balance, must be submitted to the Government before 30 June 2019 (the Government will report for the first time in September/October 2019).

As a consequence of the international cooperation of Andorra towards tax transparency, and particularly the adoption of the standards of the OECD and the execution of multiple International Tax Exchange Agreements, Andorra has been taken off the list of tax havens and blacklists of the OECD and the vast majority of the most relevant and developed jurisdictions.

The last modification of the Tax Information Exchange Law introduced the so-called “wider approach”, on whose grounds reporting parties must request each new client to complete the CRS self-certification form.

On 11 June 2015, Andorra ratified The Hague Convention on Private International Law statute, becoming a full member of The Hague Convention.

Lastly, Act 13/2018, enacted in 31 May, created the Andorran Arbitral Tribunal.

The influence of supra-national regulatory regimes or bodies

Pursuant to article 3 of the Andorran Constitution, the universally recognised principles of public international law are incorporated into the Andorran jurisdiction, and the integration of international treaties and agreements shall require their publication in the Official Gazette of the Principality of Andorra. They have an infra-constitutional and supra-legal status, which means that they are above the Andorran laws but at a lower level than the Constitution.

In addition, the Universal Declaration of Human Rights is also in force in Andorra. As mentioned above, the AFA, within the framework of its regulatory and supervisory activity, applies international standards.

Furthermore, it is worth noting the extra-territorial impact of the common rules within the EU, even those rules enacted by non-Community authorities and institutions such as Regulation (EU) No 648/2012 on OTC derivatives, central counterparties and trade repositories (“EMIR”), the US Foreign Account Tax Compliance Act (“FATCA”) and the GDPR, as indicated above.




Banking activities restrictions

Andorra is not a member of the EU. Accordingly, the freedom of provision of financial and investment services granted by the European passport does not apply. All financial and investment activities directly carried out within the Andorran jurisdiction: (i) are subject to prior authorisation by the AFA; and (ii) can only be carried out directly by the locally authorised entities that compose the Andorran financial system. However, international firms and investment banks may provide, under very specific circumstances as explained below, wholesale cross-border financial services into the Andorran jurisdiction.

As there is no Central Bank in the Andorran jurisdiction, financial and investment services rendered by Andorran banking entities mandatorily require the use of foreign correspondent banks for all kinds of assets. Recently, negotiations have been held between the Andorran Government and the International Monetary Fund (“IMF”) for the integration of Andorra within this organisation as a member, mainly with the goal of gaining access to a lender of last resource.

Deposit-taking, which includes taking deposits and other repayable funds, is a regulated activity in the Andorran jurisdiction, and it must only be rendered by Andorran banking entities.

Technical communication 163/05, issued by the AFA regarding rules for ethics and behaviour for Andorran banking entities, establishes the prohibition of: (i) carrying out own-account operations under identical or better conditions than those of clients to the latter’s detriment; and (ii) providing incentives and compensation to clients with relevant influence on the entity.

Changes to the regulatory architecture

The financial crisis in 2008 did not play a significant role in Andorra, as Andorran financial entities are characterised by their high solvency and liquidity ratios, due to a prudent and conservative management that has not been highly impacted by the global crisis. Accordingly, no changes were made to the regulatory regime for banks for this purpose.

To the extent that Andorra is a country in evolution and with a clear projection abroad, it has been rapidly and constantly adapting its legislative framework to international standards. Nowadays, the Principality of Andorra is making a significant effort to bring its legislative framework into line with the European Union, particularly in relation to banking and finance legislation.

Since the Monetary Agreement was agreed by Andorra and the EU, Andorra became engaged to implement and apply the European provisions set down in the annex to the Monetary Agreement. In fulfilment of this obligation, several European provisions have been already implemented into the Andorran law, while others are to be integrated shortly.

Upcoming law projects entering into force shortly are: new regulations to provide even higher legal security to foreign investors; new procedural regulations to provide greater guarantees for creditors and to simplify credit execution procedures; an electronic money regulation; and a payment services regulation.

Over the coming years, Andorra will therefore have to implement provisions for the upcoming implementation of Basel III, MiFIDII, CRR, CRDIV and Electronic Money Directive-PSDI/PSDII requirements as well and its integration within the Single Euro Payments Area (SEPA). This tremendous shift in the Andorran regulatory landscape, transitioning from a reduced framework to an EU-level playing field, will most likely result in a burdensome process for Andorran financial entities, which face not only an impact on




their customer base (e.g. loss of customers due to the entry into force of the CRS regime) but also a direct shock to their profit and loss accounts (e.g. downturn in the level of bank transfer commissions due to the integration of Andorra into SEPA).

Recent regulatory themes and key regulatory developments in Andorra

The principal regulatory developments in relation to banks in Andorra focus on the implementation of the commitments contained in the Monetary Agreement (MiFIDII, CRR, CRDIV and SEPA).

A draft bill to implement PSDI, the Electronic Money Directive and Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market (“PSDII”) is on the verge of being passed.

This full-legislative pack will have a direct impact on regulatory capital and corporate governance.

Furthermore, the Andorran Government is currently preparing with the AFA a draft of the financial code to combine all Andorran financial laws in a single regulatory body, while amending some aspects to align local financial regulation with the latest international standards.

Bank governance and internal controls

Banking governance key-requirements

Local banking regulations establish that the Board of Directors shall be composed of, at least, five members for banking entities. The board members must be persons of recognised commercial and professional honourability, and also possess adequate knowledge and experience in order to exercise their duties. Under no circumstances may the appointed director also be the managing director. The provisions above also apply to the management companies of collective investment institutions and non-banking financial institutions, with the exception of the minimum number of board members, which in the following cases shall be, at least, three.

Moreover, the AFA, as the authority of the Andorran financial system, is bound by specific corporate governance rules. In particular, the AFA, in the exercise of its functions and competences shall, among others: (i) act in a transparent, autonomous and independent manner; (ii) consider international standards in all matters; (iii) strictly follow corporate governance rules; and (iv) use resources in an efficient way.

Regarding Andorran provisions regulating certain committees, pursuant to article 55 of Law 20/2007, the Board of Directors may delegate its faculties either in an executive commission or in a chief executive officer. However, delegation of powers cannot lead to the exclusion of liability of the board members. Under no circumstances, neither accountability to the General Board nor non-authorised powers may be delegated.

The Board of Directors is also entitled to create commissions which are considered to be necessary in order either to improve the performance of its powers or to reinforce transparency. In particular, both an Appointments and Remunerations and an Internal Audit Committee may be constituted.

Before the entry into force of CRD IV, whose corporate governance standards are taken into consideration by the Andorran banking entities in designing their internal policies, the AFA issued the Technical Communication no. 245/17, detailing the requirements with which




members of the board of directors of financial entities must comply, in line with CRDIV and the Basel Committee on Banking Supervision Guidelines (“Corporate governance principles for banks”), dated July 2015.

In Andorra, there is no specific regulation on retributions. However, technical communication 163/05, approved by the AFA, states the obligation to have internal regulations for developing rules relating to personal incentives received by employers of the entity by third parties, in order to prevent these incentives from disrupting the independence and integrity of those professionals.

Internal controls

Financial entities are obliged to have a compliance function, a risk-management function and an internal audit department. In any case, all of them shall act independently from the others.

Firstly, the compliance function is in charge of the supervision, monitoring and verification of the permanent and effective compliance of the legal obligations, ethics and conduct by the employers and financial agents, in order to protect clients and reduce the compliance risk, among others. Moreover, in order to guarantee that the compliance function works appropriately, the entities must ensure that: (i) it is provided with the adequate authority and technical and human resources; (ii) a person in charge of the compliance function has been designated; and (iii) those in charge of the referred function cannot participate in the election of either the services or activities which are controlling.

Secondly, regarding the risk-management function, the law establishes that the entities of the financial system must carry out the following activities: (i) advise senior management relating to the management risk policies and the determination of the level of risk tolerance; (ii) introduce, apply and maintain management risk procedures allowing the identification, evaluation, management, and so on, of the management risk report resulting from the activities of the entity; and (iii) in general, supervise that the measures are suitable regarding the level of risk, and that the entity is complying with the requirements established in the regulations.

Finally, and considering the nature, complexity and level of its activity, as well as the risks which activities are exposed to, the financial entities shall have a department which is in charge of the internal auditory function, in order to evaluate and supervise the efficiency of the internal controls. When appropriate, the entity shall designate someone working therein in order to make sure that the level of independence is suitable regarding the circumstances of the entity. The internal audit function must prepare, on an annual basis, a report establishing its opinion regarding the efficiency and design of the internal control system and the risk management of the entity. This report is addressed to directors of the entity for review. A copy of that report must be also addressed to AFA within the first semester following the closing of the exercise.

Regarding the management policy of conflict of interests, article 13 of Law 8/2013 establishes as a general principle that any entity operating within the financial system shall take all the necessary measures in order to detect and prevent any conflict of interest which may arise during the performance of the activities by any employer, director or assistant, and which may cause any prejudice to a client. Accordingly, the entities must adopt in writing both the policy and proceedings on the prevention and solution of the conflict of interest, considering the organisation, volume and complexity of the provided activities.

The areas or departments of the entity involving activities with securities or financial instruments shall remain separated in order to ensure that the activities are pursued




autonomously to prevent any conflict of interest, and to avoid undue transmission of privileged information. The activities relating to managing their own or third-party portfolios will be carried out in separate departments.

Outsourcing of functions

As contemplated in article 8 of Law 8/2013, the outsourcing of functions needs previous authorisation by AFA, and the adoption by the financial entity of as many measures as appropriate in order to avoid increasing its operational risk. Under no circumstances may the outsourcing of a function result in an exclusion of liability by those financial entities operating within the Andorran financial sector.

Bank capital requirements

On 29 February 1996, the General Council approved the Capital Adequacy Law, which regulates the capital adequacy and liquidity criteria of financial institutions. This law was introduced to guarantee the solidity of the Andorran financial system and originated from a recommendation by the Basel Committee on Banking Regulations and Supervisory Practices.

Minimum capital adequacy and liquidity ratios of 10% and 40% respectively were introduced, being more restrictive than those prevailing in other countries.

Additionally, in order to fulfil the obligations, Andorran banking entities must maintain a reserve to fulfil the covered guarantees, and an amount equivalent to this reserve must be invested in secure and liquid assets that fulfil a series of requirements established by the law for this purpose.

The regulatory capital and liquidity requirements derive from the application of Basel I and Basel II provisions.

In spite of the fact that current bank capital and liquidity provisions stated in CRD IV and CRR are not being implemented into the Andorran law, they are actively taken into consideration by the AFA by means of personalised recommendations and communications when undertaking its supervisory activity, so in practice they require higher standards than those established by applicable law.

Rules governing banks’ relationships with their customers and other third parties

Banking and investment services rendered within the Andorran jurisdiction

Banking and investment activities are basically regulated by Law 7/2013 and Law 8/2013, which cover the organisational requirements and operating conditions of the operating entities in the Andorran financial system, investor protection, market abuse and financial securities agreements.

Under Andorran laws, all banking and investment activities rendered inside the jurisdiction can only be carried out directly, with the limitations and conditions set forth in the laws, by the locally authorised entities that compose the Andorran financial system.

From a regulatory point of view, banking and investment activities in Andorra are subject to local licensing requirements which apply either to deposit-taking activities, lending activities, investment services and proprietary trading activities. While deposit-taking activities can only be performed by duly authorised banking entities, specialised credit institutions are allowed to carry out lending activities and investment services, and proprietary trading activities can be rendered by any investment financial entity.




Customers’ protection provisions

Banks’ dealings with third parties are expressly regulated in Law 8/2013, as are the rules for ethical behaviour in the Andorran financial system, which explicitly defines the duties to be complied with by entities integrated in the Andorra financial system. This regulation, matching the standards of MiFID I, seeks to maintain and strengthen certain ethical and behavioural principles and prohibit certain practices which are actively combatted internationally.

According to Andorran legislation, a retail investor/client according to MiFID I is any individual or legal person other than a professional investor/client. A professional investor is a client who possesses the experience, knowledge and expertise to make its own investment decisions and to properly assess the risks that it incurs.

Additionally, general provisions on consumer protection established in Law 13/2013, which guide principles on the rights of consumption, basic rights of consumers, regulatory requirements common to all consumer relations, the offences and sanctions regime and administrative protection of the consumer, apply to banks’ dealings with third parties.

According to Law 8/2013, financial entities must establish, implement and maintain effective and transparent procedures to allow reasonable and swift treatment of claims filed by customers or potential customers, and must keep a record of each complaint and the resolution measures adopted.

Additionally, any individual or legal person being a client of a bank or financial institution supervised by the AFA, and wanting to make a complaint related to any such supervised entities, may present a complaint to this authority. Before filing a complaint within the AFA, the client and/or claimant must have filed the related claim directly to the bank or financial institution.

If no reply is received from the entity within a reasonable time since the client complained, a complaint form may be filed before the AFA which, as the financial system supervisor, will analyse the claim.

Reports issued by the AFA Claims Service are not binding in relation to contractual responsibilities between the client and the entity, which matter is reserved to the courts’ jurisdiction.

If the analysis of the complaint put forward to the AFA reveals a prudential concern that goes beyond a single customer complaint, the AFA may implement specific controls under prudential supervision. Steps undertaken by the AFA in the framework of a prudential supervision cannot be shared with clients due to confidentiality.

In addition, the Andorran Government has created the Commerce and Consumer Unit, which is intended to ensure an efficient and effective protection of consumer rights. This entity is intended to: (i) inform and guide consumers and entrepreneurs; (ii) receive and process complaints of consumers; (iii) disseminate actions to improve consumption; (iv) develop inspection and control functions in the field of consumption; and (v) establish agreements with organisations aiming to protect consumer rights.

Andorra has also the institution of the Citizen’s Ombudsman, which defends and oversees the application of the rights and liberties included in the Constitution and compliance therewith, acting as a commissioner or delegate for the General Council. The Ombudsman receives and processes all complaints and claims relating to citizens’ dealings with all public administrative entities in the Principality, responding with independence and impartiality.

Moreover, Andorra has an arbitration regime for commercial disputes, and its Arbitration Court will begin operating shortly. The Convention on the Recognition and Enforcement




of Foreign Arbitral Awards, (New York Arbitration Convention), which applies to the recognition and enforcement of foreign arbitral awards, and the referral by a court to arbitration, have been in force in Andorra since September 2015.

Compensation schemes

Regarding compensation schemes, the Andorran deposit guarantee system matches European standards. Act 20/2018 on banks’ deposit guarantee system fixes the maximum amount of coverage at €100,000 per depositor and €100,000 per investor for each entity.

The assessment of the various guarantee schemes applied to comparative reference systems (ex ante and ex post) and the particularities of the banking sector (high concentration level) have configured the system in this Act as a mechanism to guarantee ex post by paying the corresponding amounts secured in case of intervention or forced liquidation of the member organisations.

Cross-border provision of financial and investment services

As no Andorran law or provision establishes when such services are rendered inside or outside the Andorran jurisdiction, it has to be deduced by the analysis of the nexus between the services rendered or the products provided and the relevant jurisdiction where the service is rendered in Andorra, or on a cross-border basis (i.e. where the agreement was made/accepted, where the product was marketed, where the accounts were located or where the payments were made).

Notwithstanding the foregoing, these activities can be carried out without triggering any licensing requirements, with some limitations, on a cross-border basis to professional investors, under a genuine reverse solicitation scenario, as it is understood that these activities are rendered outside the jurisdiction.

Also, some activities, such as funds distribution, can be performed by foreign entities without triggering licensing requirements by means of indirect distribution through cross-border execution transaction if they are entered into with a local banking entity on a principal-to-principal basis, and with no marketing activities performed by the foreign entity towards end-users based in Andorra.

In general, the marketing/commercialisation and/or sales promotion of financial services in the jurisdiction, which is carried out in a manner that is deemed to be considered active commercialisation (“comercialització activa”), will trigger local licensing requirements. In this sense, all active marketing activities conducted within the Andorran jurisdiction (by telephone, email, mail or in person in Andorra), which include naming the services or products, may constitute marketing activities, subjected to licensing requirements.

However, the circulation of generic information to potential investors (i.e. information which does not refer (directly or indirectly) to specific products) or initial contact to gauge interest which involves discreet one-to-one discussions with a limited number of investors, is unlikely to constitute a marketing activity.

Anti-money laundering provisions

Andorra follows the international standards of anti-money laundering and terrorist financing by means of the implementation of the Fourth Money Laundering Directive through the Law 14/2017 on prevention and fight against money or securities laundering and terrorism financing, complemented by the AML Regulation.

The law recognises as bound by its regulation, “the financial obliged subjects, as well as natural and legal persons that, within their professional exercise or business activity, carry




out, control or advise any transaction relating to movement of currencies or securities which may be susceptible to money laundering or terrorist financing”. Thus, any financial entity will be subject to the Andorran anti-money laundering regulations.

Specifically, financial entities shall comply with the following obligations:

Formal identification and beneficial owner identification: prior to the commencement •of the business relation, the entity shall request all the details regarding the client and transaction which were necessary in order to identify the client. Thus, the entity involved shall fill in an official form of the UIFAND.

Obligation to declare: the obliged persons shall declare to UIFAND any transaction, •project or operation which could involve money laundering or terrorist financing.

Suspicious transaction communication: the financial entities must communicate to •UIFAND any transaction which might be susceptible or seems suspicious regarding money laundering. However, keeping the information as confidential constitutes another obligation, as the information about the identity of the issuer of the suspicious declarations in any administrative or judicial proceedings with origin or relation of the declarations, shall be treated as confidential.

Due diligence measures: Simplified and enhanced due diligence measures may be •applied regarding both the risk degree and depending on the client profile, business relation, product or transaction. These issues need to be in conformity with the clients’ admission policy. The obliged persons must be able to demonstrate that the adopted measures are enough, taking into account the risk of money laundering or terrorist financing of the transaction. The risk degree must be in writing. However, simplified due diligence measures may be adopted in appropriate circumstances when there is a low degree of risk.

Record keeping: the financial entities must keep the documentation for a period of at •least 10 years.

Andorra has established a very similar system to that of other Member States of the European Union, as, for example, Spain or France. When comparing both systems, anybody can see that many of the provisions and obligations are the same. Notwithstanding the foregoing, and although Andorra complies with the international standards on this issue, it is also bound by banking secrecy, which implies that the breach or default of that obligation could even lead to a criminal offence.







Miguel Cases

Tel: +376 728 001 / Email: [email protected]

Miguel Cases is the Managing Partner of Cases & Lacambra. He leads the

Commercial & Corporate law and Financial Services practices and is qualified

to practise in both Spain and the Principality of Andorra, where he is resident

partner. He has extensive experience advising credit institutions and investment

services firms, being the legal counsel of several national and international

financial institutions, public administrations and investment funds. His work

includes banking contracts, structuring and negotiating financial derivatives

and debt transactions. In the latter topics he has participated in several of the

most cutting-edge transactions in both Spain and Andorra in the past years.

His practice includes regulation of the financial sector, where he is an expert

on the legal framework and regulatory environment applicable to entities

subject to prudential supervision, especially those rendering financial and

investment services.

Marc Ambrós


Marc Ambrós is a partner of the Commercial & Corporate law and Financial

Services practices at Cases & Lacambra in the Principality of Andorra. He

has extensive experience in corporate and commercial matters, having advised

on mergers, acquisitions, joint ventures, private equity, corporate restructuring

and refinancing, representing both Andorran and foreign clients in

international transactions with an Andorran leg. He regularly advises during

the entire process of a transaction, from both the buy side and sell side

perspective, using different legal structures, although he is specialised in

project and corporate finance issues.

His practice includes advising on regulatory cross-border matters to foreign

credit institutions and investment services firms. He has also advised in the

incorporation of Andorran supervised entities.

Manuel Cerqueda i Escaler 3-5, AD700 Escaldes-Engordany, Andorra

Tel: +376 728 001 / URL: www.caseslacambra.com

Cases & Lacambra

Angola

Introduction

The Angolan banking system now comprises 27 banks, and it is widely agreed that Angola’s banking institutions will need to go through a consolidation phase over the next few years – in particular, considering that Angolan banking institutions have a high rate of non-performing loans (NPL) and are being required to adhere to international best practices and standards issued by the Basel Committee on banking supervision.

The first merger in the country has already occurred. In 2016, Banco Millennium Angola and Banco Privado Atlântico, the country’s fifth- and sixth-largest banks by net loans market share, got the green light to form Banco Millennium Atlântico. Angola’s retail banking sector continues to expand. Physical branch and ATM electronic payment system and automatic payment terminals (TPA) access to urban and rural areas is still growing. A more diverse choice of electronic payment solutions and channels are expected to be further developed and disseminated, giving more flexibility and efficiency to transactions and clients. A mobile payments system is planned to be launched in 2019.

Angola’s capital markets remain underdeveloped, being unable to support companies’ growth and financing needs. Foreign investors fund their operations, including in the country, in the international markets. The same goes for national private investors conducting major projects in Angola. Yet, the market for short-term and long-term State bonds is developing well. Most of these bonds are bought and held by local Angolan banks, which is contributing to a sustained start-up market. A trend towards more liquid equity and debt instruments is expected to emerge in the Angolan Stock Exchange. In 2018, Standard Bank de Angola (SBA) was the first private entity to issue senior bonds in Angola – the inaugural issue took place in December under a debt representative instruments programme of AOA 9.5 billion approved in 2018 by the Securities Market Commission (Comissão de Mercado de Capitais).

As for the applicable legislation, the Securities Market Commission and Angolan Debt Securities Market (“BODIVA”) have approved a number of consolidating regulations regarding the issuance and trading of debt and private equity. The repo operations market was regulated in 2018. It is, therefore, expected that debut operations will continue in BODIVA regulated markets. For 2019, the launch of the stock market in Angola is anticipated, boosted by the privatisation programme.

The Angolan Central Bank (Banco Nacional de Angola – BNA) has been struggling to improve transparency and credibility in the international markets to drive banks and economic growth. In October 2017, BNA confirmed on its website the execution of contracts, with the International Monetary Fund providing technical assistance to strengthen its banking supervision, the prevention of money-laundering and terrorist financing (AML/CFT). The

Hugo Moredo Santos & Filipa Fonseca Santos Vieira de Almeida



contracts will be in force for about two years. The legislation issued in the past three years – following Financial Action Task Force (FATF) and Basel Committee standards – was pivotal, as the FATF has removed Angola from its AML/CFT monitoring process.

Since 2017, Angola has been following a path of economic diversification, normalisation of correspondent relationships with international banks, and stabilisation of foreign exchange reserves and the national currency. The country has also started to release basic macroeconomic data, applying the recommendations of the Enhanced General Data Dissemination System (e-GDDS), which will facilitate transactions.

Regulatory architecture: overview of banking regulators and key regulations

BNA is the banking supervisory and regulatory authority. Its activity is mainly subject to the rules set out in Law 16/2010, of 15 July 2010.

BNA is also the entity responsible for authorising:

the set-up of banking financial institutions (save for the incorporation of affiliates of •non-resident banking institutions or which are in a controlling relationship with foreign or non-resident entities – these require the prior approval of the President, subject to BNA’s favourable opinion);

monitoring compliance with the rules of conduct and prudential rules governing their •activity;

issuing specific recommendations and rules; and •

sanctioning infringements and imposing corrective measures. •

In addition, BNA participates in the development of legal acts to protect the soundness and stability of the Angolan financial system. BNA also has powers to supervise companies that, directly or indirectly, hold a participation in financial institutions which gives them control over companies under BNA supervision, as well as those that own a qualified shareholding in financial institutions under the supervision of BNA.

The main regulatory instrument to consider for banking activity is the Financial Institutions Law (Law 12/2015, of 17 June 2015), which sets forth the rules on the process for the establishment, activity and supervision of banking and non-banking financial institutions. Law 12/2015 also contains the set of corrective measures that may be applied by BNA to financial institutions. Currently, the minimum regulatory capital is AOA 7,500,000,000 (as established in BNA Notice 02/2018).

Banking financial institutions are expressly allowed to carry out the following transactions:

a) receiving deposits from the public or other reimbursable funds;

b) commitments, as well as leasing, financial leasing or factoring;

c) payment services;

d) issuing and managing other means of payment, not included in the paragraphs above;

e) conducting securities and derivatives investment services and activities, under the terms allowed by law;

f) acting in the interbank markets;

g) providing consulting services to companies on capital structure, business strategy and related matters, as well as consulting services and services on mergers and acquisitions;

h) transactions on precious stones and metals, under the terms established by the foreign exchange legislation;

Vieira de Almeida Angola



i) acquiring equity in companies;

j) insurance mediation;

k) providing commercial information;

l) rental of safes and storage;

m) leasing of movable property, under the terms allowed for leasing companies;

n) issuing electronic money; and

o) other analogous transactions not prohibited by law.

Without prejudice to the above, it is worth noting that:

The activities of conducting securities and derivatives investment services are entrusted •to the supervision and regulation of the Securities Market Commission. The Securities Code (Law 22/2015, of 21 April 2015) is the core legislation for securities, issuers, public offers, regulated markets, investment services in securities and derivatives, as well as for related supervision and regulation.

Insurance mediation carried out by financial banking institutions is under the supervision •and regulation of the Insurance Regulatory and Supervisory Agency (Agência Angolana de Regulação and Supervisão de Seguros – ARSEG).

As a rule, banking financial institutions cannot acquire real estate. An exception is made for real estate necessary for business purposes, installation and operations, and also where the acquisition results from the reimbursement of credits made available by the relevant banking financial institution (in the latter, property must be sold within a two-year period). Other limits on indirect conduct of non-financial activities, such as on long-standing holdings and investment in fixed assets, may apply.

Recent regulatory themes and key regulatory developments in Angola

In 2016–2017, several regulations were issued on regulatory own funds, international accounting and financial reporting standards, risk governance, credit conceptualisation, stress-testing and standards of conduct, aimed at strengthening mechanisms for protecting clients of financial products and services and their soundness, all in line with best international practices. And, since 2017, the IAS/IFRS standards on accounting reporting have been fully adopted, which, inter alia, required an effort in the reinforcement of credit and collateral management processes.

During 2018, to satisfy the Policy Measures and Actions for the Improvement of the Economic and Social Situation approved in 2017, BNA regulations gave special focus to regulatory own funds and share capital, exchange rate policy – with the approval of a floating exchange rate regime – and stress-tests which are expected to run in 2019. Latest changes in the banking regulatory environment essentially concern money remittance services and payment systems. BNA also started to publish corrective measures which are applied to institutions under its supervision.

Special attention will be paid to capital requirements, which tripled in 2018 and led to the revocation of the banking licences of Banco Mais and Banco Postal at the very beginning of January 2019. Before this enhancement in capital levels, which for some is still insufficient to address the banks’ weaknesses, two leading banks – in 2014 Banco Espírito Santo de Angola (BESA now Banco Económico, majority held by Sonangol) and more recently Banco de Poupança e Crédito (BPC) – required BNA attention and intervention, mostly due to low liquidity and unsuccessful collection of debts.




The restructuring measures used and approach taken by the regulators were different. In the first case, extraordinary reorganisation measures have been applied, including: the appointment of provisional directors; temporary waiver of prudential rules; assessment of the loan portfolio and assets to be sold in event of liquidation or restructuring; and some restrictions on banking activities and approval to recapitalise the bank, after which BESA was transformed into Banco Económico controlled by the State (through Sonangol). For BPC, a state-owned bank, a Plan for Restructuring and Recapitalisation was approved, which focused on the increase of the bank’s share capital and sale of the NPL portfolio to Recredit (a bank created by the State to manage NPLs). Two other state-owned banks are now being restructured – Banco de Desenvolvimento de Angola (the Angola development bank) and Banco de Comércio e Indústria (a commercial bank).


Banking financial institutions must be incorporated under the form of a joint stock company. Shares representing the relevant share capital are required to be nominative, hence allowing for the identity of the holder to be known. Furthermore, the national law imposes a set of strict requirements intended for BNA to assess the economic and financial capacity of the bank.

Law 13/05 stipulates that banking financial institutions shall have administrative and supervisory bodies, the former entrusted with the management of the bank and its representation before any other entities, the latter committed to auditing duties. To enhance the involvement of the directors in the management, the administrative body (equivalent to a board of directors) shall comprise at least three administrators; at least two administrators shall be entrusted with daily management issues.

On the other hand, the supervisory body may constitute either an audit committee or a single auditor, depending on the type and size of the bank. At any rate, the law purports to enhance the protection of the entities dealing with the bank (among which we will find clients, notably depositors) by making sure that the actions of the management are scrutinised by another corporate body.

Influenced by European and American best practices, Angolan law requires members of the administrative and supervisory bodies to be suitable for the positions they shall occupy. This means that proof may be required on sound and prudent management skills – in the end, the relevant individuals will develop their functions in a bank authorised to receive monies from the public in general, and lend money to the public in general. To that end, BNA may inquire on previous posts held by administrative or supervisory board members, in order to determine, for example, if the person in question has been declared insolvent or bankrupt in other jurisdictions or been responsible for the bankruptcy or insolvency of companies under their control as administrators, directors or managers. These inquiries may entail coordination with other supervisory bodies, such as the Securities Market Commission and the Insurance Regulatory and Supervisory Agency.

On a more practical and everyday-management note, the key requirements for banking governance in Angola have been fully revised in 2013 and further developed essentially by Notice 1/13, of 19 April, issued by BNA. The general principles establish that all entities authorised as banking and financial institutions in the Republic of Angola are subject to duties of: avoidance of conflicts of interest; transparency; and compliance with a number of disclosure obligations. It is also established that the administrative body shall be constituted by an odd number of members and, in case there are non-executive members, at least one of




such members has to be independent, on whom rest obligations of control and evaluation of the executive committee (composed by the executive directors), as well of matters of business strategy, disclosure of legally mandated information, and transactions that involve special or relevant risk-taking.

In terms of internal control, BNA Notice 1/13 sets out the following main functions to be upheld by the banks: compliance function; internal audit function; and risk function – these are further developed, in a high-level manner, by BNA Notice 2/13, of 19 April. In practice, the administrative body is referred as the body responsible for establishing an internal control policy that is adequate to the purposes and dimension of the banking institution in question: the policy shall be duly formalised and disclosed to all employees, and associates or collaborators of the banking institution have to ensure, amongst many other duties, a true and effective cooperation with the regulatory entity (BNA), and to effectively implement a series of processes and evaluation metrics applicable to the management of conflicts of interest, remuneration, human resources and control of all operations and transactions pursued by the various departments functioning within the bank’s corporate structure.

There are three main points of focus foreseen by the abovementioned base regulation: (i) compliance and risk management; (ii) information and disclosure; and (iii) internal control supervision.

(i) The risk management and compliance function shall seek to identify, evaluate, control and inform all about the relevant risks that the business activities pursued by the banking institution may comprise. For this matter, the institution is required to appoint one responsible person, with adequate status and powers to execute such duties with independence, and adequate and sufficient access to all the relevant information, as well as to the administrative bodies, having the power to validate and review risk-assessment models and provide the administrative bodies with regular reports and recommendations on the abovementioned subjects. Within this function, it is also established that a second person is appointed who shall be responsible solely and in an independent manner for compliance duties, and to whom the same principles will apply.

(ii) Information and disclosure systems rest on two main pillars: the accounting and financial information, which must include a prudent and duly developed policy of asset evaluation and responsibility, transaction-monitoring and information-disclosure to the regulator; and management information, which is required to include all financial and non-financial indicators of the banking entity’s activity, exposure and risk-assessment results, as well as a high level of detail on products, services, business departments and operating costs in order to provide for an effective and transparent decision-making process on budget and planning.

(iii) The monitoring of all the functions and duties referred to up to this point must attend to the hierarchy and status of each person responsible for the various internal control functions, functions such as: global strategy and general supervision (upheld by the administrative body or board of directors); purposes and objectives established for the various departments (implemented and supervised by directors of each department); and general control over everyday business activities (required from the remaining employees). Subject to these principles, the banks shall appoint a third responsible and duly qualified person to monitor and uphold internal auditing tasks, who must embody complete independence and shall act in the light of internationally recognised internal auditing principles, with their conclusions and suggestions to be directly provided to the administrative body.




In respect of remuneration matters, BNA Notice 1/13 sets up a specific range of rules applicable to the determination of remuneration packages of the staff and management. The remuneration of members of administrative bodies shall be delegated to one or more shareholders of the banking institutions, as long as these are independent, i.e., not members of the said management bodies, which shall be, in turn, assisted by independent entities with experience in remuneration matters. The said internal regulation also determines that: (i) executive directors shall be apportioned a fixed parcel, or a variable remuneration amount which can be related to the performance of the institution but cannot incentivise excessive risk-taking; and (ii) non-executive directors are also remunerated by a fixed amount which cannot be, in any way, linked to the bank’s financial results. Subject to the principle of transparency, transversally applicable to each of the main points exposed in this section, banking institutions are obliged to publicly disclose (on their website) the remuneration policy applicable, with express mention of the global amounts paid to each management body.

As for the remuneration of the staff, the two main distinctions regard: (i) employees from risk-taking departments; and (ii) employees from departments related to internal control (such as audit, corporate governance and risk assessment). In a nutshell, for (i), BNA Notice 1/13 establishes the possibility of additional non-monetary remuneration, as long as it complies with certain institutional long-term principles and purposes; and for employees of category (ii) as described above, the main point of focus is that the remuneration amount shall not compromise the independence of their functions.

Finally, banking institutions in Angola are also authorised to hire an independent consultancy service for assistance to such entities or boards with delegated competencies, as long as these outsourced entities maintain full responsibility for such activities. When hiring consultancy services, it is mandatory that levels of (i) integrity, (ii) competence and (iii) avoidance of conflicts of interest be fully and previously analysed by the bank prior to any decision. The main requirement, in outsourcing functions, is for the bank to ensure precise compliance with all the purposes and applicable corporate governance principles, especially as to the responsibilities of the board of directors.


As in many other jurisdictions, notably in Europe, Angolan banks are bound to comply with prudential rules aimed at ensuring that the monies applied by the banks at all times ensure an adequate level of liquidity and solvability. Accordingly, it does not come as a surprise that Angolan banks are also required to comply with a minimum level of own funds, which shall not be less than the minimum amount of the stock capital required for incorporation, and constitute minimum reserves, using the relevant net profits for such purpose.

Angolan banks are also subject to ratios and prudent limits that are established by BNA, in order to ensure sustainability of banking activities. Notices no. 02/2016, 03/2016, 04/2016 and 05/2016 further develop the technical and prudential percentages to be taken into consideration when accounting for the own funds of a bank which, when calculated, will determine if the bank complies with the solvability ratio (of 8.5% or 7.0%, dependent on the type of elements incorporating the own funds for each specific case) or not. In determining the risk, it is mandatory to analyse all the following aspects, equivalent to the requirements set out in European and other internationally originated legislation: (i) credit risk; (ii) counterparty risk; (iii) market and (iv) counterparty risk in trading books; and (v) operational risk.




In light of the above, and without exposing in detail the technical and accounting provisions, it is safe to conclude that bank capital requirements as set out in national legislation are showing an increasingly close connection with European standards, having been drafted in light of the recent Basel II standards and requirements, as indicated in the relevant internal regulations. Nonetheless, future international initiatives on bank capital and liquidity, despite having been implemented in foreign countries, are still under analysis by BNA and will only be applicable to Angolan banks if and under the conditions specifically determined and implemented by the national regulator.


Law 12/2015 regulates banks’ relationships with customers and other third parties.

In a nutshell, pursuant to the Chapter dedicated to Market Conduct Supervision, banking financial institutions are required to ensure technical capacity, act with adequate diligence, provide proper information and assistance, handle customer complaints, set internal conduct policies, preserve confidentiality, cooperate with other authorities, report credit risks, and comply with conflict-of-interest and “antitrust” rules.

On technical capacity, banking financial institutions must ensure high levels of competence for clients, and that their organisation has the technical and material means necessary to deliver services, performed in appropriate conditions concerning quality and efficiency. In their relationships with clients and other institutions, directors and employees of the banking financial institutions must act with due diligence, neutrality, loyalty, discretion and respect, conscientious of the interests entrusted to them by depositaries.

As in most jurisdictions, clients are entitled to receive clear, complete and proper information on banking products and services they choose to purchase/acquire from banks, namely in respect of interest rates and commissions charged by banking financial institutions. To ensure transparency towards clients, BNA defines minimum requirements and duties that banking financial institutions must observe, including concerning information and contracts content (for example, BNA Notice 14/2016 imposes information requirements for credit agreements, including credit restructuring).

Furthermore, banking financial institutions are required to adopt conduct policies and disseminate to clients the same, including on internal mechanisms and procedures adopted for dealing with clients’ complaints.

One rule of thumb that banking financial institutions have to follow is confidentiality. The banking duty to keep secrecy of banking information is inherent to the relationship between a bank and its clients, which is all about trust. Confidentiality captures a wide range of information, including the clients’ names, their deposit accounts and movements related thereto and any other banking operation. This is not the case whenever the said information is required, within the scope of their powers, by BNA, the Securities Market Commission and the Insurance Regulatory and Supervisory Agency, or is deemed necessary within the context of judicial proceedings (in which case, an order issued by a judge or a public magistrate is necessary). Obviously, the obligation to ensure confidentiality does not prevent banking financial institutions from exchanging information among themselves for the purposes of risk assessment and with the goal of guaranteeing the security of their operations, namely credit operations.

On conflicts of interest, banking financial institutions are prohibited to grant credit, directly or indirectly, to members of their corporate bodies or equivalents, or to companies or other




entities in which they have a direct or indirect controlling interest. This restriction does not apply to credit operations in which financial institutions or holding companies, under the same supervision on a consolidated basis with the lending entity, are the beneficiaries. Also, it does not apply to entities holding a qualified interest in the lending financial banking institution. In addition, limitations concerning the assessment of, and decisions on, credit operations are established for members of corporate bodies regarding companies or entities in which they hold a qualified interest or have managing offices. In general, credit to linked persons is also forbidden.

The rules envisaging the prevention of anti-competitive behaviour by banking financial institutions, either in their mutual relationships, or when dealing with third parties, establish that any conduct with the goal of obtaining a dominant position in the monetary, finance or exchange markets is deemed illicit. Also, financial institutions are prevented from applying discriminatory conditions to comparable operations or from imposing on their clients, as a condition to benefit from their services, the acquisition of goods and products or the hiring of services.

The legal right is given to clients to submit directly to BNA, claims based on non-compliance of duties and rules governing banking activity by banking financial institutions.







Hugo Moredo Santos


Academic background

Law Degree, University of Lisbon, Faculty of Law.

Master in law at the University of Lisbon, Faculty of Law (“Transparência, OPA obrigatória e imputação de direitos de voto” – “Transparency, Mandatory

Bid and Attribution of Voting Rights”).

Professional experience (VdA)

Hugo joined VdA in 2001 and is currently partner of the Banking & Finance and

Capital Markets practice areas. He provides advice in the context of takeovers

and public offerings, as well as in respect of the issuance of securities and

structured finance products, including securitisation and covered bonds, advising

issuers, offerors, financial intermediaries or investors. He also provides ongoing

advice on regulatory matters in the areas of banking law and capital markets.

Admitted to the Portuguese Bar Association.

Published works

Author and Co-author of various books and articles.

Languages: English, Spanish

Filipa Fonseca Santos


Academic background

Law degree, Lisbon Catholic University.

Professional experience (VdA)

Filipa joined VdA in August 2015. She is a managing associate in the Banking

& Finance area of practice, where she has been actively involved in providing

legal advice on banking and capital markets’ regulatory matters as well as in

the structuring of several financing transactions, such as syndicated loans, the

issue and placement of debt and debt restructuring, both in Portugal and in the

Republic of Angola. Her practice is also focused on insurance matters for lead

insurance companies operating globally, including in Portuguese-speaking

countries and, also, in several francophone African jurisdictions.

Other professional background

Before joining the firm she worked, as Senior Associate, at Miranda Correia

Amendoeira e Associados – Sociedade de Advogados (Miranda), where she

focused on banking & finance and insurance and re-insurance related matters,

having been involved in a wide variety of domestic and international

transactions, notably in Portugal and in the Republic of Angola. She also had

the opportunity to represent acquirers, target companies and sellers, in

connection with cross-border acquisitions and dispositions of banking and

insurance companies. At Miranda she was regularly involved in providing

advice in connection with syndicated loans, acquisition financings, leveraged

buyouts, asset-based financing, in particular ship and aircraft financing,

including export credit and EXIM finance, sovereign debt matters, as well as

on regulatory matters.

Admitted to the Portuguese Bar Association and the Angolan Bar Association.

Rua Dom Luís I, 28, Lisbon, Portugal

Tel: +351 21 311 3400 / Fax: +351 21 311 3406 / URL: www.vda.pt

Vieira de Almeida

Austria

Introduction

The financial sector, and the activities of credit and financial institutions, have been subject to increasing regulation in Austria as a consequence of the financial crisis.

Credit institutions are now required to allocate some of their resources to comply with the high volume of legislation and the strict Austrian regulatory framework. Further, enhanced AML rules and greater tax transparency have led to higher costs for Austrian credit institutions following the implementation of the US Foreign Account Tax Compliance Act (FATCA), the CRS and the fourth AML directive recently. In addition, the Austrian banking sector continues to face major challenges, such as the low-interest-rate environment. Nevertheless, the economic environment has improved lately, as reflected by increased profitability.

In addition, financial technology companies (fintechs) have changed the financial market in recent years. Whether or not a fintech provider requires a licence depends on the type of activity conducted – sometimes also in relation to specific products (loans, securities, accounts). In any case, digitisation has enhanced competition in the market for young tech companies, as well as banks, payment providers, insurance companies and investment services. The Austrian Minister of Finance has set up a fintech advisory board with 18 experts. The goal of the fintech advisory board is to make proposals for an attractive legal framework for this business in Austria and provide a legal guideline for blockchain and crypto-currency companies.

The Austrian as well as the EU regulatory authorities are also facing further challenges with regard to general digitisation, especially in the context of blockchain technology and virtual currencies. The most recent contribution, published by the European Banking Authority (EBA) in Jan 2019, was its Report on crypto-assets advising the European Commission to take regulatory measures on investor protection relating to the distribution and placement of crypto-assets.1

The Austrian legislator has been striving to make Austria even more attractive as a location of industry and commerce for potential investors. There is now a third market that allows SMEs access to the capital market.

Another development that cannot be overlooked in the context of fintechs is the close cooperation between the banks and the fintechs. Thus, infrastructure-relevant tasks and technical services are outsourced to the fintechs. However, there are credit institutions which themselves research innovative projects and offer digitised products. One of the largest Austrian banks has recently launched a platform with integrated blockchain technology, where issuers can issue a fully paperless promissory note loan. Where various

Peter Knobl Cerha Hempel Spiegelfeld Hlawati



financial instruments will be offered by means of integrated digitisation, a new “unregulated OTC Market” could be created.

In general, Austria is an “overbanked” area, leaving little space for the expansion of traditional banking business models. Moreover, the Austrian Financial Market Authority (FMA) has in the past developed aggressive prosecution practices, regarded by some as disproportionate in relation to alleged violations of regulatory requirements. This, together with a stability tax, which is a special tax applying to the balance sheet total of minimum €300 million of banks licensed in Austria and of Austrian branches of foreign banks has, in recent years, caused a relocation of some subsidiary banks licensed in Austria. However, some credit institutions exclusively owned by non-Austrian owners have also recently been awarded comprehensive banking licences by the FMA.


Banking regulators in Austria

The Austrian banking supervisory system is connected with the European supervisory institutions. At the current legal position, Austria has a twin-peaks model with two dedicated bodies.

The Austrian banking regulators are: i) the Single Supervisory Mechanism (SSM) of the European Central Bank (ECB); ii) the Austrian Financial Market Authority (FMA); and iii) Austria’s Central Bank, Oesterreichische Nationalbank (OeNB) – although this has a limited role which will be further reduced in the future.

ECB

The ECB is responsible for banking supervision in the Euro area under the SSM and supervises six significant institutions in Austria, in cooperation with the FMA and the OeNB.

According to Article 4 of the SSM Regulation, the ECB has, inter alia, the following responsibilities for the Capital Requirements Regulation (CRR) credit institutes:

to grant a licence for credit institutions or to revoke their licence; •

if a credit institution wishes to establish a subsidiary in another member state or •provides cross-border services, then the ECB steps in as the supervisory authority of the origin country;

the assessment of the acquisition or disposal of qualified stakes; •

ensuring compliance with requirements regarding equity capital, large-scale loans or •the like;

ensuring compliance with sound corporate governance requirements, like the suitability •of the managers, risk management and likewise; and

the conduct of supervisory reviews, stress tests, etc. •

The ECB applies the relevant provisions of EU and national law to significant credit institutions or groups of credit institutions.

FMA

The FMA is the national supervising authority for less significant banks, institutions and groups of credit institutions, while the OeNB is responsible for their overall risk assessment. The FMA is also the supervising authority for insurance companies, pension funds, investment firms, investment management companies and payment services providers.

Cerha Hempel Spiegelfeld Hlawati Austria



The FMA must act in accordance with the Banking Act, the Capital Requirements Regulation (CRR), Regulation (EU) 1024/2013 concerning policies related to the prudential supervision of credit institutions (SSM Regulation) and applicable EBA guidelines and recommendations, and with due attention to financial stability, the smooth functioning of the banking system and creditor protection.

The authority can take official measures and pass certain regulations specifying supervisory obligations of less significant credit institutions. The FMA is responsible for enforcing its own administrative decisions, except for orders imposing administrative penalties.

Administrative and penal decisions of the FMA can be appealed against at the Austrian Administrative Court of first instance.

The FMA is also responsible for implementing the resolution decisions of the Single Resolution Board (SRB), acting as the resolution authority for significant credit institutions in the Eurozone. As a resolution authority, it has the power to demand the:

implementation of measures from the recovery plan; •

dismissal of managing directors; •

initiation of creditor negotiations for debt restructuring; •

convening of a shareholders’ meeting; and •

making changes to the operational or legal structures of the institution. •

OeNB

In addition to its role in economic policy, the OeNB supervises payment and settlement systems, delivers macroprudential analyses and banking supervisory analyses, and conducts on-site inspections of significant institutions on behalf of the ECB, and of less significant institutions on behalf of the FMA. The OeNB is neither a NCA (national competent authority) nor a NDA (national designated authority) under the SSM Regulation and CRR/CRD IV, but entitled to participate in the Governing Council of the ECB and, as a non-voting member, in the ECB’s Supervisory Board.

Furthermore, it provides:

reports about on-site inspections commissioned by the ECB or the FMA; and •

expert opinions on risk-assessment models after a bank has submitted an application •for approval.

These reports provide the basis for any official measures (administrative steps) to be taken by the ECB or the FMA. A credit institution has the right to express its opinion on the inspection report (Article 71(6), Banking Act).

Complete transmission of banking supervision from the OeNB to FMA

In the Council of Ministers, the Austrian Government has taken a vote on the structural change of the Austrian supervisory banking authorities. This decision was taken following criticism by the Court of Auditors. The idea of the Austrian Government is to eliminate the parallel supervision by the OeNB and the FMA. The Government intends to legally anchor the structural reform by mid-2019. Some tasks of the OeNB will be transferred to the FMA, concentrating all banking supervisory tasks at this authority. The implementation of the organisational changes at the FMA, the OeNB and the Ministry of Finance is scheduled for the end of the year. However, the competence to monitor the financial stability (macroprudential analyses) should remain with the OeNB. In addition, the OeNB should become able to issue audit assignments to the FMA in the event of a crisis.




Other institutions with special tasks

In addition, the following institutions with tasks of special significance are: the i) State commissioners; and ii) Austrian Control Bank (Oesterreichische Kontrollbank AG (OeKB)).

State commissioners The Austrian Minister of Finance must appoint a state commissioner and a deputy state commissioner for credit institutions with total assets in excess of €1 billion.

These are representatives of and accountable to the FMA. They have to be invited by the credit institution to company meetings and audit committees, and must object to resolutions that violate administrative decisions of the Minister of Finance or the FMA. They have inspection rights and must report facts to the FMA, indicating that the institution’s fulfilment of its obligations to creditors or the security of its assets are no longer ensured. Their tasks are linked to authoritative functions derived from the FMA’s powers.

OeKB This is Austria’s main provider of financial and information services to the export industry and the capital market. In particular, issuers of securities and fund companies can fulfil their reporting and disclosure obligations by using the OeKB’s electronic reporting platforms. OeKB does not exercise any authoritative powers towards capital market participants. Its subsidiary, OeKB CSD GmbH, is the only Austrian licensed central securities depositary pursuant to the CSDR (Regulation [EU] No. 909/2014), rendering securities account maintenance services at the top tier level (central maintenance service), initial recording of securities in a bank-entry system (notary service) and the operation of a securities settlement system (settlement service).

Central bank

OeNB

The OeNB contributes to monetary and economic policy decision-making in Austria and in the Euro area.

The primary focus of the OeNB is safeguarding domestic financial stability and supplying high-quality, counterfeit-proof cash. In addition, it manages reserve assets; that is, gold and foreign exchange holdings, draws up economic analyses, compiles statistical data, is active in international organisations, and oversees payment systems.

Key regulations in Austria

The foundation of the relevant sources of law governing banking in Austria is to a great extent laid by EU regulations. These are: i) EU regulations like the CRR, the MiFIR and delegated regulations issued by the European Commission; ii) Austrian federal laws largely implementing EU directives like CRD IV, MiFID II and delegated directives such as the Austrian Banking Act and the Austrian Securities Supervision Act 2018; iii) Regulations issued by the FMA such as the FMA’s cross-selling regulation 2018 and its draft of a 2019 product intervention regulation; iv) Binding Technical Standards (BTS) issued by the European Banking Authority (EBA) and EBA guidelines and recommendations; and v) FMA standards, circulars and other forms of soft law interpreting the main federal laws.

The primary sources of banking regulatory law are the Banking Act (Bankwesengesetz) and Regulation (EU) 575/2013 on prudential requirements for credit institutions and investment firms (Capital Requirements Regulation (CRR)), together with Commission Delegated Regulations 2015/61/EU, 2015/62/EU and 2015/63/EU. The application of the CRR to Austrian credit institutions qualifying as CRR financial institutions is mandatory by virtue of a provision in the Banking Act.




Key legislation or regulations applicable to banks

The Banking Act governs the:

licensing of credit institutions and financial institutions (Article 1); •

freedom of establishment and to provide services within the EEA (Article 9 and •following);

ownership requirements (Article 20 and following); •

rules on cover funds (Deckungsstock; Article 66 and following); and •

contractual terms such as for savings deposits (Article 31 and following), certain value •date provisions and banking secrecy (Article 38).

The Austrian Banking Act differentiates licensed “credit institutions of significant relevance” from other credit institutions as well as “systemically important institutions” from other institutions and provides special provisions for such other (smaller) institutions. All of this does not correlate with the SSM’s differentiation of significant institutions (SIs) and less significant institutions (LSIs), but is an Austrian tailor-made regime for smaller banks.

The CRR (including the related BTS) covers:

minimum regulatory capital requirements and quality criteria for CET 1, AT1 and T2 •capital instruments;

limits on large exposures, new liquidity rules and limits on qualifying holdings outside •the financial sector; and

leverage ratios and disclosure requirements on credit institutions and investment firms. •

Other relevant federal laws are the:

Building Society Act (Bausparkassengesetz (BSpG)), which regulates the operation •and supervision of building society savings banks (Bausparkassen).

Investment Fund Act (Investmentfondsgesetz 2011), which regulates the operation and •management of investment funds and the Austrian Real Estate Investment Fund Act (Immobilieninvestmentfondsgesetz).

Alternative Investment Fund Management Act (Alternative Investmentfonds Manager-•Gesetz 2013), which contains licensing and supervision of certain managers of collective investment undertakings.

Securities Supervision Act (Wertpapieraufsichtsgesetz 2018), which sets out •regulations on financial instruments trading and compliance and implements MiFID II.

MiFiD II (Markets in Financial Instruments Directive) – see below in ‘Recent •regulatory themes and key regulatory developments’.

Stock Exchange Act (Börsegesetz 2018) which regulates the relationship between stock •exchange traders and the exchange operating company (Wienerbörse) itself.

Capital Markets Act (Kapitalmarktgesetz (KMG)) and Act on Alternative Forms of •Financing (Alternativfinanzierungsgesetz [AltFG]), which provide for rules on public offerings of securities and other capital investments alongside the EU Prospectus Regulation ([EU] 2017/1129).

Payment Services Act (Zahlungsdienstegesetz 2018), which regulates the performance •of payment services.




Financial Market Money Laundering Act (Finanzmarkt-Geldwäschegesetz), which •stipulates statutory due diligence obligations relating to money laundering and terrorism financing.

Capital Outflows Reporting Act (Kapitalabfluss-Meldegesetz), which imposes a tax •compliance obligation to report capital outflows to and inflows from Switzerland and Liechtenstein.

Account Register and Account Inspection Act (Kontenregister- und •Konteneinschaugesetz), which introduced a central registry for bank accounts and deposits established with Austrian credit institutions.

In addition, there are a number of federal laws implementing EU Directives such as the:

Remote Financial Services Act (Fernfinanzdienstleistungsgesetz); •

Financial Collateral Act (Finanzsicherheitengesetz); •

E-Money Act (E-Geld Gesetz); •

Consumer Loan Act (Verbraucherkreditgesetz); •

Mortgage Credit Act (Hypothekar- und Immobilienkreditgesetz); •

Consumer Payment Account Act (Verbraucherzahlungskontogesetz); •

Deposit Guarantee Schemes and Investor Compensation Act (Einlagensicherungs- und •Anlegerentschädigungsgesetz (ESAEG));

Common Reporting Standard Act (Gemeinsamer Meldestandard-Gesetz) which is a tax •compliance-related law; and

Act on the Recovery and Resolution of Banks (Sanierungs- und Abwicklungsgesetz •(BaSAG)).

Secondary and tertiary EU banking supervisory legislation has been implemented into Austrian law or applies directly, leaving little room for specific Austrian banking regulations.

Restrictions on the activities of banks in the Austrian jurisdiction are usually the result of the scope of a bank’s licence. If an Austrian retail bank also possesses a licence to trade in financial instruments on its own or a customer’s account, there are no restrictions on proprietary trading activity. However, Austrian licensed investment firms are always prohibited from proprietary trading activities by virtue of statutory law. Incentives not to engage in proprietary trading activities are usually derived from additional capital requirements under the CRR, from organisational and reporting requirements under MiFIR and MiFID II, from conflict-of-interest governing provisions included in MiFID II implementing provisions (Austrian Securities Supervision Act 2018) and from the Market Abuse Regulation (MAR). Further, internal control systems, the audit department, the compliance department and the risk-management department of a bank must usually be adapted to cover such additional activities, which triggers additional costs.

Recent regulatory themes and key regulatory developments

In line with EU directives and EU regulations, Austria has in recent years sharply increased the level of maximum fines and administrative penalties relating to violations of banking and investment supervisory laws in Austria. For the same reasons, the comprehensiveness and intensity of other administrative measures against credit institutions and investment firms has been extended, and whistleblower facilities must be made available by banks and investment firms in addition to supervisory authorities and criminal prosecutors. Further, naming and




shaming of banks and investment firms has been introduced as a general administrative tool, with reduced rights of remedy in cases of alleged violations of regulatory laws.

Austria has introduced a full regime of recovery and resolution powers for the SRB and FMA, complying with the EU’s BRRD and SRM Regulation including the introduction of contributions to a Single Resolution Fund. Further, Austria has aligned the competences divided between the SRB and the FMA, which are the resolution authorities for SIs and LSIs, respectively, in Austria. Austria further introduced in 2018 a new special category of bail-inable, non-preferred senior debt securities which should only be bailed in after other capital instruments, but before other senior liabilities of banks. Like any other EU member state, Austria has provided a requirement to ensure through contractual means that recovery and resolution orders will be enforceable, in particular towards counterparties located in third-party states.

A current discussion has evolved in 2018 and 2019 on minimum requirements imposed by fundamental rights of legal entities on the penalty procedure for administrative fines issued by Austrian authorities (including the FMA). This refers to the question whether penalties imposed on legal entities require separate prior administrative proceedings relating to management board members as physical persons to safeguard the defendant’s rights of legal entities.

Recent changes – MiFiD II and MiFIR

The current framework for securities services provider has been renewed by the Directive 2014/65/EU (MiFID II) which has been transposed with the Austrian Securities Supervision Act with effect from 3 January 2018. MiFIR (“Markets in Financial Instrument Regulation”) has been directly in force since 3 January 2018.

In addition, the European Commission has issued several directly applicable Delegated Acts.

The intent of the legislator has been increasingly focusing on investor protection issues and is therefore taking disciplinary actions, including fines, to improve outcomes for investors and to prevent mis-selling. The main topics concerning investor protection are: i) product governance; ii) best execution; iii) transaction and trade reporting; iv) management of conflicts of interest; v) ban on inducements; vi) product and client coverage; vii) transparency on costs/charges; and viii) recording of telephone and email communication.

Product governance (Articles 30 and 31 WAG 2018) •

As one of the main innovations in the WAG 2018, product governance differentiates between manufacturers, which includes investment firms that create, develop, issue and/or design financial instruments and advise on their launch, and distributors, which are investment firms that offer or sell financial instruments and services to their clients.

The product governance requirements define a cycle of four distinct phases that impact manufacturers as well as distributors and sub-distributors: design and approval; development and implementation; launch and promotion; and monitoring and review. The new product-governance requirements introduce a new concept of “target market”, which requires managers to ensure that their products are designed with particular categories of end-investors’ needs in mind.

Recent change – Payment Services Act 2018

The Payment Services Act 2018 that came into force on 18 January 2018 has implemented the revised Directive on Payment Services ((EU) 2015/2366). Consequently payment initiation providers and account information providers are now required to obtain a licence from the FMA.




Both new payment services have the obligation to keep professional liability insurance, or an equivalent guarantee, instead of having their own funds.

In addition, payment service providers are required to offer an authentication, using two separate factors, in most cases (“2FA”).

Recent change – Entry into force of Capital Market Act 2019 (KMG) and amendment of Alternative Finance Act (AltFG)

Article 1 (3) and Article 3 (2) of the Regulation (EU) 2017/1129 on the prospectus for the public offering of securities or when it is admitted to trading on a regulated market and repealing the Directive 2003/71 / EC (‘the Prospectus Regulation’). The replacement refers to the information requirements of the issuer towards the investors according to the Capital Market Act 2019 or the Alternative Finance Act, as amended. Thus, there is a change in the personal and subject area of application of KMG 2019, and of AltFG. This is also the main reason why non-SMEs can now make use of AltFG, and all securities and investments can be issued.

According to AltFG, an information sheet is required if the total amount of the issue is •above €250,000.

The issuance of a simplified prospectus is required if either the total amount of the issue •is over €2 million or the income derived from the issue is less than €5 million within 12 months.

The issuance of an amount over €5 million requires a regular prospectus. •

Recent change – Amendments to the Alternative Investment Fund Manager Act (AIFMG), the Real Estate Investment Fund Act (ImmoInvFG) and the Investment Funds Act 2011 (InvFG 2011)

The amendments align the national law to the requirements of Regulation (EU) 2017/1131 Unregistered Alternative Investment Fund Managers (AIFM) are now required to report changes in the managing persons and transfers of registered office to the FMA. If an Alternative Investment Fund (EU-AIFM) intends to market shares of a non-EU alternative investment fund (non-EU AIF) in Austria, they are required to send a notification letter to the FMA for each of the non-EU AIFs. If these requirements are not met, the infringements will be sanctioned according to Article 60 (2) AIFMG.

Recent change – PRIIP – Packaged retail and insurance-based investment products (PRIIP VollzugsG)

The PRIIP Enforcement Act sets out the necessary measures to implement the Regulation (EU) No 1286/2014 on basic information sheets for packaged investment products for retail investors and insurance investment products (PRIIP-VO) in Austria. Among other things, the implementation makes it clear that the premium-subsidised provision for the future and supplementary pension insurance are excluded from the PRIIP-VO.

Recent change – New enforcement tools in administrative criminal law for FMA

On 3 January 2018, the “Supervisory Reform 2017” has been set in force. It certainly improves the transparency of supervisory action, brings administrative simplification, and strengthens legal certainty as well as the risk-oriented and proportional supervisory approach.

The reform offers essential enforcement tools to the Austrian FMA:

The instrument of ‘accelerated termination’ (in the administrative procedure as in the •administrative penalty procedure); the right to waive an appeal in advance.




The extension of the possibilities to sanction primarily the legal entity. •

The replacement of the “cumulation principle”, the additive imposition of penalties for •multiple violations by the “absorption principle”, and the imposition of the only reasonable administrative penalty, even for multiple violations.

The obligation to publish sanctions. •

Broadening the margin of discretion of the FMA to refrain from imposing a fine for •less significant violations.

CRD-V/CRR-II/BRRD-II-Package

In November 2016, the European Commission published a comprehensive proposal for an amendment of the CRD-IV, the CRR and the BRRD (so-called “CRD-V/CRR-II/BRRD-II-Package”). The main objective of the CRD-V/CRR-II/BRRD-II-Package is the implementation of a standard on the total loss-absorbing capacity of global systemically important institutions, and to integrate the general rules for minimum requirements for own funds and eligible liabilities. In addition, the CRD-V/CRR-II/BRRD-II-Package proposes a vast amount of other changes that may pose challenges for financial institutions in Europe and Austria. The major part of the legislative proposal, excluding TLAC/MREL, may possibly be published in the first half of 2020 by the EU and has an implementation period into national law of two years.

Intended future development – Digitisation and fintechs

The European Commission published its so-called FinTech Action Plan on 8 March 2018, which aims to ensure a more competitive and innovative EU financial sector. The plan outlines the future challenges associated with digitisation and fintech. In its recent initiative to review the EU supervisory framework, the Commission states that the European supervisory authorities should consider fintech in all their activities. The aim of the Commission is to adopt a more forward-looking regulatory framework for digitisation and to create an environment in which innovative fintech products and solutions can be introduced across the EU rapidly. Thus, taking advantage of the economies of scale of the economy internal market, without compromising financial stability or consumer and investor protection.

Fintechs form part of a growing industry in Austria. Until a legal framework is created for fintechs by the European or the national legislator, fintech models must be reviewed in accordance with existing laws. To this end, the FMA has set up a so-called internal contact point, which can be contacted for specific projects within the framework of fintech business. The FMA has posted a form on its homepage, by which fintechs can ask legal questions in connection with their potential business in Austria.

Before fintech activities can be subsumed under a particular law, it is important to clarify that those activities that fall under the scope of a licence requiring banking business are not uniformly regulated in all the member states. This means that an activity in another state can indeed be conducted without a licence, but may in Austria be regarded as a banking business subject to licence requirements. Although CRD IV includes a list of activities in Annex I for which mutual recognition by all member states applies, this does not necessarily mean that the listed activities are regulated as banking business in all member states.

For fintechs, this would mean that their activities in any other member state may not be regulated but in Austria they may be covered by a licence-required activity such as the Banking Act, Securities Supervision Act or the Payment Services Act. Within the framework of the Austrian Banking Act, the following activities of fintechs could be covered by licence




requirements: mediation services – these are such as new payment methods, virtual currency and alternative payment methods; and automated advisory systems and platforms. But also, algo-, signal-, social and mirror trading, crowdfunding and crowdinvesting, and interface or other technical services for financial service providers, could be subject to the Austrian Banking Act. Especially mediation activities in banking related to the deposit and lending business, and factoring, could become relevant.

The definition of “mediation” in the context of the Banking Act is “when the active intervention of a third party has enabled the communication and the mutual consent of the business partners”. Thus, according to Article 18 (1) Banking Act, a mediation activity could be covered by a licence requirement applying to mediation, if the mediated product is a deposit business product. Furthermore, platform-based mediation activities in connection with lending agreements could fall under the regulatory of Article 18 (1) Banking Act, not only limited to B2B or B2C but also C2C. The last relevant activity in this context is factoring business. The so-called Factoring-Fintechs provide services such as purchase of receivables or pre-finance of invoices; they could further be covered by a licence requirement by virtue of “mediation” within the meaning of the Austrian Banking Act.

Recent developments regarding IT/cyber-security

The FMA has already issued its Guide on IT Security for banks, insurance companies and investment services in 2018. The establishment of a comprehensive IT Risk Management and Information Security Management is a key element for institutions. The FMA has made IT security one of its priorities for supervision and inspection during the year 2019.

Bank governance and internal control

Bank governance

Banks are subject to various requirements for governance and internal control. In addition to the Austrian Banking Act and the EU Audit of PIEs Regulation (537/2014), APAB’s regulations and guidelines, the FMA’s and EBA’s guidelines (such as the EBA’s guideline on internal governance) have to be complied with. The application and/or scope of the organisational regulations depend on the type, scope and complexity of the business activities, investment services and other activities. Certain regulations only apply to “credit institutions of significant relevance” due to their size and complexity.

A bank may only be operated as an Austrian AG or GmbH or European SE or as a (European) cooperative society or savings bank, so the articles of association have customarily to be set out in the form of a notarial deed and registered in the commercial register. A prior approval by the supervisory authority is required, so the provisions of Article 5 Banking Act have to be complied with.

An institution has to implement a comprehensive set of organisational requirements, such as establishing an organisational structure and maintaining a decision-making process, to allow the clear documentation of reporting obligations and allocated functions and responsibilities.

The institution has to establish an internal reporting system, maintain adequate and systematic records of business activities and internal organisation, and ensure the proper, fair and professional performance of tasks. It must establish mechanisms to safeguard security and confidentiality of information, ensure continuity and regularity of investment services and activities, and establish effective and transparent customer service procedures.

The management board is solely responsible for running the company and is not subject to




instructions from the annual general meeting nor from the supervisory board. It is also responsible for installing adequate compliance, risk-management, independent audit and AML/CTF monitoring functions. The board of directors must be composed of a minimum of two directors. In order to ensure the overall responsibility in the board of managers as well as in the supervisory board, its members – individually as well as collectively – are required to possess the necessary knowledge and skills (“fitness”) to assess the nature, scope, complexity and risk structures of the given institution (EBA/GL/2017/12 as well as the FMA fit and proper circular letter in its 2018 version). The directors and supervisory board members must fulfil the minimum requirements for the individual and collective assessment of personal reliability, professional aptitude and experience, time availability, un-biasedness and independence. The ECB and the FMA ensure compliance with the fitness requirement through fit and proper hearings, requests for written statements, oral examinations and interviews. If required, such tools may also be used towards key function-holders of a bank.

Beyond that, the directors must invest sufficient time to perform their functions and none of the directors are to have their main profession outside the banking industry or outside insurance undertakings or pension funds. The directors must have practical and theoretical skills required for heading the institution and must be reliable. The directors or members of the supervisory board must be financially sound and not facing, for example, criminal charges or convictions or bankruptcy proceedings (“propriety”). The FMA conducts interviews to assess the fitness and propriety of the directors and supervisory board members.

The articles of association have to rule out individual powers of representation. Individual powers of commercial representation, and individual commercial powers of attorney for the entire business operation – or, in credit co-operatives, the management of the business – are restricted to the directors.

Banks have to set up a remuneration system aligned with the European and Austrian requirements. In general, the remuneration system must not offer any incentive to disregard the institution’s internal control system. Information as to remuneration has to be provided to the supervising authorities.

Depending on the size and complexity of the institution, specialised committees must appoint specialised committees, including a risk, audit, remuneration and nomination committee.

If an Austrian-licensed bank is listed on a regulated market (by its shares or other securities), the Austrian commercial code requires the overall remuneration of any single management board member to be disclosed within its corporate governance report (section 243c Commercial Code). Remuneration of other staff must only be reported to the FMA and ECB, respectively, in line with regular reporting for identified staff members.

Services that do not constitute core activities and are of minor importance may be outsourced, whereas the requirements of the Banking Act have to be observed. So any outsourcing may not undermine the quality of the internal control mechanisms or the ability of the FMA to monitor an institution’s compliance with its legal obligations. In addition, any outsourcing must not violate the principle of banking secrecy.

Austrian banks of “significant relevance” must not only install an independent risk-management function, but also a permanent, effective and independent compliance function directly reporting to the management board. In addition, most Austrian-licensed banks are entitled by statutory law to pursue trading activities in financial instruments and must therefore comply with the organisational requirement to install a securities compliance function, a securities risk-management function, an independent internal securities audit function, a securities complaint-management function and a person responsible for the




protection of the securities customers’ assets (see Delegated Regulation 2017/565).

Austrian regulation requires banks to maintain the segregation of staff and systems used for front office trading activity from staff and systems used for middle or back office administrative administration activity, in line with the Market Abuse Regulation (Art 16/2) and the Delegated Regulation 2017/565 and its organisational compliance requirements. The Austrian gold-plating FMA Regulation on Issuers’ Compliance has meanwhile been repealed with legal effect from 3 January 2018 so that the Austrian level of required segregation corresponds to the harmonised EU-level.


As a member of the Basel Committee on Banking Supervision, Austria falls under the international influence for capital requirements for banks and implements the recommendations of the committee, which are anchored in Basel III.

CRD IV/CRR

Basel III was implemented in the EU with the so-called “CRD IV/CRR Package”. It includes the Capital Requirements Directive IV (CRD IV) and the Capital Requirements Regulation (CRR). The Directive CRD IV was implemented in Austria by the amendment of the Banking Act. Credit institutions must ensure, individually and collectively, that they are able to meet their payment obligations at any time (Article 39 (3), Banking Act). The managing directors must ensure that the credit institution:

establishes company-specific financial and liquidity planning based on banking •experience;

sufficiently ensures its ability to compensate for any future imbalances of incoming and •outgoing payments, by constantly maintaining sufficient liquid funds;

has systems for monitoring and controlling the interest rate risk of all transactions; •

structures its interest rate in line with the maturity structure of its assets and liabilities, •to take potential changes in market conditions into account; and

has documentation on the basis of which the credit institution’s financial situation can •be calculated with reasonable accuracy at all times, and which can be presented to the FMA on request.

The eligible own funds, which can be used to cover regulatory own funds requirements, are composed of Tier 1 capital and Tier 2 capital. Common Equity Tier 1 (CET 1) and Additional Tier 1 (AT 1) together constitute the core capital. All institutions must at all times, on a solo and on a consolidated basis, satisfy the following own funds requirements: i) a Common Equity Tier 1 capital ratio of 4.5%; ii) a Tier 1 capital ratio of 6%; and iii) a total capital ratio of 8%. There are additional CET 1 capital requirements resulting from various buffer requirements, the SREP ratio and potential capital add-ons imposed by the supervisory authority. Further, the ECB and NCA use additional capital-related triggers for early warning systems and for general supervisory purposes.

The Capital Requirements Regulation (CRR) requires credit institutions to hold enough liquid assets to deal with any possible imbalance between liquidity inflows and outflows under gravely stressed conditions during a period of 30 days (Liquidity Coverage Ratio (LCR)). The LCR as a short-term liquidity business ratio is 100% in the year 2018. Further, a Leverage Ratio must be complied with by credit institutions.





No law specifically regulating the relationship between a bank and its customer exists in Austria. Instead, the Austrian Civil Code (ABGB) applies in general. Nevertheless, the ABGB is supplemented by a number of regulations transposing the corresponding EU directives, focusing inter alia, on consumer protection. The nature of these regulations is mandatory and cannot be changed by agreement. In general, most Austrian banks base their relationship with clients on similar terms and conditions. These terms and conditions have to comply with the consumer protection laws, if applicable.

The Austrian Consumer Loan Act (VKrG) and the Mortgage Credit Act (HIKrG), for example, provide protection to a consumer in many ways. The lender must provide inter alia the customer with the European Standardised Information Sheet (ESIS), in which the key features and risks of the mortgage contract/credit are disclosed before the contract is concluded. In addition, the customer has specific revocation and termination rights with respect to the loan agreement. Further, the creditworthiness of the potential debtor has to be assessed by the institution.

Customer complaints

The European Securities and Markets Authority (ESMA) and the EBA have issued guidelines on the handling of complaints in securities trading and banking.

In general, the complaint may be addressed directly to the institutions, who are obliged to accept and process the complaint and have to fulfil certain obligations in the event of complaints, such as the issuance of a written acknowledgment of the receipt of the complaint and giving details of the complaint procedure. The institutions have to communicate in a clear and understandable language, respond within a reasonable time and give a date for the termination of the procedure.

Consumers may also submit their complaints to the Financial Services Industry Ombudsman Office. Other bodies that may receive complaints are, for example, the independent Joint Arbitration Body of the Austrian Banking Industry or the Consumer Mediation Service.

The FMA itself reviews the complaints to ensure companies comply with regulatory requirements, including but not limited to complaints procedures. The decision to find individual solutions is reserved for ombudspersons, arbitration and conciliation bodies or the ordinary courts.

Compensation schemes

Directive 2014/49/EU on DGS (the Deposit Guarantee Scheme Directive, DGSD) repealed Directive 94/19/EC on DGS with effect from 4 July 2015, to improve protection for individuals and legal entities, relating to a harmonised level of covered deposits of up to €100,000 per customer and bank. Deposits made by public institutions or institutional investors such as credit institutions or insurance companies are not covered.

Various transitional provisions were in force in Austria, especially until a national deposit guarantee scheme (or an institutional protection scheme recognised as a protection scheme) started to operate on 1 January 2019.

As of 1 January 2019, a single deposit guarantee and investor compensation scheme run by the Austrian Chamber of Commerce (Wirtschaftskammer Österreich) has assumed responsibility for the compensation of all depositors and investors in Austrian credit institutions (Einlagensicherung Austria GmbH). Alternatively, institutional protection schemes may be recognised by the FMA. By 2019, only one alternative IPS had been




recognised in Austria: the “Haftungsverbund GmbH der österreichischen Sparkassen” for Erste Group Bank and the savings bank sector.

Restrictions on inbound cross-border banking activities

Cross-border banking activities are governed by: i) Directive 2013/36/EU on capital requirements (Capital Requirements Directive IV (CRD IV)) (Articles 33 to 39); ii) Banking Act (Articles 9 to 19); and iii) EBA Binding Technical Standards (BTS) on the passporting and the supervision of branches (enacted as Commission Delegated Regulation (EU) 1151/2014 supplementing Directive 2013/36/EU and Commission Implementing Regulation (EU) 926/2014).

CRR credit institutions may conduct activities listed in Annex I of CRD IV in Austria through a branch or by means of the freedom to provide services, provided that their authorisation permits them to do so (Article 1a (1), paragraph 1, Banking Act).

CRR credit institutions authorised in an EEA member state are in principle already authorised on the basis of their licence in their home state to also provide banking operations in other member states under the “single licence principle”. Cross-border activities can either be conducted through a branch (freedom of establishment) or under the freedom to provide services. The intention to conduct cross-border banking activities on either basis must be notified to the respective supervisory authority.

CRR credit institutions incorporated outside Austria but within the EEA must notify their home supervisory authority of their intention to conduct activities in Austria. This authority must in turn inform the FMA. There are supplementary rules in Regulation (EU) 468/2014 (EU mechanism for banking supervision (SSM framework regulation)) for the passporting-related division of powers between the ECB and the FMA, for CRR credit institutions located in or outside Eurozone member states but within the EU or the EEA.

Regulatory framework on anti-money laundering

Anti-money laundering measures In Austria, the due diligence measures included in the Financial Market Money Laundering Act (FM-GwG) enhancing the risk-based approach in anti-money laundering law, and the additional provisions to the beneficial owner in the Economic Ownership Register Act, (WiEReG) must be complied with. Data on beneficial owners of legal entities and trusts are available in a central register and institutions must conduct a client due diligence when on-boarding a client, and conduct regular reviews.

The changes to Directive (EU) 2015/849 to prevent the use of the financial system for the purpose of money laundering and terrorist financing, as included in Directive (EU) 2018/843 (the “Fifth Anti-Money Laundering Directive”) must be implemented by 10 January 2020. It will: (i) apply to providers of exchange services for virtual currencies and include virtual asset-conversion platforms and vendors; (ii) expand the powers of financial intelligence units; and (iii) improve the identification of the beneficial owners.

* * *

Endnote

EBA Report dated 9 Jan 2019 on crypto-assets. 1.







Dr. Peter Knobl

Tel: +43 1 514 35 241 / Email: [email protected]

Peter works in the Banking & Finance and Capital Markets Department of

CHSH and leads our banking & insurance supervision and regulatory practice

team. His major areas of experience include: advising international banks on

establishing Austrian branches and offices; and supporting clients in

borrowing and investment decisions they have to make, such as in the context

of financial and liquidity planning and treasury operations. He practises tax

law, banking and insurance supervision and compliance law and has worked

extensively in matters involving capital markets, derivative financial

instruments & investment funds as well as EMTN & MTN programmes. Due

to his banking regulatory and stock exchange-related activities, he is in contact

with the competent officials at FMA. He is also active in banking and

investment services-related queries of all kinds.

Peter has written on legal topics relating to banking regulation, rules of

conduct applicable under the Securities Supervision Act 2018 and MiFID II,

the Austrian Banking Act and the MAR.

Peter earned his Dr. iur. from the University of Vienna in 1987. He worked

from 1991 until 1998 at Erste Bank AG. He became partner at CHSH in 2001.

Parkring 2, 1010 Vienna, Austria

Tel: +43 1 514 35 241 / Fax: +43 1 514 35 39 / URL: www.chsh.com

CHSH Cerha Hempel Spiegelfeld Hlawati Rechtsanwälte GmbH

Brazil

Introduction

Historically, Brazilian banking activities have been subject to intense state control and have been heavily regulated, in view of continuing government concerns with systemic risk, foreign exchange, international capital controls and consumer protection.

Under these circumstances, only entities authorized by the Brazilian Central Bank (“Central Bank”) to operate as financial institutions may conduct banking activities. As defined by Brazilian Law, financial institutions are considered public or private entities whose principal or secondary activity comprises the collection, intermediation or investment of proprietary or third party funds, in local or foreign currency, and the custody of valuables owned by third parties. Individuals or entities performing any such activities on either a permanent or a sporadic basis shall be considered equivalent to financial institutions.

There is a discussion on whether the definition of financial institutions’ activities entail the collection, intermediation and investment cumulatively or if any of such activities, alone, would suffice to characterize banking activities. Although there are precedents leaning to both interpretations, most of the recent precedents tend to adopt the position that only one of those features would suffice to define banking activities and, as a consequence, can only be performed by financial institutions authorized to operate by the Central Bank.

In addition, Brazilian legislation has conceived a rather closed approach regarding the control of financial institutions by foreign entities or individuals. The Brazilian Constitution generally prohibits the incorporation or capital increase of Brazilian financial institutions by foreign entities or individuals in Brazil, except in case: there is specific regulation in place; Brazil has entered into a multilateral agreement with one or more countries; or if it is considered to be in the interest of the Brazilian government.

Considering that Brazil has not regulated the matter nor executed any multilateral agreement with any other countries, the only way foreign participation in the financial sector is granted is through the issuance of Presidential Decrees on a case-by-case basis (except for credit fintechs, as further discussed below). In addition, the Central Bank also has to approve the entry of foreign capital into the financial sector. Notwithstanding this fact, the Brazilian Government has historically granted Presidential Decrees irrespective of the Administration then in place.

Also within the context of control of foreign capital, foreign exchange transactions have typically been subject to strict regulation. Currently, the inflow and outflow of funds to and from Brazil can only be carried out through a financial institution (or an entity accredited to operate by the Central Bank) duly authorized to operate in the foreign exchange market. These foreign exchange transactions must be registered by financial institutions in the Central

Bruno Balduccini & Ana Lidia Frehse Pinheiro Neto Advogados



Bank System, with due regard to the applicable foreign exchange rules, which require that the financial institution which closes the foreign exchange transaction requests the documentation evidencing the legal and economic grounds of the underlying transaction and ensures the relevant taxes are paid.

The regulator has been more recently gradually relaxing the regulation of foreign exchange and is currently rethinking the rules vis-à-vis the new technologies available such as online signatures, blockchain technology and others. New technologies available are also causing the Central Bank to revisit other banking regulations in order to use technology as a promoter of efficiency and competition in the Brazilian Banking system.


The Brazilian Constitution has established the guidelines for the economic and financial order and has delegated powers to Congress to legislate about financial markets. Under its prerogatives, the Congress enacted Law No. 4,595 of December 31, 1964 (“Brazilian Banking Law”), which is the most significant piece of legislation on this topic as it established the regulatory structure of the National Financial System.

The financial sector regulation in Brazil, in this sense, is essentially composed of regulatory bodies, such as the National Monetary Council (Conselho Monetário Nacional – CMN) and supervisory bodies, such as the Central Bank, the Brazilian Securities Commission (Comissão de Valores Mobiliários – CVM), among others.

The CMN is the highest authority in the Brazilian financial system and is responsible for formulating monetary and credit policies, with the goal of promoting the economic and social development of Brazil. The CMN is chaired by the Minister of Finance and is also composed by the Minister of Planning, Budget and Administration and the President of the Central Bank.

Brazilian Banking Law also granted powers to the Central Bank to implement the monetary and credit policies drawn up by the CMN, as well as to inspect and eventually punish the financial institutions in the private and public sectors.

Under its legal prerogatives, the Central Bank is responsible for exercising control over credit and foreign capital, receiving compulsory withholdings and voluntary demand deposits of financial institutions, executing rediscount transactions and loans to banking financial institutions, as well as acting as a depository of gold and foreign currency reserves.

The Central Bank’s responsibilities extend over approving the incorporation, functioning, transfer of control and equity reorganisation of financial institutions.

In addition to the core banking regulations, other laws have been enacted over the years in order to address specific concerns that arise from banking activities and impact diverse stakeholders other than financial institutions. Among them, some of the most significant include the: (i) White Collar Crime Law,1 which defines crimes against the Brazilian financial system; (ii) Anti-Money Laundering Law,2 which provides for implementation of an effective legal system to combat money laundering in Brazil; (iii) Bank Secrecy Law,3 which provides for secrecy on banking transactions in Brazil; and (iv) Insolvency Laws,4 which provide for the recovery or liquidation of financial institutions in Brazil.

Particularly with respect to insolvency of financial institutions, Brazil has adopted a different approach as regards its controlling shareholders. Controlling shareholders of financial institutions will be subject to an unlimited liability standard irrespective of guilt or fault. The same standard applies to officers and members of the board of directors of the failed

Pinheiro Neto Advogados Brazil



financial institution. This means that upon insolvency of a financial institution, the assets of the controlling shareholders, as well as of the officers and members of the board of directors, are frozen and eventually used to repay the other creditors of the failed financial institution.

Financial institutions in Brazil are also regulated by a substantive set of infra-legal regulation. Under the prerogatives given by the Brazilian Banking Law, the CMN issues rules implementing resolutions (resoluções). These resolutions are from time to time supplemented by regulations (circulares and cartas circulares) issued by the Central Bank. Thus, circulares and cartas circulares serve to establish the technical details for implementation of resolutions.


In recent years, Brazilian legislators and regulators have shown good will towards innovation in the Brazilian financial system. Several pieces of regulation were enacted in order to welcome technological initiatives as well as to adapt certain regulations to present times.

This trend was initiated with the enactment of Law No. 12,865, on October 9, 2013 (“Payments Law”), which was the first rule to directly discipline the industry of electronic payments and electronic money in Brazil. More specifically, the Payments Law regulated the rendering of payment services in the context of payment networks that are part of the Brazilian Payment System (Sistema de Pagamentos Brasileiro or “SPB”). Such law created the concepts of payment network (arranjos de pagamento), payment network owners (instituidores de arranjos de pagamento) and payment institutions (instituições de pagamento).

Payment networks are defined as the set of rules regulating the use of payment instruments accepted by more than one recipient entity. The traditional model for card networks inspired this concept, and it is used worldwide. Notwithstanding the regular structures of the payment industry, several fintechs were incorporated under this concept to use technology in order to optimise payment means and money transfer. As a result of the strengthening of this market through good regulation, in 2018, a company in this sector performed the biggest IPO of a Brazilian company in the New York Stock Exchange ever.

In addition to establishing the general principles and rules for payment networks and payment institutions, the Payments Law conferred on the CMN and the Central Bank powers to regulate such entities, including incorporation and operation, risk management and the opening of payment accounts.

Payment network owners must create rules for their participants, which shall include, among others, settlement rules, risk management, minimum operational standards and penalties. The main participants of a payment network are the so-called “payment institutions”.

As to payment institutions, the Central Bank regulation establishes the following types:

(i) Issuers of electronic currency (e.g., typically, issuers of pre-paid instruments or e-wallets): a payment institution that (a) manages cardholders/end-customers’ payment accounts of the pre-paid type, (b) makes payment transactions available based on electronic currency deposited into such accounts, and (c) converts such funds into physical or book-entry currency or vice versa;

(ii) Issuers of post-paid payment instruments (e.g., typically, issuers of credit cards): a payment institution that (a) manages registered payment accounts of cardholders/end-customers intending to make post-paid payments, and (b) makes payment transactions available based on such account; and




(iii) Acquiring institutions (i.e., acquirers): a payment institution that, without managing payment accounts, (a) enables recipients to accept payment instruments issued by a payment institution or by a financial institution that participates in the same card network; and (b) participates in the process of settlement of payment transactions as a creditor before the issuer, in accordance with the rules applicable to the card network.

The concept of payment accounts derives from the definition of payment institutions. Such accounts are defined as registry accounts held by final users which are used for payment transactions. As far as the treatment of funds existing in payment accounts goes, Payment Law establishes the segregation of such funds from those encompassing the assets of payment institutions. In addition to the abovementioned bankruptcy protection, the Central Bank created a compulsory deposit regime to ensure this characteristic, whereby payment institutions which issue electronic currency are obliged to keep the amounts received by their clients either at the Central Bank, or use them to purchase government bonds. In case of bankruptcy of a payment institution, such funds would be excluded from the bankrupt estate.

Within the same context of the promotion by the Central Bank of the modernisation of the Brazilian Financial System, the regulators also created the so-called “BC+ Agenda”, a project through which the Central Bank has created pillars to cooperate with disruptive and technological innovations in the financial sector, and to update acting under its legal prerogatives.

As a highlight of the BC+ Agenda, in August 2017, the Central Bank released, for public comments and suggestions, a draft regulation on lending activities performed by fintech companies.

In April 2018 the CMN issued Resolution No 4,656 providing the setup and operation of two new types of financial institutions specialized in lending through electronic platforms:

(i) sociedades de crédito direto (SCDs), fintech companies lending money with their own capital; and

(ii) sociedades de empréstimo entre pessoas (SEPs), fintech companies connecting investors and borrowers in a peer-to-peer lending arrangement.

The new resolution will allow fintech companies to lend money to individuals and legal entities (based on their own capital or via peer-to-peer arrangements) without partnering with currently existing financial institutions to that end (as currently happens).

As stated in Resolution No 4,656, both SCDs and SEPs will be authorized to provide ancillary credit services out of a preset list (such as acting as representative of an insurance broker in distribution of insurance for lending transactions, or issuing electronic currency). The regulator also proposed ways of expanding the benefits and technology innovations brought about by fintechs to other institutions, in allowing SCDs and SEPs to provide credit analysis services to third parties as well.

The regulatory framework for SCDs has been clearly simplified in comparison with traditional financial institutions, as such new entities would be allowed to lend their own capital and thus retain the ensuing credit risk, thus being prohibited from borrowing funds from the public to fund their activities. As a result, SCDs will be institutions with a limited scope solely engaging in non-complex, non-leveraged lending activities. It should be pointed out that Resolution 4,656 allows SCDs to sell the loans they originate: (i) to securitization companies that distribute securitized assets solely to qualified investors, as defined by CVM; (ii) to other financial institutions; or (iii) to receivables investment funds (FIDCs) whose




quotas are exclusively offered to qualified investors, as defined by CVM; and consequently, credit securitization structures are available to SCDs as a funding alternative.

On the other hand, a more robust regulatory framework was proposed for SEPs in regulating their peer-to-peer activities. The Central Bank established the means for intermediation between the entity and its lenders and borrowers in a peer-to-peer arrangement, as well as the mechanisms for full transfer of the credit risk from borrowers to lenders. As a result, the rules make it clear that, unlike SCDs, SEPs cannot retain the credit risk underlying the credit transactions in this peer-to-peer mode. However, the regulatory authority, heeding the concerns and requests of industry players, made an exception whereby SEPs are allowed to hold a small portion of risks inherent to their transactions, provided that certain conditions stated in the resolution are satisfied.

It should be pointed out that only individuals or legal entities resident and domiciled in Brazil may act as borrowers in transactions intermediated by SEPs. However, creditors may comprise: (i) individuals; (ii) financial institutions; (iii) FIDCs whose quotas are exclusively offered to qualified investors, as defined by CVM; (iv) securitization companies that distribute securitized assets solely to qualified investors, as defined by CVM; and (v) non-financial legal entities. Nevertheless, creditors other than qualified investors cannot enter into transactions above the R$ 15,000 cap with one same borrower, at one same SEP.

Prior authorization from the Central Bank will be required for the setup and operation of SCDs and SEPs, following the procedures set forth by Central Bank Circular No 3,898, dated as of May 17, 2018. The proposed requirements, although simpler, do not depart greatly from those already in place for traditional financial institutions and payment arrangers and payment institutions mentioned above, such as identifying the applicant’s controlling group; proving its financial and economic capacity; submitting a summary business plan; or obtaining approval for members of the respective management bodies. The applicant shall also present a justification document, which shall include the following: (i) corporate capital of the company; (ii) indication of the services that will be offered; (iii) the targeted public; (iv) description of the proposed Brazilian headquarters of the company; (v) opportunities in the market that justify the operation of the new SCD/SEP; (vi) competitive differentials; (vii) description of the SCD/SEP’s intention to have a settlement account to be held at the Central Bank; and (viii) description of the applicant’s systems and technological resources.

Specifically with regard to composition of the controlling group of SCDs and SEPs, the rule has brought an important innovation for the National Financial System in expressly allowing that such entities be controlled by Brazilian or foreign investment funds. Finally, the Federal Government issued Decree 9,544 attesting the interest of Brazil in the entry of foreign capital into the equity of SCDs and SEPs, thus dispensing with the issuance of Presidential Decrees on a case-by-case basis for the entry of foreign capital into the financial market, as is the case for regular banks and other financial institutions.

The regulation brought greater legal certainty to fintechs acting in the lending segment by introducing a specific set of rules for transactions in this new industry, apart from those applying to the traditional banking market as a whole. As mentioned above, banking activities such as lending must only be conducted by financial institutions authorized to function by the Central Bank.

In order to address issues arising from the rising use of technology on banking activities as provided by the fintech initiatives described above, the Central Bank issued Resolution No. 4,658 was issued in April 2018, establishing cybersecurity governance and cloud services requirements applicable to financial institutions and other institutions authorized to operate




by the Central Bank. The regulation established some specific obligations that should be met by the regulated companies, such as having a cybersecurity policy and incident response and action plan approved by their respective board of directors.

In addition to the agenda on technology in the financial sector, legislators and regulators have also presented efforts to modernize key elements of the Central Bank oversight. In this sense, in May 2018, the Central Bank created a working group to contribute to the development of an instant payment ecosystem in Brazil, which assembled more than 90 participants (eg, payment institutions, payment arrangers, fintechs, marketplaces, financial institutions, law firms and government entities). The main idea is to provide regulation and infrastructure for instant payment services, in which users, with or without holding a bank account, will be able to make payment transactions in real time, 24/7, 365 days a year. The necessary requirements are still under discussion for this ecosystem and the group is still mapping significant actions to adjust the current payment environment.

Another current payment development relates to trials of open banking in Brazil, which entails the sharing of data of financial institutions’ customers for processing and use by payment service providers and other financial institutions. The main goal of the Brazilian model of open banking is to create a safe system in which different financial institutions may interact through a single platform, built by third-party developers, using open source technology.

It is also important to point out that in 2017, the Brazilian Congress enacted a new Administrative Proceedings Law,5 which provides for the imposition of sanctions by the Central Bank in view of breaches of the regulation.

One of the main changes was the increase of the maximum pecuniary fine to 2 billion Brazilian Reais (R$), as opposed to R$200,000 in the previous legislation. Additionally, now the Central Bank has discretionary powers not to impose administrative proceedings in cases of infractions with low market damage and, in such cases, the Central Bank may only request the applicable corrections.


With few exceptions, financial institutions must be incorporated as sociedade anônima, which is the corporate regimen that most closely resembles a joint-stock company or corporation. The legal requirements pertaining to joint stock companies are governed by Corporations Law.6

The direct control of a financial institution in Brazil may only be held by: (i) individuals; (ii) other financial institutions; or (iii) other legal entities, with the exclusive corporate purpose of participating in financial institutions and other institutions authorized to operate by the Central Bank.

The joint-stock company is managed by an Executive Office (Diretoria) and, if applicable, by a Board of Directors (Conselho de Administração). In addition, a Board of Auditors (Conselho Fiscal) may be instated in a provisional or permanent manner to inspect the activities performed by the other management bodies. The Executive Office and the Board of Auditors must be composed of individuals residing in Brazil and meeting the requirements prescribed by law. The Board of Directors members need not reside in Brazil. All appointments to members of the Executive Office, Board of Directors and Board of Auditors on financial institutions will only be effective upon Central Bank’s discretionary approval, based on subjective and objective parameters.




In their corporate governance, all financial institutions must adopt policies and procedures to control: (i) their activities; (ii) their financial, operational and administrative information systems; and (iii) compliance with all regulations they are subject to. According to this rule, without regard to the size of a given financial institution, its internal controls shall be effective and consistent with the nature, complexity and risk of the institution’s transactions.

The executive committee of the financial institution is responsible for implementing an effective internal control structure, defining responsibilities and control procedures and setting out the corresponding objectives at all levels of the institution. The executive committee is also responsible for verifying compliance with internal procedures. The internal auditing report directly to the board of directors or management of the institution, as applicable, and external auditors are responsible for monitoring the internal control system.

Further to these general internal controls, financial institutions are also subject to specific anti-money laundering internal controls and procedures. Such procedures consist of prior and express measures, which must allow the entity to confirm the client’s information on record, identify the final beneficiaries of the transactions, and determine whether or not a client is a politically exposed person.

In terms of transactions monitoring, regulated entities must adopt systems that are capable of: (i) registering and recording all transactions performed by the institution; (ii) verifying the origin of funds, compatibility of the transaction and final beneficiaries in any transaction involving transfer of funds; (iii) identifying transactions that exceed certain limits and threshold amounts; and (iv) identifying suspicious transactions, among other requirements.

In order to be audited, financial institutions must also contract an independent auditor, duly registered with the CVM and certified as a specialist in banking analysis granted by the Brazilian Institute of Independent Auditors (Instituto Brasileiro dos Auditores Independentes – IBRACON), and as long as the minimum requirements attesting to the independence of the same are present.

Furthermore, financial institutions should appoint an executive officer responsible for compliance with all regulations related to financial and auditing records. In addition to audit reports, independent auditors should also report on: (i) the evaluation of internal controls and procedures for managing the risks exercised by the financial institution including in relation to its electronic data-processing system, presenting any potential failings verified; and (ii) a description of the financial institution’s non-compliance with any applicable regulation which is material to its financial statements or activities.

All financial institutions that have: (i) reference assets or consolidated reference assets equal to or in excess of R$1 billion; (ii) the administration of third-party funds in a sum equal to or in excess of R$1 billion; or (iii) the sum of deposit funding plus the administration of third-party funds in a sum equal to or in excess of R$5 billion, are required to have an in-house audit committee, which purpose is to revise all financial reports of the company and liaise with external auditors, which is subject to a number of independence and accountability rules.

Financial institutions shall put in place operational, liquidity and credit risk-management structures. The risk-management structure mentioned herein shall be consistent with the type of activities performed by the payment institution, as well as to the degree of complexity of its products and services, and shall be commensurate with the level of exposure to such risks.




The structure shall be segregated from internal audit and governed by policies and strategies that are approved (and revised at least annually) by the executive office and by the board of directors, if any, with a view to determining their adequacy vis-à-vis the objectives of the payment institution and to market conditions.

The Central Bank performs regular oversight on financial institutions in connection with this topic and may order the adoption of supplementary risk-management actions, as well as set additional equity and liquidity limits and requirements, if it believes that the actions taken by payment institutions are insufficient or inadequate.


In case of financial institutions, at least fifty per cent (50%) of the capital subscription must have been paid up. Pending the completion of all incorporation formalities, the paid-up capital must either be allocated to the purchase of government bonds or deposited with the Central Bank. The remaining balance of the capital must be paid up within one year from subscription of the capital.

The minimum capital requirements for a financial institution depend upon the types of licences held. The minimum capital requirement for such institutions is composed by the sum of each licence (see chart above).

In addition to these minimum capital and equity requirements, for a financial institution that wishes to operate in the foreign exchange market, the amount of R$ 6,500,000.00 should be added to the minimum capital requirements.

Additionally to initial capital requirements, as a member of G20 and signatory of Basel III, Brazil incorporated the Basel III rules mainly by the regulation issued by CMN and the Central Bank. Communication No. 20,615, released by the Central Bank on February 17, 2011, introduced the preliminary guidelines on the implementation of Basel III in Brazil,

FINANCIAL INSTITUTION MINIMUM CAPITAL

Commercial banks and corresponding licence of multiple service banks R$ 17,500,000.00

Investment banks, development banks and corresponding licence of multiple service banks and Caixa Econômica

R$ 12,500,000.00

Credit, finance and investment companies, real property credit companies, leasing companies and corresponding licences of multiple service banks

R$ 7,000,000.00

Credit unionsR$ 10,000.00 up to

R$ 6,000,000.00

Broker dealer companies and securities dealership companies which deal with the management of investment funds

R$ 1,500,000.00

Direct credit company and peer-to-peer lending fintech companies R$ 1,000,000.00

Broker dealer company and securities dealership company that do not manage investment funds

R$ 550,000.00

Foreign exchange broker companies R$ 350,000.00




and highlighted the concepts that would guide the new definitions of capital and liquidity and leverage ratios, following the referred macro prudential approach. The first set of final regulations took effect on October 1, 2013 and therefore on this day Basel III effectively entered into force in Brazil.

Specifically, Basel III implementation in Brazil established that the calculus of the capital requirements should apply to financial institutions, taking into consideration the prudential conglomerate of which it was a part.

A second set of measures was also published on October 31, 2013, reviewing some adaptation periods for the institutions, in particular for implementation of the new accounting criteria. In this sense, the regulation set the consolidated basis on which financial institutions should issue their financial statements, including financial institutions incorporated abroad which the Brazilian entity controls directly or indirectly.

As part of CMN’s effort to incorporate the new recommendations from Basel III into the Brazilian regulatory framework, CMN consolidated and amplified the Brazilian regulation on risk management for Brazilian financial institutions and other institutions authorized to operate by the Central Bank, which was previously regulated in a series of specific normative acts.

Prudential conglomerates in Brazil shall comply with capital requirements with a minimum Basel index of 10.5% to 15% depending on the risk profile of such financial institutions. Such calculation shall occur based on three types risk: credit risk, market risk and operational risk.

The new rules set forth that each financial institution must implement structures for the continuous risk management as applicable, pursuant to their segmentation in view of its risk profile. This means that a financial institution of smaller systemic importance can have a simplified risk-management structure, while more complex financial institutions have to follow stricter protocols.


In 1990, the consumer defence code (Código de Defesa do Consumidor – CDC), was promulgated to establish more stringent rules to govern consumer relations between the suppliers of products or services and consumers, with a view to protecting end consumers. On June 7, 2006, the Brazilian Supreme Court (Supremo Tribunal Federal – STF) ruled on a direct claim of unconstitutionality filed by the National Confederation of the Financial System that the CDC is also applicable to transactions between financial institutions and their customers.

Financial Institutions shall also follow specific rules issued by the CMN and the Central Bank when contracting transactions and the provision of services with customers and the general public. These regulations are typically very protective of consumers and prohibit, for instance, increasing without fair reason the value of fees, or charging them at a higher rate than that stipulated in current regulations and legislation, and automatically transferring demand deposit account and savings deposit account funds to any type of investment without prior authorisation from the customer.

Within the context of the Payments’ Law regulation, another evidence of the regulatory protectiveness of customers was the recent change in the rules regarding credit card outstanding balance financing (crédito rotativo). Historically, interest rates on these transactions have been among the highest in the world. In an effort to incentivize the




reduction of interest rates on financing of credit card balances, new regulation established that after 30 days of automatic financing provided by the issuer, if the debit is not fully settled, issuing payment institutions must present to costumers a new line of credit with better conditions.

Conclusion

In recent years, legislators and regulators have been increasingly supportive of innovations in the Brazilian financial sector. Therefore, the environment is fertile for initiatives that are based on technology, and Brazilian banking regulation is continuously evolving to adapt to the present reality. These new rules are creating incentives for newcomers to enter through the use of technology market segments to which until recently, only traditional financial institutions were privy. The Central Bank believes that the only way to break the excess concentration of the banking industry in Brazil is through technology, and the natural advantages of reduced transaction cost and scalability that technology provides.

* * *

Endnotes

Law No. 7,492 of June 16, 1986. 1.

Law No. 9,613 of March 3, 1998. 2.

Complementary Law No. 105, of January 10, 2001. 3.

Law No. 6,024 of March 13, 1974; Decree-Law no. 2,321 of February 25, 1987; and 4.Law No. 9,447 of March 14, 1997.

Law No. 13,506 of November 13, 2017. 5.

Law No. 6,404 of December 15, 1976.6.







Bruno Balduccini


Bruno Balduccini has been a partner since 2001 in the corporate area of the

Pinheiro Neto Advogados office in São Paulo. His fields of expertise are

banking regulations, business law, corporate law, financing, investments,

M&A, exchange controls, credit cards, insurance and reinsurance. In addition

to his practice in Pinheiro Neto Advogados, he has been a standing member

of the São Paulo Lawyers Institute since 2004, where he participates in the

banking law committee.

Mr Balduccini graduated with an LL.B. from the Pontifical Catholic

University of São Paulo (1992), and holds a Master’s degree in international

banking law from Boston University (1998). He was admitted to the Brazilian

Bar Association in 1993. Mr Balduccini was a foreign associate at Sullivan

& Cromwell in New York for one year between 1998 and 1999.

Ana Lidia Frehse


Ana Lidia Frehse is an associate lawyer with Pinheiro Neto and has been at

the firm since 2016. Her fields of expertise are banking regulations, payment

methods, business law, corporate law and M&A. She holds an LL.B. from

Pontifícia Universidade Católica de São Paulo (2018) and studied German

banking regulation and administration for six months at Friederich Alexander

Universitat in Erlangen, Germany.

Rua Hungria, 1100, São Paulo – SP, Brazil

Tel: +55 11 3247 8400 / Fax: +55 11 3247 8600 / URL: www.pinheironeto.com.br

Pinheiro Neto Advogados


Canada

Introduction

Banks in Canada have been continuously recognised as amongst the soundest and safest across the globe. Notwithstanding, the global financial crisis has led to a series of significant regulatory changes (most notably in the areas of liquidity and capital), designed to reduce the risk of another global financial crisis occurring and ensure that Canadian banks will continue to be well positioned for future challenges.


Banking in Canada falls under federal jurisdiction such that the Parliament of Canada has legislative authority over “Banking, Incorporation of Banks, and the Issue of Paper Money”. The primary piece of legislation that governs banking in Canada is the Bank Act1 and its regulations.

Banks in Canada are supervised by multiple regulators, with the Office of the Superintendent of Financial Institutions (OSFI) responsible for prudential regulation, and the Financial Consumer Agency of Canada (FCAC) responsible for consumer protection. OSFI regulates and supervises all banks under its supervisory framework, develops and interprets legislation, and issues guidelines. FCAC ensures that federally regulated financial institutions (FRFIs) comply with consumer protection measures, and helps to keep consumers informed. FCAC also supervises payment card network operators and external complaints bodies. FCAC’s Enforcement Division investigates and evaluates possible concerns, and has the power to enforce compliance.

Several other regulatory bodies are also involved in regulating banks in Canada. The Department of Finance helps the government develop and implement financial sector policy and legislation. The Bank of Canada, which is owned by the federal government, helps to keep inflation low, promotes efficient banking systems, is responsible for currency, and is a fiscal agent for the government. The Canadian Payments Association (d.b.a. Payments Canada) (PC) runs the national clearing and settlement system in Canada. The Canada Deposit Insurance Corporation (CDIC) provides deposit insurance to all member institutions (which includes all major Canadian banks) against the loss of eligible deposits in the event of failure. The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) helps to protect Canada’s financial system by detecting and deterring money laundering and terrorist financing under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act2 and its regulations.

The Ombudsman for Banking Services and Investments (OBSI) is an independent and impartial body that resolves disputes between banks and their customers when a bank is not able to resolve the dispute internally. The Canadian Bankers Association helps to ensure

Pat Forgione, Darcy Ammerman & Alex Ricchetti McMillan LLP



Canada has a successful banking system by advocating for effective policies and working with banks and law enforcement to protect Canadians against financial crimes. Banks in Canada also need to ensure compliance with privacy legislation, which is enforced by the Office of the Privacy Commissioner of Canada, who has the power to investigate complaints, conduct audits, and pursue court action. Finally, the Financial Institutions Supervisory Committee, whose membership consists of OSFI, the Bank of Canada, the Department of Finance, CDIC and FCAC, meets to discuss, coordinate, and advise the federal government on issues related to the Canadian financial system.

There are also three supranational regulatory bodies that are influential in Canadian banking. The Bank for International Settlements (BIS), of which the Bank of Canada is a member, leads global regulatory work on financial systems across the globe. The Basel Committee on Banking Supervision (Basel Committee) is made up of BIS members, and sets out to strengthen worldwide banking through the release of recommendations aimed at enhancing financial stability. Both the Bank of Canada and OSFI are Basel Committee members and are committed to implementing its recommendations. Lastly, the Financial Stability Board (FSB), which consists of G20 countries, monitors and makes recommendations related to the global financial system. The Bank of Canada, OSFI and the Department of Finance are members of the FSB.

Restrictions on activities

The Bank Act imposes ownership requirements on banks in Canada. For instance, the Bank Act prohibits a person from being a major shareholder of a bank with equity of $12bn or more. Banks with equity of $2bn or more but less than $12bn must have at least 35% of their shares with voting rights listed and posted on a recognised stock exchange and they must not be owned by a major shareholder.

Pursuant to the Bank Act, banks are only permitted to carry on the “business of banking” which includes activities such as providing financial services, acting as a financial agent, providing investment counselling, issuing payment, credit, or charge cards, etc. Except when permitted by the Bank Act, banks may not “deal in goods, wares or merchandise or engage in any trade or other business”.

The Bank Act also includes restrictions on undertaking fiduciary activities, guarantees of payment or repayment, dealing in securities, engaging in the insurance business, undertaking personal property leasing activities, and entering into partnerships. Moreover, banks have restrictions on the types of investments they can make and are prohibited from investing in an entity that carries on some activities listed above or entities that deal in securities, except in certain circumstances. Banks may invest in securities, but are restricted from making substantial investments (e.g. acquiring more than 10% interest in a non-bank entity) or in controlling certain types of entities. Under s.468(1) of the Bank Act, banks may acquire control of, or make a substantial investment in other banks, trust or loan companies, insurance companies, cooperative credit societies and entities primarily engaged in dealing in securities. However, certain investments nonetheless require the approval of OSFI or the Minister of Finance.

Banks are prohibited from imposing any undue pressure or coercion to obtain a product or service on any person. Subject to certain exceptions, a bank cannot make a loan to a natural person that contains conditions which prohibit the prepayment of the loan prior to the due date, nor require a natural person to have an initial minimum deposit or the maintenance of a minimum balance with respect to a retail account of an individual who meets certain prescribed conditions.

McMillan LLP Canada



Banks are also prohibited from entering into related party transactions, except as otherwise permitted under the Bank Act (for instance, if the value is “nominal or immaterial to the bank”).

Recent, impending or proposed changes to the regulatory architecture

The banking architecture in Canada has continued to change to strengthen financial security and to incorporate international standards. In August 2017, the Department of Finance released its second consultation paper, entitled Potential Policy Measures to Support a Strong and Growing Economy: Positioning Canada’s Financial Sector for the Future.3 This paper launched the second phase of a renewal of Canada’s federal financial institution statutes prior to the statutory sunset date (which has been re-set for another five years). The statutes that may receive consideration include the Bank Act, the Cooperative Credit Associations Act, the Insurance Companies Act and the Trust and Loan Companies Act. The Department of Finance is focusing on four central themes in relation to its policy review: (i) supporting a competitive and innovative sector; (ii) improving the protection of bank consumers; (iii) modernising the framework; and (iv) safeguarding a stable and resilient sector.

The Canadian Federal Government’s 2018 budget, introduced on February 27, 2018, included a number of proposals that will affect Canada’s financial sector. These include proposals to: modernise and enhance the Canadian deposit insurance framework; implement a resolution framework for systemically important financial market infrastructures; undertake a review of “open banking” merits and platforms; launch a review of the Canada Payments Act; adapt financial sector frameworks to emerging fintechs; and strengthen the FCAC’s tools and mandate.

As a result of the Budget Implementation Act, 2018, No. 14 which received Royal Assent in June, 2018 several amendments were or will soon be made to the Bank Act to incorporate some of the federal government’s proposals set out in the 2018 budget, and to address the emergence of fintech in the banking industry. For instance, allowing trust companies, credit unions and co-operatives to use the words “bank”, “banking” and “banker”, provided that they disclose the type of entity they are, among other items, and clarifying and expanding the powers of financial institutions to engage in fintech business initiatives, including investing in fintech companies to a limited degree and in accordance with regulations (which have not yet been published). Generally, the initiatives are designed to facilitate a collaborative environment between federally regulated institutions and fintech companies.

On December 14, 2017, the Competition Bureau released the final report from its market study analysing the regulatory and non-regulatory issues faced by the fintech industry in Canada, entitled Technology-led innovation in the Canadian financial services sector.5 The focus of the study was on how technologies such as mobile payments, online crowdfunding, peer-to-peer banking and robo-advisors shape consumer and business interactions with financial products. The final report made 11 general recommendations for regulators and policy makers, centred on reducing barriers to entry faced by fintechs and creating a regulatory regime able to keep up with technological change, as well as additional industry-specific recommendations with respect to payment and payment systems, lending and investment dealing and advice.

In 2016, PC announced an initiative to modernise the infrastructure and rules and standards of Canada’s national payments system. On December 21, 2017, PC released a report entitled Modernization Target State,6 detailing a plan for modernisation of the payments

McMillan LLP Canada



system in Canada, including a description of fundamental core systems and support structures such as risk and regulatory requirements, access and settlement models and technology platforms. The international ISO 20022 payment-messaging standard will underpin the new systems and enable the flow of more data alongside payments transactions. On May 25, 2018, the Department of Finance published a consultation paper that proposed expanded access to PC’s systems for non-traditional payment service providers, with the goal of ensuring that the Canadian payments system continues to function efficiently and competitively, while maintaining high standards of safety and soundness, and meeting the needs of Canadian consumers and businesses.

In 2015, OSFI issued the final version of its advisory with respect to the early adoption of IFRS 9 for Domestic Systemically Important Banks (D-SIBs) (i.e., the six largest banks in Canada), requiring that D-SIBs adopt IFRS 9 for the annual period beginning on November 1, 2017. OSFI released the final guideline entitled IFRS 9 Financial Instruments and Disclosures on June 21, 2016. IFRS 9 became mandatory for all federally regulated deposit-taking institutions (DTIs) for annual periods beginning January 1, 2018. IFRS 9 is a forward-looking approach that aims to improve issues arising from the method of accounting for financial instruments, simplify the existing rules and enhance investor confidence in the financial system in Canada.

OSFI has recently implemented several changes with regard to the Basel Committee’s Basel II and Basel III frameworks. In January, 2018, OSFI introduced a revised version of the floor on the minimum risk-based capital requirements for banks using internal models relative to the Basel II standardised approach (which are reflected in the CAR Guideline, as defined below). A further revised version based on Basel III is expected to be introduced within the next five years. In April 2017, OSFI released a guideline entitled Pillar 3 Disclosure Requirements, clarifying its expectations regarding domestic implementation by Canadian banks of the Revised Pillar 3 Disclosure Requirements issued by the Basel Committee in January of 2015. D-SIBs were required to implement the revised standards for the reporting period ending October 31, 2018 while non-D-SIBs were permitted to continue with their existing Pillar 3 disclosures.7 Foreign bank branches, financial institutions that do not take deposits, and subsidiaries of Canadian federally regulated DTIs that report consolidated results to OSFI are exempt from the Basel Pillar 3 disclosure requirements.

The implementation of the Basel III reforms by OSFI is expected to be completed by Q1, 2022, with exceptions for operational risk, credit risk as it relates to the leverage ratio framework, and the transition period for the output floor.8

On June 9, 2018, the Department of Finance announced proposed amendments to the regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act that governs Canada’s anti-money laundering and anti-terrorist financing (AML/ATF) regime. The amendments will update due diligence and beneficial ownership requirements, regulate businesses dealing in virtual currencies, include foreign money service businesses in Canada’s AML/ATF regime, clarify a number of existing requirements and make minor technical changes. Implementation of the proposed amendments is not expected before 2019.

On November 21, 2017, the Royal Bank of Canada was deemed a global systemically important bank (G-SIB) and as such, will be required to meet certain G-SIB requirements starting in January, 2019.

McMillan LLP Canada



Recent regulatory themes and key regulatory developments in Canada

Canadian banks are subject to the regulatory oversight of OSFI. OSFI has publicly affirmed its commitment to participating in the development of international financial standards, and has been proactive in the adoption and implementation of the Basel III framework of the Basel Committee. It is expected that the theme of principle-based regulation and individual institution oversight will continue in Canada, as well as the implementation of resolution regimes.

Residential Mortgage Underwriting

On January 1, 2018, revisions to OSFI’s Guideline B-20: Residential Mortgage Underwriting Practices and Procedures became effective.9 The revisions include recommendations such as FRFIs developing strong underwriting policies, performing due diligence to record and assess the borrower’s identity, background and demonstrated willingness to service his/her debt obligations on a timely basis, and developing effective credit and counterparty risk management practices and procedures that support residential mortgage underwriting and loan asset portfolio management.

Capital Conservation Buffer

To avoid breaches of minimum capital requirements, banks in Canada are required to hold a capital conservation buffer, the details of which are set out in OSFI’s Capital Adequacy Requirements (CAR) (CAR Guideline).10 On October 30, 2018, OSFI released the final version of the CAR Guideline for implementation in Q1 2019. The main revisions to the CAR Guideline relate to: the implementation of the standardised approach to counterparty credit risk; capital requirements for bank exposure to central counterparties; and the securitisation framework. Implementation is expected by November 1, 2018 for institutions with an October 31 year end, and January 1, 2019 for institutions with a December 31 year end. The capital conservation buffer remains equal to 2.5% of a bank’s risk-weighted assets. Currently, banks in Canada are advised to maintain the minimum Common Equity Tier 1 capital ratio, Tier 1 capital ratio and total capital ratio plus the capital conservation buffer.

D-SIBs are required to hold a Domestic Stability Buffer intended to cover a range of Pillar 2 systemic vulnerabilities not adequately covered in the Pillar 1 capital requirements set out in the CAR. The level of the buffer is the same for all D-SIBs and will be reviewed by OSFI on a semi-annual basis.

Leverage Requirements

In addition to the CAR Guideline, Canadian banks must maintain a ratio of capital to exposure that meets or exceeds 3% at all times under OSFI’s Leverage Requirement (LR Guideline).11 On October 31, 2018, OSFI issued the final version of its LR Guideline for implementation in Q1 2019 (to be implemented November 2018 or January 2019 depending on fiscal year end) to ensure consistency with the treatment of derivatives and certain securitisation exposures under the CAR Guideline. Relatedly, a revised draft of OSFI’s Leverage Ratio Disclosure Requirements was published in August, 2018.

Common Equity Tier 1 Surcharge

Consistent with the Basel Committee’s Basel III framework,12 and as described above, OSFI has designated six Canadian institutions as D-SIBs: Bank of Montreal; Bank of Nova Scotia; Canadian Imperial Bank of Commerce; National Bank of Canada; Royal Bank of Canada; and Toronto-Dominion Bank of Canada. These six D-SIBs account for approximately 90% of the total assets of Canada’s federally regulated DTIs13 and must achieve compliance with heightened regulatory requirements. The imposition of such requirements may offset the potential negative impact of any one D-SIB’s failure.

McMillan LLP Canada



Pursuant to the CAR Guideline, D-SIBs are subject to a Common Equity Tier 1 Surcharge (CET1) equivalent to 1% of the D-SIB’s risk-weighted assets. This CET1 surcharge is implemented through the extension of the capital conservation buffer. D-SIBs will be restricted in their ability to make distributions such as dividends in the event they do not satisfy their relevant capital conservation ratio.

Total Loss Absorbing Capacity

In April, 2018, OSFI published its Total Loss Absorbing Capacity (TLAC) guideline (which became effective on September 23, 2018) (TLAC Guideline),14 the purpose of which is to ensure that a non-viable D-SIB has sufficient loss-absorbing capacity to support its recapitalisation. Beginning in November, 2021, all banks designated as D-SIBs will be subject to a minimum standard risk-based TLAC ratio and the TLAC leverage ratio. The minimum ratios required will be set out in orders made by OSFI under the Bank Act.

The TLAC guideline is consistent with the Principles on Loss-Absorbing and Recapitalisation Capacity of G-SIBs in Resolution: Total Loss-Absorbing Capacity Term Sheet that Canada helped develop as a member of the FSB and the Basel Committee.

In May, 2018, OSFI published its Total Loss Absorbing Capacity (TLAC) Disclosure Requirements Guideline and Capital Disclosure Requirements Guideline15 which provides robust TLAC disclosure templates, promoting transparency and market discipline with respect to D-SIBs. Disclosures related to TLAC should be implemented commensurate with the quarterly reporting period ending January 31, 2019.

On August 21, 2018, OSFI published a news release indicating that it had set the minimum TLAC ratio at 21.5% of risk-weighted assets of D-SIBs, and the minimum TLAC leverage ratio at 6.75%.16

Other

Recent revisions were also made by OSFI to the Liquidity Adequacy Requirements (LAR) Guideline (including to extend the implementation of the Net Stable Funding Ratio thereunder to 2020), the Capital Disclosure Requirements (to reflect consequential amendments as a result of the TLAC Guideline) and to five different transaction instructions (DA. No. 2, DA. No. 4, A. No. 11, A. No. 14 and A. No. 91). A revised draft of OSFI’s Guideline B-12: Interest Rate Risk Management was also issued in October, 2018, with a targeted implementation date of January 1, 2020. The changes incorporate guidance from the Basel Committee with respect to Interest Rate Risk in the Banking Book (IRRBB).


The legislative requirements for the governance of banks are found in the Bank Act which prescribes the form and degree of governance required.17 The Bank Act sets out that Canadian banks must have a minimum of seven directors; if the bank is a subsidiary of a foreign bank, at least half of its directors must be resident Canadians, and if the bank is a domestic bank, a majority of its directors must be resident Canadians. Banks are prohibited from having more than two-thirds of their directors qualifying as ‘affiliated’ with the bank, which includes but is not limited to the following relationship with the bank: ownership of a significant interest in a class of shares; being a significant borrower; or acting as an officer.18

Directors are legally obligated to discharge their duties honestly and in good faith with a view to the best interests of the bank, and are required to exercise the care, diligence and skill set that a reasonably prudent person would exercise in comparable circumstances. Directors must also establish an audit committee, a conduct review committee, a committee

McMillan LLP Canada



to monitor compliance with public disclosure requirements and a committee to monitor the resolution of conflicts of interest. The CEO of a Canadian bank must be a director of the bank as well as a resident of Canada. A significant feature of the Bank Act is the reservation of the power in the shareholders to remove a bank’s directors. A bank’s board of directors (Board) is responsible for ensuring that the compensation of employees, senior management (Management) and the Board is aligned with the bank’s long-term interests.19 Compensation for all employees is to be consistent with the FSB’s Principles for Sound Compensation guideline and related Implementation Standards.

Corporate governance – the role of the board and management

Although the legislative regime of the Bank Act is fulsome, OSFI publishes guidance documents which detail the practical mechanisms of compliance in the Canadian banking industry. In September, 2018, OSFI released its revised Corporate Governance guideline (Governance Guideline)20 which communicates OSFI’s expectations with respect to corporate governance, which complements the Bank Act and OSFI’s Supervisory Framework and Assessment Criteria.21 The Governance Guideline does not apply to the branch operations of foreign banks. It highlights the distinction between the decision-making role of a bank’s Board and the decision-implementing role of its management and sets out that a Board should be independent of management. Apart from the critical separation of the roles of Board Chair and CEO, the Governance Guideline does not prescribe any single Board structure as guaranteeing independence.

The Governance Guideline sets out that the Board plays a crucial role in the success of a DTI through its approval of overall strategy and risk appetite, as well as oversight of senior management and internal controls, and specifies that the primary functions of a bank’s Board should include approving and overseeing the following:

Short-term and long-term business objectives and strategies including a Risk Appetite •Framework (RAF) detailing the aggregate level, type and limits of risk acceptable to the bank to achieve its objectives.

Significant strategic initiatives such as capital targets and share issuance. •

Appointment, performance review and compensation of the bank’s CEO and other •senior management, as well as succession planning regarding the Board, CEO and other members of senior management.

External and internal audit plan. •

Senior management of a bank should be responsible for, among other things, guidance related to the following:

Significant operational, business, risk and crisis-management policies. •

Compensation policy for all human resources that is consistent with the FSB’s •Principles for Sound Compensation.

Business and financial performance relative to the strategy and Risk Appetite •Framework approved by the Board, as per above.

Implementation and effectiveness of internal controls. •

Implementing the Board’s decisions and directing the operations of the DTI. •

Both Board and management have significant duties beyond those expressly found in the Bank Act. The structure of the bank itself may impose some further duties on a Board. For example, a parent company’s Board should implement sufficient oversight of a subsidiary’s activities to ensure that the parent Board is able to discharge all of its responsibilities to the parent company. The interaction between senior management and

McMillan LLP Canada



the Board should occur primarily through the CEO. The Board should supervise the oversight functions of the bank through the engagement of the relevant committees, such as the audit committee. The heads of the oversight functions should have sufficient authority and autonomy from senior management. They should have unfettered and direct access to the Board or the relevant Board committee for reporting purposes.

Risk governance

One focal element of the Governance Guideline is the concept of risk governance, which OSFI characterises as a distinct and crucial element of corporate governance in Canada. Banks should be in a position to identify the important risks they face, assess their potential impact and have policies and controls in place to effectively manage them. A bank’s Board should establish an RAF that is enterprise-wide and forward-looking, and tailored to its domestic and international business activities and operations, which includes the goals, benchmarks, parameters and limits that the bank considers appropriate, and which establishes mechanisms to control risk as well as a process to ensure the effectiveness of such controls.

Measures endorsed in the Governance Guideline include the creation of a Board Risk Committee and the appointment of a Chief Risk Officer (CRO). The CRO should have the necessary stature and authority within the bank and should be independent from operational management. The CRO should not be directly involved in revenue-generation, and their compensation should not be linked to the bank’s performance of specific business lines. The CRO should have unfettered access to, and a direct reporting line to, the Board or Risk Committee.

In September, 2017, OSFI published the Enterprise-Wide Model Risk Management for Deposit-Taking Institutions Guideline,22 designed to establish a common standard for enterprise-wide model risk-management, in order to ensure that all institutions have a baseline understanding of the minimum level of expectations with respect to their use of models that could have a material impact on the institution’s risk profile. OSFI will treat Internal Models Approved Institutions (IMAIs) and Standardised Institutions (SIs) differently under its Guideline. IMAIs are subject to all components of the Guideline, whereas SIs are only required to comply with OSFI’s minimum expectations (but should strive to comply with the entire Guideline).

The role of the Audit Committee

The Governance Guideline also expands upon the relevant duties of the Audit Committee as mandated by the Bank Act.23 The Audit Committee, not management, should recommend to the shareholders the appointment and removal of the external auditor for the bank. The Audit Committee should agree to the scope and terms of the audit engagement, and review and recommend for approval by the Board the engagement letter and remuneration for the external auditor. The Audit Committee should discuss with senior management and the external auditor the overall results of the audit, the financial statements, and any related concerns raised by the external auditor.

The Audit Committee should satisfy itself that the financial statements fairly represent the financial positions, the results of operations and the cash flow of the DTI. In order to do so, the Audit Committee should meet with the external auditor, the internal auditor, and other heads of the oversight function, as appropriate, with and without the CEO or other members of senior management present.

Outsourcing banking functions

Technology, specialisation, cost and competition continually and dynamically shape the

McMillan LLP Canada



market for Canadian banks both domestically and abroad. Banks may consider outsourcing certain activities in response to such shifts in the market. OSFI’s guideline on Outsourcing of Business Activities, Functions and Processes (the Outsourcing Guideline) highlights that although regulatory flexibility is afforded in order to ensure the commercial viability of Canadian banks, banks remain responsible for all outsourced activities.24 In light of this responsibility, a bank’s Board should periodically approve and review outsourcing policies and relationships. Management should communicate with the Board regarding material outsourcing risks, develop outsourcing policies for Board approval, implement such outsourcing policies upon approval, and periodically review their effectiveness.

It is expected that banks will assess the materiality of their outsourcing arrangements, developing and maintaining a Risk Management Program for all material outsourcing arrangements. A bank should maintain a centralised list of all outsourcing arrangements identified as material as part of its Risk Management Program. A template for such a centralised list is annexed to the Outsourcing Guideline. OSFI recommends the use of a table to capture the nature of the arrangement, the jurisdiction from which the service is being provided, the expiry and renewal dates applicable to the arrangement, the estimated cost of the arrangement and the estimated value of the contract.


Part X of the Bank Act deals with adequacy of capital and liquidity for Canadian banks and requires that banks maintain adequate capital and adequate and appropriate forms of liquidity. Bank capital under the Basel regime consists of “Tier 1” capital – in turn consisting of Common Equity Tier 1 capital and Additional Tier 1 capital – and “Tier 2” capital.

OSFI is authorised under the Bank Act to establish guidelines respecting both the maintenance of adequate capital and adequate and appropriate forms of liquidity. The CAR Guideline supplements the Bank Act and implements the related Basel III capital rules without significant deviation, other than a more accelerated timeline than is required under Basel III.

In accordance with the Leverage Requirements Guideline, OSFI has the power to prescribe leverage ratio requirements for specific institutions on the basis of a number of factors, including the institution’s risk-based capital ratios compared to internal targets and OSFI targets, the adequacy of capital and liquidity management processes and procedures, and the institution’s risk profile and business lines. The authorised leverage ratio for individual institutions is not publicly disclosed.

The bail-in regime initially passed by Parliament in June 2016 is now effective (as of September 23, 2018). The changes, mostly to the Canada Deposit Insurance Corporation Act, establish a bail-in regime for D-SIBs. The bail-in regime allows the Government of Canada to convert certain debt of a failing D-SIB into common shares to recapitalise the bank and allow it to remain open and operating. Only prescribed long-term debt is subject to the bail-in power, and deposits are excluded. Three new regulations were also made by the Department of Finance to facilitate implementation of the bail-in regime, including the Bank Recapitalization (Bail-in) Conversion Regulations, Bank Recapitalization (Bail-in) Issuance Regulations, and Compensation Regulations. Together, these regulations define the conditions for the conversion of instruments eligible for bail-in, outline terms that must be adhered to upon issuance of an eligible bail-in instrument, and establish a framework to determine compensation for those entitled under the regulations.

The purpose of the TLAC Guideline (discussed above) is to provide a non-viable D-SIB with sufficient loss-absorbing capacity to support recapitalisation in the event of failure.

McMillan LLP Canada



This would facilitate an orderly resolution of the D-SIB while minimising adverse impacts on the stability of the financial sector, ensuring the continuity of critical functions and minimising taxpayers’ exposure to loss. The requirements came into effect on September 23, 2018 and D-SIBs have until November 1, 2021 to comply.

The TLAC Guideline, together with the CAR requirements and the Leverage Requirements Guideline (each as discussed above), help to form the framework for the assessment of whether a D-SIB maintains its minimum capacity to absorb losses, in accordance with the Bank Act. As part of compliance and monitoring requirements, DTIs (other than foreign bank branches) provide OSFI with quarterly Basel Capital Adequacy Reporting (BCAR).25 If reporting indicates deteriorating capital, the financial institution can be subject to escalating stages of intervention, starting with additional reporting requirements and continuing to specific temporary restrictions on the business lines of the financial institution.

Additionally, OSFI has the authority to direct a financial institution to increase its capital if it determines that a financial institution is undercapitalised or, in severe cases, to take control of the assets of the financial institution or of the financial institution itself.


The Bank Act and specific regulations thereunder have detailed provisions relating to consumer protection. Among other things, the Bank Act and related regulations contain requirements for the simplified disclosure to customers of the cost of borrowing and interest rates.

The FCAC has the mandate of administering consumer protection provisions of the Bank Act. Pursuant to the Financial Consumer Agency of Canada Act,26 the FCAC’s mandate includes: supervision of FRFIs to ensure that they comply with federal consumer protection measures; promotion of the adoption of policies and procedures with respect to voluntary codes of conduct, and financial institutions’ public commitments designed to implement consumer protection measures; supervision of payment card network operators; and promotion of consumer financial awareness. The FCAC also monitors and evaluates trends and emerging issues in consumer financial services and promotes public awareness about the consumer protection obligations of financial institutions and payment card network operators. The FCAC has the power to impose monetary penalties, impose criminal sanctions or take other actions as are necessary. However, in cases of minor oversights, the FCAC will work with financial institutions to rectify any issues.

On October 1, 2018, the FCAC’s new Supervision Framework27 came into effect and replaced the prior Compliance Framework. Although the core activities governing the FCAC’s supervisory approach remain consistent, numerous enhancements have been incorporated into the new framework. FCAC also recently published a report entitled: Domestic Bank Retail Sales Practices Review and its Report on Best Practices in Financial Consumer Protection.

The CDIC, a statutory corporation, provides deposit insurance on certain types of small deposits. The CDIC is funded through premiums charged to member institutions. The CDIC insures up to $100,000 per customer, per financial institution, per insured category of deposits for certain eligible Canadian dollar-denominated deposits (including savings accounts, chequing accounts and term deposits with an original term to maturity of five years or less).

McMillan LLP Canada



With respect to customer information and privacy, Canadian banks must comply with the Personal Information Protection and Electronics Documents Act (PIPEDA). In addition, all banks in Canada have a common law duty of confidentiality in their dealings with customers and in customer identification. PIPEDA provides a regulatory regime in respect of collection, use and sharing of personal information in the context of commercial activities, and requires that institutions obtain an individual’s consent prior to using such personal information. Canadian banks have a positive duty to safeguard personal information that has been collected, and to abide by the limits on the retention of personal information, as set out in PIPEDA.

Banks are also required to comply with Canadian Anti-spam Legislation (CASL), which regulates unsolicited commercial electronic communications sent by commercial enterprises to individuals. CASL applies to all electronic messages and requires the prior consent (express or implied) of the recipient before any such message can be sent, and includes mechanisms for civil recourse as well as monetary penalties and criminal charges for non-compliance. Sections setting out a private right of action for breach (which would have opened the door to possible future class action lawsuits) were suspended by the Government of Canada, pending further review by a parliamentary committee which recommended that certain clarifications and revisions be made.

* * *

Endnotes

SC 1991, c. 46. 1.

SC 2000, c. 17. 2.

Department of Finance Canada, Potential Policy Measures to Support a Strong and 3.Growing Economy: Positioning Canada’s Financial Sector for the Future (August, 2017), online: https://www.fin.gc.ca/activty/consult/pssge-psefc-eng.pdf.

SC 2018, c. 12. 4.

Competition Bureau, Technology-led innovation in the Canadian financial services sector 5.(December, 2017), online: http://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/ eng/04322.html.

Canadian Payments Association, Modernization Target State (December, 2017), online: 6.https://www.payments.ca/sites/default/files/21-Dec-17/modernization_target_state_en_ final.pdf.

Office of the Superintendent of Financial Institutions, Pillar 3 Disclosure Requirements 7.(April, 2017), online: http://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/ plr3_let.aspx.

Office of the Superintendent of Financial Institutions, Discussion Paper: Implementation 8.of the final Basel III reforms in Canada (July, 2018), online: http://www.osfi-bsif.gc.ca/Eng/fi-if/in-ai/Pages/biii-let.aspx.

Office of the Superintendent of Financial Institutions, Guideline B-20: Residential 9.Mortgage Underwriting Practices and Procedures (October, 2017): online: http://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/b20_dft.aspx.

Office of the Superintendent of Financial Institutions, Capital Adequacy Requirements 10.(CAR) 2018 (April, 2018): online: http://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/car18_index.aspx.

McMillan LLP Canada



Office of the Superintendent of Financial Institutions, Leverage Requirements Guideline 11.(October, 2014), para 6: online: http://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/LR.aspx.

Basel Committee on Banking Supervision, Basel III: A global regulatory framework for 12.more resilient banks and banking systems (Bank for International Settlements: December 2010, rev June, 2011): online http://www.bis.org/publ/bcbs189.pdf.

Office of the Superintendent of Financial Institutions, OSFI Annual Report 2017–2018 13.(October, 2018), p. 9, online: http://www.osfi-bsif.gc.ca/Eng/Docs/ar1718.pdf.

Office of the Superintendent of Financial Institutions, Total Loss Absorbing Capacity 14.(TLAC) (April, 2018), online: http://www.osfi-bsif.gc.ca/Eng/Docs/TLAC.pdf.

Office of the Superintendent of Financial Institutions, Total Loss Absorbing Capacity 15.(TLAC) Disclosure Requirements Guideline and Capital Disclosure Requirements Guideline (May, 2018), online: http://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/tlac_disc.aspx.

Office of the Superintendent of Financial Institutions, Superintendent formally designates 16.Canadian D-SIBs and sets minimum loss absorbing capacity requirements (August, 2018), online: http://www.osfi-bsif.gc.ca/Eng/osfi-bsif/med/Pages/nr20180821.aspx.

Bank Act, SC 1991, c. 46. 17.

Bank Act, SC 1991, c. 46, s. 163; Affiliated Persons (Banks) Regulations, SOR/92-325, 18.s. 3.

Office of the Superintendent of Financial Institutions, Supervisory Framework 19.(December, 2010) online: http://www.osfi-bsif.gc.ca/eng/fi-if/rai-eri/sp-ps/pages/sff.aspx.

Office of the Superintendent of Financial Institutions, Corporate Governance (September, 20.2018) Section I, online: http://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/ gl-ld/Pages/CG_Guideline.aspx.

Office of the Superintendent of Financial Institutions, Composite Risk Rating and 21.Assessment Criteria (September, 2015) online: http://www.osfi-bsif.gc.ca/Eng/fi-if/ rai-eri/sp-ps/Pages/crr.aspx.

Office of the Superintendent of Financial Institutions, Enterprise-Wide Model Risk 22.Management for Deposit-Taking Institutions (September, 2017), online: http://www.osfi-bsif.gc.ca/eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/e23_let.aspx.

Affiliated Persons (Banks) Regulations, SOR/92-325, s. 3. 23.

Office of the Superintendent of Financial Institutions, Outsourcing of Business Activities, 24.Functions and Processes (March, 2009) Section 1, online: http://www.osfi-bsif.gc.ca/eng/fi-if/rg-ro/gdn-ort/gl-ld/pages/b10.aspx.

Office of the Superintendent of Financial Institutions, Basel Capital Adequacy Reporting 25.(BCAR) (BA) (revised October, 2018), online: http://www.osfi-bsif.gc.ca/Eng/fi-if/rtn-rlv/fr-rf/dti-id/Pages/BCAR_BA.aspx.

SC 2001, c. 9. 26.

Financial Consumer Agency of Canada, Supervision Framework (October, 2018), online: 27.https://www.canada.ca/en/financial-consumer-agency/services/industry/supervision-framework.html.

McMillan LLP Canada



McMillan LLP Canada


Pat Forgione


Pat is a Partner of McMillan in the firm’s Financial Services Group with a

focus on corporate and commercial financing, asset-based lending, syndicated

lending, mezzanine financing and private equity and securitisation. Pat

regularly counsels domestic and foreign financial institutions on the regulatory

requirements relating to carrying on business in Canada as well as compliance

matters. Pat obtained the Osgoode Certificate in Regulatory Compliance and

Legal Risk Management for Financial Institutions.

Darcy Ammerman


Darcy is a Partner in McMillan’s Financial Services Group. Her practice

focuses on advising lenders and borrowers with respect to corporate financing

transactions, including domestic and international debt financing, syndicated

lending and asset-based lending. Darcy also routinely advises federally

regulated entities with respect to regulatory compliance and licensing

requirements and is building a practice advising on extended vehicle

warranties/service contracts. She holds a certificate from Osgoode Hall Law

School in Regulatory Compliance & Legal Risk Management for Financial

Institutions.

Alex Ricchetti


Alex is a member of McMillan’s Financial Services Group. His practice

focuses on commercial debt financing, acquisition financing, asset-based

lending, project financing and secured transactions.

Brookfield Place, Suite 4400, 181 Bay Street, Toronto, Ontario, M5J 2T3, Canada

Tel: +1 416 865 7000 / Fax: +1 416 865 7048 / URL: www.mcmillan.ca

McMillan LLP


China

Introduction

China’s banking system has been undertaking a fundamental change, in response to both the need to rein in the proliferating risks in the financial sector, and the pressures from economic slowdown and trade tensions with the US. One major step taken was the creation of the Financial Stability and Development Committee. Numerous actions were also taken with a view to, inter alia, clamping down on shadow banking, deleveraging measures toward the wholesale funding market and non-bank financial institutions, eliminating non-performing loans from the banking system, and the opening-up of China’s financial market to foreign direct investment.


Key banking regulators

China’s financial regulatory structure was historically called “one bank and three commissions”; comprising the People’s Bank of China (PBOC) acting as the central bank, and the China Banking Regulatory Commission (CBRC), the China Insurance Regulatory Commission (CIRC) and the China Securities Regulatory Commission (CSRC) playing the roles of regulators for banking, insurance and banking industries, respectively.

However, with the rise of the ‘shadow’ banking industry since 2008, which has produced firms and products that often blur the lines between banking, insurance, and securities, it became very difficult to effectively regulate these hybrid institutions, which often managed to fall between jurisdictions and industries. PBOC, in its capacity of central bank, does not have authority over the three commissions to coordinate regulatory efforts and handle a constantly changing, more complex financial sector. It was also difficult to take a systemic approach to regulation – which would usually require taking different areas of the financial system and their linkages into account.

In November 2017, the Financial Stability and Development Committee (FSDC) was established, a super financial regulator directly under the State Council and headed by a vice premier more highly ranked than the heads of the other regulatory commissions and the PBOC. The role of FSDC is to coordinate overall strategy for the financial sector and formulate policy at a high level, including supervising China’s monetary policy and financial regulation, formulating policies on systemic financial risk management and maintaining China’s financial security, and giving local governments guidelines on their financial development.

Another key move of the Chinese government was the merger of China’s banking and insurance regulators, CBRC and CIRC, into one regulator, the China Banking Insurance Regulatory Commission (CBIRC) in 2018. Insurance companies were allowed to invest in

Dongyue Chen Zhong Lun Law Firm



many new types of assets, and issue short-term insurance policies that, since 2002, had represented risky investments in China and created serious problems in the financial sector. Chinese banks sold wealth-management products with guaranteed yield to investors, and entrusted insurance companies to invest the proceeds from these products on their behalf. The insurance companies could then leverage and invest in riskier products. This sort of off-balance sheet activity had been expanding very quickly over the years, partly resulting from the difficulty of CBRC and CIRC to coordinate and launch an integrated crackdown on these activities. A consolidated banking and insurance regulator would adopt more effective and efficient approaches to bring such activities back under control.

The new CBIRC, however, had lost some of the responsibilities originally taken by CBRC and CIRC, namely their legislative and rulemaking functions, which were handed over to PBOC. Taking into account the fact that FSDC would have its head office sit within PBOC, the new financial regulatory framework had streamlined the policymaking and implementation functions within the regulators and been changed into a “one committee, one bank and one commission” structure, with FSDC being the “super regulator”, taking the leadership role in coordinating the financial regulators and making macroprudential policy, mostly through PBOC, PBOC being the central bank responsible for making and implementing monetary and exchange rate policy, issuing currency, regulating interbank lending and the interbank bond market, etc., and CBIRC acting as the conduct regulator and implementer of the policy formulated by FSDC and PBOC including monitoring compliance, with a particular view to deleveraging and mitigating systematic risks, which had been piling up in the Chinese financial market in the last decade.

Key China banking regulations

The Chinese banking regulatory framework is three-tiered. At the top sit three pieces of legislation enacted by the National People’s Congress, the highest legislature of China:

The Law of the People’s Republic of China on the People’s Bank of China (1995, •amended 2003).

The Law of the People’s Republic of China on Commercial Banks (1995, amended 2003 •and 2015, hereinafter the “Commercial Banks Law”).

The Law of the People’s Republic of China on Regulation of and Supervision over the •Banking Industry (2003, amended 2006).

These laws became pillars of China’s banking legislation and will be the main legal basis for the supervision and development of the Chinese banking industry for quite a long time into the future.

The second tier consists of administrative rules and regulations enacted by the State Council, the highest administrative authority of China. For example, the Regulations of the People’s Republic of China on Administration of Foreign-funded Banks (2006, amended 2014) were of great importance to foreign banks. They concerned foreign banks’ entry into the Chinese banking sector in the form of representative offices, branches, and local incorporation. They mandated that CBIRC has comprehensive power to license and regulate foreign banks that engage in banking business in China. CBIRC subsequently issued interpretive rules on specifics, and these have been implemented accordingly.

The third tier consists of PBOC’s and CBIRC’s guidelines, notices, and rules. Most of the PBOC and CBIRC regulatory initiatives fall into this category. As China finds specific measures more helpful than a principles-based approach, guidelines, notices, and rules are

Zhong Lun Law Firm China



prescriptive in content and abundant in number. In general, the third tier of regulatory initiatives serves as a base for China’s banking regulations, and deals with contemporary regulatory issues. The main regulatory banking initiatives within this category are discussed in the following sections.

Supra-national regulatory regimes

China has concluded various supra-national treaties relating to banks and the banking industry, which include but are not limited to:

Articles of Agreement of the International Monetary Fund; •

Articles of Agreement and by-laws of the International Bank for Reconstruction and •Development;

Articles of Agreement of the International Finance Corporation; •

Articles of Agreement of the Asian Infrastructure Investment Bank; and •

Guidelines for Procurement under IBRD Loan and IDA Credit. •

Recent regulatory themes and key regulatory developments in China

Reform of the regulatory structure

The most substantial regulatory development in the past few years in China was the reform of the regulatory structure including the creation of FSDC, merger of CBRC and CIRC, and a reshuffle of powers among the main banking regulators, which we have discussed in detail above.

Tightening control over of P2P lending

As one of its continuous efforts to address risks of shadow banking, CBRC has released a number of rules targeting peer-to-peer (P2P) lending since August 2016.

In recent years, online lending through P2P platforms has been increasing rapidly in China, which emerged as an alternative source of credit for individuals and firms that were otherwise not served by the commercial banks and provided higher rates of return to retail investors. Advances in the application of information technology had also fuelled the fast growth of the P2P lending businesses. This ballooning lending outside the banking system, however, had created substantial risks to the financial system, as many online P2P platforms had deviated from their initial function as information intermediaries and become credit intermediaries by providing guarantees and setting up pools of funds. Some other P2P platforms engaged in outright fraud by selling fraudulent investment products to a great number of individual investors.

CBRC, together with the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Internet Information Office jointly issued the Interim Rules for the Administration of the Business Activities of Internet-Based Lending Information Intermediary Institutions in August 2016 (“Interim Rules”), with the objective of reforming and standardising the industry to ensure healthy and sustainable development. The Interim Rules clarified that P2P lending platforms were information intermediaries, which were prohibited from, inter alia, absorbing deposits from the general public, gathering funds or setting up pools of funds, or providing guarantees in any form to lenders. P2P lenders were not allowed to sell wealth-management products, nor issue asset-backed securities, and should use third-party banks as custodians for investors’ funds.

The Interim Rules also required all P2P platforms to be record-filed with the local financial regulator. In August 2017, CBRC released the Guidelines on Information Disclosure for




Internet-Based Lending Information Intermediary Institutions, pursuant to which P2P platforms must make timely disclosures of funding sources, the amount of outstanding loans, loans that are overdue for more than 90 days, and the repayment plans from guarantors. They must also disclose lending with connected parties such as the platform’s own personnel.

Resolving non-performing loans

In order to tackle the risk of proliferating non-performing loans (NPL) in the banking system, the Chinese government had introduced a market-oriented debt-for-equity swap mechanism to the banking sector. In September 2016, the State Council issued the Guiding Opinions on Swapping Banks’ Debt into Equity in a Market-Oriented Manner, encouraging enterprises with good prospects but running into temporary difficulties to reduce their leverage ratio through market-driven approaches, including debt-for-equity swap.

Such enterprises included:

enterprises in difficulties caused by the cyclical fluctuation of industries but still having •the opportunity to take a turn for the better;

growing enterprises with heavy financial burdens resulting from heavy debt, especially •growing enterprises in strategic emerging industries and fields;

key enterprises with heavy debts but leading the pack in industries of excess production •capacity; and

strategic enterprises relating to national security. •

In the meantime, certain enterprises such as “zombie enterprises” (i.e., enterprises without hope of ending losses and surviving), and enterprises that have deliberately evaded their financial indebtedness, were included in such debt-for-equity swap scheme.

Given that commercial banks in China are not allowed to invest in or hold stakes in non-banking entities, the banks had established financial assets investment companies which would purchase NPLs from the banks and swap such debts for the equity of the borrowers. In November 2018, a number of regulators including PBOC and CBIRC jointly issued a notice which invited market players such as insurance companies and private equity funds to engage in such debt-for-equity swap business, and encouraged resolution of NPLs by way of the issuance of asset-backed securities. This notice also mentioned support for foreign investment in the establishment of private equity funds to engage in market-oriented debt-for-equity swaps, and allowed foreign investors to purchase stakes in financial asset-investment companies and asset-management companies, and conduct market-oriented debt-for-equity swaps through these companies.

Opening up the financial market

With the intention to promote competition and attract foreign capital in China’s financial services sector, China has since 2017 offered to further open up its financial sector by easing restrictions on foreign businesses. One of the major changes was that foreign firms can now own up to 51% of domestic securities, insurance and fund management firms, with such cap to be lifted in three years. The Chinese government has also promised to remove limits on foreign shareholdings in banks, which was previously 20% for an individual foreign investor and 25% for a group of investors, and to take similar steps in the insurance and securities sectors in the following few years. The objective was to phase in full-licence, full-ownership operation of overseas firms in China’s financial sector. Foreign invested banks (i.e., banks incorporated in China and wholly or partly owned by foreign investors) have also been allowed to engage in treasury bonds underwriting, custodial business, and financial advisory services since 2017 without the need to first obtain a licence from the regulator.




The above efforts were reinforced by proposed legislation for a foreign investment law. The full text of such new legislation had been released for public consultation on December 26, 2018. This new law, once enacted, was expected to, inter alia, set up and perfect a mechanism for facilitating foreign investment and significantly easing market access for foreign companies.


Corporate governance

Good corporate governance for the banking sector, as defined in the Guidelines on Corporate Governance of Commercial Banks (hereinafter the “Corporate Governance Guidelines”) promulgated by CBRC on July 19, 2013, shall consist of a sound organisation structure, clear-cut responsibility boundaries, proper development strategy, good value criteria and social responsibility, effective risk management and internal control, an appropriate incentive and disciplinary mechanism, a completed information disclosure system, etc.1

In accordance with the Corporate Governance Guidelines, the organisational structure of a commercial bank shall be composed of a general assembly of shareholders, a board of directors, and a board of supervisors. The board of directors is accountable to the general assembly of shareholders and is ultimately responsible for the operation and management of a commercial bank.2

Board members are required to have specific expertise

Board members of a commercial bank must meet certain qualification criteria.3 Generally speaking, a person shall have professional knowledge, work experience and capabilities which can satisfy the demands of the position to be held. For example, a director of a domestic commercial bank shall: (i) have no less than five years of work experience in law, economy, finance, accounting, or other fields which help to perform the director’s duties; and (ii) have the ability to understand the business management and risk situation of a financial institution by reviewing and analysing its financial statements and statistical reports. Each commercial bank must have independent directors who must be experts in such fields as law, economy, finance or accounting. A director of a foreign-funded bank must have a Bachelor’s degree or above, otherwise he/she must have at least six years of work experience in financing or eight years in economics (of which at least four years must be financial work experience).

Pursuant to Article 24 of the Commercial Banks Law (2015), CBRC has the responsibility for reviewing whether a nominee qualifies for a directorship of a particular bank. After being nominated and elected by shareholders, candidates for directors have to sit CBRC interviews and aptitude tests, and their appointment could be vetoed by CBRC. Thus, CBRC has in fact partially assumed responsibility for the operational soundness of individual banks.

Certain committees are required to be maintained

The board of directors shall, according to the actual situation of a commercial bank, set up specialised committees, such as an audit committee, a risk management committee, a remuneration committee, and so on.4 Members of such specialised committees should be directors with expertise and work experience appropriate to their responsibilities. The specialised committees provide specialised advice to the board of directors, or make decisions on specific matters as authorised by the board of directors.

Restrictions on remuneration

CBRC has issued guidance with a view to ensuring that the incentivising compensation policies adopted by a commercial bank do not encourage imprudent risk-taking. Incentive schemes must provide employees with incentives compatible with effective controls and




risk-management, and should be supported by strong corporate governance, including active and effective board oversight.

In accordance with the Corporate Governance Guidelines, the performance of a director or supervisor of a commercial bank shall be reviewed by the board of directors, the board of supervisors and an external evaluator, as well as by himself. The board of supervisors is responsible for the overall evaluation of the performance of the directors and supervisors. The board of supervisors must submit the final evaluation to CBRC and report it to the general assembly of shareholders. The board of directors and the board of supervisors shall respectively propose remuneration and incentive plans for directors and supervisors based on their performance, which must be approved by the general assembly of shareholders. Except for self-evaluation conducted during the performance evaluation, none of the directors and supervisors shall be involved in the evaluation of their own performance or determination of their own remuneration.5

In addition, the Guidelines for Supervision on Steady Remuneration of Commercial Banks (which was promulgated by CBRC on March 1, 2010) requires each commercial bank to develop a unified remuneration system, including basic remuneration, performance remuneration, medium- and long-term incentives and benefits packages. Commercial banks are generally required to cap their basic remuneration at 35% of their total remuneration, and performance remuneration at three times the basic remuneration. The medium- and long-term incentives and benefits packages shall be determined by commercial banks in accordance with the law.

Banks’ internal control environment

Internal control of a commercial bank shall include effective risk-assessment and effective procedures to safeguard assets; generating timely and accurate financial, operational, and regulatory reports; and enabling the bank to comply with applicable law.

Risk management A commercial bank shall establish an independent risk-management department, which shall be vested with sufficient power, resources and a direct channel of communication with the Board.6 Foreign-funded banks are also required to have a sound risk-management system and be effective in controlling the risks of related party transactions.7 A wholly foreign-funded bank or a Sino-foreign joint venture bank shall establish an independent department responsible for risk management, a compliance review and internal auditing. Each branch of a foreign bank shall designate a department or specific staff in charge of the compliance review.8

Internal audit A commercial bank must have an independent and objective internal audit function to monitor its internal controls. The internal audit function must be staffed by qualified persons. It must test and review the banks’ information systems and verify management actions to address identified material weaknesses. The effectiveness of the internal audit function must be periodically reviewed by the bank’s audit committee.

Compliance

Pursuant to the Guidelines for the Compliance Risk Management of Commercial Banks, a commercial bank shall establish a compliance review system compatible with its business scope, organisational structure and business scale, which shall include: (i) compliance policies; (ii) organisational structure and resources for the compliance management department; (iii) plans for compliance risk management; (iv) recognition of and management for compliance risks, and (v) a compliance training and education system.9




The board of directors shall assume final responsibility for compliance in the business operation of a commercial bank and perform the following functions and duties: (i) examining and approving compliance policies of a commercial bank and supervising their implementation; (ii) examining and approving reports of compliance risk management submitted by the senior management and appraising the effectiveness of compliance risk-management so as to timely and effectively resolve compliance defects; (iii) authorising the risk management committee, audit committee or other specially established compliance management committee under the board of directors to conduct daily supervision of the compliance risk management of commercial bank thereof; and (iv) supervising any other functions and duties of compliance management as stipulated in the articles of association or bylaws of the bank.10


Minimum Capital Ratios

CBIRC promulgated the Regulation Governing Capital of Commercial Banks (for Trial Implementation) (hereinafter the “Capital Regulation”) on June 7, 2012 with the intention to implement the Basel III capital standards, which marked a milestone for the regulation of the banking sector in China. The Capital Regulation put in place a capital regulatory framework with a four-tier structure, consisting of a minimum requirement (5% for CET1, 6% for T1 and 8% for total), a 2.5% capital conservation buffer and a counter-cyclical buffer between 0-2.5% as the second tier, the 1% SIFI surcharge as the third tier, and the Pillar II requirement as the last tier. The total capital requirements were 11.5% for systemically important financial institutions, and 10.5% for other banks.

In reaction to the rising uncertainty over the trade war with the US, China had decided in August 2018 to reduce the required capital buffers for certain banks by lowering their “structural parameter” in the Macro-Prudential Assessment of their balance sheets by around 0.5 points, which was previously 1.0 point. This ease of capital requirement was made to support local financial institutions in meeting credit demand and thereby boost the supply of new credit to the real economy.

Liquidity

CBIRC issued the Measures for the Management of Liquidity Risks of Commercial Banks with effect July 1, 2018 (hereinafter the “Measures”), which introduced three quantitative indicators: net stable funding ratio (NSFR); high-quality liquid asset adequacy ratio; and the liquidity matching ratio.

NSFR measures the long-term funding stability of a commercial bank and only applies to commercial banks with assets of RMB 200 billion or more. The high-quality liquid asset adequacy ratio measures whether banks possess sufficient high-quality liquid assets to cover short-term liquidity needs under stressful conditions and is applicable to commercial banks with asset values of less than RMB 200 billion. The liquid asset adequacy ratio is subject to phased compliance. For commercial banks, this ratio should reach 80% by the end of 2018, and 100% by the end of June 2019.

The liquidity matching ratio is intended to further improve the liquidity risk-monitoring system. It measures the maturity allocation structure of major assets and liabilities of banks and is applicable to all commercial banks. The liquidity matching ratio will be implemented starting from January 1, 2020 and will be temporarily monitored until 2020. Liquidity risk supervision indicators in China include liquidity coverage ratio, net stable funding ratio, liquidity ratio, liquidity matching ratio, and high liquidity asset adequacy ratio.





Deposit-taking activities

In China, only financial institutions licensed by PBOC can take deposits from the general public, although some other financial institutions (e.g., financial leasing companies, credit unions) may may take deposits from their shareholders or members.

Deposit insurance system

At a time when the banking sector was rolling out the welcome mat for more private sector investment, the plan to launch a deposit insurance system had been announced by CBRC as one of the steps for further promoting the reform of the interest rate system.

In the absence of a formal deposit insurance scheme in China, the Chinese government plays the role of a lender of last resort in the event of a crisis. In the wake of the global financial crisis in 2007, the Chinese government provided an implicit guarantee for retail deposits to insure against the unravelling of the financial system and economy.

On February 17, 2015, the State Council promulgated the Deposit Insurance Regulations, in accordance with which each bank shall maintain insurance coverage for money deposited with it, and each depositor will be compensated for losses up to RMB 500,000 in case such bank becomes insolvent or goes bankrupt. The Deposit Insurance Regulations had come into force on May 1, 2015.

Proprietary trading activities

China has implemented the “separate operation” principle to administer the Chinese financial market since the promulgation of the Commercial Bank Law of the People’s Republic of China (the Commercial Bank Law) in 1995 (amended in 2003). According to the Commercial Bank Law, unless otherwise permitted, a commercial bank must not engage in trust investment business or securities business, or make investments in non-self-use real estate properties, nor invest in non-bank financial institutions or other enterprises.11

* * *

Endnotes

1. Art. 7, Guidelines on Corporate Governance of Commercial Banks.

2. Id., art. 19.

3. Art. 20, The Law of the People’s Republic of China on Regulation of and Supervision over the Banking Industry.

4. Art. 22, Guidelines on Corporate Governance of Commercial Banks.

5. Id., art. 97–100.

6. Id., art. 84.

7. Art. 3 (4), Rules for Implementing the Regulations of the People’s Republic of China on Administration of Foreign-funded Banks (2015).

8. Id., art. 50.

9. Art. 8, Guidelines for the Compliance Risk Management of Commercial Banks.

10. Id., art. 10.

11. Art. 43, Commercial Banks Law.






Dongyue Chen


Dongyue Chen is a partner of Zhong Lun’s Beijing Office. He is specialised

in cross-border banking and finance. Mr. Chen has over 20 years of

experience advising international financial institutions and multinational

companies on their equity and loan transactions in China. He has also

represented major Chinese financial organisations in connection with their

cross-border financing transactions in other countries. Dongyue Chen

received his LL.B. degree from Peking University and his LL.M. degree from

UCLA, U.S. He is a native Mandarin speaker, and is also fluent in written

and spoken English.

28/31/33/36/37F, SK Tower, 6A Jianguomenwai Avenue, Chaoyang District, Beijing 100022, China

Tel: +86 10 5957 2011 / Fax: +86 10 6568 1022 / URL: www.zhonglun.com

Zhong Lun Law Firm


Czech Republic

Introduction

At the end of January 2019, the Czech banking sector consisted of 24 banks, 25 foreign (from other EU states) bank branches, and one branch of a foreign bank from a non-EU state – Industrial and Commercial Bank of China Limited, Prague Branch (the “banks”). The structure of the Czech banking sector has long been broadly unchanged, stable and conservative. It still consists of four large banks, eight medium-sized banks and eight small banks, along with five building saving banks (in Czech, stavební spořitelny) and 25 foreign bank branches. The group of four largest Czech banks1 remains the largest component of the Czech banking sector.

However, in October 2018, Moneta Money Bank (a Czech-based bank, listed on the Prague Stock Exchange; previously GE Money Bank) signed a memorandum of understanding to buy Air Bank (a retail bank belonging to PPF group – a privately held financial and investment group owned by a Czech billionaire Petr Kellner) and the Czech and Slovak operations of consumer finance provider Home Credit (which also belongs to the PPF group). The newly formed bank is to be named Air Bank and is supposed to be the second-largest consumer credit provider in the Czech Republic and the third-largest bank as regards the number of branches. This transaction remains to be approved by the general meeting of Moneta as well as by respective regulators (namely the CNB and the Antimonopoly Authority). However, in the latest news, Home Credit declined this transaction at the end of February 2019. The reason was a requirement of Moneta Money Bank to decrease the purchase price.

In the Czech Republic, the other type of credit institutions within the meaning of Article 4 par 1 (1) of the CRR2 are credit cooperatives. A total of nine credit cooperatives were active in the Czech Republic at the end of January 2019. The Czech credit cooperatives are very small players in the Czech credit institution market. Following some substantial problems in the credit cooperatives segment in 2013 and 2014 resulting in several bankruptcies of credit cooperatives, the credit cooperative regulation is, with effect from 2015,3 stricter than the regulation of banks. Further, there is pressure from the Czech regulator, as well as Czech legislation, for credit cooperatives to convert into banks. So far, only two credit cooperatives have successfully converted into banks.

In the last year, the CNB contributed to the implementation of the EU’s rapidly changing regulations in the financial market area, and to changes in the regulatory framework in the Czech Republic. The CNB’s activities in the area of new legislation included working not only with the Czech Ministry of Finance, but also with other state administration bodies (e.g. the Ministry for Regional Development, the Ministry of Justice and the Ministry of Industry and Trade). The CNB prepared proposals for decrees and issued a number of

Libor Němec & Jarmila Tornová Glatzová & Co., s.r.o.


explanatory opinions interpreting the application of regulatory requirements pertaining to financial market participants.


Supervisory authorities

As mentioned above, in the Czech Republic there are two types of credit institutions within the meaning of the CRR – banks and credit cooperatives (in Czech, spořitelní a úvěrová družstva). There is also a group of building saving banks (in Czech, stavební spořitelny), which are allowed to manage building saving, a special saving product supported by the state. Czech banks and credit cooperatives are supervised by the Czech National Bank (“CNB”), the central bank and the sole financial services regulator of the Czech Republic.

Under the laws of the Czech Republic, the CNB is an independent authority established by Act No. 6/1993 Coll., on the Czech National Bank, as amended. This independence, confirmed also by the Czech constitution, allows the CNB to exercise its powers over supervised entities without any consultation with other Czech authorities.

Similar to other EU (EEA) Member States, the single European licence mechanism applies. Pursuant to the so-called “European passport” rule, banks established in an EU (EEA4) Member State can provide services in other EU (EEA) Member States under the licence issued by their home state regulator upon completing the notification procedure. The supervision over branches of other foreign banks benefiting from European passports operating in the Czech Republic is divided between the home state regulator and the host state regulator, provided that the powers of the host state regulator over a foreign EU branch are very limited (for more detail see Sec. 5a of Act No. 21/1992 Coll., on Banks, as amended, the “Banking Act”).

The Czech Republic is not a member of the so-called European banking union. In response to the financial crisis, a deeper integration of the European banking system through a single supervisory mechanism and single resolution mechanism was pursued by the EU institutions. According to the Council Regulation (EU) No. 1024/2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions, eurozone countries are automatically participating members in the Single Supervisory Mechanism (“SSM”) system.

Other EU Member States can deliberately choose to participate in the SSM system by close cooperation with the European Central Bank. As a country outside the eurozone, the Czech Republic has decided not to participate in the SSM. As a second pillar of the banking union, the Single Resolution Mechanism Regulation (Regulation (EU) No. 806/2014 establishing uniform rules and a uniform procedure for the resolution of credit institutions and certain investment firms in the framework of a Single Resolution Mechanism and a Single Resolution Fund, “SRM Regulation”) established the framework for the resolution of banks in EU participating countries. Consequently, the Czech Republic does not participate in the Single Resolution Mechanism (“SRM”), either.

The CNB is a designated resolution authority in the Czech Republic under the European Bank Recovery and Resolution Directive (Directive 2014/59/EU establishing a framework for the recovery and resolution of credit institutions and investment firms, “BRRD”) and is empowered to apply the resolution tools and the resolution powers. To exercise the powers separately from its other functions, the Resolution Department within the CNB has been established and shall serve as a first instance in case of administrative proceedings.

Glatzová & Co., s.r.o. Czech Republic



Despite the fact that the Czech Republic is not participating in the banking union, the CNB aims to supervise the financial market and its participants in accordance with international standards.

The CNB also cooperates with financial market supervisory authorities – namely the European Banking Authority (“EBA”),5 the European Securities and Markets Authority (“ESMA”) and European Insurance and Occupational Pensions Authority (“EIOPA”) are of utmost importance. The CNB’s cooperation with European supervisory authorities focuses, among others, on unifying supervisory procedures and laying down conditions for cooperation between home and host supervisors in the single European licence regime. In order to enhance cooperation and exchange of information, the CNB has entered into a number of bilateral and multilateral memoranda of understanding with other national supervisors and European authorities.

Besides the supervision of credit institutions, the CNB is also responsible for the supervision of the other financial services sectors, i.e. the insurance and re-insurance sector, the capital markets (investment services, collective investments, regulated markets, settlements, securities issuance and public offerings, takeovers and squeeze-outs, etc.), pension funds and pension companies, the payment services and e-money, FX services, consumer credits and consumer protection on financial markets. The CNB has its seat in Prague.

Legal framework

The regulatory framework of credit institutions is highly influenced by European law. European law applies in this area directly or indirectly, depending on the regulatory tool.

The key legislation applicable to Czech banks and credit cooperatives is represented by Directive (EU) 2013/36 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms (“CRD IV”) and the CRR and the bulk of Commission-delegated directives and regulations, implementing and technical regulatory standards. Both instruments have been enacted in order to enhance the stability of the financial system, and stem from the requirements agreed by the G-206 in April 2009. The CRD IV package implements the Basel III capital accords and specifies the amount and form of capital that has to be maintained by credit institutions. CRD IV is implemented in the Czech Republic by the Banking Act and the CNB Decree No. 163/2014 Coll., on the performance of the activity of banks, credit cooperatives and investment firms, as amended (“Decree 163/2014 Coll.”). The CRR is, as opposed to CRD IV, directly applicable and sets forth detailed prudential rules in respect of credit institutions’ capital requirements.

Other relevant European legislation includes:

the MIFiD II/MiFIR regulatory regime of investment services, i.e. Markets in Financial •Instruments Directive 2 (Directive 2014/65/EU, “MiFID II”), Markets in Financial Instruments Regulation (Regulation (EU) No. 600/2014, “MiFIR”) Commission delegated regulation (EU) 2017/565 (the “MiFID II regulation”) and respective delegated directives and regulations, implementing and technical regulatory standards;

Directive 2014/49/EU of the European Parliament and of the Council of 16 April 2014 •on deposit guarantee schemes (the “DGSD”);

the Payment Services Directive 2 (Directive (EU) 2015/2366, “PSD2”), the E-Money •Directive (Directive 2009/110/EC) as amended by PSD2 and respective delegated directives and regulations, implementing and technical regulatory standards;

the AML regulatory regime, i.e. the Directive (EU) 2018/843 of the European Parliament •and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the




prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU (the 5th AML Directive and its implementing measures);

the consumer lending regulator regime, i.e. Credit Agreements Relating to Residential •Property Directive (Directive 2014/17/EU, the Mortgage Credit Directive, “MCD”) and Consumer Credit Directive (Directive 2008/48/EC, “CCD”);

Regulation (EU) No 596/2014 of the European Parliament and of the Council of 16 •April 2014 on market abuse (market abuse regulation, “MAR”) and its implementing regulations; and

the Directive on Undertakings for Collective Investment in Transferable Securities •(“UCITS V”) and the Alternative Investment Fund Managers Directive (2011/61/EU), as regards Czech banks acting as collective investment fund depositaries.

The key act governing the Czech banking sector at the national level is the Banking Act. Regulation of credit cooperatives is set out in the separate Act No. 87/1995 Coll., on Credit Cooperatives, as amended (“Credit Cooperatives Act”).

There is a wide range of legislation implementing the Banking Act and Credit Cooperatives Act. Among the most important is Decree No. 163/2014 Coll., which implements CRD IV and includes detailed rules on management and control systems, risk management, qualifying holdings, informational requirements, remuneration, etc.

Periodical reporting vis-à-vis the CNB is governed by Decree No. 346/2013 Coll. on reporting of banks and foreign bank branches to the Czech National Bank, as amended. Rules on cooperation in tax administration and exchange of information implementing the Common Reporting Standards are provided for by Act No. 164/2013 Coll., on International Cooperation in Tax Administration, as amended (“Act on International Tax Cooperation”).

The central register of accounts was established by Act No. 300/2016, on central evidence of accounts. The central register is maintained by the CNB and is accessible by a limited number of public authorities (including criminal law, tax and customs authorities, the Czech security service and the financial analytical office).

The regulation of payment service providers, e-money institutions and the provision of payment services and e-money issuance is set forth in a completely new Act No. 370/2017 Coll., on Payment Services, as amended (“Payment Services Act”) and respective CNB Decrees.

The regulation of investment firms, capital markets and provision of financial (investment) services is included in Act No. 256/2004 Coll., on Business Activities on Capital Markets, as amended (“Capital Markets Act”).

Resolution of financial institutions is governed by Act No. 374/2015 Coll., on Recovery and Resolution in the Financial Market, as amended (“Recovery and Resolution Act”), which implements the BRRD adopted by the European institutions in reaction to the global financial crisis.

Credit institutions are also obliged to comply with the anti-money laundering rules set forth by Act No. 253/2008 Coll. on Selected Measures against Legitimization of Proceeds of Crime and Financing of Terrorism, as amended (“AML Act”).

Another important regulatory area, protection of personal data, is governed by the General Data Protection Regulation (“GDPR”) (EU) 2016/679 and its implementing measures.

Lending to consumers is regulated in Act No. 257/2016 Coll. on Consumer Credits




(“Consumer Credit Act”), which implements the MCD and CCD. The Consumer Credit Act also newly regulates non-banking providers of consumer credit and consumer credit intermediaries.

Restrictions applicable to credit cooperatives

Credit cooperatives are generally allowed to collect deposits or provide credit only to their members, who hold an equity share in the credit cooperative and have to pay the initial members’ contribution (the initial member contribution may be further raised by an additional contribution).

Following certain problems in the credit cooperative sector in the past, an amendment to the Credit Cooperatives Act has been adopted, imposing substantial restrictions for credit cooperatives. One of the most controversial was the so-called 1:10 rule (“Rule 1:10”). This rule, applicable since July 2015, allows credit cooperatives to pay interest in respect of the deposit only up to the members’ contribution multiplied by 10. The rule should strengthen the principles of the cooperatives and increase the involvement of the members in the cooperative’s interest and eliminate the moral hazard of the members.7 Further, from 1 January 2018, saving cooperatives are not allowed to provide to any member, or a group of entities/individuals linked to such member, credit facility funds exceeding 30 million Czech crowns (approx. €1.1 million) in total.

The provision of investment services by credit cooperatives is restricted. Credit cooperatives are limited to trade on their own account with limited scope of financial instruments (FX and interest hedging instruments, securities traded on a European regulated market, bond issued or guaranteed by an OECD state or issued by the EIB, EBRD and certain other financial institutions) for the sole purpose of hedging its business activities pursued under its licence.

On the other hand, banks are not limited in this way and may provide all types of investment services within the meaning of MiFID II.


The recent regulatory themes and key regulatory developments are driven by the latest financial crisis and a need to react to new systemic risks.

Consumer credits, mortgage credits

One of the most notable changes in the retail financial sector is the enactment of a new Consumer Credit Act effective from December 1, 2016 implementing European regulation of the MCD and the CCD. The Consumer Credit Act covers consumer credits falling within the scope of the CCD, as well as mortgages falling within the scope of the MCD and other types of consumer credit.

It provides for, among others: (i) conduct-of-business rules for all consumer credit providers and intermediaries and their employees (including banking institutions); and (ii) institutional regulation providing the prudential rules for non-banking consumer credit lenders and intermediaries.

Under the Consumer Credit Act, all non-bank credit providers had to apply for a licence under the new regime and brought them under the supervision of the CNB. Approximately 88 non-banking consumer credit providers have been granted licences within the deadline set by the new law. The licensing requirement removed a large number of small-scale consumer credit providers from the market and aims to enhance the reputation of the consumer credit market.




New regulatory tools in mortgage credit supervision

Since 2015, the CNB has tried to cool down the dynamic growth of consumer credits (including, in particular, mortgages). According to data published by the CNB, the financing of residential property has seen a record boom in 2018; the interannual increase of real new mortgages amounted to CZK 15 billion. CNB pointed out the increasing risks connected with the ongoing boom of mortgage credits and potential underestimation of related risks by the banks as well as by clients. The growth has been led by low interest rates and may pose a risk of a new real estate bubble.

Consequently, in 2018 the CNB introduced new preventive macroprudential measures – an increase of the anticyclic reserve of banks (i.e. countercyclical capital buffer (CCyB) to 1.50% with effect from 1 July 2019 (for the fourth time since the end of 2015) and stricter rules for provision of mortgages. From 1 October 2018, the CNB has extended its existing recommendations for mortgage provision to also include income requirements. The debt of the applicant should not exceed 9x annual net income (“DTI” debt-to-income covenant) and at the same time the instalment of a debt should not exceed 45% of the net income of an applicant (“DSTI” debt service-to-income covenant). These limits should not be exceeded in more than 5% of all provided mortgages. The excessive cases shall be reasoned. These developments follow the CNB’s previous recommendations focusing on LTV limitations, which remain in force.

Already in June 2017, the CNB issued an official communication recommending the Czech banks’ means to manage risks connected with the provision of retail loans secured by residential property. These soft law rules recommended not to provide new mortgage credits with 90% LTV or higher, and to limit new mortgage credits with 80–90% LTV to a maximum of 15% of the total value of retail loans secured by residential property provided in the relevant quarter of the year. The dynamic increase of real estate prices (on average, 16% for 2017) and, according to the CNB’s estimates, the overvalued prices of apartments, constitute the conditions for increasing divergence between real estate prices and mortgage loans, which has been designated as the highest risk for domestic financial stability since 2016.

The CNB announced that it is continuing its work on a draft bill, which would give it the power to set legally binding rules on selected credit indicators concerning mortgage credits including LTV, DTI and DSTI covenants, which would strengthen its powers in this area. The previous government’s proposal of a new draft bill amending the Act on the Czech National Bank and the Act on the Circulation of Banknotes and Coins, aiming to broaden the range of instruments available to the CNB, was suspended at the end of the previous election term. In 2018, a new draft bill (including most of the content of the previous draft) was proposed by the Ministry of Finance and is at an early stage of legislative procedure.

Previously, the CNB informed credit institutions that it would intensify its supervision in the area of consumer credit due to the fast growth of indebtedness of households and increasing macroeconomic risk.

Credit cooperatives

Stricter regulation of credit cooperatives has become a continuous trend in the Czech Republic. Due to temporary provisions of the amendment to the Credit Cooperatives Act, credit cooperatives have faced new restrictions since 1 January 2018. A minimum amount of member’s equity contribution is CZK 1,000; the balance sheet of a credit cooperative cannot exceed CZK 5,000,000,000; and loans provided to economically related persons cannot exceed CZK 30,000,000. Also, the Rule 1:10, which has been upheld by the Czech Constitutional Court, now applies also to deposits dating to before 1 July 2015, unless the




sum of member’s equity contribution exceeds CZK 20,000. If such older deposits were increased or their maturity was prolonged, the Rule 1:10 applies regardless of the amount.

Capital requirements and internal management

As stated above, the Banking Act was amended in 2014 due to the implementation of CRD IV, which came into force as of 1 January 2014. The amendment introduced into Sec. 12m of the Banking Act new capital requirements in the form of capital buffers, as banks are, in addition to the capital requirements under the CRR, obliged to hold Tier 1 capital in the amount corresponding to the combined capital buffer (consisting of the capital conservation buffer, countercyclical capital buffer, systemic risk buffer, and, if the institution falls into the respective category, the capital buffer for global or other systemically important institutions). The same requirements apply to credit cooperatives pursuant to Sec. 8aj of the Credit Cooperatives Act.

CRD IV also introduced new requirements concerning management and internal control systems, i.e. management of the bank, remuneration, outsourcing and requirements concerning risk-management and internal control systems. The CRD also altered the system of remuneration of employees and members of the corporate bodies of credit institutions.

The CRR regulation, which has been applicable since 1 January 2014 (except for the limited scope of provisions which come into force later), meant the introduction of new rules in respect of the definition of asset categories – which are used to calculate the credit institution’s capital (Common Tier 1, Tier 1 and Tier 2 capital).

BRRD

BRRD is a part of European legislation pursuing the protection of financial stability. It has been implemented in the Czech Republic by Act 374/2015 Coll., the Recovery and Resolution Act, which introduced measures used in case of failure of a credit institution or investment firm, and lays down obligatory contributions to national recovery funds, and imposes on credit institutions the obligation to create recovery plans.

The BRRD and the Recovery and Resolution Act enable the CNB to intervene not only when the credit institution is failing, but even in advance of this when it infringes applicable legislation or there is, due to, inter alia, a rapidly deteriorating financial condition, risk that the credit institution will fail in the future. In such situation, the CNB is entitled to apply, among others, the following early measures: (i) implement one or more of the arrangements or measures set out in the recovery plan of the credit institution; (ii) draw up an action programme to overcome the management problems; (iii) convene the general meeting of the credit institution; (iv) decide on the replacement of management; and (v) require changes to the institution’s business strategy, etc.

In case the credit institution is failing, the CNB is entitled to impose recovery measures which may include: (i) sale of the credit institution’s undertaking; (ii) asset separation; (iii) transfer of the credit institution’s undertaking to the bridge institution, a public institution created for those purposes; or (iv) use of the so-called bail-in tool, which enables the writing-off of the claims of the credit institution’s shareholders and certain types of creditors as a part of recovery of the institution. Further forced administration may be also implemented.

Credit institutions are, under the Recovery and Resolution Act, required to create resolution plans for potential failure and submit them to the CNB and contribute to the Resolution Fund, which shall be used for recovery of losses caused by the failure of a credit institution.

The measures pursuant to the Recovery and Resolution Act have not been used by the CNB in practice yet, as it tends to impose traditional recovery measures in accordance with the Banking Act, such as the prohibition to provide further credit or collect deposits from clients,




and removal of the licence. This was the case for the last bank whose licence was removed, in October 2016.

The Recovery and Resolution Act has already been amended. The amendment completed and specified the existing transposition. It also extended the powers of the CNB to suspend the maturity of deductible capital tools or deductible liabilities of the obliged person. It also introduced changes in the competences and activities of the Guarantee System of Financial Market in order to unify the administration of funds entrusted to it.

Investment services

In the Czech Capital Market Act, the Directive and Regulation on Markets in Financial Instruments (MiFID II, MiFIR), the Market Abuse Regulation (“MAR”) and the Directive on Criminal Sanctions for Market Abuse (“CSMAD”) were transposed, aiming to provide greater effectiveness and transparency in the financial market. Implementation of the European rules, in particular, the MiFID II, brought substantial changes for market players, e.g.: strengthening of investor protection; new regulation of high-frequency and algorithmic trading; the introduction of a new trading platform-organised trading facility; and changes in reporting and information duties and conduct-of-business rules. Sanctions were further harmonised and toughened up. In connection with the MiFID II, a number of implementing bylaws have been adopted by the CNB (in particular, on detailed rules for provision of investment services, on reporting duties, on applications and notifications, on professional competences for distribution on capital market, etc.).

Bonds

In order to modernise and improve the existing regulation of bonds, the Bonds Act has recently been subject to extensive amendment. The amendment focused on the rules for mortgage bonds (in Czech, hypoteční zástavní listy) and extended the regulation to other types of covered bonds (in Czech, kryté dluhopisy). In particular, it provides rules for its administration should the bond issuer face insolvency. The amendment also dealt with certain deficiencies of the existing act; in particular, the absence of rules for security agents, which were in practice already commonly used, bonds with negative yield, or contingent convertibles.

Investment limits for qualified investors’ funds

One of the most significant changes for investment funds in 2017 was the cancellation of investment limits for funds of qualified investors. Before, it was not possible to invest more than 35% of the fund capital in one type of asset. The Czech government, aiming to make the investment market more attractive, cancelled the statutory investment limits for diversification of assets in the qualified investors’ funds. Deregulation allows more flexibility for setting the investment limits rules in the statutes of the qualified investors’ funds themselves, and potentially also single-asset funds. The new regime also allows special funds (alternative non-UCITS investment funds) to invest 10% of the assets in qualified investors’ funds.

However, favourable taxation of certain investment funds was limited in order to exclude from such treatment funds, shares of which are only formally listed on the regulated market and not actively traded (in particular, certain real estate developers). Following changes to the proposal in Parliament, the definition of the basic investment fund eligible for the reduced corporate income tax rate of 5% (contrary to standard 19%) shall, inter alia, include an investment fund listed for trading on EU regulated market, on which no corporate owns more than 10% and which does not pursue activities (trades) under the Trade Licensing Act.




Anti-money-laundering

The AML Act was amended in January 2017 to implement the 4th AML Directive.8 The amendment also changed the definition of a “politically exposed person”, which is now broader and includes persons in roles of only regional importance, as well as the definition of an “ultimate beneficial owner”. There is also a new rule under which members of statutory bodies of legal entities are deemed to be ultimate beneficial owners if it is not possible to identify the “real” ultimate beneficial owner by other means. Pursuant to the amendment, the list of obliged persons was extended to investment intermediaries and providers of services related to virtual currencies. Further, client’s due diligence shall be broader and newly include identification of the actual ownership structure of clients which are legal persons.

From 1 January 2017, the newly established Financial Analytical Office replaced and took over competences of the Financial Analytical Unit of the Ministry of Finance, the previous administrative body in the area of anti-money laundering.

As a part of implementation of the 4th AML Directive, an electronic register of ultimate beneficiary owners (“UBO”) was launched. The register is maintained by register courts. Corporates and other legal entities registered in the commercial register are obliged to register their UBO from 1 January 2018. The register is not public; access can generally be granted only to competent authorities (such as courts, criminal authorities, tax administrators, and public prosecution offices, tax or other fees administration offices), to persons conducting identification and customer due diligence under the AML Act, and other persons having a legitimate interest relating to the prevention of certain crimes. Failure to register UBO is not sanctioned; therefore a number of companies do not pursue registration as an administrative burden. However, registration plays an important role for public procurements or public subsidies in evidencing of the UBO for a participant.

Payment services

The PSD2 was implemented in Czech law by a new Payment Services Act replacing the previous law from 2009. The Act together with its implementing legislation governs the area of payment services, and rights and duties of the payment services providers and their clients, with some complexity. New rules include, among others: strong customer authentication for payment transitions initiated through the internet or other electronic means; decrease of the fee to be paid in the case of an unauthorised payment transaction from €150 to €50; and the regulation of new types of payment services, such as payment initiation and account information services. Consequently, companies providing payment initiation services and account information services now need to apply for a CNB licence. In comparison to the previous PSD implementation, the new Payment Services Act no longer provides special treatment for microenterprises, which were previously treated under the same regime as consumers.

The new Payment Services Act also includes implementation of new European payment services legislation focused on further enhancement of consumer rights (comparability of fees related to payment accounts, payment account-switching and access to payment accounts, and interchange fees for card-based payment transactions).9

Central register of bank accounts

The central register of accounts has been established and is operated by the CNB. The main purpose of the register is to support the public authorities in criminal investigation and prosecution. The central register provides from 1 January 2018, to selected authorities upon their request, a list of account of certain persons kept by the credit institutions in the Czech




Republic. The relevant data are reported by credit institutions (including branches of foreign credit institutions operating in the Czech Republic) on a daily basis.

The central register of accounts aims to enable certain authorities (authorities involved in criminal proceedings, anti-money laundering, financial or customs administration or the State intelligence agency), to make a quick inquiry to find out which credit institution manages (or managed) an account of an entity they are interested in.

Personal data protection and cyber-security

It is worth noting that the GDPR became effective and replaced Directive 95/46/EC.10 The GDPR introduced stricter rules on data protection and higher penalties for infringement thereof. The new Czech Personal Data Protection Act adapted to GDPR and partially implementing also Directive (EU) 2016/680 on the protection of natural persons with regard to the processing of personal data by competent authorities, is currently being heard by the Parliament.

In July 2017 an amendment to the Cyber Security Act was adopted. It implements Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union, and aims to enhance cyber-security. The Act applies also to operators of essential services in sectors of banking and financial market infrastructures.

International tax cooperation

Financial institutions are, according to amended wording of the Act on International Tax Cooperation, which has also been amended due to the DAC II11 and DAC III, subject to automatic exchange of information, and obliged to report to the tax institutions regarding reported accounts maintained by it.


Regulation of bank governance and internal control is included mainly in the Banking Act and Decree No. 163/2014 Coll., both reflecting the requirements of CRD IV.

Management and risk control system

Pursuant to Sec. 8b of the Banking Act, banks must maintain a management and internal control system, which shall in particular deal with: (i) prerequisites of due administration and management of the bank (including management principles and processes, an organisational structure determining powers and responsibilities and the processes of management as well as conflict-of-interest rules, administration and accounting procedures, a system of remuneration of persons with significant influence on the bank’s risks, etc.); (ii) a risk management system; (iii) a system of internal control including internal audit and compliance; (iv) rules to ensure trustworthiness, expertise and experience of the board members; and (v) rules to ensure the expertise and experience of the board of directors and the supervisory board as a whole.

The management and risk control system should be effective, coherent and appropriate with regard to the characteristics, extent and complexity of the risks attached to the business model of the bank.

The system of management and internal control shall, pursuant to Sec. 10 of Decree 163/2014 Coll., implement the general guidelines of EBA, ESMA and other specified European institutions, unless the implementation of such guidelines is in breach of applicable laws. The CNB usually publishes the guidelines on its website.

Corporate bodies and committees




The corporate bodies of a bank differ for monistic and dualistic systems. In the more common dualistic system of corporate governance, the elected corporate bodies consist of: (i) a board of directors (in Czech, představenstvo) having at least three members; and (ii) a supervisory board responsible for control of the bank. If the bank applies the monistic system, the corporate bodies must be the following: (i) a management board (in Czech, správní rada) having at least five members; and (ii) a statutory director. The statutory director cannot be simultaneously the chairman of the management board, unless expressly permitted by the CNB. In both cases, the supreme body of the company is the general meeting of shareholders.

Members of the above-described elected corporate bodies of the bank must meet the requirements of trustworthiness, professional expertise and experience.

Definitions of trustworthiness, sufficient professional experience and expertise, and the list of documents required by the CNB to assess the fulfilment of the mentioned requirements, are provided by the CNB Decree No. 233/2009 Coll., as amended. Some details have been further elaborated in the Official Communication of the CNB of 3 December 2013 regarding the interpretation of the terms trustworthiness and competence.

In general, trustworthiness is assessed with particular respect to: criminal records of office-holders; insolvency history including any companies in which such persons have held executive or control positions or were under its control; previous administrative delicts; civil proceedings relating to activities of such persons on the financial market; and withdrawal of any trade licence or disqualification from professional bodies.

In accordance with Sec. 8c of the Banking Act, banks which are considered important with regard to their size, internal organisation, character, extent and complexity of their activities (generally if their balance sheet is in the amount of 5% of the total balance of all entities in the relevant sector), shall also establish the following committees: (i) a risk committee; (ii) an appointment committee; and (iii) a remuneration committee composed of non-executive members of the corporate bodies of the bank. Banks which are not considered important can also create a joint risk committee and audit committee. Similar rules apply for credit cooperatives (Sec. 7ab of the Credit Cooperatives Act).

The corporate bodies of a credit cooperative consist of: (i) a general meeting of members (in Czech, členská schůze); (ii) a board of directors (in Czech, představenstvo); (iii) a control committee (in Czech, kontrolní komise); and (iv) a credit committee (in Czech, úvěrová komise). The trustworthiness, professional expertise and experience requirements also apply to the elected bodies of a credit cooperative (under points (ii) to (iv) above) as well as conflict-of-interest rules and certain restrictions on holding executive positions in other entities.

In addition, pursuant to Sec. 44 of Act No. 93/2009 Coll. on Auditors, as amended, banks and credit cooperatives which are considered public interest entities shall also establish an audit committee with at least three members, composed of non-executive members of the corporate bodies or independent individuals.

Remuneration

Remuneration of banks and credit cooperatives is regulated in detail by Decree No. 163/2014 Coll. (implementing the requirements under CRD IV), in particular by its Annex 1, and operates on the following principles:

(a) general principles of remuneration of all its staff members; and

(b) special principles for remuneration of staff members (staff members whose activities




may have significant influence on the risk profile of the bank, including as defined by Commission Delegated Regulation (EU) No 604/2014).

The special principles also govern the form and structure of the remuneration, stipulating that the remuneration consists of both fixed and flexible aspects. The fixed amount shall be a sufficiently large proportion of the total remuneration, so that a flexible approach to the aspect of the remuneration can be applied. The ratio between the fixed and flexible aspects is subject to some restrictions.

Further, remuneration of employees responsible for internal control activities cannot be dependent on the performance of the controlled organisational unit.

Banks are also obliged to submit to the CNB information about their remuneration system and the number of persons whose remuneration has exceeded the amount of €1 million (or its equivalent) in an accounting period.

Further regulation of remuneration and inducements is provided for: (i) by the Consumer Credit Act as regards certain staff members in consumer lending; and (ii) by the MiFID II regulation as regards inducements and remuneration in investment business.

Outsourcing

Outsourcing of activities is allowed under the conditions set by Decree No. 163/2014 Coll. (mainly Sec. 12 and Annex 7 of this Decree). Outsourcing of activities which are important for the credit institution must be further notified to the CNB.


Requirements for capital and liquidity, as well as the obligation of credit institutions to create capital buffers, are primarily governed by CRD IV, CRR and also by the Banking Act and Decree No. 163/2014 Coll.

Capital requirements for credit institutions are determined as a certain percentage ratio of the total risk exposure amount, calculated in accordance with the detailed rules provided for by the CRR. Pursuant to Art. 92 of the CRR, credit institutions are obliged to hold: (i) a Common Equity Tier 1 capital ratio of 4.5%; (ii) a Tier 1 capital ratio of 6%; and (iii) a total capital ratio (the sum of Common Equity Tier 1 and Tier 1 capital) of 8%. Which assets are included in each category of capital is specified in detail by the CRR.

The Banking Act also includes rules on the creation of different types of capital buffers, protecting the bank against specific risks. These rules may be stricter in the case of institutions identified as systemically important. Those rules are further elaborated in a wide range of the Commission’s implementing regulations and consequent technical standards adopted by EBA.

The aforementioned European legislation on capital and liquidity standards was enacted by the European Union in order to enhance the stability of credit institutions operating within its territory and reflects the Basel III requirements agreed by the G-20 after the 2008 financial crisis.

In June 2017, the CNB announced an increase of the countercyclical capital buffer (CCyB) with respect to domestic expositions, from 0.5% to 1% with effect from 1 July 2018. In December, the CNB increased the CCyB further to 1.25% with effect from 1 January 2019. The reason was, in particular, continuing fast increase of credits, in particular for residential property as well as consumer credits. According to the CNB Financial Stability Report 2016/2017, the domestic financial sector remains stable and preserves its high resilience against potential adverse financial shocks, which was confirmed in the CNB’s macro-stress




tests using data available as of the end of September 2017. However, systemic risk in the area of real estate financing is not purely hypothetical, according to the central bank. The increase of the countercyclical capital buffer (CCyB) continued further: 1.5% from 1 July 2019; and 1.75% from 1 January 2020. The reasoning for the last increase was that it was due to analysis on the CNB Czech economy continuing during an expansion period of the financial cycle, and vulnerability towards potential worsening of the economic situation thus increased.

According to the CNB Financial Stability Report 2016/2017, the CNB has actively participated in discussions on minimum requirements for own funds and eligible liabilities (“MREL”). The CNB stressed that the framework should in future allow a sufficient amount of MREL to be set for absorbing losses and potential recapitalisation, in particular with respect to systemically important institutions. Nevertheless, according to the CNB, such framework should respect conditions in the Czech banking sector and the individual characteristics of the Czech banks.

Later in 2018, the CNB published its general approach to setting minimum requirements for MREL to provide a transparent outlook to its approach in the future years.12 From 2019, MREL should be set for each bank individually by the CNB. The MREL requirement will be filled continuously during a sufficiently long transition period by increase of capital, issuance of bonds or other tools. The CNB anticipates the fulfilment of this requirement: the banks should, in the next four years, provide capital or eligible liabilities in the amount of approx. CZK 120 to 140 billion.


Conduct of business rules in general

Czech civil law (in particular) provides only a limited amount of defined types of banking contracts (account agreement, deposit, letter of credit, direct debit, bank guarantee, etc.). These types of contract are specified in Act No. 89/2012 Coll., the Civil Code, as amended (the “Civil Code”); but as the law deals with only the general features of each agreement, the rights and obligations of the parties are stipulated in detail in the contract with the bank, supplemented by the general term and conditions. In the case of retail customers (consumers), freedom of contract is substantially limited by general consumer protection law,13 which also grants consumers special rights. The Civil Code also protects the consumers in respect of distance contracts and contracts negotiated away from business premises, as well as in respect of certain other aspects of consumer contracts.

Special conduct-of-business rules are provided for by the Consumer Credit Act, Payment Services Act, Capital Markets Act and the Foreign Exchange Act. For example, pursuant to the Consumer Credit Act, banks and other lenders shall act towards the clients with professional care, provide them with pre-contractual information, assess the creditworthiness of a client, and fulfil numerous information duties. Further, the Consumer Credit Act limits the amount of potential sanctions in case of default, prepayment fees, regulates the calculation of annual percentage rate of charge, and grants consumers the right to withdraw from the agreement in a 14-day period, excepting mortgage credit agreements.

Complaints

Banks and credit cooperatives are obliged to implement internal mechanisms for dealing with clients’ complaints and make them accessible in their business premises. The Consumer Credit Act also expressly requires publication on the bank or credit cooperative’s website.




Dispute resolution

Notwithstanding the right to raise legal action before the competent court, retail clients are further entitled to initiate proceedings before the special resolution body – the Financial Arbiter dealing with financial services within its competence. Commencement of proceedings is free of charge. The decision of the Office of the Financial Arbiter can be appealed by so-called objections, which are decided on by the Financial Arbiter itself. The final decision of the Financial Arbiter is binding and enforceable but may be contested before a court of law.

Restrictions on inbound cross-border activities

Czech regulation generally governs the provision of financial services within the territory of the Czech Republic. If a foreign credit institution intends to carry out its activities within the territory of the Czech Republic, different regimes apply to EU and non-EU entities. Non-EU banks are required to obtain a licence from the CNB for their branch. For EU banks, the European passport applies. The CNB has published its criteria for determination of the place where financial services are provided in a statement dated 25 November 2011.

Deposit guarantee schemes

Deposits of all private clients of credit institutions are insured by the Financial Market Guarantee System under Sec. 41a et seq. of the Banking Act and Sec. 14 of the Credit Cooperatives Act, implementing the relevant European legislation – the DGSD. The guarantee scheme is based on obligatory contributions of credit institutions into the deposit guarantee fund. The deposits are guaranteed up to a limit of €100,000 per client and bank. In a limited scope of cases, when the client is a natural person and the deposit serves a specifically defined purpose, the limit may be raised up to €200,000.

Investor Compensation Schemes

Banks providing investment services obligatorily participate in the Czech investor compensation scheme fund (in Czech, Garanční fond obchodníků s cennými papíry). This scheme provides for compensation of 90% of all assets (money or investment instruments) belonging to the clients and held on their behalf in connection with investment business, up to a limit of €20,000 per client and bank providing investment services.

The further conditions are provided by the Capital Markets Act implementing EU Directive 97/9/EC on investor-compensation schemes.

Anti-money laundering regulation

Credit institutions are obliged to carry out KYC and due diligence procedures pursuant to the conditions laid down by the AML Act, and Decree No. 67/2018 Coll. on certain requirements for the system of internal principles, procedures and control measures against money laundering and terrorist financing. During identification of customers, banks and credit cooperatives shall identify politically exposed persons and persons against whom international sanctions have been imposed. Banks and credit cooperatives must have internal AML rules and update them regularly. Training of employees must also be ensured.

Suspicious transactions must be reported to the Financial Analytical Office, which is an independent office from the Ministry of Finance. The Financial Analytical Office also published the model AML rules.

* * *




Endnotes

At the end of January 2019, the group of four Czech largest banks consisted of Česká 1.spořitelna (Erste group), ČSOB (KBC group), Komerční banka (Société Générale group) and UniCredit Bank.

I.e. Regulation (EU) No. 575/2013 of the European Parliament and of the Council of 26 2.June 2013 on prudential requirements for credit institutions and investment firms, amending Regulation (EU) No. 648/2012.

The draft bill amending the Czech Credit Cooperative Act (in Czech, zákon o 3.družstevních záložnách) was adopted by the Czech Parliament in December 2014. Most of its provisions took effect on 1 May 2015. This new piece of regulation provides for, e.g., a limit for deposit interests which shall be linked to the shareholding of the client (who is also a member of the credit cooperative) in the credit cooperative.

European Economic Area, i.e. Member States of the European Union, Iceland, 4.Liechtenstein and Norway.

EBA’s main objective is to promote the harmonisation and correct application of the 5.European legislation regulating prudential requirements and supervision of credit institutions in the European Union. For this purpose, the EBA issues technical standards or guidelines in various areas. Technical norms are issued upon the mandate given by the (EU) Commission and include more detailed norms in respect of prudential requirements for credit institutions. Guidelines are not legally binding, but according to the Regulation (EU) No. 1093/2010, the competent authorities and financial institutions shall make every effort to comply with those guidelines and recommendations; therefore, those documents practically have a regulatory impact as well. The CNB very often refers to such guidelines and works to ensure that the supervision of the financial market participants is compliant with such guidelines.

The group of 20 states, the European Union being a member thereof, having the strongest 6.economies in the world, represented by the heads of governments or ministers of finance.

Deposits in credit unions are often connected with high interest and at the same time they 7.have the same protection of deposits in the deposit guarantee scheme as the banks.

Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 8.on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds.

Regulation (EU) 2015/847 of the European Parliament and of the Council of 29 April 9.2015 on interchange fees for card-based payment transactions and Directive 2014/92/EU of the European Parliament and of the Council of 23 July 2014 on the comparability of fees related to payment accounts, payment account switching and access to payment accounts with basic features.

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 10.on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Council Directive 2014/107/EU of 9 December 2014 amending Directive 2011/16/EU 11.as regards mandatory automatic exchange of information in the field of taxation.

Consumer protection is, among other laws and regulations, governed by Act No. 12.634/1992 Coll., on Consumer Protection, as amended.

Available at CNB’s website: https://www.cnb.cz/cs/verejnost/pro_media/tiskove_zpravy 13._cnb/2018/20181031_mrel.html.







Libor Němec


Libor Němec is a partner at Glatzova & Co. Libor graduated from the Law

Faculty of Charles University in Prague in 2003 (summa cum laude), in 2005

passing the doctoral exam and in 2012 finished the Ph.D. study programme.

He worked at Clifford Chance LLP, the Czech National Bank and the Czech

Securities Commission. He also functioned as a vice-chairman of the Czech

Investor Compensation Scheme Fund. Libor is a member of the Czech Bar

Association and was a member of the Appellate Committee of the Czech

National Bank from 2007 to 2018.

In his more than 15-year practice, Libor has specialised in banking and

finance, financial market regulation, restructuring and insolvency and dispute

resolution. He is a co-author of the commentaries to the Takeover Bid Act,

Act on Business Corporations and has been working on the commentary to

the Act on Bonds and monography dealing with financial crowdfunding. He

regularly publishes articles in legal journals.

Libor is a highly regarded lawyer according to IFLR 1000 for 2019 and 2018

and according to The Legal 500 a leading lawyer in banking and finance and

a recommended lawyer in dispute resolution for 2015.

Jarmila Tornová


Jarmila Tornová has been an associate at Glatzova & Co. since 2016. She

joined Glatzova & Co. in 2012.

Her practice deals with banking and finance, capital markets and securities,

regulation of financial markets and corporate law. In banking and finance,

she specialises in drafting contractual documentation on behalf of both

creditors (banks) and debtors as well as financial services regulation.

Jarmila graduated from the Law Faculty of Masaryk University and she

studied for a year at the School of Law of the University of Glasgow.

Before she joined Glatzova & Co., she worked at Allen & Overy LLP Prague.

She also interned at the Supreme Court of the Czech Republic and the Office

for the Protection of Competition.

Jarmila is a member of the Czech Bar Association and regularly publishes

articles in legal journals dealing with, namely, regulation of financial markets,

banking and finance.

Husova 5, Prague, 110 00 Czech Republic

Tel: +420 224 401 440 / Fax: +420 248 701 / URL: www.glatzova.com

Glatzová & Co., s.r.o.

Germany

Introduction

The financial sector has undergone significant changes in recent years and the regulatory environment continues to evolve. This development can be attributed to a number of factors of an economic, political and technological nature. In the aftermath of the financial crisis in 2008, the regulatory regime applicable to banks, investment firms and financial markets in general has tightened globally resulting in stricter capital, liquidity and prudential requirements.

For the regulatory framework within the member states of the European Union (EU) like Germany, this process is mainly driven by legislation at EU level. Consequently, EU law has an enormous impact on the German regulation of financial markets and its players. The instruments of EU law for exerting such influence are manifold and include EU regulations which are directly applicable in the EU member states, EU directives which need to be transposed by the national legislators into national law in the EU member states as well as numerous guidelines, recommendations and opinions issued by EU supervisory authorities. Further, the EU actively participates in the development and implementation of international regulatory standards for credit institutions within the Basel Committee on Banking Supervision (BCBS) that establishes a significant part of the global regulatory framework.

The regulatory environment has not only evolved due to additional regulations addressing the risks of complex financial products and operations in the banking and securities business; rather, technical innovations and the rise of fintechs as new competitors in the financial industry challenge the existing regulatory regime and pose questions as to its scope, functions and appropriateness.

Finally, recent political developments also have a material effect on the regulatory environment for financial institutions. On 29 March 2019, United Kingdom will formally leave the EU – if “Brexit” is not postponed at short notice. The final consequences of Brexit are still unknown, as it is unclear yet how Brexit will be consummated. In the event of a so-called “hard” Brexit (i.e. UK’s departure from the EU and EEA without an agreement between the UK and the EU addressing the various topics in connection with Brexit), the UK will be treated by EU member states as a third country – and providing regulated services in the EU on a cross-border basis or via branches, solely on the ground of a UK licence, would no longer be an option, because the possibility to benefit from the “EU-passport” would fall away.

In this event, UK-based financial institutions intending to continue conducting their business in the EU will generally (subject to certain transitional arrangements provided for in the national laws of the EU member states) need to undergo a formal authorisation procedure to

Jens H. Kunz & Klaudyna Lichnowska Noerr LLP



obtain a licence in Germany or another EU-member state, and thereby comply with EU regulatory requirements. This consequence would apply also the other way around, i.e. financial institutions intending to conduct regulated business in the UK would generally be required to get a licence from the competent authorities in the UK (subject to transitional arrangements, which the UK is willing to grant more extensively than the EU).


Regulators

Banks and other financial institutions operating in Germany are subject to financial supervision at an EU and/or a national level. At the EU level, the competent regulators are the European Central Bank (ECB) and the European Supervisory Authorities (ESAs) including the European Banking Authority (EBA), the European Securities Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA), each with specific competences. Even though the ESAs have only under very exceptional circumstances direct supervisory powers vis-à-vis financial institutions, they significantly influence financial regulation by developing technical and implementation standards, guidelines and recommendations applied by supervisory authorities and the financial institutions which are subject to supervision. At the national level, banking regulators in Germany are the Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, BaFin) and the German Central Bank (Deutsche Bundesbank, Bundesbank) which cooperate closely for the supervision of financial institutions in Germany.

SSM

The allocation of competences among the ECB and the national competent authorities (NCAs, i.e. BaFin and Bundesbank in Germany) results from the rules of the Single Supervisory Mechanism (SSM) established for the euro area (i.e. not necessarily for all EU member states – which, however, have an opt-in right) in 2014. Those rules have been set out in two key EU regulations, i.e. the Regulation of ECB no. 468/2014 (SSM Framework Regulation) and Council Regulation (EU) no 1024/2013 (SSM Regulation). The SSM, however, provides for the allocation of responsibilities only with respect to the supervision of credit institutions within the meaning of Regulation (EU) no. 575/2013 (CRR). This means that an institution must engage in the lending and the deposit-taking business to fall within the remit of the SSM. Otherwise, the NCAs are responsible for the supervision in any event.

Within the SSM, a distinction should be drawn between significant institutions and less significant institutions. Institutions are only captured by the SSM if they meet the criteria specified in the SSM Regulation. Institutions are significant if they meet, in particular, any of the following criteria:

total value of assets over €30 billion or over 20% the GDP of the EU member state of •establishment, but not less than €5 billion;

upon a decision of the ECB based on an NCA’s notification (in Germany: BaFin); •

one of the three most significant credit institutions in an EU member state of the euro •area;

public financial assistance has been requested or received directly from the European •Financial Stability Facility or the European Stability Mechanism.

Significant institutions are subject to the direct supervision of the ECB insofar as it performs the duties that an NCA would otherwise have to fulfil. The relevant NCA, however, is

Noerr LLP Germany



involved in the daily supervision as ECB by allocating members to the Joint Supervisory Team which is formed for each significant institution.

With respect to less significant institutions, ECB supervision is primarily of an indirect nature, as such institutions are generally supervised by the NCAs. The ECB’s part in the supervisory process for less significant institutions is therefore generally limited to the issuance of regulations, directions and guidance for NCAs (such as BaFin) as well as monitoring the national supervisory practice. However, there are a few exceptions from this general rule. In particular, within the SSM the ECB has the exclusive competence to grant and withdraw banking licences, and to object to the acquisition of a qualifying holding, in each case with regard to significant and less significant institutions. Matters such as consumer protection or money laundering do not fall within the competence of the SSM.

BaFin and Bundesbank

BaFin supervises not only less significant credit institutions but also other financial institutions providing financially regulated services such as, for instance, banks conducting lending business, but not taking deposits from the public, investment firms, factoring and leasing firms, payment services institutions, insurance companies and asset management firms. In addition, BaFin is responsible for combating money laundering and terrorism financing as well as collective consumer protection in the financial sector. Bundesbank closely cooperates with BaFin in performing the supervisory function which is effectively a joint task.

Key regulations

The core regulations applicable to banks and investment firms in Germany are laid down in the Banking Act (KWG) and the CRR, on the one hand, and in the Securities Trading Act (WpHG) and the Directive 2014/65/EU (MiFID II), on the other hand. Further regulations which are also key for financial institutions but which address rather specific topics can be found in so many German acts that only a few of them may be highlighted in the following.

KWG and CRR The KWG includes the authorisation requirements for banking business, investment services and other financial services in Germany. As a general rule, anyone who intends to conduct banking business or provide financial services in Germany, commercially or on a scale which requires commercially organised business operations, needs written authorisation from the supervisory authority. Thus, the definition of banking business and financial services is of the utmost importance to determine whether a certain activity is subject to a licence requirement under the KWG.

Therefore, the KWG defines various types of banking businesses and financial services. The banking business includes, for instance: the credit, deposit, guarantee, principal broking, securities custody and underwriting business. Financial services comprise, in particular: investment broking; investment advice; trading in financial instruments as a service for others as well as by using high-frequency algorithmic trading techniques; the operation of a multilateral trading facility; portfolio management; leasing, factoring; and the placement business. Trading in financial instruments on one’s own account and behalf may also be subject to a licence requirement if it is performed in addition to banking and/or financial services, or if such proprietary trading is being conducted as a member or participant of an organised market or multilateral trading facility, or with direct electronic access to such trading venues. Further, proprietary trading in commodity derivatives and emission allowances might also be subject to a licence requirement, unless one of the available exceptions apply.

Noerr LLP Germany



Generally speaking, all banks and financial institutions operating on the German market may be subject to a licence requirement under the KWG. However, credit institutions and other financial institutions from other EU/EEA member states may provide cross-border services or establish branches in Germany without an additional licence from BaFin within the framework of the EU-passporting regime. This applies to the extent that: an institution holds a valid licence in its home member state; is supervised by the competent supervisory authority in line with the EU-requirements; the relevant business operations are covered by the licence obtained in the home member state; and entering the German market was preceded with a notification procedure informing BaFin of the contemplated market access.

The licensing requirement does not necessarily require that a service provider has a physical presence in Germany. It is sufficient that a service provider targets the German market in order to offer banking products or financial services repeatedly and on a commercial basis to companies and/or persons having their registered office or ordinary residence in Germany. Consequently, a licence requirement is not triggered if a foreign financial institution provides a regulated service so long as the service was requested by a German client with no solicitation or targeting by the foreign bank (i.e. no direct marketing or setting-up of a German language website). In certain exceptional cases, BaFin may exempt a foreign bank from the licensing requirement in Germany if such a bank is effectively supervised in its home country in line with appropriate international standards, and the competent supervisory authority effectively cooperates with BaFin.

The procedure to obtain a licence in Germany requires an application and the submission of numerous documents such as: a viable business plan; evidence of meeting capital adequacy requirements; detailed information on liquidity and risk management, organisational structure and internal control procedures; adequate staffing and technical resources; and an adequate contingency plan, in particular for IT systems. Further, the application for a licence must also include information and documents indicating that the members of the management board and the supervisory board (Germany follows the two-tier system for corporate governance purposes) are eligible for such positions, as well as information and documents on qualified holdings (i.e. 10% of capital and/or votes held directly or indirectly, or exerting control).

In addition, the KWG includes general requirements on the business organisation of financial institutions and constitutes the legal basis for various supervisory actions which BaFin may take.

The CRR includes, in particular, capital and liquidity requirements for credit institutions, limitations on large exposures and rules on the leverage ratio, i.e. the limitation of indebtedness.

WpHG / MiFID II The WpHG includes, in particular, rules of conduct and organisational requirements for the offering of investment services. Due to the implementation of MiFID II into German law, the WpHG was completely revised and does not contain all these rules and requirements in detail, but refers partly to various delegated delegations promulgated under MiFID II at the EU level. WpHG / MiFID II include, for instance, rules on inducement in connection with the provision of investment services, cost transparency, requirements on the recording of correspondence with customers, product governance rules, etc. Further, the WpHG contains a licence requirement for certain markets in financial instruments from outside the EEA which allow traders in Germany direct electronic access to the trading venue. Finally, the WpHG contains various capital market rules such as, for instance, the

Noerr LLP Germany



voting rights notification regime, restrictions on short-selling, and certain disclosure obligations.

Other key regulations

Other key regulations affecting the financial sector in Germany include:

Capital Investment Code (KAGB): Particularly addressing the licensing requirements •applicable to investment fund managers (including passporting options), categorising various types of funds and setting out the requirements on their asset allocation and their investors as well as including restrictions for the distribution of fund units.

Payment Services Supervision Act (ZAG): Particularly addressing the licensing •requirements in connection with providing payment services and issuing e-money, including organisational requirements and rules of conduct for payment institutions as well as for other institutions providing payment services (e.g. obligation to grant access to account via an API, strong customer authentication, IT-security requirements).

Money Laundering Act (GwG): Including the obligations aiming at combating money •laundering and terrorism financing.

Recovery and Resolution Act (SAG): Implementing the EU Banking Recovery and •Resolution Directive 2014/59/EU (BRRD) and which includes, for instance, the requirement to prepare recovery and resolution plans and the instruments of the regulators in case of a default of a systemically important credit institution.

Remuneration Regulation for Institutions (InstitutsVergV): Providing for transparent •remuneration systems and adequate remuneration in banks and other financial institutions.

Legislative acts applicable to specific areas of banking business such as, for instance: •the Safe Custody Act (DepotG) addressing the requirements for the safe custody of securities; the Stock Exchange Act (BörsG), including rules for stock exchanges and their market participants; and Regulation (EU) No. 648/2012 of 4 July 2012 on OTC derivatives, central counterparties and trade repositories (EMIR) which contains directly applicable rules, particularly for trades in derivatives like clearing or notification obligations, and specific requirements for central counterparties.

Numerous BaFin-circulars and guidance notices issued by BaFin or Bundesbank which •specify the regulatory obligations, e.g. the Minimum Requirements on Risk Management (MaRisk).

Numerous guidelines, recommendations, implementation and technical standards of •EBA and ESMA.


Brexit

In view of the imminent Brexit, the German parliament recently adopted a bill aimed at ensuring smooth transitional rules. According to the bill, in case of a Brexit without an agreement pursuant to Art. 50 (2) of the Treaty on the European Union, BaFin would be authorised to extend the applicability of EU-passporting rules to up to 21 months following Brexit, with a view to prevent detriments to the proper functioning and stability of the financial markets. The extension would only apply to those regulated services which are closely connected to agreements already existing at the time of Brexit. A corresponding transitional privilege would apply to payment institutions.

Noerr LLP Germany



Further, the bill includes an additional transitional provision in a no-deal Brexit allowing proprietary traders to take advantage of an already existing transitional privilege, so that they may continue trading in financial instruments on their own account and own behalf, as market participants of German trading venues if they submit a complete application for a certain exception within three months after Brexit.

A further amendment in the bill concerns employees of significant institutions whose professional activities have a material impact on the risk profile of such institutions and whose earnings exceed three times the assessment ceiling in the statutory pension insurance system (currently ca. €240,000). To facilitate the termination of employment contracts with such key employees, their status in terms of dismissal protection would be equal to managing directors, executives or managers entitled to employ and dismiss other employees (employers/banks could apply to the court for a dissolution of employment contract without a need to provide a justification).

Payment services

The implementation of EU Directive no. 2015/2366 on payment services in the internal market (PSD2) in January 2018 resulted in significant changes for payment services providers in Germany. The revised ZAG provides for two new categories of payment services: payment initiation service providers (PIS); and account information service providers (AIS), which are now subject to licence (or registration in case only AIS are rendered). PIS is a service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider. AIS is an online service to provide consolidated information on one or more payment accounts held by the payment service user with one or more other payment service providers.

The introduction of these activities as regulated payment services goes along with the obligation of credit institutions and payment systems to grant payment service providers access to the accounts maintained on a non-discriminatory basis. The revised ZAG also includes a narrowed scope of the limited network exemption, and the obligation to notify the supervisory authorities if such exemption has been used and if the total value of payment transactions over the preceding 12 months exceeds €1,000,000.

Key changes also include requirements on customer information, adequate security measures, and strong customer authentication requirements (the latter will enter into force in September 2019). Strong authentication is based on the use of two or more elements categorised as: knowledge (something only the user knows); possession (something only the user possesses); and inherence (something the user is). EBA has already issued under PSD2 a number of technical standards, guidelines and recommendations such as on security measures for operational and security risks arising from electronic payments and on strong customer authentication and secure communication.

Fintech

So far, Germany does not have special legislation for fintechs and their innovative business models. This means that generally, the same rules apply to fintechs as to traditional financial institutions in line with the principle of BaFin “same business, same risk, same regulation”. Consequently, a “sandbox” model that establishes an innovation space where fintech companies may test business models without tight regulation, as established in the United Kingdom and in Switzerland, has not been introduced in Germany. Nevertheless, the adequate treatment of fintechs and their businesses by regulatory authorities and the legislator has been intensively discussed.

Noerr LLP Germany



Generally speaking, however, the approach pursued by the German legislator consists in efforts to find an international, or at least EU-wide, solution for the regulatory challenges which go along with technical innovations. Abstaining from developing special rules for crypto currencies and digitised assets such as tokens may illustrate this approach. It remains to be seen how long the German legislator will take this route, as it causes side-effects like legal uncertainty in some important areas as, for instance, the qualification of crypto currencies or tokens generally as financial instruments, and the possibility to offer tokens in accordance with the prospectus regime applying to securities.

Anti-money laundering and combating terrorism financing

In June 2017, a German law implementing EU Directive no. 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (4th AMLD) came into force. In line with 4th AMLD and international recommendations of the Financial Action Task Force (FATF), the completely revised GwG provides for a holistic, risk-based approach to prevent money laundering and terrorism financing. The revised GwG imposes a number of obligations on the obliged entities which includes financial institution and certain other persons and entities (e.g. lawyers, traders in goods and gambling services providers).

Annexes 1 and 2 to the GwG provide for a catalogue of factors of potentially higher or potentially lower risk (customer risk factors, product, service, transaction or delivery channel risk factors and geographical risk factors); in the case of politically exposed persons (PEPs), a high risk has to be assumed. The new GwG introduces also an electronic transparency register which shall constitute a central database on ultimate beneficial owners (UBOs) of companies, trusts and similar entities. The revised GwG extends the scope of those GwG violations which may be sanctioned as administrative offences and increases the range of possible sanctions for such violations to up to €1,000,000 for each breach and in case of a major, repetitive breach to up to €5,000,000 or 10% of total annual turnover.

Further changes to the AML/CTF-regime are pending. On 9 July 2018 the new EU-Directive no. 2018/843 (5th AMLD) amending 4th AMLD came into force. The 5th AMLD extends the catalogue of obliged entities to include also providers engaged in exchange services between virtual currencies and fiat currencies as well as custodian wallet providers.

The directive defines virtual currencies as: digital representation of value that is not •issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and can be transferred, stored and traded electronically.

A custodian wallet provider is defined as: an entity that provides services to safeguard •private cryptographic keys on behalf of its customers, to hold, store and transfer virtual currencies.

Entities engaged in the above activities will have to fulfil a wide range of requirements imposed on obliged entities, such as conducting customer due diligence, and will be subject to registration. Other key changes include: public access to beneficial ownership information in the transparency register; enhanced customer due diligence in case of high-risk third countries (to be determined by the Commission); member states’ obligation to maintain up-to-date lists of PEPs; lowered threshold for identifying prepaid card-holders; and extended measures in terms of reporting requirements vis-à-vis Financial Intelligence Units.

Noerr LLP Germany



Regulation on prospectuses

EU Regulation no. 2017/1129 (EU Prospectus Regulation) lowers the threshold for the requirement to draw up a prospectus for public offerings. The EU Prospectus Regulation does not apply to offers of securities to the public with a total consideration in EEA of less than €1,000,000 calculated over a period of 12 months. EU member states shall not extend the prospectus requirements below this threshold, but may impose other, proportionate disclosure requirements. EU member states may decide to exempt offers of securities to the public from the obligation to publish a prospectus with a total consideration in EEA of less than €8,000,000 (calculated over 12 months). Germany made use of both options so that in case of consideration between €100,000 and below €8,000,000 (calculated over 12 months) no prospectus, but a simplified securities information sheet is required.

Securitisation framework

Two new regulations, directly applicable as of 1 January 2019, establish a general securitisation framework and a specific framework for simple, transparent and standardised securitisation (STS) across the EU. The two regulations adopted as part of the envisaged EU capital markets union are Regulation (EU) no. 2017/2402 (Securitisation Regulation) and Regulation (EU) no. 2017/2401 amending CRR.

The Securitisation Regulation contains a specific definition of securitisation as a transaction or scheme whereby the credit risk associated with an exposure or a pool of exposures is tranched, provided that the concerned transactions has certain other characteristics. As a general rule, subject to exceptions, the Securitisation Regulation prohibits re-securitisations (i.e. securitisations where at least one of the underlying exposures is a securitisation position). Key aspects of the securitisation framework include: the provision of cross-sectoral regulations; transparency obligations in line with regulatory technical standards (yet to be adopted, draft already prepared by EBA); requirements as to the due diligence process and obligation to provide a securitisation repository, including available information on securitisations for the purposes of protection of investors and prospective investors; and risk retention of not less than 5%, whereby the assets selected for securitisation cannot be of significantly lower performance than comparable assets held on the balance sheet as a consequence of the originator’s intent. The Securitisation Regulation distinguishes STS from complex and risky products to provide for a more risk-sensitive prudential framework.

Changes in foreign investment controls

Recent amendments to the German Foreign Trade Regulation (AWV) decreased the threshold triggering foreign investment controls by the German Federal Ministry of Economics and Energy from 25% to 10% of capital or voting rights in case of direct or indirect acquisitions of German-based companies by investors from outside EEA in sector-specific industries. According to previous changes already made in 2017, the conclusion of a purchase agreement relating to such transactions has been made subject to a notification requirement. As to the finance sector, this concerns, inter alia, software for the operation of equipment, and systems for cash supply, card payments and the offsetting and settlement of securities and derivatives. The 25% threshold triggering foreign investment controls still applies to acquisitions of undertakings from any non-specific sector.

Sound compensation practices

Recent amendments of InstitutsVergV applicable to credit institutions and other financial institutions aim at implementing the EBA guidelines on sound remuneration policies in

Noerr LLP Germany



line with the EU provisions on own funds included in CRR and directive no. 2013/36/EU (CRD IV). Remuneration within the meaning of InstitutsVergV covers all financial benefits, irrespective of their nature, including pension.

The amended InstitutsVergV distinguishes between two types of remuneration: fixed and variable (any remuneration component which cannot be qualified as fixed is considered variable). It sets out general requirements for all institutions and specific requirements applicable to significant institutions and their so-called “risk takers” (i.e. employees whose activities have a material impact on the risk profile of the institution) which should be properly identified and documented. In case of significant institutions and their “risk takers”, the amended InstitutsVergV introduces ex-post risk adjustment mechanisms in respect of variable remuneration such as malus and clawback, which enable the institution to receive back the amounts of variable remuneration paid in case of e.g. significant mistakes made by the “risk taker”.

Upcoming prudential framework for investment firms

One of the numerous legislative projects of the EU in the field of financial regulation is the proposal for a directive on the prudential supervision of investment firms, amending the existing prudential framework for investment firms set out in CRD IV / CRR) and in MiFID II / MiFIR. The review aims to introduce more proportionate and risk-sensitive rules for investment firms, without compromising financial stability. In particular, the revised rules aim to differentiate the prudential regime according to the size, nature and complexity of investment firms: larger entities, defined as ‘systemic investment firms’, would be fully subject to the same treatment as banks (i.e. the prudential regime of CRD IV / CRR). This also entails that their operations in member states participating in the banking union would be subject to direct supervision by the ECB in the SSM.

Non-systemic investment firms would be split into two groups. The capital requirements for the smallest and least risky investment firms would be set in a new tailored regime, with simpler requirements. These firms would not be subject to any additional requirements on corporate governance or remuneration. For larger firms, a new way of measuring their risks would be introduced, based on their business models. For firms which trade financial instruments, these will be combined with a simplified version of existing rules.


As a general rule, institutions must appoint at least two management board members. Management board members and supervisory board members are subject to a fit and proper assessment. Board members are required to be adequately qualified, trustworthy and in a position to dedicate sufficient time to performing their functions properly. To ensure the latter, the KWG limits the number of mandates than can be held simultaneously by the board members. If no exception (e.g. group privilege) applies, BaFin may consent to one additional mandate to be held in excess of the statutory limits.

Institutions must ensure a proper business organisation, in particular, appropriate and effective risk management, including:

strategies, in particular business strategy aimed at an institution’s sustainable •development, and a consistent risk strategy along with processes for planning, implementing, assessing and revising such strategies;

processes for determining and safeguarding capital adequacy and risk-bearing capacity; •

Noerr LLP Germany



internal control system and an internal audit function with rules on the organisational •and operational structure, including a clear determination and division of tasks and competences;

processes for identification, assessment, management and monitoring of risks; a risk-•control function and a compliance function;

internal audit function; •

adequate staffing and technical and organisational resources; •

adequate contingency plan, especially for IT systems; and •

suitable and transparent remuneration systems for board members and employees. •

Regulatory requirements in connection with governance and internal controls are further specified in various BaFin circulars and guidance notices, in particular MaRisk and BaFin’s circular no. 10/2017 on Banking Supervisory Requirements for IT (BAIT) in its recently amended version which now contains a special module for important infrastructure. The BAIT and its recent supplementing reflect the conclusion that cyber-risks constitute probably the most critical vulnerability of many financial institutions.

Further regulatory requirements as regards business organisation may arise if a financial institution intends to offer investment services (e.g. investment broking or investment advice). In such case, the additional organisational requirements and rules of conduct set forth in particular in WpHG, the delegated regulations promulgated under MiFID II, and BaFin’s circular Circular no. 4/2010 on Minimum Requirements for the Compliance Function (MaComp) may apply.


Capital requirements for credit institutions under German law are based on CRR and KWG and, as such, are in line with the final measures of BCBS – Basel III framework. To that extent credit institutions operating in Germany have to comply with requirements on capital adequacy, liquidity and leverage ratio.

Capital adequacy

The own funds of an institution may not fall below the amount of initial capital required at the time of its authorisation. Own funds consist of the sum of its Tier 1 and Tier 2 capital. As a rule, CRR requires institutions to maintain adequate amounts of own funds consisting of common equity Tier 1 capital ratio (4.5%), a Tier 1 capital ratio (6%) and a total capital ratio (8%). CRR specifies the requirements for own funds to qualify as eligible capital. Common equity Tier 1 capital includes in particular share/stock capital, capital surplus/agio, retained profits, other accumulated income and reserves.

Requirements for the additional Tier 1 capital are less stringent than in case of common equity Tier 1 capital, but more stringent than for Tier 2 capital. Further details on own funds are set forth in CRR and Commission delegated regulation no. 241/2014, supplementing CRR, containing regulatory technical standards for own-funds requirements for institutions. As part of the supervisory review and evaluation process (SREP) of the institution’s individual capital adequacy, supervisory authorities (BaFin) may ask the institution to hold additional own funds in excess of the default rules under CRR. The SREP decision is issued annually and is based on factors such as the institution’s business model, governance, risk, capital and liquidity.

The KWG requires, in line with CRD IV, credit institutions to maintain a capital conservation

Noerr LLP Germany



buffer of common equity Tier 1 capital equal to 2.5% of their total risk exposure and an institution-specific countercyclical capital buffer equivalent to their total risk exposure amount (0–2.5%). Specific requirements apply in case of capital buffers for global systemically important institutions.

Liquidity

CRR provides for a liquidity coverage requirement, according to which institutions shall hold adequate liquidity buffers to face any possible imbalance in liquidity flows over a period of 30 days. All institutions must invest their funds in such a way as to ensure that adequate funds for payment outflows (liquidity) are available at all times. Detailed liquidity adequacy requirements are set forth in the Regulation on the Liquidity of Institutions.

Leverage ratio

Institutions are required to monitor the level and changes in the leverage ratio as well as leverage risk as part of the internal capital adequacy assessment process. The leverage ratio is subject to reporting to the supervisory authorities and taken into account during SREP. Details on calculating the leverage ratio are included in CRR and Commission implementing regulation no. 2016/428 on technical standards with regard to supervisory reporting of institutions as regards the reporting of the leverage ratio.

Forthcoming amendment of the capital requirements regime

The European Council has recently agreed on the revised banking legislative package proposed by the Commission in November 2016. The proposed amendment is intended to implement reforms agreed at international level by the BCBS and the Financial Stability Board (FSB). The envisaged changes concern key EU-legislation applicable to banks, i.e. CRR, CRD IV, the BRRD and the Single Resolution Mechanism Regulation 806/2014.

Key amendments shall include: strengthening the financial stability of credit institutions by introducing a binding leverage ratio requirement of 3% of Tier 1 capital (so far, only a reporting obligation in respect of the leverage ratio has been established); a binding net stable funding ratio (NSFR) of at least 100%; and a more risk-sensitive approach to trading in securities and derivatives. The revised package addresses the issue of global systemically important institutions (G-SIIs) by providing new standards on the total loss-absorbing capacity (TLAC) aligned with minimum requirement for own funds and eligible liabilities (MREL). G-SIIs shall be required to have more loss-absorbing and recapitalisation capacity.

To facilitate the implementation of these standards, large financial groups conducting significant activities in the EU shall be obliged to set up an intermediate EU parent undertaking if they have two or more institutions established in the EU with the same ultimate parent undertaking in a third country. The amendments will further improve banks’ lending capacity and their role in the capital markets. This will be achieved by facilitating banks’ capacity to finance small and medium enterprises and infrastructure projects as well as by the proportional treatment of small and non-complex institutions under consideration of their overall risk profile. Such institutions should be able to benefit from the rules of increased proportionality and have less stringent reporting obligations, including a simplified, less granular version of the NSFR.


Deposit protection schemes

German law provides for a statutory deposit protection scheme under the Deposit Protection Act (EinSiG) which secures deposits of up to €100,000 per institution and customer, and in

Noerr LLP Germany



certain cases up to €500,000. A compensation event is determined by BaFin if an institution, due to its financial situation, is not in a position to repay due deposits and there is no prospect that it will be able to do so.

In addition to mandatory participation in the statutory deposit protection scheme, many private banks are members of the voluntary deposit protection fund of private banks kept by the Association of German Banks (Bundesverband deutscher Banken), which provides for a higher level of protection than the statutory deposit protection scheme.

Regulatory obligations

Regulatory obligations of credit institutions and financial services institutions are set forth in a number of EU laws, German laws (e.g. KWG, WpHG) and are specified in technical standards, recommendations, circulars and guidance notices of supervisory authorities (BaFin and ESAs). Institutions are subject to extensive reporting obligations vis-à-vis supervisory authorities and information obligations towards their customers. Compliance with regulations must be duly documented and evidenced (e.g. that the recommended securities transaction was suitable for a given customer or, in case of payment services providers, that that the payment transaction was authenticated).

Institutions are subject to various regulations in connection with customers’ complaints and must maintain and document internal processes for handling such complaints. At the same time, customers are required to comply with various information obligations towards the institutions so that the latter may fulfil the regulatory requirements imposed on them. Institutions must conduct know-your-customer checks and comply with anti-money laundering provisions under GwG, which require them to conduct customer due diligence, identify the ultimate beneficial owner and provide information such as name, date of birth, place of residence, nature and scope of ownership interests (including details on shareholding and control) to the transparency register, as well as monitoring the business relationship.

Contractual relationships

Depending on the product or service offered, the rights and obligations of a bank’s customers are regulated in the relevant contract (e.g. loan agreement) and are subject to various provisions of the German Civil Code (BGB). In addition, banks use various general terms and conditions to define the contractual relationship with their customers. To that extent, the template General Terms and Conditions provided by the Association of German Banks serves as a point of reference for German banks.

Noerr LLP Germany




Noerr LLP Germany


Dr Jens H. Kunz, LL.M. (UT Austin)


Dr Jens H. Kunz is a partner in Noerr’s Frankfurt office and co-head of Noerr’s

Financial Services Regulation Practice Group. He advises national and

international banks, financial services providers, payment institutions, funds

initiators, asset-management companies and other companies affected by

financial regulatory law on all matters relating to financial supervision,

including investment and money-laundering law. Apart from ongoing advice

on current regulatory challenges, his practice also focuses on assisting clients

with the financial regulatory aspects of transactions in the fields of funds and

M&A and capital markets.

Klaudyna Lichnowska


Klaudyna Lichnowska is an associate in Noerr’s Frankfurt office. She

specialises in financial services regulation, including banking, financial and

payment services supervisory law as well as anti-money laundering law. She

also advises banks and borrowers in connection with financing transactions

and security structuring.

Börsenstraße 1, 60313 Frankfurt am Main, Germany

Tel: +49 69 971 4770 / Fax: 49 69 971 477 100 / URL: www.noerr.com

Noerr LLP


Hong Kong

Introduction

Steadily increasing regulation and intensifying regulatory scrutiny have been fixtures of the international banking scene for many years now, and Hong Kong has not been an exception. We have seen the implementation of international initiatives (Basel III, OTC derivatives clearing and margining, recovery and resolution, etc.) as well as home-grown agenda items (such as financial inclusion). The trends show little sign of slackening, and with a mutual evaluation by the Financial Action Taskforce (“FATF”) during 2018, we have seen new requirements in relation to anti-money laundering.

Yet, in Hong Kong, the conception and implementation of regulation has not been influenced, to the same extent as elsewhere, by opprobrium levelled at the banking sector (notwithstanding the high-profile Lehman Brothers Mini-bond saga). Whilst implementing international initiatives, Hong Kong has generally not been a driver of change, and has not “gold-plated” international initiatives.

Instead, the HKMA’s focus is on what Mr. Norman Chan, Chief Executive of the Hong Kong Monetary Authority (the “HKMA”), has referred to as building Hong Kong’s “Brand” for financial services; ensuring Hong Kong’s resilience in the face of three key trends:

the changing world financial landscape, especially China’s growth and the •internationalisation of RMB and the “Belt and Road” Strategy;

technological advances in digital and internet applications and their transformation of •the ways in which commercial and financial transactions are conducted; and

intensifying competition from neighbouring financial centres. •

Responding to these trends, developments in fintech have been a particular focus area and the HKMA has pursued seven initiatives for 2018, under the heading “new era of smart banking”. The initiatives implemented by the HKMA during 2018 include:

introduction of a “Faster Payment System” which supports instant payments in Hong •Kong Dollars and Renminbi with the use of mobile phone numbers, email addresses or QR codes. A total of 21 banks and 20 stored-value facilities in Hong Kong have participated in the system;

upgrading the HKMA’s existing Fintech Supervisory Sandbox by introducing a fintech •supervisory chatroom. Banks and firms can seek feedback from the HKMA through the chatroom at an early stage of their fintech projects;

a revised Guideline on Authorisation of Virtual Banks. The HKMA received 29 applications •for the first batch of virtual bank licences under the new guidelines in August 2018 and the first virtual bank licences are expected to be granted in the first half of 2019; and

Ben Hammond & Colin Hung Ashurst Hong Kong



the Open API Framework for the Hong Kong banking sector, which was published on •18 July 2018, with Phase 1 of Open APIs due to become available by the end of January 2019.

Other HKMA initiatives which are currently ongoing include:

a new “Banking Made Easy” taskforce, which has been set up to work with the banking •industry with the aim of improving the customer experience of using fintech and digital banking services;

seeking cross-border cooperation in fintech with other financial regulators. The HKMA •has already entered into co-operation agreements with various regulators, including the Financial Services Regulatory Authority of Abu Dhabi and the Monetary Authority of Singapore; and

implementing measures designed to enhance research and talent development, for •example the HKMA intends to turn the findings and advice in the HKMA’s whitepaper on distributed ledger technology into practical guidelines for the banking industry.

In short, Hong Kong continues to seek to attract banks and grow its banking sector at a time when other jurisdictions seem focused on shrinking theirs.


The HKMA is responsible for authorising, supervising and regulating Hong Kong banks and Hong Kong banking business, with its mandate and powers established by the Banking Ordinance.

The HKMA’s principal function under the Banking Ordinance is to “promote the general stability and effective working of the banking system”. In performing this function, the HKMA generally seeks to align Hong Kong’s banking regime with international standards, including implementing the recommendations of the Basel Committee on Banking Supervision (“BCBS”), of which Hong Kong has been a member in its own right since 2009.

The Banking Ordinance

HKMA authorisation is required in order to carry on “banking business”, or the business of taking deposits, in Hong Kong. Those authorised by the HKMA are referred to as “authorised institutions” (“AIs”) and there are three tiers of AI:

“licensed banks”, which are permitted to operate current and savings accounts, to accept •deposits of any size and maturity from the public, and to pay and collect cheques;

“restricted licence banks”, which are permitted to take deposits only in amounts of HK$ •500,000 or more, albeit without restriction on the type or term of those deposits; and

“deposit taking companies”, which are permitted to take deposits only in amounts of •HK$ 100,000 or more and which have an original term of maturity of three months or more.

As an alternative to authorisation as an AI for overseas banks, the HKMA may approve the establishment of a local representative office. These offices cannot engage in banking business or deposit-taking business, but can liaise between the overseas bank and its Hong Kong customers.

In determining whether to authorise an applicant, the HKMA applies eligibility criteria prescribed in the Seventh Schedule to the Banking Ordinance. Broadly, an AI must be a body corporate, have adequate resources (financial and organisational) and its management and controllers (direct and indirect) must be fit and proper. The HKMA has general

Ashurst Hong Kong Hong Kong



discretion over whether to approve or refuse authorisation applications, but must refuse applicants who fail to satisfy these criteria.

The HKMA is empowered to grant authorisation subject to any conditions that it considers appropriate, including placing permanent restrictions on an applicant’s banking or deposit-taking business.

It is the HKMA’s policy that all licensed banks are subject to a condition that they become and remain members of the Hong Kong Association of Banks, a body established under the Hong Kong Association of Banks Ordinance, to provide a framework for the Hong Kong Government to exchange views with the banking sector and as a focal point for consultation on law reform, new legislation and regulatory matters.

Virtual banking

The HKMA published a new Guideline on Authorisation of Virtual Banks on 30 May 2018 (the “Virtual Bank Guideline”) which sets out the authorisation requirements in relation to virtual banks which intend to conduct virtual banking business in Hong Kong. “Virtual banks” are banks which primarily deliver retail banking services through the internet or other forms of electronic channels instead of physical branches.

To approve an application for authorisation as a virtual bank, the HKMA needs to be satisfied that:

the applicant meets the same minimum criteria as apply to conventional AIs; •

the proposed business has substance and cannot simply be a “concept”; and •

the applicant will not impose any minimum account balance requirement or low-balance •fees on customers.

In addition to the above requirements, the HKMA generally requires a virtual bank to:

be locally incorporated with the majority shareholder of the virtual bank being a bank •or a regulated financial institution in Hong Kong or overseas;

be subject to the same set of supervisory requirements applicable to conventional AIs; •

maintain a physical presence in Hong Kong for interfacing with the HKMA and •customers;

engage a qualified and independent expert to perform an independent assessment of its •IT governance and systems;

establish appropriate controls to manage risks; •

provide an exit plan in case its business turns out to be unsuccessful; •

treat customers fairly; •

discuss the outsourcing arrangements of computer or business operation before •implementing those arrangements; and

maintain adequate capital commensurate with the nature of its operations and risks. •

A total of 29 companies applied in the first batch of virtual bank applications that are currently being processed by the HKMA. The HKMA expects that it will grant the licences to successful applicants in the first quarter of 2019.

Supervisory Policy Manual

Whilst primary responsibility for prudent management of an AI sits with its board and management, the HKMA issues guidance to AIs through its Supervisory Policy Manual, which sets out the HKMA’s supervisory policies and practices, establishes minimum standards, and recommends best practice.




The Manual comprises various modules, which fall into three broad categories:

statutory guidelines issued by the HKMA under the Banking Ordinance, for example •guidelines on the minimum standards with which AIs are expected to comply to satisfy the requirements of the Banking Ordinance;

non-statutory guidelines issued as guidance notes, which are best practice guides setting •out the HKMA’s recommendations to AIs in respect of the standards that they should aim to achieve, subject to the AIs’ size, complexity and scope of activities; and

non-statutory guidelines issued as technical notes, which are usually technical in •nature and are for the purpose of clarifying the HKMA’s interpretation of regulatory and reporting matters.

The HKMA monitors AIs’ compliance with these guidelines as part of its programme of regular supervision. Failure to adhere to them, whether statutory or non-statutory, may call into question whether an AI continues to satisfy the minimum criteria for authorisation under the Banking Ordinance. Failure in respect of statutory guidelines may also be a contravention of the Banking Ordinance.

Securities and Futures Ordinance

AIs which carry on any “regulated activities” under the Securities and Futures Ordinance (i.e., securities or futures-related business such as dealing in, advising on, or managing securities and futures contracts) must be separately registered with the Securities and Futures Commission (the “SFC”). Such AIs are referred to as “registered institutions”. This requirement to register is subject to certain exceptions: registration is not needed to carry on the, otherwise SFC-regulated, activities of “leveraged foreign exchange trading” or “securities margin financing” where the AI does so for the purpose of facilitating acquisitions or holdings of securities by clients.

In practice, the SFC refers registration applications to the HKMA and will rely on the advice of the HKMA in determining whether to grant the registration. Similarly, notwithstanding that the SFC is ultimately responsible for supervising SFC-regulated activities, the day-to-day supervision of the regulated activities carried on by AIs is performed by the HKMA.

A memorandum of understanding between the HKMA and the SFC details the division of responsibilities between the two regulators and, under the current arrangement, the HKMA is the lead supervisor of registered institutions, but consulting with the SFC in interpreting the rules, codes, guidelines and other guidance published by the SFC.

Money Lenders Ordinance

The business of, or advertising oneself as carrying on the business of, making loans is regulated under the Money Lenders Ordinance. A “loan” in this context includes an advance, a discount or money paid, and any agreement which is in substance or effect a loan of money. However, under section 3 of the Money Lenders Ordinance, AIs are exempted from the requirement to hold a separate money lender’s licence for the purpose of carrying on money-lending activities.

Recent regulatory themes and key regulatory developments in Hong Kong

Aligned with the volume of international regulatory initiatives following the Global Financial Crisis, there has been a rapid development in many areas of Hong Kong bank regulation in recent years.




Basel III

Hong Kong is in the process of implementing Basel III. The Banking (Amendment) Ordinance, the legal framework for implementation of Basel III, was passed by the Legislative Council in 2012. It mandates the HKMA to prescribe capital and disclosure requirements for AIs in Hong Kong.

The first phase of Basel III capital standards, including increasing minimum regulatory capital requirements, tightening criteria for instruments to be recognised as regulatory capital, enhancing the risk coverage of the capital framework, and introducing the Liquidity Coverage Ratio along with corresponding disclosure requirements, have been implemented.

The second phase of Basel III implementation, including the introduction of a series of capital buffers, implementation of the Net Stable Funding Ratio, disclosure requirements arising from the above, and leverage ratio requirements, also came into force during the first half of 2018.

An exception to this progress has been the adoption of Basel capital standards on banks’ counterparty credit risk and equity investment in funds, which were to have been implemented from 2017, but which were postponed in light of implementation progress in other major markets, including the US and EU, and a desire to ensure cross-border coordination and the maintenance of a level playing field. The HKMA issued a letter on 10 August 2018 to consult the banking industry on the proposed draft amendments to the Banking (Capital) Rules in relation to the implementation of the Basel approach for measuring counterparty risk exposures and the relevant capital requirements, and aims to implement the relevant standards in the first half of 2020.

Recovery and resolution

Responding to the Financial Stability Board’s “Key Attributes of Effective Resolution Regimes for Financial Institutions”, the Financial Institutions (Resolution) Ordinance (the “FIRO”) took effect on 26 June 2017. Under the FIRO, the HKMA is the resolution authority for the banking sector and also designated as the lead resolution authority for the cross-sectoral groups in Hong Kong that involve both banking sector entities and securities and futures sector entities.

The HKMA is adopting a phased approach to resolution planning, as set out in Chapter RA-2 of the HKMA’s Code of Practice (“The HKMA’s Approach to Resolution Planning”). Broadly speaking, resolution planning for an AI involves: (i) gathering information from the AI; (ii) setting a preferred resolution strategy and developing a resolution plan that operationalises the preferred strategy for the AI; (iii) assessing the AI’s resolvability; and (iv) addressing impediments to resolution.

The HKMA has made rules pursuant to the FIRO to prescribe minimum loss-absorbing capacity requirements for banks and their group companies (the “LAC Rules”), which came into operation on 14 December 2018. A chapter of the HKMA’s Code of Practice, providing guidance on how the HKMA intends to exercise certain discretionary power under the LAC Rules and on the operation of certain provisions of the LAC Rules, has been issued by the HKMA for industry consultation.

OTC derivatives

A new regulatory regime for OTC derivatives was introduced through amendment of the Securities and Futures Ordinance in 2014. Responding to international initiatives, the aim is to address structural deficiencies in the OTC derivatives market and inherent systemic risks identified following the Global Financial Crisis.




The first stage of the OTC derivatives regime took effect on 10 July 2015, since when financial institutions, including AIs, have been required to report transactions in certain interest rate swaps and non-deliverable forwards, and to comply with relevant record-keeping obligations if they are a counterparty to such OTC derivatives transactions. AIs are also required to make a report on transactions they conduct in Hong Kong on behalf of an affiliate, their head office or a branch/office outside Hong Kong. The list of reportable OTC derivatives expanded to include five key asset classes (i.e. interest rates, foreign exchange, equities, credit and commodities) from 1 July 2017. AIs will also be required to use Legal Entity Identifiers to report OTC derivative new trades, and daily valuation information OTC derivative reporting starting from 1 April 2019.

The second stage of the regime came into operation on 1 September 2016, requiring AIs to clear certain standardised interest rate swaps (“IRS”) in Hong Kong dollars or one of the G4 currencies with a designated central counterparty from 1 July 2017 if (subject to certain exceptions):

the AI has reached the clearing threshold (which is currently being set at US$ 20bn); •

the transaction is entered into on or after the prescribed day for the calculation period •in respect of which the AI reached the clearing threshold for the first time; and

the counterparty is an AI, authorised money broker or SFC-licensed entity and is also •required to clear the transaction concerned, or the counterparty is otherwise a financial services provider designated by the SFC.

The HKMA, together with the SFC, also proposed in the first half of 2018 to include plain vanilla IRS denominated in Australian dollars in the clearing regime and has worked with the Government to revise the relevant subsidiary legislation. The relevant amendments are subject to the Legislative Council’s negative vetting and it is expected that mandatory clearing Australian Dollar IRS will commence in the fourth quarter of 2019.

Fintech

The application of new technology within the banking and financial industries, or “Fintech”, is a key area of focus for the HKMA. To promote Hong Kong’s position as a fintech hub in Asia, the HKMA has established a Fintech Facilitation Office to foster the exchange of innovative fintech initiatives between different market participants and to lead industry research in the area.

The HKMA launched a “supervisory sandbox” to facilitate pilot trials of fintech and other technology initiatives in November 2016. By the end of August 2018, there had been 36 fintech products tested in the HKMA’s sandbox, 26 of which have subsequently been rolled out in the Hong Kong market. Tested fintech products include biometric authentication, soft tokens, chatbots, distributed ledger technologies and application programming interface notification services via social media platforms. To improve accessibility of the sandbox, the HKMA has:

set up a Fintech Supervisory Chatroom to provide supervisory feedback to banks and •“tech” firms at an early stage of the development of their fintech products;

allowed tech firms to have access to the sandbox by seeking feedback from the •Chatroom without necessarily going through an AI; and

linked up its sandbox with the sandboxes of the SFC and the Insurance Authority. The •HKMA is now the primary point of contact for cross-sector fintech products which are most relevant to the banking sector, and assists tech firms to access these sandboxes concurrently.





Management

A criteria for authorisation under the Banking Ordinance is that the HKMA is satisfied that the chief executive and directors of an applicant are fit and proper. Modules CG-1 to CG-6 of the Supervisory Policy Manual articulate the HKMA’s expectations in relation to locally incorporated AIs’ boards of directors; both their responsibilities and related governance principles and practices.

The board of an AI is ultimately responsible for the operations and financial soundness of the AI. Boards are required to have a sufficient number of directors with appropriate composition to ensure that they are sufficiently independent and have collective expertise for the AI’s operation.

The board of a licensed bank must have a sufficient level of checks and balances and either one-third or three members, whichever is higher, must be independent non-executive directors (“INEDs”), and at least two of these INEDs should have an accounting or financial background. Restricted licence banks and deposit-taking companies, under normal circumstances, are encouraged to have at least three INEDs on their boards.

AIs are required to inform the HKMA about their INEDs and the HKMA assesses their independence by taking account of their interest in the business of the AI, their relationship with significant shareholders of the AI and their length of service on the board, etc. Should the HKMA conclude that a board is not sufficiently independent, the AI may be required to appoint additional INEDs.

The HKMA has the power to approve directors of AIs under the Banking Ordinance on the basis of whether they are “fit and proper” persons. Relevant to this determination is experience, knowledge, skills, track record, independence (for INEDs), record of integrity and reputation. A director must also demonstrate that he does not have any conflicts of interest.

Whilst the board is ultimately responsible for an AI’s conduct, the role of board committees is recognised and, for licensed banks and AIs which are designated as systemically important, mandatory. The modules set out requirements around nomination, audit, risk and remuneration committees, and the sufficient involvement of INEDs.

Supplementing these requirements, the HKMA, in October 2017, circulated new guidance on management accountability, which seeks to align the management expectations, and information to be provided to regulators (including management and governance structure charts) with the SFC’s “Manager-in-Charge” regime, which was implemented for SFC-licensed corporations during 2017.

AIs must also appoint “managers” who are principally responsible, either alone or with others, for the conduct of certain affairs or business which the AI is engaged in in Hong Kong. Affairs or business which require appointment of a “manager” is set out in the 14th Schedule to the Banking Ordinance and include:

the carrying on of retail banking, private banking, corporate banking, international •banking, institutional banking, treasury or any other business which is material to an AI;

the maintenance of the accounts or the accounting systems of an AI; •

the maintenance of systems of control of an AI, including systems which are intended •to manage risks;




the maintenance of systems of control of an AI to protect it against involvement in •money laundering;

the development, operation and maintenance of computer systems of an AI; •

the conduct of internal audits or inspections of an AI’s affairs or business; and •

the function of ensuring that an AI complies with the applicable laws, regulations or •guidelines (i.e. the compliance function).

Internal controls

All AIs must have a proper risk management framework to identify, evaluate and monitor material risks and assess the adequacy of the AI’s capital and liquidity in relation to their risk profile. The expectations of the HKMA are set out in module IC-1 of the Supervisory Manual.

AIs are required have in place risk governance arrangements and to establish at least three “lines of defence”, each independent from the other:

business units are responsible for the first line of defence: identifying, assessing, •managing and reporting risks on an ongoing basis;

the risk management and compliance function is the second line of defence: with the •risk management function in charge of day-to-day risk management activities and the compliance function responsible for ensuring compliance with law and regulation; and

the internal audit function is the third line of defence: periodically checking on the risk •management framework and implementation of policies and control procedures.

Where significant weakness is identified during the internal audit function’s assessment, or when new products or services are being introduced, AIs are directed to consider increasing the scope and frequency of audit in order to mitigate any potential risks.

Remuneration

AIs must follow module CG-5 of the Supervisory Policy Manual when establishing their remuneration systems. A proportionate approach is permitted in applying this module based on the size, scope, nature and complexity of an AI’s business.

An AI’s board is required to establish and maintain a written remuneration policy covering all employees. Requirements include ensuring an appropriate balance between fixed and variable incentive-based remuneration and the extent to which an AI uses incentives-based compensation arrangements, and the payment of variable remuneration in a manner which aligns employees’ incentive awards with long-term value creation and the time horizons of risk, and should reflect the employee’s seniority, role, responsibilities and activities within the AI.

Certain public disclosures are mandated, including in relation to the structure of their remuneration systems, linkage between performance and remuneration, and information about the remuneration of senior management and key personnel.

Chinese Walls

To prevent communication of confidential information to unauthorised recipients, whether internal or external, AIs are required to establish “Chinese Walls” and grant access to confidential information to staff on a need-to-know basis, and only for legitimate business purposes.

The SFC imposes a similar requirement and generally requires registered institutions to establish and maintain policies and procedures on “Chinese Walls” to address potential




conflicts of interest arising from different regulated activities. The SFC’s Corporate Finance Adviser Code of Conduct also requires an effective system of functional barriers to prevent the flow of information which may be confidential or price-sensitive received in the course of corporate finance activities.

Neither the HKMA nor the SFC have provided detailed guidance on how “Chinese Walls” should be set up, but they generally expect both functional and physical separation.

Outsourcing

To improve efficiency and to reduce administrative costs, AIs have, in recent years, increasingly chosen to outsource certain tasks or functions, including both to affiliates and independent third parties. Under SA-2 of HKMA’s Supervisory Policy Manual (Outsourcing), AIs must discuss any such plans in advance with the HKMA and address any issues raised by the HKMA.

The term “outsourcing” is defined by the HKMA to include “an arrangement under which another party (i.e. the service provider) undertakes to provide to an AI a service previously carried out by the AI itself or a new service to be launched by the AI”. In determining whether an outsourcing is acceptable, the HKMA focuses on risk assessments, the ability of the service provider, the clarity of the service agreement, proper safeguards to protect customer information, effectiveness of oversight, contingency planning and the ability of the HKMA to access records.

AIs are required regularly to review the performance of services providers and to rectify identified deficiencies. The HKMA reviews the effectiveness and adequacy of AIs’ controls in relation to outsourcing during on-site examinations, off-site reviews and prudential reviews.


Capital requirements

It is a minimum criteria for being and remaining HKMA-authorised that AIs maintain financial resources which are adequate for the nature and scale of their operations. The capital requirements applicable to locally incorporated AIs are set out in the Banking (Capital) Rules (the “BCR”).

Capital adequacy is chiefly satisfied through compliance with minimum capital ratios which, for locally incorporated AIs, means maintaining minimum risk-weighted capital ratios of:

common equity tier 1 (“CET1”) capital ratio of 4.5%; •

Tier 1 capital ratio of 6%; and •

total capital ratio of 8%. •

Capital is classified as: CET1 (which has the highest loss-absorption capacity); Additional Tier 1 (which are instruments not meeting the CET1 capital criteria but still able to absorb losses on a going concern basis); and Tier 2 (which is only expected to absorb losses when an AI becomes insolvent and is no longer able to continue its activities as a going concern). The sum of an AI’s CET1 capital and Additional Tier 1 capital is the AI’s Tier 1 capital. The detailed qualifying criteria for each tier are set out in Schedules 4A to 4C to the BCR.

The capital requirements under the BCR are imposed on AIs on both a solo basis and at a consolidated level. Subsidiaries licensed or authorised by the SFC, the Insurance Authority or relevant overseas authorities having similar functions to the SFC or to the Insurance Authority, are excluded from the consolidation calculation.




In addition to the above, the BCR also contains a risk-weighting framework for calculating the risk-weighted amounts for credit risk, market risk and operational risk. A default, standard approach for each risk is specified in the BCR, but AIs may use bespoke approaches with HKMA approval.

Liquidity requirements

AIs must maintain liquidity adequate to meet their obligations as they fall due, as set out in the Banking (Liquidity) Rules (the “BLR”). The HKMA has followed BCBS principles in designing the liquidity standards.

Under the BLR, AIs designated by the HKMA as “category 1 institutions” are required to maintain a Liquidity Coverage Ratio (“LCR”) of not less than 90% from 2018, increasing to 100% from 2019. The LCR is a ratio of the total weighted amount of an AI’s “high quality liquid assets” to the total weighted amount of its “total net cash outflows” over 30 calendar days.

Category 1 institutions are AIs which are determined by the HKMA to be:

internationally active; •

significant to the general stability and effective working of Hong Kong’s banking system; •

associated with material liquidity risk; or •

connected to another category 1 institution. •

AIs which are not “category 1 institutions” must, under rule 7 of the BCR, maintain a liquidity maintenance ratio (“LMR”) of not less than 25% on average in each calendar month. The LMR is a ratio of the amount of an AI’s “liquefiable assets” to the amount of its “qualifying liabilities” over a calendar month.

Generally speaking, every AI, regardless of category, must take into account all of its business in Hong Kong when calculating its LCR or LMR. Locally incorporated AIs that have overseas branches are required to also take into account those overseas branches unless the HKMA permits otherwise. For a locally incorporated AI, the HKMA may require their LCR or LMR to be calculated on a consolidated basis. The HKMA also has the power to request a locally incorporated AI to calculate its LCR or LMR on a bespoke basis in exceptional circumstances.


Code of Banking Practice

A Code of Banking Practice (the “Code”), jointly published by the Hong Kong Association of Banks and The Hong Kong Association of Restricted Licence Banks and Deposit-taking Companies, makes recommendations for AIs to follow in dealing with and providing services to their customers. Although the Code is not statutory, it has been endorsed by the HKMA and the HKMA expects all AIs to comply with the Code; monitoring compliance as part of its regular supervision.

The Code contains various provisions touching on the relationship between AIs, their customers and third parties. It is one of the Code’s general principles that AIs must treat their customers equitably, honestly and fairly at all times and should provide and explain clearly the key features, risks and terms of the products, fees, commission, etc. of their products to their customers.

AIs must make available to customers the terms and conditions of their banking services in plain language, highlighting any fees, charges, penalties and relevant interest rates, and the




customer’s liabilities and obligations in the use of a banking service. If there is any variation of the terms and conditions relating to fees and charges and liabilities of customers, AIs should inform the customers at least 30 days beforehand with a notice highlighting the variation in plain language.

“Customers” is defined in the Code only to cover private individuals who maintain an account in Hong Kong with an AI, or act as guarantor or provider of third party security for a borrower. The term, and therefore the Code, does not cover customers which are partnerships or companies.

Personal data protection

When collecting, using, holding or erasing customer information, AIs must comply with the Personal Data (Privacy) Ordinance (the “PDPO”). Guidance on the proper handling of customers’ personal data for the banking industry has been published by the Office of the Privacy Commissioner for Personal Data (the “Privacy Commissioner”).

Direct marketing is an area of particular focus in the PDPO. AIs must inform customers of any intention to use their personal data for direct marketing, the kinds of data to be used, the classes of products or services to be marketed, and that they have the right to refuse to receive marketing information. When an AI uses a customer’s personal data in direct marketing for the first time, the customer must be informed that he may choose to “opt-out” at any time, even he has earlier given consent to the use of his personal data for direct marketing.

The PDPO also contains a provision prohibiting data users from transferring personal data to any place outside Hong Kong, unless one of a number of exemptions applies. The exemptions include:

transfer to a “white list” jurisdiction; •

transfer to jurisdictions offering similar level of protection; and •

where customers have given their prior consent in writing. •

Whilst the PDPO contains this restriction, it has not yet been brought into force and it is not known when or whether it will be brought into force. Nevertheless, it is generally advisable for AIs to have regard to this provision as best practice.

Duty of secrecy

AIs owe a common law duty of confidentiality to customers and it is an implied term of a customer contract that the AI will not disclose information about the customer, including the state of the customer’s account, their transactions with the AI or other customer information to third parties in the absence of any implied or express consent of the customer.

There are, however, exemptions to this general duty, including where:

disclosure is compelled by law; •

there is a duty to the public to disclose; •

the interests of the bank requires disclosure; and •

the disclosure is made with the express or implied consent of the customer. •

In Hong Kong, disclosure compelled by law generally means compulsion by an order of a Hong Kong court or legislation. Various statutes in Hong Kong compel AIs to disclosure customer information to third parties and regulators, the most significant of which include:

the Evidence Ordinance, which permits a party in court proceedings to apply to the •court for inspection of a banker’s record for the purposes of such proceedings;

the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (the “AMLO”), •




under which any knowledge or suspicion of money laundering or terrorist financing must be reported to the Hong Kong Police; and

the Drug Trafficking (Recovery of Proceeds) Ordinance (the “DTROP”) and the •Organised and Serious Crime Ordinance (the “OSCO”), which impose obligations to report known or suspected proceeds or properties arising from drug trafficking and other indictable offences.

Automatic exchange of financial account information

Hong Kong has implemented a regime to enable automatic exchange of financial account information (“AEOI”) on a reciprocal basis with over 100 reportable jurisdictions.

Under the AEOI standards, AIs must identify financial accounts held by tax residents of reportable jurisdictions and report information of these accounts to the Inland Revenue Department. The Inland Revenue Department will then exchange the information with the tax authorities of these reportable jurisdictions on an annual basis.

AIs have been required to collect financial accounts information and report such information to the Inland Revenue Department since 2017. The Inland Revenue Department began the first exchanges of financial accounts information under AEOI with tax authorities in 49 jurisdictions, including China, in September 2018.

Deposit Protection Scheme

All licensed banks must be members of the Deposit Protection Scheme (the “DPS”) and their customers are eligible to receive compensation of up to HK$ 500,000 if the bank fails.

Only certain types of deposits are protected by the DPS. Eligible deposits include deposits in current accounts, saving accounts, secured deposits and time deposits with a maturity of not more than five years. Time deposits with a maturity longer than five years, structured deposits, bearer instruments, offshore deposits and other financial products are not within the ambit of the DPS.

Where compensation under the DPS is required, the Deposit Protection Board will examine the records of the AI to identify qualified depositors. Depositors of a failed AI do not need to file a claim but may be requested by the Deposit Protection Board to provide information to support their entitlement to compensation.

Anti-money laundering

The AMLO imposes requirements on financial institutions relating to the prevention of money laundering and terrorist financing. The HKMA has published a Guideline on Anti-Money Laundering and Counter-Terrorist Financing (“the AML Guideline”) which provides guidance on compliance with the AMLO.

Key requirements for AIs under the AMLO include:

customer due diligence; •

ongoing monitoring; and •

suspicious transaction reporting. •

Simplified due diligence may be conducted on certain clients who are adjudged to be at low risk of money laundering or terrorist financing. Such clients include financial institutions authorised or licensed in Hong Kong or in an equivalent jurisdiction, listed companies, governments and public bodies in Hong Kong or in an equivalent jurisdiction.

By contrast, enhanced due diligence is required where there is a heightened risk of money laundering or terrorist financing. Enhanced measures include, for example, obtaining




additional information on the customer and the intended nature of its business relationship, source of wealth and source of funds.

Adopting a risk-based approach with resources focused on business relationships which may present a higher risk of money laundering, AIs are required to monitor their customers continuously by reviewing and updating client information, ensuring client activities are consistent with the nature of the clients’ business and identifying transactions that are complex, large, unusual or have no apparent economic or lawful purpose.

Various pieces of legislation, including the DTROP, the OSCO and the United Nations (Anti-Terrorism Measures) Ordinance, make it a criminal offence for a person to fail to disclose any known or suspicious terrorist property or property that represent the proceeds of drug trafficking or of an indictable offence. Such disclosures are made to the Joint Financial Intelligence Unit of the Hong Kong Police.

AIs are required to appoint a Money Laundering Reporting Officer (“MLRO”) as a reference point for handling suspicious transactions. This role must be accompanied by procedures to ensure that all staff are aware of the identity of the MLRO and understand that all disclosure reports must reach the MLRO without undue delay.

In view of the FATF mutual evaluation conducted in November 2018, compliance with the AMLO has been an area of particular focus for the HKMA. The HKMA also published a revised AML Guideline in October 2018 to better align with the latest FATF Recommendations. Amendments to the AML Guideline:

include “international organisation politically exposed persons” as a new category of •“politically exposed persons”;

provide principles-based guidance which allows flexibility for AIs in the implementation •of risk-based requirements and enhancing relevant guidance on risk assessments and management; and

aim to reduce unintentional barriers to the use of technology by allowing AIs to use •different methods to mitigate risk during non-face-to-face account opening.

Conclusion

Fintech innovation, cyber resilience, and the implementation of FIRO, will continue to be areas of focus during 2019. As the HKMA continues to focus on concerns over the financial inclusion of customers, financial technology and investor protection, it will continue to cooperate with banks and the fintech industry to explore how technology can be used to enhance efficiency to customer due diligence processes and customer experience. We also expect the HKMA will work closely with the Insurance Authority, the new insurance regulatory overseeing the insurance industry in Hong Kong, to prepare for the implementation of the new regime for regulating insurance intermediaries, and to introduce additional customer protection measures in relation to selling insurance products .

Beyond these specific challenges, there will also be a continued focus by the HKMA on Hong Kong’s brand for financial services, building professionalism in the Hong Kong banking sector and promoting ethics, conduct and culture as Hong Kong looks to maintain its place as a regional and global financial centre.






Ben Hammond


Ben is a partner in Ashurst’s Financial Services Regulatory Group. He leads

the firm’s non-contentious regulatory practice in Hong Kong, and advises

clients in a broad range of transactional and non-transactional regulatory areas

in Hong Kong and across Asia.

Ben is qualified both in Hong Kong and in England and Wales, and has

particular expertise in cross-jurisdictional regulatory advice; reconciling Asian

regulatory regimes with European and UK regulatory requirements, on which

he also regularly advises.

Colin Hung


Colin is an associate in Ashurst’s Financial Services Regulatory Group, based

in Hong Kong. His practice focuses on transactional and non-transactional

regulatory issues.

Prior to joining Ashurst, Colin worked in house with a global banking group

as part of its anti-money laundering, sanctions and bribery and corruption team.

11/F, Jardine House, 1 Connaught Place, Central, Hong Kong

Tel: +852 2846 8989 / Fax: +852 2868 0898 / URL: www.ashurst.com

Ashurst Hong Kong

India

Introduction

Banks in India comprise:

scheduled commercial banks (i.e., commercial banks performing all banking functions, •which will include both government-owned banks and private banks, and branches or subsidiaries of foreign banks);

cooperative banks (set up by cooperative societies to provide financing to small •borrowers);

regional rural banks (RRBs) (these are government banks set up at local levels to •provide credit to rural and agricultural areas);

small finance banks (these banks have been set up to undertake basic banking activities •with a focus on lending to sectors and geographical areas which are not being serviced by other banks); and

payments banks (these banks have been set up to undertake payment and remittance-•related activities and accepting small deposits).

Government oversight: In the past, the government has nationalised a number of major commercial banks. While the government has not made any moves for further nationalisation of banks, the government has the power to acquire undertakings of an Indian bank in certain situations, including for breach of applicable regulations. The government has also been (and is in the process) of merging various public sector banks to strengthen the balance sheets of the banks, and also has plans to reduce government stakes in the public sector banks as part of its disinvestment plans.

Foreign banks: There are about 45 foreign banks that have already set up banking operations in India. While foreign banks are currently operating through branch models in India, guidelines have been issued in the year 2013, which require foreign banks to operate through either a wholly owned subsidiary (WOS) incorporated in India, or through branches set up in India. Further, foreign banks which have been set up in India after August 2010 would be required to operate in India through a WOS incorporated in India in the event that the ownership structure of the foreign bank was complex, or the business of the said bank was significant, or the host country regulations were not satisfactory. Under these guidelines, foreign banks were also incentivised to operate through a WOS located in India, as they would be treated on par with Indian banks.

Foreign investment: At present, the foreign direct investment (FDI) limit in private sector banks (other than WOS of foreign banks) is 74% (for acquiring a stake beyond 49%, government approval would be required). In public sector banks, the FDI limit is 20%.

Shabnum Kajiji & Nihas Basheer Wadia Ghandy & Co.



Apart from banks referred to above, the banking system in India also comprises non-banking financial companies (NBFCs) and housing finance companies (HFCs), which perform similar functions to those of scheduled commercial banks, but are not regulated in the same manner.

Given that NBFCs are not as stringently regulated as banks in India, the appetite for setting up/funding NBFCs, by domestic as well as foreign investors, has been increasing in recent times. For foreign investors having a plan to participate in the debt markets in India on a long-term basis, it does make sense to set up an NBFC, as it provides more flexibility in relation to funding that may not be available by participating as a foreign lender/investor in the debt markets.

Unless specified otherwise, this chapter will focus on the regulatory regime governing scheduled commercial banks in the private sector.


The key regulator for the banking system in India is the Reserve Bank of India (RBI). The RBI is the central bank of India, and the primary regulatory authority for banking. An entity intending to carry out banking business in India must obtain a licence from the RBI. The RBI has wide-ranging powers to regulate the financial sector, including: prescribing norms for setting up and licensing banks (including branches of foreign banks in India, and whether a foreign bank should be set up in India under the branch model or a WOS model); corporate governance; prudential norms; and conditions for structuring products and services. India has several other financial sector regulators, including the: (i) National Housing Board (NHB), which is the regulatory authority for HFCs in India; (ii) Securities Exchange Board of India (SEBI), which is the regulatory authority for the securities market in India; and (iii) Insurance Regulatory and Development Authority of India (IRDAI), which regulates the insurance sector.

The key statutes and regulations that govern the banking industry in India are: the Reserve Bank of India Act, 1934 (RBI Act); the Banking Regulation Act, 1949 (BR Act); and the Foreign Exchange Management Act, 1999 and the rules and regulations issued thereunder (FEMA).

RBI Act: The RBI Act was enacted to establish and set out the functions of the RBI. •The RBI Act empowers the RBI to issue rules, regulations, directions and guidelines on a wide range of issues relating to the banking and the financial sector.

BR Act: The BR Act provides a framework for supervision and regulation of all banks. •It also gives the RBI the power to grant licences to banks and regulate their business operation. The BR Act also sets out details of the various businesses that a bank in India is permitted to engage in.

FEMA: The FEMA is the primary legislation in India which regulates cross-border •transactions and related activities. FEMA and the rules made thereunder are administered by the RBI.

In addition thereto, the following regulations also govern banking in India: the Bankers Books Evidence Act 1891; the Recovery of Debts Due to Banks and Financial Institutions Act 1993; the Securitisation and Reconstruction of Financial Assets and Enforcement of Security Interest Act 2002; the Payment and Settlement Systems Act 2007; and the various guidelines, directions and regulations issued by the RBI and the NHB from time to time.

The key RBI regulations which are important in connection with regulation of banks, are as follows:

Wadia Ghandy & Co. India



RBI circulars dealing with capital adequacy and provisioning requirements, being the •Master Circular – Prudential Guidelines on Capital Adequacy and Market Discipline-New Capital Adequacy Framework (NCAF) dated July 1, 2015, as amended from time to time; the Master Circular – Prudential Norms on Capital Adequacy – Basel I Framework dated July 1, 2015, as amended from time to time; and the Master Circular on Basel III Capital Regulations dated July 1, 2015, as amended from time to time.

RBI directions dealing with ownership of banks being Master Direction – Ownership •in Private Sector Banks, Directions, 2016 dated May 12, 2016, as amended from time to time.

RBI circular dealing with setting up of branches and subsidiaries by foreign banks, being •the Scheme for Setting up of WOS by foreign banks in India issued on November 06, 2013 as amended from time to time.

RBI circular dealing with setting up of new banks, being the Guidelines for ‘on tap’ •Licensing of Universal Banks in the Private Sector dated August 1, 2016.

RBI circular dealing with setting up of small finance banks, being the Guidelines for •Licensing of ‘Small Finance Banks’ in the Private Sector dated November 27, 2014.

RBI circular dealing with setting up of payment banks, being the Guidelines for •Licensing of ‘Payments Banks’ dated November 27, 2014.

RBI circular on external commercial borrowings, being the Master Direction – External •Commercial Borrowings, Trade Credit, Borrowing and Lending in Foreign Currency by Authorised Dealers and Persons other than Authorised Dealers dated January 1, 2016 as amended from time to time (ECB Regulations).

In relation to banking operations, there are certain restrictions applicable to end use of the loans and advances provided by banks, including in relation to funding real estate and capital market transactions and speculative transactions, as well as for on-lending to other financial institutions, which use the funds for any of these purposes.

Further, one key requirement for licensing of banks in India is that each bank has to have adequate exposures to the ‘priority sector’. The term ‘priority sector’ comprises activities which have national importance and have been assigned priority over other sectors for the development of India and includes categories like agriculture, micro, small and medium enterprises, education and housing. By ensuring that one of the most important pillars of the economy, being the banking system, is engaged with the priority sector, the government hopes that the economy itself is moulded in a direction which serves all sections of society.

The economic policies in India, including regulation of the banking system, are also influenced due to its membership of international economic organisations such as BRIICS, the G20 summit and treaties and agreements entered into on account of India being a member of the General Agreement on Trade in Services (GATS) under the World Trade Organisation (WTO).


Post the economic crisis in 2008, the RBI came out with a slew of measures to buttress the banking system and improve the quality of its assets. Some of these measures include:

The guidelines for securitisation of assets have been substantially modified to bring in •requirements relating to seasoning and retention / minimum holding period and minimum retention. Also, complicated securitisation structures like synthetic securitisations, and securitisations of credit card receivables, have been prohibited.




The RBI has been issuing a flurry of directions in relation to methods of identifying •bad assets and resolution in connection therewith. While the initial regulations were detailed in nature as to resolution of a bad asset, with the coming into force of the new bankruptcy code, the RBI has now restricted the regulations on large stressed assets to reporting and provisions, and now requires banks to use the provisions of the new bankruptcy code for resolution of such large stressed assets.

In 2017, the RBI revised the prompt corrective action frameworks for banks, which sets •out the manner in which the RBI will assess the capital adequacy, asset quality and profitability of banks and can suggest corrective actions in relation thereto. Pursuant to such revisions, 11 public sector banks were put under this framework, and reports have been emerging that the banks put under the framework are now showing positive results.

The RBI has also introduced the recommendations of the Basel committee in relation •to strengthening the banking system. The same is being implemented in a phased manner. The Basel III regulations were introduced in April 1, 2013; banks are required to comply with its phases, and the said regulations are required to be fully implemented by banks by March 31, 2019.

In addition to the above, the following developments are also worth noting:

The RBI has, in the year 2016, introduced regulations for on-tap licensing of banks, as •opposed to its earlier policy of deciding when to invite applicants to set up banks. This was introduced after the RBI introduced regulations for setting up small finance banks and payments banks. While small finance banks appear to be flourishing, the payments banks set-up does not appear to have met the expectations at the time the regulations were introduced.

The Insolvency and Bankruptcy Code, 2016 was introduced to govern insolvency and •related matters for all debtors, except financial service providers (which would include banks, NBFCs and HFCs), and the idea was to bring about a similar code for financial service providers, with appropriate modifications to reflect their regulatory regime. However, the same has not been brought into force as yet, and therefore there is currently a vacuum in relation to insolvency laws (which are creditor-driven) which would apply to financial service providers. To fill this gap, the Financial Resolution and Deposit Insurance Bill 2017 provided a detailed mechanism for the assessment of the financial condition of financial service providers and manner of resolution for stressed financial service providers; however, the said bill was withdrawn in the second half of 2018. Given the mismanagement alleged against IL&FS Limited, which is registered as an NBFC, there has been a clamour for commencing discussions and introducing a special statute to govern the resolution of stressed ‘financial service providers’.

The government has started focusing on digital innovations in the finance space. The •fintech industry comprises a variety of financial businesses such as online peer-to-peer lending, wealth management & asset management platforms, mobile payments platforms and money/remittance transfer, etc. The RBI in 2017 came up with master directions for NBFCs in relation to peer-to-peer lending for governing this segment. The RBI and the government have also been taking necessary steps to promote digital transactions in order to promote a cashless economy. As recently as January 2019, the RBI constituted a committee (Committee on Deepening of Digital Payments) to review the existing status of digitisation of payments in the country, identify the current gaps in the ecosystem and suggest ways to bridge them.





Every bank in India is expected to be set up in the form of a company, save and except for foreign banks, which are allowed to operate in India through branches. The BR Act sets out the key provisions to be complied with by each banking company in relation to the constitution of its board, the criteria for appointment of its directors, and the role of the board. Some of them are:

Directors must have professional or other experience, and at least 51% of the board must have special knowledge or practical experience in the identified fields like accountancy, banking and economics. Of these directors, at least two must have special knowledge in agriculture and rural economy, co-operation or small-scale industry.

A bank director must not have a substantial interest in, or be connected with (as an employee, manager or managing agent) any company or firm carrying on trade, commerce or industry which is not a small-scale industrial concern.

Directors of banks are not allowed to own a trading, commercial or industrial concern. •

Directors of banks cannot hold office continuously for a period exceeding eight years, •except for the chairman or a full-time director.

A bank cannot have a director that is a director of another bank, unless the director is •appointed by the RBI.

A bank cannot have more than three directors who are directors of companies which •are together entitled to exercise voting rights exceeding 20% of the total voting rights of the bank’s shareholders.

Each bank must appoint one director as chairman of the board. A full-time chairman •manages the bank’s affairs, subject to the superintendence, control and direction of the board.

Further, the appointment, re-appointment or termination or remuneration of a chairman, a managing or whole-time director, manager or chief executive officer, and any amendment of it, requires prior approval of the RBI, in accordance with the BR Act.

In addition to the provisions of the BR Act, the Companies Act, 2013 (CA 2013) sets out certain corporate governance standards, which would have to be complied with. Further, given that most banks which are incorporated in India are listed entities, there are various corporate governance standards that such banks are expected to follow under the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 (SEBI LODR). Under the SEBI LODR, listed entities are required to constitute the following committees, to aid the listed entity in smooth functioning and ensuring compliance with various corporate governance policies: (i) audit committee to review compliance-related matters, including related party transactions; (ii) nomination and remuneration committee to review the remuneration policies in relation to the management from time to time; (iii) stakeholders relationship committee to specifically look into various aspects of interest of shareholders, debenture holders and other security holders; and (iv) risk-management committee to set up risk-management controls and devise risk-management policies.

Additionally, there are various guidelines issued by the RBI which govern the functioning of a bank and its management, including provisions relating to conflict of interest, having an adequate compliance team and appropriate customer redressal mechanisms. In this regard:

In relation to asset liability management and risk management by banks, the RBI •guidelines on asset-liability management and risk management dated February 10, 1999




and October 7, 1999 respectively (as amended from time to time) would have to be adhered to. The asset liability management guidelines broadly cover management of liquidity and interest rate risks by banks, setting up of the asset-liability management committee, the reporting systems for capturing the liquidity and interest rate risks, and also the prudential limits for liquidity mismatches. The risk-management guidelines set out the benchmarks to be met while establishing integrated risk-management systems, covered management of credit risks, management of market risks, and development of a risk-management structure.

In relation to the staff and employees working at banks, the BR Act enables each bank •to frame regulations inter alia in relation to conditions or limitations subject to which the bank may appoint, fix remuneration, and determine terms of service and conduct of employees. The RBI has issued a Master Circular on Customer Service in Banks dated July 1, 2015 (as amended from time to time) which sets out basic criteria and conduct that the staff at banks need to follow.

In relation to outsourcing of functions by banks, the RBI issued the Guidelines on •Managing Risks and Code of Conduct in Outsourcing of Financial Services by banks dated November 03, 2006 (as amended from time to time). These guidelines set out that banks shall not outsource core management functions including internal audit, compliance functions and decision-making functions like determining compliance with know-your-customer (KYC) norms for opening deposit accounts, according sanction for loans (including retail loans) and management of investment portfolio. Further, these regulations require banks to put in place a system of internal audit to monitor all outsourced activities.

Further, RBI also inspects and supervises banking operations through on-site inspections and off-site surveillance.


The Basel III capital regulations (Basel Regulations) have been implemented in India since 1 April 2013. Appropriate transitional arrangements have been made to ensure that Basel III can be implemented smoothly. These transactional arrangements have been provided to meet the minimum Basel III capital ratios and adjustments to the capital components. Basel III capital regulations will be fully implemented in India by March 31, 2019.

All scheduled commercial banks (except regional rural banks) are required to comply with Basel Regulations and these banks are required to comply with the Basel Regulations both at solo and consolidated level.

The banks in India are required to maintain a minimum capital to risk-weighted assets ratio (CRAR). CRAR is the ratio of a bank’s capital in relation to its risk-weighted assets. As per the minimum capitalisation requirements, a bank is required to maintain a CRAR of 13% for the initial three years of commencing operations (the RBI is entitled to stipulate a higher ratio) and 9% on an ongoing basis. For determining CRAR, the RBI has prescribed the following: (i) risk weights for balance sheet assets, non-funded items and other off-balance sheet exposures; (ii) minimum capital funds to be maintained as a ratio to total risk-weighted assets and other exposures; and (iii) capital requirements in the trading book.

Apart from the minimum 9% requirement set out above, banks are also required to make certain contingent capital arrangements by maintaining a capital conservation buffer (CCB) of 2.5%, countercyclical capital buffer (CCCB) of between 0 to 2.5%, and a Tier 1 leverage ratio of 4.5%.




The RBI has licensed certain entities as payments banks. These banks are required to maintain a minimum paid-up equity capital of Rs. 100 Crore on an ongoing basis and a minimum leverage ratio of 3%. These banks are not required to maintain a CCB and a CCCB ratio.

Capital includes both Tier 1 and Tier 2 capital. Tier 1 capital, among others, includes paid-up capital, statutory reserves, stock surplus; and Tier 2 capital, among others, includes debt capital instruments, preference share capital and revaluation reserves, etc.

Commencing from April 2015, every year, the RBI categorises some banks as domestic systemically important banks (DSIBs) under different brackets, which banks are then required to maintain certain additional capital. Currently, three banks, namely State Bank of India, ICICI Bank Limited and HDFC Bank Limited, have been categorised as DSIBs. These banks are required to maintain additional Tier 1 Capital (of 0.15% to 0.75% of risk-weighted assets currently, which will increase to 0.20% to 1% for the next financial year) through common equity.

For enforcing the capital adequacy requirements as per the Basel Regulations, there is supervision at the bank level as well as at the supervisory authority level. There are various disclosures that allow market participants to assess risk exposure, the risk-assessment process and capital adequacy of a bank, which help in analysing if the banks are implementing the Basel Regulations.

For supervision at the bank level, banks are required to assess the capital adequacy of banks in relation to their risk profiles. This assessment is done by implementing an internal process called the Internal Capital Adequacy Assessment Process (ICAAP). Every bank is required to have an ICAAP, which helps the banks in identifying and measuring risks, maintaining appropriate level of internal capital with respect to the bank’s risk profile, and applying suitable risk-management systems. Banks are required to submit the ICAAP report to RBI on an annual basis.

For supervision at the supervisory authority level, which means supervision by the RBI, all banks are subject to an evaluation process called the Supervisory Review and Evaluation Process (SREP) undertaken by RBI. As part of SREP, the RBI reviews and evaluates a bank’s ICAAP, takes remedial action if such a ratio is not maintained, and indirectly evaluates a bank’s compliance with the regulatory capital ratios. The RBI may prescribe a higher level of minimum capital ratio for each bank on the basis of their respective risk profiles and risk management systems.


Customer grievances

Banks in India are subject to consumer protection laws that act as an alternative and speedy remedy to approaching courts, a process that can be expensive and time-consuming.

The Consumer Protection Act 1986 (the Consumer Protection Act) is the primary legislation governing disputes between consumers and service providers. The relationship between a bank and its customer is regarded as that of a consumer and service provider, therefore bringing them under the ambit of the Consumer Protection Act. Any complaint under the Consumer Protection Act is dealt with in the following manner:

District forum: this deals with consumer complaints of a value not exceeding 2 million •rupees.

State commission: this deals with consumer complaints of a value between 2 million •




rupees and 10 million rupees. It also hears appeals against orders passed by the district forum.

National commission: this deals with consumer complaints of a value exceeding 10 •million rupees. It also hears appeals against the orders passed by the state commission. An appeal from the order of the national commission can be directed to the Supreme Court of India.

In addition, banks are subject to the Banking Ombudsman Scheme for the purpose of adjudication of disputes between a bank and its customers. The scheme provides for a grievance-redressal mechanism, enabling speedy resolution of customer complaints in relation to services rendered by banks. The banking ombudsman is a quasi-judicial authority appointed by the RBI to deal with banking customer complaints relating to deficiency of services by a bank and facilitate resolution through mediation or passing an award. A complaint under the scheme has to be filed within one year of the cause of action having arisen.

Customer on-boarding

In relation to on-boarding of any customer, banks and other financial institutions are required to follow certain customer identification procedures (referred to as know-your-customer requirements or KYC requirements) to prevent cases of fraud as well as money laundering.

This is codified in India in terms of the provisions of Prevention of Money-Laundering Act, 2002 and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005. Under these statutory provisions, banks are required to follow certain customer-identification procedures while undertaking a transaction, by establishing an account-based relationship or otherwise monitoring their transactions. In furtherance of the principles set out therein, the RBI has also from time to time issued various guidelines to combat money laundering, and setting out detailed KYC requirements.

In terms of the regulations referred to above, banks are required to form a KYC policy which should include elements like risk management; customer-identification procedures and monitoring of transactions, etc.

The RBI has also formulated a fair practices code which sets out the guiding principles which each bank should use to arrive at an individual fair practices code, setting out the manner in which they should deal with their customers.

Other third parties – Related parties

In India, transactions with affiliates (referred to as related-party transactions (RPTs)) are essentially regulated by the CA 2013. If the bank is a listed company, it will also need to comply with the norms set out for RPTs in the SEBI LODR. Related parties, as per CA 2013, include:

directors (or their relatives); •

key managerial personnel (or their relatives); •

subsidiaries; •

holding companies; and •

associate companies. •

The SEBI LODR and CA 2013 set out thresholds and approval requirements (usually approval from board of directors or shareholders, or both) for entering into an RPT. In relation to listed companies and certain classes of public companies, i.e. (i) a public company




having a paid-up share capital of Rs. 10,00,00,000/- or more; or (ii) public company having a turnover of of Rs. 100,00,00,000/- or more; or (iii) a public company having aggregate, outstanding loans, debentures and deposits of Rs. 50,00,00,000/- or more, approval of the audit committee is also required. CA 2013 and the SEBI LODR exempt certain transactions from complying with the requirement to pass shareholder resolution or board resolution, including transactions between a company and its WOS. Further, transactions entered into in the ordinary course of business, and on an arm’s-length basis, are exempted from the approval requirements under CA 2013.

RPTs entered into by any bank must be disclosed in the bank’s annual accounts, in accordance with accounting standards. In addition to the requirements under CA 2013 and the SEBI LODR, banks are prohibited from entering into certain RPTs under the BR Act. For example, a bank cannot give loans or advances to, or on behalf of, or remit any amounts due to it by:

any of its directors (or spouse or minor children of such a director); •

any partnership firm in which any of its directors is interested as a partner, manager, •employee or guarantor;

any company or subsidiary or holding company of a company in which any of its •directors is interested as a director, managing agent, manager, employee or guarantor, or in which a director (together with its spouse and minor children) holds interest of more than 500,000 rupees or 10% of the paid-up capital of the company, whichever is lower; and

any individual in respect to whom a director is a partner or a guarantor. •

Other third parties – NBFCs

There are restrictions in relation to funding provided to NBFCs as well as outstanding of any core banking functions to NBFCs.

Banks are not permitted to provide loans to NBFCs for certain end uses such as: discounting/rediscounting of bills (except for rediscounting of bills arising from the sale of commercial vehicles and two-wheeler and three-wheeler vehicles, subject to certain conditions); or investment of a short-term or long-term nature in any company, either by way of shares/debentures etc., unsecured loans/inter-corporate deposits to/in any company, loans and advances to their subsidiaries/group entities, further lending to individuals for subscribing to Initial Public Offerings (IPOs) or for purchase of shares from secondary market.

Cross-border banking activities

Cross-border financial activities undertaken in India are governed by comprehensive frameworks such as the ECB Regulations, FEMA and the foreign direct investment (FDI) policy issued by the government from time to time, amongst others. A large number of approval items under the ECB Regulations have been deleted by the RBI to banks, which are licensed as authorised dealers (AD), and such ADs play an important role in connection with any cross-border financing transaction, whether in the form of bonds or loans. The ECB Regulations place certain end-use restrictions, limits on borrowings, procedure of raising funds, monthly reporting and other additional requirements. The ECB Regulations also govern the manner in which foreign subsidiaries or branches of Indian banks are allowed to lend to persons resident in India.







Shabnum Kajiji

Tel: +91 22 2267 0600 / Email:[email protected]

Shabnum is a partner at the firm, known for her banking and finance practice.

She is a specialist in securitisation and structured finance and represents

several leading banks and financial institutions as well as corporate

organisations raising finance. Her practice includes a large variety of debt

transactions (including debt capital market issuances, syndicated term loans,

external commercial borrowings and other offshore borrowings), transactions

between banks and financial institutions for sale of businesses, factoring and

leasing, and setting up and structuring various products offered by banks and

financial institutions (including e-commerce payment solutions). Shabnum

has also undertaken several complex restructurings (including corporate debt

restructuring) and derivative transactions. She also advises in relation to estate

planning. She completed a B.A. and LL.B. degree at Mumbai University and

was admitted to the Bar in 2001. She is also a qualified solicitor in India. She

has been with the firm since 2005.

Nihas Basheer


Nihas is a partner and part of the firm’s banking and finance practice. His

area of practice focuses on structured finance, securitisation transactions,

capital market debt instruments and project finance (both greenfield financing

and re-financing). His clients include banks, non-banking finance companies,

housing finance companies and micro-finance companies. He was selected

as the 2015 winner of the Client Choice lawyer for Securitisation & Structured

Finance in India. He completed a B.A. and LL.B. (Hons) degree from the

National University for Advanced Legal Studies, Cochin in the year 2007 and

was admitted to the Bar in the same year. He has been with the firm since

2nd Floor, N.M. Wadia Buildings, 123 MG Road, Fort, Mumbai – 400001, Maharashtra, India

Tel: +91 22 2267 0600 / Fax: +22 2267 6784

Wadia Ghandy & Co.


Indonesia

Introduction

Indonesian banks’ main functions are to manage and distribute public funds, which in turn supports national development, economic growth and national stability, towards the increase of people’s welfare. Bearing such functions and purposes, the banking sector is one of the most strictly regulated sectors in Indonesia. As of May 2018, statistics show there are 115 banks operating as Commercial Banks in Indonesia, with 10 controlling more than 50% of the market. The government has been actively encouraging commercial banks to consolidate their assets and to increase efficiency. By decreasing the number of banks in Indonesia and enlarging the assets of those that remain, the government expects to strengthen the Indonesian banking industry.

Other aspects that have been rapidly developed for the past three years are information technology and the trend for alternative financing, particularly financial technology (“Fintech”). Offering simpler alternatives to credit facilities, Fintech has created new challenges to Indonesian banks, especially in credit provision. To avoid disruptions and to synchronise these two sectors, the Indonesian Financial Services Authority (Otoritas Jasa Keuangan or “OJK”), has issued a number of new regulations.

This article aims to provide its audience an overview of key Indonesian Banking regulations and recent regulatory themes and developments of Fintech regulations.


Banking business in Indonesia is primarily governed by Law No. 7 of 1992 as amended by Law No. 10 of 1998 and its implementing regulations.

Originally, the Indonesian central bank, known as Bank Indonesia (“BI”), had the function and authority to regulate and supervise the banking industry in Indonesia. This authority was assigned to OJK as of 31 December 2013, except for the monetary function in maintaining Rupiah stability and implementing monetary policy, which are still attached to BI.

More specifically, OJK has the following authorities:

1. regulating and supervising banking institutions covering:

(a) licensing for establishment of a bank, opening of a bank’s office, articles of association, work plan, ownership, management and human resources, merger, consolidation and acquisition of a bank and revocation of a bank business licence; and

(b) business activity of bank; among others, source of funds, provision of funds, hybrid product and activities in the service;

Luky I. Walalangi, Miriam Andreta & Hans Adiputra Kurniawan Walalangi & Partners (in association with Nishimura & Asahi)



2. regulating and supervising a bank’s solvency rating, covering:

(a) liquidity, profitability, solvency, asset quality, ratio of minimum capital sufficiency, maximum limit of credit provision, ratio of loan towards deposit and bank reservation;

(b) bank report related to bank solvency rating and performance;

(c) debtor information system;

(d) credit testing; and

(e) bank accounting standard;

3. regulating and supervising a bank’s prudent aspects, covering:

(a) risk management;

(b) bank governance procedure;

(c) principle of know-your-customer and anti-money laundering; and

(d) prevention of terrorism and banking criminal act; and

4. bank examination.

Types of bank

Indonesia recognises three (3) types of banks:

(a) The Central Bank (BI)

BI has the monetary function to set and implement monetary policies and manage payment systems in Indonesia. It does not engage in conventional banking activities.

(b) Commercial Bank

Commercial Banks engage in conventional banking activities (such as providing payment traffic services and services such as providing loans and savings) and/or Sharia principle banking activities. The latter is not discussed in this article.

Based on their activities, Commercial Banks are divided into four categories called “BUKU”.

Commercial Banks with BUKU 1, which is the lowest in terms of Tier 1 Equity (below IDR 1 trillion) are only allowed to engage in general banking activities in Rupiah and act as money changers. In contrast, those with BUKU 2, 3 and 4 are authorised to engage in Rupiah and foreign currency banking activities with a broader scope, including agency activities and cooperation, payment systems and electronic banking, capital participation in non-financial institutions for credit rescue, and capital participation in other financial institutions. The differences are: for those with BUKU 2, their capital participation is limited only to Indonesian financial institutions; for BUKU 3: they are allowed to participate in financial institutions in Asia; whilst for BUKU 4, the participation is open to financial institutions worldwide.

As a general rule, Commercial Banks are prohibited to conduct the following activities:

- capital participation in non-financial institutions (with certain temporary exceptions, for example in the case of recovering a credit failure of a non-financial institution);

- insurance business; and

- those beyond determined by the law.

(c) Rural Bank (Bank Perkreditan Rakyat or “BPR”)

BPR focuses on the provision of loans to small and medium enterprises. Unlike a Commercial Bank, BPR does not provide payment traffic services.

Walalangi & Partners (in association with Nishimura & Asahi) Indonesia



Maximum shareholding in a Commercial Bank

A Commercial Bank can be established by Indonesians or jointly between Indonesians and foreigners (either individuals or legal entities), with a maximum foreign participation of 99% of the total issued and paid-up capital.

Nonetheless, individually, a party’s maximum ownership in a Commercial Bank under OJK Regulation No. 56/POJK.03/2016 (“OJKR 56”) is limited to:

40% of the bank’s capital: for banks or other non-bank financial;

30% of the bank’s capital: for a non-financial legal entity;

20% of the bank’s capital: for an individual.

The above does not apply to Commercial Banks with existing shareholders exceeding the threshold prior to the issuance of OJKR 56, so long as the relevant Commercial Bank has soundness level 1 or 2. However, it is to be noted here that the exception will be voided, and the relevant Commercial Bank must adjust its shareholding composition to the prescribed threshold if any of the following events occurs (“Triggering Events”):

(a) the Commercial Bank’s soundness level has deteriorated to Level 3, Level 4 or Level 5 for three consecutive assessment periods; or

(b) the relevant shareholder exceeding the threshold voluntarily sells its shares to any other party.

Single presence policy

OJK, through OJK Regulation No. 39/POJK.03/2017 concerning Single Ownership in Indonesian Banking (“OJKR 39/2017”), restricts a party to become a controlling shareholder in only one Commercial Bank, and requires the implementation of the so-called single presence policy.

Exemptions apply in the case where it is: (i) a controlling shareholder in two Commercial Banks, where one is a conventional bank and the other is a Sharia bank; and/or (ii) a controlling shareholder in two Commercial Banks, where one of them is a joint venture Commercial Bank.

In the event a party purchases shares of a Commercial Bank resulting in it becoming the controlling shareholder in more than one Commercial Bank, it is required to:

(a) at the latest one year after the closing of the share purchase, (i) merge or consolidate the controlled Commercial Banks, or (ii) establish a Holding Company in the form of a PT; or

(b) at the latest six months after the closing of the share purchase, establish a holding function (a function established within the controlling shareholder to consolidate its controlled Commercial Banks).


The massive development of Fintech business in Indonesia since 2016 has led the government to regulate Fintech and to introduce a number of Fintech regulations, including on peer-to-peer landing. In the banking sector, BI has recently issued a regulation on Integrated Services of Banking Licensing.

Financial technology (Fintech)

In the past two years, the Indonesian market has seen the rise of technology-based start-up companies that stimulate the rapid development of technology-based transactions (including technology-based “unicorn”1 companies such as Go-Jek, Tokopedia and Traveloka2).




To accommodate and support the significant growth of Fintech business in the Indonesian market, OJK and BI have issued a number of regulations to support the healthy growth of the business. The most relevant are briefly discussed below:

1. In 2016, OJK issued OJK Regulation No. 77/POJK.01/2016 on information technology-based loan arrangements (peer to peer lending services on technology information basis – P2P) (“OJKR 77”)), laying out requirements applicable for P2P platform administrators or P2P companies, such as, among others: registration and licensing, minimum capital requirement (IDR 1 billion upon registration and IDR 2.5 billion upon application for P2P licence) and maximum 85% foreign ownership. OJKR 77 imposes obligations on P2P companies to ensure security and reliability of their electronic system, protection of confidential information and data security system (with the server located in Indonesia), and to implement an anti-money laundering programme and anti-terrorism funding.

OJKR 77 limits P2P debtors only to Indonesian citizens domiciled in Indonesia, with a maximum loan amount of IDR 2 billion (approximately US$ 160,000) per debtor.

OJKR 77 distinguishes the P2P agreements into two: (a) agreement between the lender and the P2P Company; and (b) agreement between the lender and the debtor, both to be made in electronic form and signed electronically. The loan agreement between the P2P Company and the lender must contain certain minimum provisions stipulated in OJKR 77, such as: identity of the parties; loan amount; interest rate; default interest/penalty; collateral/security (if any); rights and obligations of each party; and dispute settlement mechanism.

OJKR 77 strictly prohibits a P2P Company from acting as a lender, a debtor or a guarantor, and requires a P2P Company to be liable for any loss caused by the fault or negligence of its directors or employees.

As OJKR 77 imposes a requirement to obtain consent from OJK for any change of shareholder of a P2P Company, any potential investor should take into consideration the timing for obtaining OJK’s consent for acquisition of an existing P2P Company.

2. Following OJKR 77, BI Regulation No. 19/12/PBI/2017 on the Implementation of Financial Technology (“BIR 19”) was introduced by BI, regulating the supervision of all Fintech activities in Indonesia with the following characteristics:

- innovative;

- may cause disruption to existing financial-service products, services, technologies and/or financial business models;

- offers benefits for customers;

- usable in a widespread manner; and

- other criteria(s) as may be determined by BI.

BIR 19 classifies Fintech activities into the following categories:

1. Payment systems – covering clearing, final settlement, and payment processing (e.g., blockchains or distributed ledgers technology for fund transfer, electronic money, electronic wallet and mobile payments).

2. Market support – facilitating faster and cheaper distribution of information related to financial products and/or services to the public (e.g. provider of data comparison of certain financial services/products).

3. Investment management and risk management – e.g., online investment products and online insurance).




4. Lending, financing/funding and capital raising – e.g., P2P, financing or crowd-funding.

5. Other financial services – BIR 19 requires all Fintech operators conducting payment system services to register themselves with BI starting from 30 December 2017, with the exemptions of: (a) existing licensed Payment System Service Providers (such as banks); and/or (b) Fintech organisers under the supervision of other authorities (for example P2P companies, which are under the regime of OJK), provided that they do not perform payment system services.

One of the key concepts introduced by BIR 19 (and its implementing regulations) is the so-called Regulatory Sandbox. The Regulatory Sandbox is BI’s supervised platform that can be used by Fintech organisers to test their services/products in a live environment for a certain period, particularly to determine whether the services/ products, technology and/or business model to be offered/used are in compliance with the regulations. BI uses this to assess Fintech organisers’ capability to meet the requirements, before issuing the necessary business licence/approval/ recommendation.

3. While BIR 19 focuses on those conducting payment system services, in 2018, OJK issued OJK Regulation No. 13/POJK.02/2018 (“OJKR 13”) setting out the regulatory framework for digital financial innovation (“DFI”). OJKR 13 applies to DFI operators (“Operators”) conducting DFI businesses with the following criteria:

- being innovative and future-oriented;

- using information and communication technology as the primary means of providing services to consumers in the financial services sector;

- supporting financial inclusion and literacy;

- being beneficial and accessible to the public;

- compatible for integration into existing financial services;

- adopting a collaborative approach; and

- complying with consumer and data protection requirements.

OJKR 13 classifies DFI activities into the following categories, among others:

1. Transaction Settlement – covering all transaction settlements, including investment settlement.

2. Capital Accumulation (Equity Crowdfunding) – including, among others, equity crowdfunding, virtual exchange, smart contracts, and alternative due diligence.

3. Investment Management – including, among others, advanced algorithms, cloud computing, capabilities sharing, open source information technology, automated advice and management, social trading, and retail algorithmic trading.

4. Fund Accumulation (Crowdfunding) and Funding Channelling – including, among others, peer-to-peer lending, alternative adjudication, virtual technologies, mobile 3.0, and third-party application programming interface.

5. Insurance – including, among others, sharing economy, autonomous vehicles, digital distribution, and securitisation and hedge funds.

6. Market Support – including, among others, artificial intelligence/machine learning, machine-readable news, social sentiments, big data, market information platforms, and automated data collection and analysis.




7. Other Supporting Activities – including, among others, social/eco crowdfunding, Islamic digital financing, e-waqf, e-zakat, robo-advice, and credit scoring.

8. Other Financial Services Activities – including, among others, invoice trading, tokens, vouchers, and blockchain application-based products.

Recordation

According to OJKR 13, all eligible Operators, except for those having been registered with OJK and/or having obtained a licence from OJK prior to the issuance of OJKR 13, must register themselves with OJK for recordation. It is unclear whether a registered Operator that introduces or commences a new DFI business model outside the scope of its existing registration certificate/licence must undergo the recordation process and apply for new registration.

Regulatory Sandbox

OJKR 13 also introduces the so-called “Regulatory Sandbox” which is a testing mechanism by OJK to assess the reliability of the Operator’s business process, business model, financial instrument and corporate governance. Under OJKR 13, OJK has the right to determine which Operators are eligible to undergo the Regulatory Sandbox process for a maximum period of 1 (one) year, extendable for another 6 (six) months.

The criteria for an Operator’s participation in the Regulatory Sandbox, among others, include the following: (i) recorded as an Operator with the OJK; (ii) registered with the relevant association of the Operator; and (iii) introducing a new business model.

Although OJKR 13 mandates the issuance of an OJK Circular Letter as an implementing regulation for the Regulatory Sandbox, such OJK Circular Letter has not been issued to date. In the absence of the OJK Circular Letter as the implementing regulation, it is unclear whether it means Operators not required to go through the Regulatory Sandbox can proceed directly with the registration process, as OJKR 13 is silent on this matter.

Based on the result of the Regulatory Sandbox, OJK will determine the status of the Operator, which may fall into one of the following:

- “recommended”: the Operator can proceed with the registration stage;

- “subject to improvement”: the Operator must, within six months, take remedial actions to improve its model; or

- “not recommended”: the Operator will be automatically delisted from recordation.

Registration

Upon receiving the “recommended” status, an Operator must apply for registration with OJK within six months, otherwise, its “recommended” status will be revoked. According to OJKR 13, other Operators having the same DFI business format as the Operators that have obtained “recommended” status from the OJK, should be entitled to directly submit an application for registration to OJK. Having obtained the “registered” status, an Operator is entitled to set out or use its registration number in offering or marketing its products or services.

Apart from being subject to the recordation requirement and Regulatory Sandbox, Operators are obliged to, among others:

- implement the principle of independent monitoring;

- submit periodical reports to OJK, including a self-assessment report;

- place its data centre and disaster recovery centre in Indonesia;




- provide an IT-based customer service;

- comply with personal data privacy requirements, anti-money laundering and counter terrorism funding, consumer protection laws and regulations; and

- provide information to its customers on the status of their applications.

Integrated services of banking licensing

To improve banking licensing services and coordination between BI and OJK, BI (through the issuance of BI Regulation No. 19/13/PBI/2017 on One-Stop Integrated Services for the Operational Affairs of Commercial Banks with Bank Indonesia – enacted on 15 December 2017), introduced an integrated-service facility for the granting of licences related to operational affairs between the Commercial Banks and BI. The licences cover, among others: (i) participation in monetary operations; (ii) issuance of money-market instruments; (iii) BI – Real Time Gross Settlements (BI-RTGS); (iv) BI Script-less Securities Settlement System (BI-SSSS); (v) BI clearing system (SKNBI); (vi) intra-day liquidity facility; and (vii) bank’s offshore loan.


As institutions that play a significant role in the country’s economic welfare, Commercial Banks are highly monitored and heavily regulated by OJK, including on their corporate governance. Through OJK Regulation No. 55/POJK.03/2016 on the Implementation of Commercial Bank’s Governance (“OJKR 55”), OJK requires all Commercial Banks to implement good corporate governance principles (“GCG”), among others on minimum requirements for directors, commissioners and other specific internal governance, as briefly discussed below.

Board of Directors (“BoD”)

OJKR 55 requires a Commercial Bank to have minimum three directors, one of whom is to be appointed as the President Director, who must be independent from the controlling shareholder(s).

Each Director must pass OJK’s fit and proper test requirement and be domiciled in Indonesia. In addition, OJKR 55 requires more than 50% of all members of BoD (majority members of BoD) to have a minimum of five years’ experience as a bank’s executive officer.

OJKR 55 requires BoD to establish, at least, the following working units:

- internal audit unit;

- risk management unit and risk management committee; and

- compliance unit.

A director of a Commercial Bank is prohibited to, among others:

- hold multiple positions as a director, a commissioner or executive officer in other banks, companies and/or institutions;

- hold more than 25% of issued shares of other companies, either individually or collectively with another director;

- have an extended family member (until the 2nd degree) working at the same Commercial Bank as a director and/or a commissioner;

- grant a general power of attorney to any other party to assign his duties and function as a director; and

- gain a personal benefit from the Commercial Bank.




Board of Commissioners (“BoC”)

A Commercial Bank must have at least three commissioners (one of them is to be appointed as the President Commissioner), with a minimum 50% of the members being independent commissioners. All commissioners must pass OJK’s fit and proper test, and at least one BoC member must be domiciled in Indonesia. The number of BoC members must not exceed the number of BoD members.

Except for the restriction on holding shares in another Commercial Bank or company, the restrictions on BoD apply to Commissioners of a Commercial Bank, mutatis mutandis.

To support the effective implementation of its supervisory duties, the BoC is required to establish, at least, the following committees:

(a) Audit Committee to perform monitoring and evaluation of internal and external audit functions and to provide recommendations to the BoC;

(b) Risk Monitoring Committee to perform evaluation of risk-management policy and its implementation, the risk-management committee’s and the risk-management unit’s duties, and to provide recommendations to the BoC;

(c) Remuneration and Nomination Committee to: (i) perform evaluation and recommendation of the remuneration policy and ensure compliance of remuneration policy with the regulation; and (ii) provide recommendations to the BoC on the selection system and procedure of change of the BoD and BoC Audit Committee and Risk Monitoring Committee.

Other GCG:

(i) conduct portfolio diversification by spreading out its funding distribution;

(ii) observe compliance with the maximum threshold of credit provision, particularly for the provision of credit to its related parties and large exposures funding;

(iii) prepare and submit strategic corporate and business plans to OJK;

(iv) implement information transparency principles on (a) financial and non-financial condition, and (b) products and utilisation of customers’ data;

(v) ensure sufficiency of management information; and

(vi) perform periodic self-assessment on the implementation of GCG.


The minimum issued and paid-up capital of a Commercial Bank is IDR 3 trillion (approximately US$ 220 million).

To ensure the sufficiency of funds and the soundness level of a Commercial Bank, the regulations set the following requirements:

Risk-based Capital Adequacy Requirements (“CAR”)

OJK Regulation No. 11/POJK.03/2016 (as amended – “OJKR 11”) requires Commercial Banks to maintain a minimum capital in accordance with their risk profile, as elaborated below:

1. 8% of the weighted assets by risk for Commercial Banks with risk profile ranking 1 (on the basis of Commercial Banks’ soundness level);

2. 9% ≤ 10% of the weighted assets by risk for Commercial Banks with risk profile ranking 2;

3. 10% ≤ 11% of the weighted assets by risk for Commercial Banks with risk profile ranking 3; or




4. 11% to 14% of the weighted assets by risk for Commercial Banks with risk profile ranking 4 or 5.

The elements for “weighted assets by risk” are credit risks, operational risk and market risk.

In addition, Commercial Banks are also required to maintain:

1. Capital Conservation Buffer, gradually up to 2.5% of the weighted assets by risk by 1 January 2019;

2. Countercyclical Buffer, between 0%–2.5% of the weighted assets by risk; and/or

3. Capital Surcharge for a Domestic Systemically Important Bank (D-SIB) between 1% to 2.5% of the weighted assets by risk.

OJKR 11 provides that all the above requirements, including CAR, must be fulfilled by the Common Equity Tier 1 (i.e., issued capital and disclosed reserve).

Macroprudential Intermediation Ratio (“MIR”)

In 2018, BI issued Regulation No. 20/4/PBI/2018 (“BIR 20”) where it introduces the MIR concept, being the ratio of: (a) the loan channelled by a Commercial Bank in Rupiah and foreign currency; and (b) certain qualified corporate commercial papers owned by the Commercial Bank in Rupiah and foreign currency against: (x) the Commercial Bank’s obligation towards its customers in the form of gyro, savings, time deposits in Rupiah and foreign currency (excluding intra-bank fund); and (y) certain qualified commercial papers issued by the Commercial Bank in Rupiah and foreign currency to raise source of funding. MIR is introduced to enhance the previously known as Loan to Funding Ratio (“LFR”) by adding component #(b) into the ratio calculation to determine the amount of the Commercial Bank’s mandatory deposit with Bank Indonesia (“MIR Deposit”). Under BIR 20, in addition to CAR, to ensure asset liquidity of Commercial Banks for the sake of monetary stability, BI requires every Commercial Bank to maintain its MIR within 80%-92% (or more if it maintains its CAR at a minimum level of 14%). If a Commercial Bank’s MIR exceeds the threshold or less than the bottom limit, it is required to maintain a MIR Deposit. Failure to fulfil the obligation to maintain a MIR Deposit (if applicable) will be subject to certain administrative sanctions in the form of warning letter and fines.


Commercial Banks are required to carry a trust duty to their customers. Based on this principle, the banking regulations impose a due care obligation on every Commercial Bank in performing its business and managing customers’ funds, some of them are as described below:

Customer Due Diligence (“CDD”) and Enhanced Due Diligence (“EDD”)

OJK, through its OJK Regulation No. 12/POJK.01/2017 concerning Implementation of the Anti Money Laundering Program and Terrorism Funding Prevention in the Financial Services Sector (“OJK Regulation No. 12/2017”), requires every Financial Service Organiser (including Commercial Banks) to identify, assess and understand the risk of money laundering and/or terrorist funding related to, among others, the customers. Based on OJK Regulation No. 12/2017, Commercial Banks must conduct the CDD and EDD.

(i) CDD

CDD are activities in the form of identification, verification and supervision conducted by Commercial Banks to ensure the transactions are in accordance with the profile, characteristic and/or pattern of customers’ transactions.




Commercial Banks are obliged to conduct CDD when:

- they conduct business relations with customer candidates;

- there is a financial transaction with Rupiah currency and/or foreign currency in the minimum amount of or equal to IDR 100,000,000;

- there is a fund transfer;

- there is an indication of a suspicious financial transaction related to money laundering and/or terrorism funding; or

- the Commercial Banks are in doubt on the accuracy of information provided by customer candidates, customers, attorneys and/or beneficial owners.

(ii) EDD

EDD is a more thorough CDD action conducted by Commercial Banks focusing on High Risk Customers, including Politically Exposed Persons. High Risk Customers are customers who, based on their background, identity and history, are considered to have a high risk of conducting activities related to money laundering and/or terrorism funding, while Politically Exposed Persons are persons authorised by their countries or international organisations to conduct prominent functions (among others, heads of state, senior politicians, military officers, important officials in political parties and senior managers of international organisations).

Examples of EDD are, among others: (i) seeking additional information on prospective customers such as their occupation, list of assets, etc., reason for transaction and source of fund and assets; (ii) obtaining approval from the higher-level position before proceeding with the transaction; and (iii) conducting stricter evaluation by adding the evaluation period and observing the customer’s transaction pattern.

1. Transparency on Banking Products and Usage of Customers’ Personal Data

Under BI Regulation No. 7/6/PBI/2005 concerning Transparency on Banking Product Information and Usage of Customers’ Personal Data, Commercial Banks must implement transparency of: (i) information on banking products; and (ii) usage of customers’ personal data through their policies and written procedures.

(i) Transparency of Information on Banking Products:

- to provide complete and clear written information on the characteristic of every banking product in Bahasa Indonesia and to deliver the information to the customers verbally or in writing;

- to notify customers on every amendment, supplement and/or reduction to the characteristics of banking products prior to the effectiveness of such amendment, supplement and/or reduction; and

- to provide an information service that is easy to access by public.

(ii) Transparency of Information on Usage of Customers’ Personal Data: A Commercial Bank must obtain customers’ consent before providing and/or distributing customers’ Personal Data to other parties for commercial purposes, including personal data of an individual or a group of people obtained from other parties.

2. Settlement of Customers’ Complaints

On 10 September 2018, OJK issued OJK Regulation No. 18/POJK.07/2018 (“OJKR 18”) whereby it regulates complaints settlement for the financial services provider (“FS Provider”), among others, Commercial Banks, Insurance Companies, Finance




Companies, and P2P. OJKR 18 will come into effect six months as of its issuance date (i.e. 10 March 2018) and upon the effective date, BI Regulation No. 7/7/PBI/2005 and BI Regulation No. 10/10/PBI/2008 will be revoked.

OJKR 18 requires the FS Provider to settle every dissatisfaction statement from customers or their representative caused by financial loss that is suspected to be caused by the Commercial Banks’ fault or negligence (“Complaints”) within five business days (for verbal Complaints) or 20 business days (for written Complaints). The FS Provider must determine policy and written procedures on the same and establish a specific unit and/or function to handle and settle Complaints.

3. Banking Mediation

Disputes in Indonesia are generally settled through court proceedings or alternative dispute resolutions (i.e., negotiation, mediation and arbitration). Nonetheless, as specifically provided under BI Regulation No. 8/5/PBI/2006 (as amended) concerning Banking Mediation, disputes resulting from unfulfilled customers’ financial claims may be settled through banking mediation.

Banking mediation is conducted by an independent banking mediation institution established by the banking association. Banking mediation may only be conducted for disputes with financial claims in the maximum amount of IDR 500,000,000.

4. Outsourcing

Commercial Banks are generally not allowed to outsource their works, unless the works meet the following criteria set by OJK Regulation No. 9/POJK.03/2016:

- low risk;

- do not require high banking competency and skills qualification; and

- do not directly relate to operational decision-making.

Some examples of the above supporting works are: call centre services; marketing (telemarketing, direct sales or sales representative); secretary or cleaning service.

* * *

Endnotes

1. Valuation exceeding US$ 1 billion.

2. https://tirto.id/melihat-perjalanan-4-startup-unicorn-asal-indonesia-cAdQ.






Luky I. Walalangi


Luky Walalangi is an expert and a leading lawyer in M&A, Banking and Finance

and Real Estate, with more than 17 years of experience, whom Asialaw Profiles

cites as “one of the best corporate lawyers in Indonesia”. He is well respected

and highly regarded among leading M&A and finance practitioners, including

by the top legal surveys, and continues to be recognised by international law

journals such as Chambers Asia Pacific, IFLR 1000, Asia Pacific Legal 500 and

Asialaw. He was recognised by Asia Business Law Journal 2018 as one of the

A List: Indonesia’s Top 100 Lawyers and was nominated as Managing Partner

of the Year by ALB Indonesia Law Awards 2018. He is regarded by Chambers Asia Pacific 2019 as Leading Individual in M&A and Corporate, by IFLR 1000

as a highly regarded lawyer 2018 and leading lawyer in banking, competition,

M&A, project finance, and real estate finance and regarded by IFLR 1000 2019

as Leading Lawyer – Highly Regarded.

Luky has been assisting various foreign companies in their complex

investments, global banking and financial groups on major finance transactions.

Miriam Andreta


Miriam Andreta is an Indonesian qualified lawyer, expert and has extensive

knowledge in Mergers & Acquisitions, Banking & Finance, Oil & Gas and

Antitrust matters.

Before joining W&P, she was a partner in one of the biggest firms in Jakarta,

with 13 years of experience acting for both foreign and domestic lenders in

high profile syndication financing to Indonesian companies (including issuance

of bonds and Medium-Term Notes).

She was listed as one of “40 Under 40” by Asian Legal Business 2018, one of

the Top 5 Finalists of Young Lawyer of the Year in the 5th Annual Asian Legal Business Indonesia Law Awards 2018, and shortlisted as Woman Lawyer of

the Year in the 5th Annual Asian Legal Business Indonesia Law Awards 2018.

Hans Adiputra Kurniawan


Hans Adiputra Kurniawan is a bright and talented Indonesian lawyer, with

more than seven years of experience in various banking and finance, FDI and

M&A. In the areas of banking and finance, he has been involved in major

syndication loans (including debt restructuring and power projects), bond-

issuances as well as general advisory. He has also been part of a team

representing leading global banking and financial groups on major finance

transactions, sophisticated fund-raising projects as well as number of major

electricity projects in Indonesia.

Pacific Century Place, 19th floor, SCBD Lot 10, Jl Jend Sudirman Kav 52-53, Jakarta Selatan 12190, Indonesia

Tel: +62 21 5080 8600 / Fax: +62 21 5080 8601 / URL: www.wplaws.com

Walalangi & Partners (in association with Nishimura & Asahi)


Italy

Introduction

Since the global financial crisis broke out, significant developments have affected the banking regulatory framework, thus opening the door to a period of structural reforms aimed at reviewing rules, and authorities’ tasks. In particular, such reforms, supervised by the work of two major global bodies (the Basel Committee and the Financial Stability Board), have been guided by the aims of containing the risks taken by the intermediaries and minimising the likelihood of State aids.

In this context, the intervention of the European legislator has become increasingly pervasive, often resulting in a progressive restriction of the Italian legislative discretion: several innovative rules having immediate and uniform application have been introduced for banks and investment firms. The result of such reforms has been, inter alia, the increase of capital ratios, the anticipation of the crisis warning threshold and the strengthening of intervention and sanction powers.

Also in the light of the above regulatory changes, some Italian banking firms have been pushed to reorganise their group structures in order to optimise the use of capital resources, so as to comply with the capital requirements.

Moreover, in the context of the Single Supervisory Mechanism (the “SSM”), several supervisory powers granted under Italian law have been conferred on the European Central Bank (“ECB”).

In addition to the above, new issues are arising due to the technological progress which has been affecting the banking and financial institutions (among others, electronic payments, robo-advice, Initial Coin Offerings and other blockchain technology-based applications). From this point of view, a particularly difficult challenge for regulators and banks comes from the need to adapt both the regulatory framework and the business models to a changing environment.

The stringent regulatory and supervisory parameters which the intermediaries have to comply with, and the development of innovative technologies which are digitalising the economy, are facilitating the access to the market of new players such as the so-called big tech and fintech operators. The emergence of these new players in the financial industry scene represents not only a major step forward in the development of the financial sector but also a further element of competitive pressure on the European banking sector. Although it must be recognised that this pressure may have positive effects (such as the promotion of alternative financing channels and the improvement of the quality and price of banking services), such changes in the banking sector require an adequate new legal framework.

Marco Penna, Giovanna Tassitano & Gabriele Conni Legance – Avvocati Associati



Another topical issue will concern the operations in Italy of banks based in the United Kingdom after “Brexit” has been fully completed. In fact, for all those banks currently providing services in Italy under the “passport regime”, it may become necessary to obtain a licence to operate in Italy. On this matter, it is worth mentioning that the Ministry of Economy and Finance recently informed the market that certain measures will be adopted in case of a “hard Brexit” to “ensure the full continuity of markets and intermediaries in the event that the United Kingdom leaves the European Union without agreements”. These measures will be aimed at ensuring the financial stability, integrity and business continuity of markets and intermediaries and the protection of depositors, investors and customers in general, and will introduce an appropriate transitional period during which financial institutions may continue to operate as they have been doing so far.


Banking supervision

The key bodies in charge of supervising Italian banks are: (i) the Bank of Italy; and (ii) the National Commission for Companies and Stock Exchange (“Commissione Nazionale per le Società e la Borsa”; “CONSOB”).

The supervisory responsibilities of the Bank of Italy and CONSOB are divided according to the functions of supervision rather than the entities to be supervised. The Bank of Italy carries out supervisory activities aimed at ensuring both stability and transparency with reference to banks, banking groups and other entities governed by the Italian Legislative Decree No. 385/1993 (the “Italian Banking Act”). On the other hand, CONSOB is responsible for the transparency and fairness of conduct of banks when offering investment services.

The Bank of Italy is competent for the supervision of all the banks which do not fall within the scope of the ECB direct supervision under the SSM (i.e., the so-called “less significant banks”). In addition, the Bank of Italy assists and supports the ECB to perform the tasks conferred on it by the SSM (e.g., the Bank of Italy provides the ECB with proposals for decisions regarding the release or withdrawal of authorisations of credit institutions and the acquisition of qualifying holdings in Italian credit institutions).

The Bank of Italy’s activity – as well as the activity of the Interministerial Committee for Credit and Savings (“Comitato interministeriale per il credito e il risparmio”) and the Ministry of Economy and Finance, also having certain tasks such as establishing general principles and criteria to be followed in the exercise of supervisory powers – is aimed at ensuring the sound and prudent management of supervised entities; the overall stability, efficiency and competitiveness of the financial system; and compliance by supervised entities with the applicable law and regulatory provisions.

Moreover, the Bank of Italy has relevant powers of inspection. In fact, it may carry out inspections and request the exhibition or transmission of documents and any other useful information from the supervised entities. On the basis of the results of such controls, the Bank of Italy may consequently take the most appropriate initiatives, possibly applying administrative sanctions.

The Bank of Italy is also in charge of verifying compliance, by the subjects it supervises, of the anti-money laundering legal framework and the adequacy of their organisational and procedural structures.

CONSOB is in charge of, inter alia, regulating the provision of investment services and activities in order to ensure transparency and fairness of conduct of intermediaries vis-à-vis

Legance – Avvocati Associati Italy



investors. In addition, it manages reporting obligations for listed companies, and regulates the offer to the public of financial instruments. Since, pursuant to the Italian Banking Act, investment services and activities may be offered also by banks, supervision of banks falls within the competencies of CONSOB.

As already pointed out above, in the context of the SSM, the ECB is also entrusted with several supervisory competencies. In particular, the ECB directly supervises the so-called “significant credit institutions”. The criteria for determining whether banks are considered significant and consequently fall within the ECB’s direct supervision are set forth in Regulation (EU) No. 1024/2013 (SSM Regulation) and Regulation (EU) No. 468/2014 (SSM Framework Regulation). In particular, among other criteria, banks whose assets have a total value of more than €30 billion, or those banks which are important for the economy of a specific country or for the EU as a whole, are considered as “significant credit institutions”.

Finally, although the European Banking Authority (“EBA”) and the European Securities and Markets Authority (“ESMA”) do not have direct supervisory powers over Italian banks, they provide essential inputs by developing standards and guidelines which are then adopted by the EU Commission and taken into account by Italian authorities in their supervisory activity.

Key legislation

Since the legislative production of the EU has created the basis for most of the Italian banking legislation in the latest years, often through immediately applicable regulations, the Italian banking sector is now almost completely regulated by provisions which are directly or indirectly derived from EU legislation.

Beside the EU provisions, the Italian Banking Act (amended from time to time in order to implement European directives) and implementing regulations adopted by the Bank of Italy set forth the legal framework applicable to banking activity in Italy.

In addition to regulating access to banking activity (process for obtaining a banking licence and criteria to be met for this purpose), the Italian Banking Act also deals with other issues such as: the regulation of financial intermediaries other than banks (i.e., entities which do not hold a “full banking licence” and are only entitled to extend financings), as well as of payment institutions and electronic money institutions; the resolution of banks in crisis; and the transparency and fairness of contractual terms and conditions, and of the relationships with customers and the applicable sanctions (it is important to point out that conducting a banking activity without being licensed constitutes a criminal offence in Italy).

Further to the Italian Banking Act, a number of other regulatory sources regulate the Italian banking system. For instance, Italian Legislative Decree No. 58/1998 (the “Italian Financial Act”), being aimed at regulating, inter alia, investment services and activities, contains some provisions applicable to banks where they provide such services.

Among legislative sources of secondary rank applicable to banks, it is worth mentioning two main regulations issued by the Bank of Italy: (i) Regulation No. 229/1999 (“Regulation 229”); and (ii) Regulation No. 285/2013 (“Regulation 285”). Most of the provisions contained in Regulation 229 have been repealed or replaced by the provisions of Regulation 285, which constitutes a fundamental supervisory framework for Italian banks. Indeed, Regulation 285 includes the vast majority of the rules applicable to Italian banks implementing the provisions of Directive 2013/36/EU (“CRD IV”) and regarding the application of Regulation (EU) No. 575/2013 (“CRR”).




Moreover, CONSOB and the Bank of Italy, besides the European authorities, periodically publish interpretations, guidelines, regulations and decisions on various topics which are worth being taken into account by Italian banks in assessing their compliance with the regulatory framework.

Recent regulatory themes and key regulatory developments in italy

As a consequence of the 2008’s global financial crisis, the European legislator has adopted two provisions aimed at mitigating risks arising from the financial and banking activities: Directive 2014/59/EU (“BRRD”) and Regulation (EU) No. 806/2014 (“SRM Regulation”). The SRM Regulation introduced the Single Resolution Mechanism, which is competent for the resolution of significant credit institutions, cross-border banking groups, other banks supervised by the ECB and for banks whose resolution requires the use of the Single Resolution Fund.

Furthermore, Legislative Decree No. 72/2015, implementing in Italy CRD IV, introduced significant novelties with reference to the Italian Banking Act and contributed to reorganise the regulatory framework applicable to banks. In particular, such decree contained new governance provisions with regard to, inter alia, requirements for directors and shareholders. The said implementing Decree No. 72/2015 also introduced a mechanism for the reporting duties both to the supervisory authorities and to the bank staff (so-called whistleblowing).

The above-mentioned regulatory developments have also provided national authorities with enhanced supervisory and enforcement powers. Among the other new legal provisions, one of the most significant innovations concerning this issue is the power attributed to the Bank of Italy to remove the directors or the administrative body of the supervised banks (so-called “removal power”) provided for by the BRRD.

In particular, the Bank of Italy may now exercise its removal powers in two different circumstances. The first one is regulated by Article 53-bis of the Italian Banking Act and allows the Bank of Italy to order the removal of one or more corporate representatives (“individual removal”) if their continued office is prejudicial to the sound and prudent management of the bank. A second case of removal power is provided for by Article 69-vicies-semel of the Italian Banking Act. Pursuant to such Article, the supervisory authority may order the removal of all the members of the administrative and control bodies of the banks (or of the parent company of a banking group), as well as order the removal of one or more members of the senior management at the same institutions, if some conditions are met (such as the presence of serious irregularities in the administration).

In respect of the derivatives trading rules that are applicable to banks and financial institutions operating in Italy, it must be said that since derivatives bring certain risks for the stability of the financial infrastructures, this matter has been tightly regulated by the European legislator. In fact, in 2012 the EU adopted the Regulation (UE) No. 648/2012 (“European market infrastructure regulation” or “EMIR”) with the purpose of increasing transparency in the OTC derivatives markets, mitigating credit risk and reducing operational risks.

Although further regulatory reforms in the fintech area are expected to be adopted soon by the Italian legislator, regulatory sandboxes, waivers or specific regulatory frameworks applicable to the Fintech operators have not been created yet. From this point of view, the Bank of Italy has only created a contact point, the so-called “Canale Fintech”, which is a direct channel through which Fintech operators may plan projects in the field of financial services with innovative features relating to both the type of services offered and the technology used to provide them (e.g., blockchain, artificial intelligence, machine learning,




big data). In this way, the Bank of Italy aims at accompanying the innovation processes within the regulatory framework and facilitating communications with fintech operators.


The corporate governance rules for banks are mainly provided for by the Italian Banking Act and by Regulation 285. Furthermore, banks listed on the stock exchange may also decide to comply with the Corporate Governance Code (“Codice di Autodisciplina per le Società quotate”) issued by the Italian stock exchange (Borsa Italiana S.p.A.).

According to Article 26 of the Italian Banking Act – as amended upon the transposition in Italy of CRD IV provisions – individuals performing administrative, management and control functions at Italian banks are required to meet certain requirements in order to be considered as “suitable” for the performance of their duties. In particular, directors and auditors need to meet integrity, professional, and independence requirements, possess sufficient knowledge, skills and experience, and commit sufficient time to perform their functions.

The banks’ boards of directors verify the fulfilment of said requirements by examining the documentation provided by any single member. The relevant meeting minutes are then transmitted and assessed by the regulator.

A Ministerial Decree providing for further details as to all the above-mentioned requirements is expected to be published in the next months. Indeed, a consultation process has already taken place but the final version of the document has not been enacted yet.

In the absence of the said Ministerial Decree, the former version of Article 26 of the Italian Banking Act still applies, as well as the implementing rules provided for by Ministerial Decree No. 161/1998.

With regard to the independence requirement, Regulation 285 expressly states that “in the body charged with the strategic supervision function, at least one quarter (1/4) of the members shall meet independence requirements”.

As to internal committees, Regulation 285 requires banks of greater size or operational complexity to set up three specialised committees, namely the “appointments”, “risks” and “remunerations” committees. Banks of intermediate size are only required to set up the risks committee, while for smaller banks the establishment of committees responds to actual organisational needs.

Regulation 285 also includes a specific section focusing on remuneration policies and practices. Following a public consultation process, the Bank of Italy recently published an update of said section which has been amended in order to align the Regulation 285 provisions to: (i) the Guidelines on sound remuneration policies issued by the EBA and implementing the CRD IV; and (ii) other recent guidelines, defined by international authorities, on the same subject.

In particular, pursuant to Regulation 285, the bank’s managing body is in charge of designing remuneration policies in line with the risk appetite and long-term interests of the bank, and coherent with its capital and liquidity ratios. Incentive mechanisms, that could lead to breaches of the regulations or the taking of large risks, are forbidden. Among the provisions set forth by Regulation 285, it is worth mentioning that:

(i) the ratio between fixed and variable remuneration cannot exceed 100% (it may be increased up to 200% if certain conditions are met and if it is expressly provided by the bank’s by-laws); and




(ii) at least 50% of the variable component of remuneration must consist of shares or other share-linked instruments.

Banks apply the above requirements in accordance with their features, size and complexity of business, based on their classification as ‘major’, ‘middle’ or ‘minor’ banks. Major banks must fully comply with the remuneration rules, whereas middle and minor banks benefit from some exemptions. The Bank of Italy can still provide for further limits to the remuneration policies to ensure the banks’ sound and prudent management.

The organisation of banks’ internal controls is also covered by Regulation 285. In particular, banks are required to establish the following permanent, dedicated and independent internal control functions: compliance, risk management, and internal audit. The first two functions are second-level controls while the internal audit is a third-level control.

The outsourcing of functions with referral to the banking industry is regulated by Regulation 285. Pursuant to Regulation 285, banks that outsource business functions shall monitor the risks arising from the choices made and shall retain control and responsibility over the outsourced activities as well as the technical and managerial skills essential to re-internalise their performance, if necessary. The decision to outsource certain business functions (even if not important) shall be consistent with the bank’s outsourcing policy. Outsourcing of control functions to third parties having appropriate requirements in terms of professionalism and independence is normally allowed only for banks classified – for the supervisory review and evaluation process (SREP) purposes – in macro-category 4. In any case, the outsourcing of functions requires a written contract governing the relationship between the bank and the outsourcer.


Liquidity and capital requirements applicable to banks in Italy are provided for by the CRD IV and the CRR, which have transposed into European Union law the standards defined by the Basel Committee for Banking Supervision (the so-called “Basel III framework”).

The rules on capital requirements included in the CRD IV have been implemented into the Italian regulatory framework by Regulation 285.

On the other hand, the CRR is directly applicable in all EU Member States and sets prudential capital, liquidity and credit risk requirements for investment firms and banks. Pursuant to the CRR, banks have to set aside sufficient capital to cover unexpected losses and remain solvent even in case of critical situations: as a basic principle, the amount of capital required depends on the risk associated with the activities of a particular bank: safer assets require less capital, while riskier assets require more capital. Moreover, the CRR distinguishes different classes of capital on the base of its quality and risk: tier 1 capital is the capital in a going concern situation and allows a bank to continue its activities and to maintain its solvency; tier 2 capital is considered the capital in the event of cessation of activities and allows an institution to repay depositors and preferential creditors.

The regulatory capital and liquidity regime requires Italian banks to hold a regulatory capital at least equal to the minimum capital necessary to be authorised to exercise their activity. Such minimum quantity is €10 million, except for cooperative banks, whose minimum capital is €5 million.

This capital must consist of 4.5% of Common Equity Tier 1 ratio; 6% Tier 1 ratio; 8% of total capital ratio; and any additional capital requirements imposed under the SREP.

Additional requirements are: (i) the liquidity covered ratio (a ratio referring to the proportion




of highly liquid assets held by financial institutions, to ensure their ongoing ability to meet short-term obligations); (ii) the leverage ratio; and (iii) the buffers. The buffers are:

capital conservation buffer: banking groups (on a consolidated basis) and Italian banks •not belonging to a group must set up a buffer corresponding to 2.5% of the total amount of risk exposure; on the other hand, Italian banks belonging to a group must increase this buffer on an individual basis, up to 2.5%; and

countercyclical capital buffer: from zero to 2.5%, based on values defined by the •European Commission.

Specific exemptions refer to Italian banks belonging to a banking group (which are exempted from the application of the liquidity coverage requirement on an individual basis) and to Italian banking groups (which – if certain conditions are met – are exempted from calculating the leverage ratio of exposures to entities that belong to the same group and are incorporated in Italy).

In the framework of capital and liquidity requirements, the Total-Loss Absorbing Capacity (“TLAC”) is a new global standard created to response to the insistent demands made by G20 leaders in consultation with the Basel Committee. The main principle upon which the whole TLAC standard is built, is that Global Systemically Important banks (“G-SIBs”) must have enough loss-absorbing and recapitalisation capacity to implement an orderly resolution that minimises any impact on financial stability and ensures the continuity of critical functions. This new standard is calculated on the basis of risk-weighted assets and essentially consists of a minimum capital requirement for liabilities that may be readily subject to bail-in in the event of bank resolution.

Furthermore, given that the TLAC and the Minimum Requirement for own funds and Eligible Liabilities (“MREL”) are aimed at achieving similar objectives, the EU Commission intends to avoid the overlapping of requirements, in particular for G-SIBs, by elaborating an integrated standard-harmonising TLAC and MREL in the EU. In particular, the main objective of such proposal is to implement the TLAC standard and to integrate the TLAC requirement into the general MREL rules by avoiding duplication by applying two parallel requirements.


Regulations applicable to banks’ dealing with third parties when providing deposit-taking or lending activities may be found in the Italian Banking Act and in Bank of Italy’s “Dispositions on transparency of banking and financial services and on fairness of relations between intermediaries and customers”. Such provisions regulate, inter alia, the transparency regime of banking contracts, the publicity regime, the informative documents to be delivered to customers, all the communications between banks and customers in relation to any single banking product, and the organisation requirements. Specific rules contained in the above-mentioned provisions are provided for bank services and activities having consumers as a counterparty.

On the other hand, rules applicable to banks when providing investment services and activities may be found in the Italian Financial Act. It is worth mentioning that the Italian Financial Act grades the provisions according to the nature and type of the counterparty: rules laid down for retail investors are stricter than ones provided for professional investors and eligible counterparties.

Two different extra-judicial dispute resolution systems are available in Italy to deal with bank customers’ complaints.




The Banking and Financial Arbitrator (Arbitro Bancario Finanziario, “ABF”) is competent for disputes related to banking and financial services (such as payment services, bank accounts, loans or mortgages) and with a value of up to €100,000.

The claim before the ABF is decided exclusively on the basis of the documentation submitted to the ABF by the parties (applicants and intermediaries) and no assistance by any lawyer is required to start the procedure. The ABF’s decisions are not binding as those of courts but, if the intermediary does not respect them, the news of their non-performance is made public on the ABF’s website and popular newspapers. The customer may appeal to the ABF only after having tried to resolve the dispute by sending a written complaint to the intermediary. If the decision of the ABF is considered unsatisfactory, both the parties may apply to the court.

For disputes arising from the provision of investment and services and activities (such as trading or placement of securities, investment advice and asset management) the Arbitrator for the Financial Disputes (Arbitro per le Controversie Finanziarie) is competent. It has been established by the CONSOB and its functioning is similar to the ABF’s one.

In case of failure of Italian Banks, two different compensation schemes are in place to cover customers’ savings. On the one hand, Interbank Deposit Protection Fund (“Fondo Interbancario di Tutela dei Depositi” or the “Fund”) ensures a refund of up to €100,000 per customer and per bank. About this, it must be said that, pursuant to Article 96-bis.1 of the Italian Banking Act, the Fund guarantees only loans relating to funds acquired by banks with an obligation to repay them, in euro and in foreign currency, in the form of deposits or in another form, as well as bank drafts and similar securities. On the other hand, Italian Cooperative Credit Banks join another Fund, the Cooperative Credit Depositors Guarantee Fund (“the Cooperative Fund”) which is a private-law consortium recognised by law and acting as a system of protection for savers’ deposits in the event of a crisis affecting a member bank. Its functioning is similar to the one of the Fund.

The Italian anti-money laundering and anti-terrorism financing regulatory framework consists of both European and national legislative sources: Directive 2015/849 UE has been implemented into the Italian legal system by Legislative Decree No. 90/2017 amending Legislative Decree No. 231/2007 (the “AML Decree”). The AML Decree is the relevant anti-money laundering legislation at a national level and contains provisions regarding the “know your customer” rules, the reporting of suspicious transactions and, in general, all the anti-money laundering measures that banks and financial intermediaries must adopt. These anti-money laundering measures must be set up by banks on the proportionality principle, which imposes adopting solutions that are proportional to the intermediary’s business and risk profile (risk-based approach).

Moreover, the Bank of Italy issues secondary implementing regulations and instructions, often after a public consultation process. In the anti-money laundering field the Italian Financial Intelligence Unit (Unità di Informazione Finanziaria) has specific competencies and powers and periodically publishes guidelines, opinions and recommendations.






Marco Penna, Partner


Marco Penna has extensive experience regarding financial markets, with

particular focus on investment services, securities offerings and off-site

offerings. He regularly assists clients in relation to banking law, including

regulatory capital and financial intermediaries incorporated under Article 106

of the Italian Banking Act. He has drafted agreements in relation to collective

investment schemes, including UCITS and alternative investment funds, with

specific reference to relevant shareholdings, shareholder activism and corporate

governance. He has been involved in the incorporation of Italian asset

management companies and collective investment schemes. He has provided

assistance in relation to the regulatory profiles of banking, insurance and asset

management M&A transactions. Marco Penna is mentioned in The Legal 500

as a “next generation lawyer”.

Giovanna Tassitano, Senior Associate


Giovanna Tassitano has gained significant experience assisting banks,

insurance companies and financial institutions in relation to regulatory issues.

She has collaborated in drafting agreements in the field of investment funds

and she has been involved in the incorporation of Italian asset management

companies and collective investment schemes. She has been actively involved

in assisting banks and financial intermediaries within sanctionary proceedings

brought before Italian competent supervisory authorities.

Gabriele Conni


Gabriele Conni is practising as a trainee lawyer in the Financial Intermediaries

Regulation department.

Via Broletto, 20 – 20121, Milan, Italy

Tel: +39 02 89 63 071 / Fax: +39 02 896 307 810 / URL: www.legance.it

Legance – Avvocati Associati


Korea

Introduction

In the Republic of Korea (hereinafter “Korea”), banks are established and operated under the strict supervision of the government’s financial authorities. Traditionally, in order to ensure the healthy operation of the banks and to promote the stability of the financial market and the development of the national economy, Korea has enforced detailed regulations on banks. Banks in Korea operate under the principle of segregation between bank capital and industrial capital. Non-financial business operators are prohibited from owning more than 4% of the stocks of a bank, and banks are, in principle, prohibited from owning more than 15% of the voting equity securities of another company. The types of banks in Korea include Bank of Korea, special banks established by the government, commercial banks operating nationwide, local banks, and domestic branches of foreign banks. The regulations on and requirements for the local banks are somewhat relaxed compared to those applied to commercial banks operating nationwide.

Recently, internet-only banks have been introduced to the market, and the financial authorities in Korea are providing institutional support to promote sound competition between the internet-only banks and the existing banks. In doing so, financial authorities expect that the innovation in the financial industry will be accelerated and the choice of the consumer will be expanded. The financial authorities revised the relevant laws and regulations so that the internet-only banks could perform credit card business, insurance business, and online investment consulting business.

The financial authorities in Korea also actively support fintech, and the commercial banks, which recognise the necessity to provide financial services that combine ICT (Information Communication Technology) in accordance with the 4th Industrial Revolution Era, are also actively engaged in accepting new technologies such as fintech. Also, domestic banks are seeking to enter the overseas market due to the policy of financial authorities to promote competition, and the prolonged low growth and low interest rates in the financial industry of Korea.


Key legislation or regulations

The primary law that governs banks and their activities in Korea is the Banking Act. The Banking Act was enacted in order to contribute to the stability of financial markets and the development of the national economy by pursuing the sound operation of banks, enhancing the efficiency of fund brokerage functions, protecting depositors and maintaining order in credit. This Act sets forth requirements for the establishment and licensing of banks,

Thomas Pinansky, Joo Hyoung Jang & Hyuk Jun Jung Barun Law LLC


regulations on their management, structure, scope of services, governance and internal controls, restrictions on the operation of their services, etc. This Act is supplemented by the presidential enforcement decree.

In addition to the Banking Act, there are several other statutes and regulations in relation to regulating the banking industry in Korea. The Act of Establishment, etc., of the Financial Services Commission establishes the most important and influential financial regulating bodies of Korea, the Financial Services Commission (the “FSC”) and Financial Supervisory Service (the “FSS”), which will be described below. The Act on Corporate Governance of Financial Companies prescribes the basic principles governing the structure and management of financial companies in Korea. The Depositor Protection Act provides protection of depositors in the event that financial companies are unable to pay back deposits.

The Bank of Korea Act established Korea’s central bank, the Bank of Korea, which is responsible for general monetary and credit policies and issuance, control, and regulation of currencies in Korea. Additionally, the banks in Korea may also be subject to the Foreign Exchange Transaction Act, which governs the flow of foreign currencies in and out of the country; the Financial Investment Services and Capital Markets Act, which regulates financial investments, issuance and distribution of securities, unfair trade practices, etc.; and the Financial Holding Company Act, which facilitates the establishment of financial holding companies and regulates their operations.

On 17th January 2019, the Act on Special Cases Concerning the Establishment, Operation, etc. of Internet-Only Banks (the “Act”) was enacted. Internet-only banks conduct their banking businesses mainly through electronic financial transactions, in which users can utilise the financial instruments or services without personally meeting or communicating with employees of financial companies. Internet-only banks are deemed as banks authorised and established under the Banking Act. The key feature of internet-only banks is that unlike traditional banks, non-financial business operators are allowed to hold up 34% of the banks’ shares. This is a relaxation of the restriction which prohibited non-financial business operators’ ownership of more than 4% of a bank’s shares. However, internet-only banks are still subject to strict regulations, including prohibition of extending credit to large conglomerates and major shareholders.

Key regulators

The two main regulators in the banking industry of Korea are the FSC and the FSS. The FSC is a central administration agency directly under the Office of the Prime Minister of Korea. Its functions include determining financial policies and systems; supervising and inspecting financial institutions, including banks; authorising the establishment, merger, conversion, and management of financial institutions; monitoring capital markets; enacting or amending the laws relating to financial policies; and handling matters concerning the supervision of the soundness of foreign exchange business, etc. It also supports and supervises the operation of the FSS.

The FSS is a financial regulator that supervises financial institutions under the general oversight of the FSC. The FSS monitors whether banks comply with the Banking Act and other relevant laws, regulations, orders, and instructions of the FSC. It also inspects business and current assets of banks. If the FSS deems it necessary to conduct an inspection, the FSS may request a bank to report on its business and assets, furnish materials, and make related persons appear to state their opinion.

In addition to the FSC and FSS, the Bank of Korea also provides some regulatory and supervisory functions regarding banks in Korea. Its main role is to promote price stability

Barun Law LLC Korea



by regulating monetary and credit policies. It also sets regulations relating to the bank’s operation such as the maximum interest rates for deposits and loans, limitation on the amount of loans, etc.

Influence of any supranational regulatory regimes or regulatory bodies

As a member of the Basel Committee on Banking Supervision under the Bank for International Settlement (BIS), Korea reflected the capital adequacy ratios required by the Basel Committee on Banking Supervision in the Detailed Administrative Rule for Banking Supervision.

Any restrictions on the activities of banks

Under Article 34-2 of the Banking Act, a bank is prohibited from unsound business conduct such as: providing any undue benefit to a banking user; making a journal entry for a deposit without actually receiving any deposit in cash; handling a bank product in an abnormal manner to assist a banking user in tax evasion; window-dressing in accounting; unlawful insider trading; providing a banking user with property benefits in excess of the normal level in connection with its banking services, incidental services, or its concurrent business; and other acts that undermine sound practices of the bank.

Under Article 37, a bank must not hold more than 15% of the voting equity securities issued by another company unless it was allowed by the FSC and the bank satisfied the conditions of exception prescribed in Article 37.

Under Article 38, a bank shall not own real estate (excluding real estate acquired through the exercise of a security right, such as mortgage, etc.) other than the real estate for business purposes such as its offices, training facilities, welfare facilities, etc. Even for business purposes, a bank shall not own real estate in excess of an amount equivalent to 60% of its equity capital.

Under Article 35-2, the credit that a bank can extend to its large shareholders cannot exceed an amount equivalent to 25% of the relevant bank’s equity capital or an amount equivalent to the ratio of any contribution made by the relevant large shareholder to the relevant bank, whichever is less. (Unlike the above, pursuant to Article 8 of the Act, internet-only banks are prohibited from extending credits to their large shareholders.) A bank shall not extend credit to its large shareholders to support investment in other companies. Any person who acquires a bank’s shares and intends to become a large shareholder of the bank must obtain approval from the financial authorities in advance. The financial authorities may review eligibility requirements for large shareholders every two years.

Under Article 15, no same person shall hold stocks of a bank more than 10% of the total number of its issued voting stocks. Notwithstanding this provision, pursuant to Article 5 of the Act, internet-only banks receive special treatments of being able to have non-financial business operators hold up to 34% of the bank’s shares. The term “same person” means the principal and a person having a special relationship with the principal. The same person may hold stocks of a bank more than 10% by obtaining approval from the FSC. Where the same person holds stocks of a bank in excess of the stockholding limits, such person shall exercise no voting rights on the stocks held in excess of the limits. If the same person fails to comply with the stock-holding limitation, the FSC may order the person to dispose of the stocks held in excess of the limit within six months.

The merger and conversion of banks must also be approved by the financial authorities. If the financial authorities determine that it is clear that the capital adequacy ratio of a bank will not meet the required minimum level or the financial status of the bank will fall short

Barun Law LLC Korea



of the standard due to the occurrence of a large amount of financial accidents or bad debts, it can advise, recommend, request, or order the bank or its officers to take measures or submit a plan to improve the financial soundness of the bank. If the bank does not implement or cannot implement necessary measures, or does not follow the instructions of the financial authorities, they can take necessary steps such as deciding to transfer the contract, the suspension of business within six months, or the cancellation of authorisation of business.


In recent years, new issues have surfaced such as the alleviation of regulations on banks, and the advance of Korean banks into overseas markets. In order to further activate corporate finance, the Financial Supervisory Services (FSS) has adopted measures such as the strengthening of mortgage loan standards to suppress real estate speculation.

Internet-only banks and fintechs

In 2017, in addition to the traditional banks that are subject to strict regulations, two banks (K-bank and Kakao Bank), labelled as internet-only banks, were founded and started to operate. The FSS is in the process of establishing the third internet-only bank. These banks are subject to the Act (pursuant to Article 3 of the Act, the Banking Act applies to the provisions not present in the Act) and they operate without physical stores.

The financial authorities are providing institutional support to this new type of bank in order to promote competition between these banks and the existing banks. The financial authorities expect that the emergence of internet-only banks will accelerate innovation in the financial industry and expand consumer choice. Specifically, the internet-only banks are expected to provide services such as: 1) development of loan products targeted at people with average credit using a big-data-based credit rating system; 2) introduction of easy mobile remittance using smart phones; 3) real-time Q&A responses by using the Chat-bot service based on machine learning and artificial intelligence; 4) review of loan applications using scraping techniques without submission of documents; 5) debit card payment using a bank network rather than a card network; and a PG (Payment Gateway) system rather than a VAN (Value Added Network) system.

To this end, the financial authorities revised the relevant regulations so that the internet-only banks, like other traditional banks, can conduct credit card business, insurance business, and online investment advisory business. In particular, the financial authorities are aiming at the introduction of internet-only banks, to which the principle of segregation between bank capital and industrial capital does not apply, and they are trying to build an institutional ground on which ICT companies and other innovative business operators can participate and lead other companies into the internet-only bank system safely.

Financial institutions are also actively supporting fintech. In 2016, for the first time in the world, the Joint Financial Industry Fintech platform was established, through which banks and brokerage firms can jointly provide financial information such as inquiries and transfer functions necessary for developing new services in a standardised form. It is a combination of the open API system, which provides the financial computing program necessary for inquiry and transfer functions in a standardised API format, and the test-bed where a developed fintech service can be tested to see whether it works in the financial network.

The Special Act on Finance Innovation Support (the “Special Act”) will be enacted on 1st April 2019. The United Kingdom adopted the “regulatory sandbox” policy, which exempts

Barun Law LLC Korea



or relaxes the existing financial regulations to companies that test innovative financial services within a limited scope (restriction on number of users, duration of user time, etc.). The Special Act provides a legal basis for the adoption and operation of the financial regulatory sandbox as a test ground for innovative financial services. “Innovative financial services” means finance-related services which have differentiated themselves from the existing financial services in terms of content, method, form, etc., and they are exempt from a variety of regulations under the current law. Moreover, the Special Act guarantees the business owner who provides the innovative financial services the right to exclusively run the service. Other than that, in order to activate fintech, the financial authorities are working on different measures such as the formation of a technology-financing investment fund.

Advance into overseas markets

Banks in Korea are actively seeking to enter overseas markets due to the financial authorities’ intensified competition policy. The domestic financial market is in a trend of prolonged low growth and low interest rates, and many banks see entry into the overseas market as necessary to avoid the intensified competition in the domestic financial market. Nationwide commercial banks continue discovering new markets and expanding their global networks, and local banks also have recently started to expand overseas, mainly in the Southeast Asia region.

Strengthened standard for mortgage loans and measures for the activation of corporate finance

The government is regulating bank loans to suppress speculative demand as real estate prices rise. In general, banks require collateral in an amount more than the loan amount when they make loans to customers. In Korea, after buying a house with a mortgage loan, people often engage in real estate investment activity that pursues profit through the rise of the housing market. In order to suppress such investment activities and prevent the rise of housing prices, the financial authorities have set guidelines for the value of collateral and the amount of the loan, and have the banks comply with the guidelines.

According to the financial authorities, the banks will have to apply the DSR (Debt Service Ratio) standard, rather than DTI (Debt to Income Ratio) standard, on new borrowers starting from 6th March 2018. The banks plan to set a working guideline and accumulate data by setting the loan repayment rate for new borrowers individually. The DSR is said to be a more stringent loan-regulation standard than the DTI. Unlike the DTI, which compares the ratio of the principals of mortgage loans and interests on other loans to gross income, the DSR compares the ratio of the principals of all loans to gross income. As the DSR includes the principals of all kinds of loans, including credit and other loans, the criteria for loan screening are bound to become more stringent.

Other than the policy restricting household loans, the FSS is in the process of reforming capital regulations by restructuring the system that stimulates corporate finance so that banks’ funds may be distributed to the corporate sector.


The governance and internal controls of banks in Korea are regulated according to the Act on Corporate Governance of the Financial Companies (the “Financial Company Governance Act”). The purpose of this Act is to ensure the sound management of financial companies in Korea and promote healthy and stable financial markets, as well as protect financial customers and investors. This Act covers governance and internal controls of financial

Barun Law LLC Korea



companies including banks, financial investment business entities, insurance companies, mutual savings banks, specialised credit finance business companies, financial holding companies, etc. The Act focuses on controlling and monitoring the composition and operation of the boards of directors of the companies and their officers.

Qualifications of executive officers

‘Executive officers’ mean directors, auditors, executive directors and operating officers of the companies (hereinafter “bank” or “banks”). A person cannot be an executive officer of a bank if such person is: 1) a minor; 2) a person who has declared bankruptcy but has not yet been reinstated; 3) a person who has completed a prison sentence and five years have not passed since that sentence was completed or the execution of such imprisonment was exempted; 4) a person who was sentenced to imprisonment with a probation and is still in the probation period; or 5) a person against whom a fine or heavier punishment under this Act or any other finance-related statutes has been imposed within five years or who has been exempted.

Regulations on composition and operation of the boards of directors

This Act stipulates that a bank must have at least three outside directors, and the majority of the board must comprise outside directors. Also, the Act says that important bank matters including, but not limited to, matters related to management objectives and evaluation, changes to the articles of incorporation, important organisational changes such as dissolution, transfer of business and merger, and matters related to internal controls and risk-management standards, etc. must go through the deliberation and resolution of the boards. Further, a bank, in order to protect the interests of shareholders and customers, must establish internal rules of governance that set forth the specific principles and procedures to be followed with respect to the operation of the board of the bank. If there are any changes in the internal rules of governance, the bank should post such changes and the status of the board’s compliance with the internal rules on the bank’s internet homepage.

Restrictions on electing outside directors

Under this Act, an outside director of a bank shall be a person who has abundant expertise or practical experience in finance, economy, business administration, law, accounting, etc. A person who serves as a full-time executive officer, employee, or a non-standing director of a relevant financial company or its subsidiary, or who has served as a full-time executive officer, employee, or a non-standing director during the preceding three years, is disqualified from being an outside director. A person who has served as an outside director of a relevant financial company for at least six years, or who has served as an outside director of the relevant financial company or its subsidiaries for at least nine years in total, is also disqualified. Further, the largest shareholder of the bank or specially related person of the largest shareholder; major shareholders of the bank and the spouses, lineal ascendants, or descendants of the major shareholders; the spouse, lineal ascendants, or descendants of executive officers of the bank, etc. are not allowed to serve as outside directors of the bank.

Required committees

An audit committee shall comprise at least three directors, and at least two-thirds of the audit committee must be outside directors. Also, at least one of the members of the audit committee must be an expert in accounting or finance. When electing full-time auditors who are not outside directors, the qualification requirements for electing outside directors shall apply. If the total voting shares held by the largest shareholder, its specially related persons, etc. exceed 3% of the total number of outstanding shares of the bank, those shareholders cannot exercise their voting right for shares exceeding 3% of the total shares

Barun Law LLC Korea



when appointing or dismissing a director who has served or will serve as an audit committee member.

In addition, a bank must also establish nomination committee, risk management committee, remuneration committee, etc.

A bank must have at least one compliance officer who shall conduct inspections on compliance with internal control standards, investigate violations of the internal control standards, and take charge of general affairs related to internal control. The compliance officer may report the results of an investigation to the audit committee or auditor, if he/she finds it necessary. The compliance officer must be a qualified person, such as someone who has worked for financial institutions for at least 10 years, who holds a Master’s degree or any higher degree in a finance-related field and has worked as a researcher, an assistant, or any higher-ranking professor for at least five years, or who is an attorney or a certified public accountant who has worked in a relevant field for at least five years.

A bank must formulate standards and procedures for risk management in order to timely perceive, assess, monitor and control risks incurred in the course of asset management, the performance of business affairs, and other various transactions, and it must have at least one risk manager.

Capital requirements

The Banking Act states that a bank has a minimum capital requirement of 100 billion won for a nationwide bank, although a local bank’s required minimum capital is 25 billion won.

Additionally, Korean banking regulators implemented the capital standard and the phase-in arrangement set forth by the Basel Committee on Banking Supervision. According to the Basel III capital requirements and phase-in arrangements, domestic banks’ common equity tier 1 (CET 1) must be at least 4.5% of the risk-weighted assets, and tier 1 capital must be at least 6.0% of the risk-weighted assets. The total regulator capital must be at least 8.0% of the risk-weighted assets at all times.

If a bank intends to reduce its capital, it must obtain approval from the FSC. The bank trying to obtain approval from the FSC must satisfy the requirements that: (1) no capital reduction shall violate any relevant statute; (2) the inevitability of the capital reduction, such as the purpose of improving the financial structure, shall be recognised; and (3) no capital reduction shall violate any rights or interests of depositors and other banking users.

A bank must ensure the soundness of its management by making its equity capital solid and maintaining appropriate liquidity in running banking business. All banks must observe management guidelines determined by the FSC relating to the matters to maintain the soundness of the management, including matters concerning capital adequacy. If the FSC determines that a bank is likely to seriously undermine the soundness of its management, it may request the bank to take necessary measures to improve its management such as increasing capital, restricting dividends, securing assets with high liquidity, etc.

As briefly mentioned in the introduction, under the principle of segregation between bank capital and industrial capital, non-financial business operators are prohibited from owning more than 4% of the stocks of a bank (34% for internet-only banks). This is to prevent industrial groups from unfairly affecting the operation and management of the bank. Non-financial business operators who wish to hold more than 4% must get approval from the financial authorities.

Barun Law LLC Korea




Nature of regulations applicable to deposit-taking activities and lending activities

The Banking Act provides that the scope of banking services includes: 1) receipt of deposits and saving deposits, and issuance of securities and other debentures; 2) loans of funds or discount of notes; and 3) domestic and foreign exchange. Article 30 of the Act contains the provisions regarding deposit-taking activities of banks. It stipulates that a bank’s reserve for deposits, interest rate, etc. will be determined according to the Bank of Korea Act. A bank must abide by the decisions, restrictions, etc. made by the Monetary Policy Committee under the Bank of Korea Act, and those decisions or restrictions include: 1) decisions on the maximum interest rates on all kinds of deposits or other payments of banks; 2) decisions on the maximum rates of interest for the credit business, such as all kinds of loans or other charges of banks; 3) restrictions on the maturity for loans and kinds of securities handled by banks; 4) restrictions on the maximum limits on loans and investment, or maximum limits by sector for banks within a given period in cases of national economic emergencies, such as hyperinflation, etc.; and 5) prior approval for loans by banks in cases of national economic emergency such as hyperinflation, etc.

Nature of regulations applicable to investment services and proprietary trading activities

Banks can conduct investment business such as investment trading and investment brokerage. If a bank makes an investment recommendation to a general investor, the bank should explain the contents of the financial investment product and the risks associated with the investment so that the investor can understand it. Before making investment recommendations to an investor who does not have expert knowledge, the bank must obtain relevant information such as the investor’s investing experience, investment objectives, and financial situation by conducting a face-to-face consultation or by making inquiries, and it also must confirm such information by getting signatures or by recording. The bank must keep the information and provide the confirmed information to the investors without delay. In the event that the bank invites general investors, it shall not make an investment recommendation that is deemed unsuitable for the general investor in light of the investment objective, financial situation and investment experience of the general investor.

When making investment recommendations, banks are prohibited from: 1) providing false information; 2) providing a conclusive judgment on an uncertain matter or misleading statements; 3) soliciting investors by visits or phone calls without the investors’ consultation requests; or 4) continued recommendations of investment in spite of the investors’ refusal to invest.

Consumer protection scheme

The Banking Act expressly prohibits unfair business practices of banks such as: coercing a borrower to make a deposit against his/her will in connection with credit transactions; unfairly requesting a borrower to provide a security or guarantee in connection with credit transactions; requesting or receiving any benefit in connection with banking services, incidental services, or concurrent business; and infringing on the rights and interests of bank users by using the predominant status of a bank.

Also, since most of the customers conduct banking transactions by entering into the standard terms and conditions agreement established by the banks, the Banking Act imposes regulations on establishment and revisions of those standard terms and conditions. Banks are required to report to the FSC in advance about the establishment and revisions

Barun Law LLC Korea



of their standard terms and conditions, and the FSC then reports such standard terms and conditions to the Fair Trade Commission of Korea. When there is an unfair or harsh provision in the terms and conditions, the FSC can recommend the banks to revise the terms and conditions.

In the case of bank failure, customers are protected under the Depositor Protection Act, which protects up to 50 million won per person, including the principal and interest, for each financial institution. Any deposit amount in excess of 50 million won is not protected.

The financial authorities may order the banks to take corrective actions in case of violations. In order to protect bank users such as depositors and to prevent the occurrence of financial disputes, the banks shall take the following measures: 1) banks must make relevant information public such as the information relating to interest rate, termination of contract, consumer protection, etc.; and 2) banks must provide relevant documents and full explanation of such documents when entering into contracts with customers or getting customers’ signatures on the terms and conditions.

There is no class action system against banks in Korea. If a customer has a complaint against a bank, he/she can file a complaint with the FSS. The number of complaints is publicly disclosed through the Federation of Korean Banks so that customers can know the level of service dissatisfaction with each bank.


When making transactions governed by the Foreign Exchange Transactions Act, banks have obligations to make sure that customers’ transactions, payments or receipts have been authorised under the Act or reported to relevant authorities. In addition, banks shall not engage in the following activities: 1) changing or fixing the price of foreign currencies for the purpose of obtaining unfair profits in relation to foreign exchange business or giving unfair profits to a third party; 2) any activities that might bring about undue influence on the foreign exchange market such as trading with preliminary conspiracy or dissemination of rumours.

In order to establish a branch or agency of a foreign bank, it must be approved by the financial authorities, and the financial authorities can issue conditional approval. The minimum capital requirements applicable to domestic banks, or the voting rights restrictions of shares exceeding the limit of the same shareholding limit, do not apply to the branches of foreign banks. A branch or agency of a foreign bank shall hold its assets in the amount equivalent to its operating funds in Korea. If any branch or agency of a foreign bank is liquidated or becomes bankrupt, its assets, capital stock, reserves and other surplus shall be preferentially appropriated for the nationals of Korea, and foreigners who have their address or domicile in Korea.

A foreign person or entity is also subject to the 10% shareholding limit rule for banks under Article 15 of the Banking Act (34% for internet-only banks). In order for a foreign person or entity to exceed the limit: (1) it must be a foreign financial company or a holding company of the foreign financial company; (2) it must be appropriate for engaging in international business activities in light of the total amount of assets, business size, etc. and have a sound reputation recognised on a global basis; (3) it must be confirmed that the financial supervisory body of the country in which the foreign person is located has not suspended the operation of the foreign person within the past three years; (4) the ratio of equity capital to risk-weighted assets according to the standards of the Bank for International Settlements has been more than 8% during the past three years; etc.

Barun Law LLC Korea




The main regulation relating to the anti-money laundering system in Korea is the Act on Reporting and Utilization of Specific Financial Transaction Information. Based on this Act, the Korean government has established the Financial Intelligence Unit, which is affiliated to the FSC, as the money-laundering prevention organisation. In order to prevent money-laundering activities, banks are obligated to report to the Financial Intelligence Unit in cases where there are reasonable grounds to suspect that property transferred and received in connection with financial transactions is illegal. Banks are obligated to confirm the real names of the customers when opening new accounts. Any acts that support customers’ tax evasion, accounting fraud or unfair insider trading, by treating bank products abnormally, are prohibited.

Conclusion

In Korea, financial authorities are alleviating regulations on banks and in the process of enacting such legislation, and the banks are actively developing new technologies such as fintech. The domestic banks in Korea are actively seeking to generate profits through overseas expansion. This trend is likely to improve regulations in a way that can encourage foreign banks to enter into the Korean market.

Barun Law LLC Korea




Barun Law LLC Korea


Thomas Pinansky


Mr. Pinansky is the Senior Foreign Attorney at Barun Law LLC. He plays a

leading role in the firm’s international practice and advises an extensive

number of international and Korean clients on business and legal issues arising

in the context of international operations, including international transactions

and cross-border disputes. Mr. Pinansky served a three-year term as Vice

Chairman of the American Chamber of Commerce in Korea. He currently

serves on the Board of the Canadian Chamber of Commerce in Korea and as

Special Advisor to the Kiwi Chamber of Commerce in Korea. He was

appointed as the “Honorary Ambassador” of the US State of Maine to Korea.

He served two terms as the Chairman of the Asia-Pacific Council of American

Chambers of Commerce, an organisation comprised of over 25 American

Chambers of Commerce throughout the Asia-Pacific Region.

College (Undergraduate Degree): Harvard, AB, magna cum laude, 1981. •

Law School (Graduate Degree): University of Pennsylvania Law School, •

JD, 1985.

Joo Hyoung Jang


Mr. Jang is a partner attorney at Barun Law LLC. Since joining the firm in

2005, he has accumulated a broad range of experience and expertise in the

fields of cross-border transactions and M&As, and general corporate matters.

He has served as Member of the Digital Media City of Seoul since 2003; and

Vice-Commissioner of the International Committee of the Korean Bar

Association and Member of the In-House Lawyers’ Special Committee of the

Korean Bar Association since 2011. Mr. Jang received his B.A. in law from

Seoul National University and his LL.M. from Columbia Law School. He is

a member of the Bar of the Republic of Korea.

Hyuk Jun Jung


Mr. Jung is a senior associate attorney at Barun Law LLC. Before joining the

firm in 2014, he worked as a judge advocate for the Republic of Korea Army.

He received his B.A. from Seoul National University College of Law. He is

a member of the Bar of the Republic of Korea.

Barun Law Building, 92 gil 7, Teheran-ro, Gangnam-gu, Seoul 135-846, Korea

Tel: +82 2 3476 5599 / Fax: +82 2 3476 5995 / URL: www.barunlaw.com

Barun Law LLC


Liechtenstein

Introduction

As of end of 2018, there were 14 banks licensed in Liechtenstein and subject to the prudential supervision of the Liechtenstein Financial Markets Authority. Traditionally, Liechtenstein banks’ core business activities are private banking and asset management for local and international private and institutional clients. At the end of 2017, Liechtenstein banks and their group companies managed client assets in the amount of 294.3 billion Swiss francs.

The three largest Liechtenstein banks are LGT AG, Liechtensteinische Landesbank AG, and VP Bank AG. The latter two are publicly listed and their shares trade on the SIX Swiss Exchange. LGT AG, on the other hand, remains privately owned by the Liechtenstein princely family.

In recent years, Liechtenstein banks have faced high regulatory pressure and had to operate in an environment characterised by challenging market conditions. Recent developments in the field of private banking and wealth management led to a consolidation among existing Liechtenstein banks, not least to spread the increasing regulatory burden; others expanded their business outside of Liechtenstein.

At the same time, the Liechtenstein government has continued its efforts to improve the regulatory framework to attract fintech start-ups and innovative financial service providers.


Supervisory bodies

Liechtenstein banks are supervised by a single regulator: The Liechtenstein Financial Markets Authority (Finanzmarktaufsicht – “FMA”). The FMA is responsible for both prudential supervision and consumer protection.

Based on the Currency Treaty with Switzerland, the official currency in Liechtenstein is the Swiss franc and the Swiss National Bank (Schweizer Nationalbank – “SNB”) functions as the central bank for Liechtenstein. Swiss provisions on monetary, credit and currency policy therefore apply directly in Liechtenstein and the SNB has the power to enforce these provisions in relation to Liechtenstein banks. The Liechtenstein banks also have reporting obligations to the SNB.

Liechtenstein is a member of the European Economic Area (“EEA”), which comprises the members of the European Union (“EU”) as well as Iceland, Norway and Liechtenstein. EU directives and regulations that have been incorporated into the EEA Agreement have to be implemented or applied directly, as the case may be, by Liechtenstein.

Daniel Damjanovic & Sonja Schwaighofer Marxer & Partner, attorneys-at-law



In particular, Regulation (EU) 1093/2010 establishing a European Banking Authority (“EBA”) has been incorporated into the EEA Agreement and therefore has direct effect in Liechtenstein. EBA is one of three EU supervisory authorities that have been created to strengthen oversight of cross-border groups and establish a European single rule book applicable to all financial institutions in the EU internal market. European Union legislation can confer power upon EBA to take measures with binding effect in an EU member state or on banks having their seat in the EU. The particular institutional set-up of the EEA Agreement made it necessary to incorporate the Regulation with amendments in this respect. Measures taken by EBA can have no direct effect in Iceland, Norway and Liechtenstein and are not binding on banks having their seat in these EEA member states. Instead, the EFTA Surveillance Authority will adopt decisions with binding effect on the basis of drafts prepared by EBA, which drafts were requested by the EFTA Surveillance Authority or which were initiated by EBA itself. Guidelines or recommendations issued by EBA have to be applied by Liechtenstein banks if the FMA notifies EBA within two months of their publication that it intends to comply with them.

Furthermore, Liechtenstein is obliged to comply with Regulation (EU) 1092/2010 on the financial supervision of the European Union at macro level and establishing a European Systemic Risk Board, which was also recently incorporated into the EEA Agreement. In particular, the Regulation provides for the creation of a European Systemic Risk Board (“ESRB”). The ESRB is an unincorporated body with responsibility for macro-prudential oversight of the EEA financial system with the aim of contributing to the prevention or mitigation of systemic risks to financial stability in the EEA stemming from developments within the financial system. In carrying out its tasks, the ESRB is empowered, in particular, to make recommendations on remedies to identified risks. The EEA member states must comply with these recommendations. The authority entrusted with the implementation of macroprudential policy in Liechtenstein is the FMA.

Key legislation

EEA member states have to implement EEA-relevant EU legislation which has been incorporated into the EEA Agreement by a corresponding decision of the EEA Joint Committee. One of these EEA relevant legal areas is financial services. For this reason, Liechtenstein banking regulation is largely based on EU legislation.

The key laws applicable to banks are:

The Banking Act (Bankengesetz – “BankG”; LGBl. 1992/108) and the Banking •Ordinance (Bankenverordnung – “BankV”; LGBl. 1994/022) set out the requirements for the pursuit of banking activities and provision of the investment and ancillary services listed in Annex I, Sections A and B of the Markets in Financial Instruments Directive (Directive 2014/65 – “MiFID II”) in Liechtenstein. Main banking activities include deposit taking, lending, custody of securities, payment transfer services, the assumption of guarantees, surety and similar liabilities as well as trading in foreign currencies.

Undertakings require a licence issued by the FMA in order to take up an activity or service covered by the BankG on a professional basis in Liechtenstein. Banks or investment firms having their seat in another member state of the EEA may pursue activities covered by the fourth Capital Requirements Directive (2013/36/EU – “CRD IV”) or MiFID II in Liechtenstein either on a cross-border basis or through a Liechtenstein branch if they have been licensed for such activities in their home member state. The BankG and BankV contain detailed provisions regarding formal

Marxer & Partner, attorneys-at-law Liechtenstein



and material requirements for obtaining and retaining a banking licence, licensing procedures, ongoing supervision by the FMA and sanctions.

The BankG and BankV implement several EU directives into Liechtenstein law, including the CRD IV, the Capital Requirement Regulation (575/2013) and MiFID II.

Furthermore, several acts related to the provision of financial services are of particular relevance to Liechtenstein banks:

The Due Diligence Act (Sorgfaltspflichtsgesetz – “SPG”; LGBl. 2009/047) and the •Due Diligence Ordinance (Sorgfaltspflichtsverordnung – “SPV”; LGBl. 2009/098) implement the recommendations of the Financial Action Task Force to combat money laundering and terrorist financing as well as EU anti-money laundering directives in force in the EEA.

The Bank Recovery and Resolution Act (Sanierungs- und Abwicklungsgesetz – •“SAG” LGBl. 2016/493) and the Banking Recovery and Resolution Ordinance (Sanierungs- und Abwickungsverordnung – “SAV”; LGBl. 2016/509) implement the EU Banks Recovery and Resolution Directive (2014/59/EU – “BRRD”). The SAG applies to Liechtenstein banks and other financial institutions and establishes a framework for the recovery or orderly resolution of failing banks. It grants wide powers to the FMA in its capacity as national resolution authority. The BRRD is currently pending implementation into the EEA Agreement.

The Market Abuse Act (Marktmissbrauchsgesetz – “MG”; LGBl. 2007/018) and •Market Abuse Ordinance (Marktmissbrauchsverordnung – “MV”; LGBl. 2007/023) implement the EU Market Abuse Directive (2003/6/EC) on insider dealing and market manipulation aiming at strengthening market integrity. The EU Market Abuse Regulation (596/2014), which has replaced the Market Abuse Directive in the EU, is currently pending implementation into the EEA Agreement.

The Payment Services Act (Zahlungsdienstegesetz – “ZDG”; LGBl. 2009/271) and •the Payment Service Ordinance (Zahlungsdiensteverordnung – “ZDV”; LGBl. 2009/278) implement the EU Payment Services Directive (2007/64/EU). They contain provisions regarding the formal and material requirements for the provision of payment services in Liechtenstein and the rights and obligations of payment service providers and their customers. The Second Payment Services Directive (2015/2366 – “PSD II”) is currently pending implementation into the EEA Agreement.

E-Money Act (E-Geldgesetz – “EGG”; LGBl. 2011/151) and E-Money Ordinance •(E-Geldverordnung – “EGV”, LGBl. 2011/158) implement the EU E-Money Directive (2009/110/EC). It contains provisions regarding the formal and substantial requirements for issuing e-money on a professional basis as well as the rights and obligations of e-money institutions and their customers.

FATCA Act (Gesetz vom 4. Dezember 2014 über die Umsetzung des FATCA-•Abkommens zwischen dem Fürstentum Liechtenstein und den Vereinigten Staaten von Amerika – “FATCA-Gesetz”; LGBl. 2015/007) transposes the Intergovernmental Agreement between Liechtenstein and the United States of America to Improve International Tax Compliance and to Implement FATCA into Liechtenstein law. It requires Liechtenstein banks and other financial institutions to report to the Internal Revenue Service information about financial accounts held by US persons. The agreement signed by Liechtenstein follows Model 1 according to which taxpayer information is exchanged between national tax authorities.




Act on International Automatic Information Exchange in Tax Matters (Gesetz über •den automatischen Informationsaustausch in Steuersachen – “AIA-Gesetz”; LGBl. 2015/355) and Ordinance on International Automatic Information Exchange in Tax Matters (Verordnung über den automatischen Informationsaustausch in Steuersachen – “AIA-Ordinance”; LGBl. 2015/358) implement automatic exchange of financial account information in tax matters developed by the OECD.

In addition, banks and e-money institutions have to observe guidelines (Wegleitungen), directives (Richtlinien) or communications (Mitteilungen) issued by the FMA, as well as guidelines and recommendations issued by EBA that the FMA complies with.

Recent regulatory themes and key regulatory developments in Liechtenstein

MiFID II

On 3rd January 2018, MiFID II entered into force in Liechtenstein. The main objectives of MiFID II are to increase investor protection and to strengthen weaknesses in the framework for the regulation of markets in financial instruments that have been exposed during the financial crisis of 2008. The changes introduced by MiFID II are particularly relevant to Liechtenstein banks, as most of them focus on asset management for private and institutional clients as core business activity.

MiFID II sets out new rules for trade execution, transaction reporting, investment product manufacturing and distribution, inducements from third parties, payment for financial research by investment firms, pre-sale assessment of suitability and appropriateness of investment products, the provision of independent investment advice, the transparency of costs and charges associated with investment products, and remuneration policies for sales staff.

MiFID II has yet to be incorporated into the EEA Agreement. Notwithstanding this, the Liechtenstein government has decided to implement MiFID II autonomously in order to ensure that Liechtenstein banks and investment firms operate on a level playing field with competitors established in EU member states. MiFID II has been transposed into the BankG and BankV and the Asset Management Act (Vermögensverwaltungsgesetz – “VVG”; LGBl. 2005/278).

PRIIPS Regulation

Regulation (EU) 1286/2014 on basic information sheets for packaged investment products for retail investors and insurance investment products (“PRIIPS Regulation”) entered into force in Liechtenstein together with MiFID II on 3rd of January 2018.

The PRIIPS Regulation requires manufacturers of packaged retail and insurance-based investment products (“PRIIP”) that are sold to retail investors to publish a key information document. PRIIPS are investment products where the amount (re-)payable to the investor depends on the performance of an underlying asset or a reference value such as an index. PRIIPS include, among other things, investment funds, life insurance policies with an investment element, certain financial instruments issued by special purpose vehicles, structured products and structured deposits. The key investor document has to be provided to a retail investor prior to the purchase of a PRIIP even in cases where the issuer of the PRIIP can rely on an exemption from the requirement to publish a securities prospectus in Liechtenstein. It has to be reviewed and, if required, revised on a regular basis. The implementing provisions were adopted in the PRIIP Implementing Act (PRIIP-Durchführungsgesetz – “PRIIP-DG”; LGBl. 2016/513) and the PRIIP Implementation




Ordinance (PRIIP-Durchführungsverordnung – “PRIIP-VO”; LGBl. 2017/232). Like MiFID II, the PRIIPS Regulation has yet to be incorporated into the EEA Agreement.

General Data Protection Regulation

The General Data Protection Regulation (2016/679 – “GDPR”) has entered into force in the EEA on 20th of July 2018. The GDPR harmonises the rules and regulations applicable to the processing of personal data of natural persons located in the EEA and seeks to ensure the free flow of personal data between member states of the EU and EEA for the benefit of undertakings operating in the EEA. Banks and other financial institutions have to apply the GDPR in addition to national provisions regarding the protection of customer information. As a result of the entry into force of the GDPR, Liechtenstein had to overhaul its national Data Protection Act (Datenschutzgesetz – “DSG”; LGBl. 2018/272) and the Data Protection Ordinance (Datenschutzverordnung – “DSV”; LGBl. 2018/415). The revised DSG and DSV entered into force in Liechtenstein on 1st January 2019.

4th Anti-Money Laundering Directive

Directive (EU) 2015/849 (“AMLD 4”) has yet to be incorporated into the EEA Agreement. Notwithstanding, the Liechtenstein government, with a view to maintaining a high standard in combating money laundering and terrorist financing, decided to partially transpose AMLD 4 – with the exception of Article 30 and 31 – ahead of other EEA member states. The respective provisions entered into force in Liechtenstein on 1st September 2017. In 2018, the Liechtenstein government published a proposal for a separate legislation implementing Articles 30 and 31 AMLD 4 (Gesetz über das Verzeichnis wirtschaftlicher Eigentümer inländischer Rechtsträger – “VWEG”).

Articles 30 and 31 AMLD 4 oblige member states to create a central register containing information on the beneficial owners of domestic legal entities and trusts. According to the Liechtenstein legislative proposal, the beneficial owner register will be maintained electronically by the Office of Justice (Amt für Justiz), which already maintains the register on legal entities (Handelsregister). On the basis of the draft VWEG, information recorded on the beneficial owner register can only be accessed by third parties with a legitimate interest. A special commission will be formed to decide on applications for access to registered information by third parties. With this procedure the government seeks to ensure that the requirements of AMLD 4 are met while at the same time the legitimate interests of those affected by the new legislation are safeguarded. The VWEG will enter into force in Liechtenstein once AMLD 4 enters into force in the EEA.

Interchange fees on card-based payments

The government has published a draft law on the implementation of Regulation (EU) 2015/751 on interchange fees for card-based payment transactions in Liechtenstein (EWR – Interbankenentgelteverordnung-Durchführungsgesetz – “EWR-IBEV-DG”). The Regulation has been passed in order to address the problem of high and divergent interchange fees charged by payment service providers to consumer and merchants on card-based payments in the EU. The Regulation places caps on interchange fees charged by card-issuing banks in the EU for card-based payment transactions. Under the terms of the Regulation, payment service providers may not charge fees in excess of 0.2% of the value of the transaction in case of consumer debit card transactions, and of 0.3% of the value of the transaction in case of consumer credit card transactions. The new law will enter into force in Liechtenstein once the Regulation has been incorporated into the EEA Agreement.




Deposit Guarantee and Investor Compensation Act

The government has proposed a draft law for a Deposit Guarantee and Investor Compensation Act (Einlagensicherungs- und Anlegerentschädigungsgesetz – “EAG”). The purpose of the legislation is to implement Directive 2014/49/EU on Deposit Guarantee Schemes, which replaces Directive 94/19/EC, as well as to combine the provisions on deposit-guarantee schemes and the provisions implementing Directive 97/9/EC on investor compensation in a single law text. The provisions on deposit-guarantee schemes and investor compensation customers of banks and investment firms are currently provided for in the BankG and BankV. The new law is expected to enter into force in the course of 2019.

Facilitating the start-up of fintech companies

Some years ago, the Liechtenstein government identified business models based on financial and blockchain technologies as an opportunity for the Liechtenstein financial market. In 2019, it is expected that the Liechtenstein government will continue its efforts to facilitate the start-up of companies with technology-based business models in Liechtenstein. In addition, the FMA has a dedicated project team comprising regulatory lawyers and fintech specialists to facilitate the licensing of innovative financial service providers and fintech start-ups. It has also published various fact sheets on the regulatory treatment of certain business models such as crowd funding, crypto currencies and initial coin offerings on its website.

EMIR

The European Market Infrastructure Regulation (648/2012 – “EMIR”) entered into force in the EEA on 1st July 2017. Notwithstanding, EMIR could not be applied in EEA countries until recently due to the fact that relevant technical standards for the implementation of EMIR had not been incorporated into the EEA Agreement at the same time as EMIR. This was partially remedied on 1st June 2018 when relevant technical standards on the clearing obligation (Commission Delegated Regulations (EU) 2016/2205, (EU) 2016/595, (EU) 149/2013 and (EU) 2017/751) and on trade reports (Commission Delegated Regulations (EU) No. 148/2013, (EU) 2017/104 and (EU) 2017/105) entered into force in the EEA. As a result, counterparties in scope of EMIR located in the EEA now have to comply with the clearing obligation and the obligation to report derivative transactions to trade repositories. On the other hand, technical standards on risk-mitigation techniques for non-cleared over-the-counter derivative transactions (Commission Delegated Regulations (EU) 2016/2251 and (EU) 2017/323) have yet to enter into force in the EEA.

Liechtenstein has transposed the relevant implementation provisions in the EMIR Implementation Law (EMIR Durchführungsgesetz – “EMIR-DG”; LGBl. 2016/156) and the EMIR Audit Ordinance (EMIR Prüfverordnung – “EMIR-PV”; LGBl. 2018/181). EMIR provides a comprehensive regulatory framework for derivative transactions. According to its provisions, counterparties to derivative transactions are required to report their transactions to trade repositories, to clear certain over-the-counter derivative transactions through a central counterparty and to implement risk-management measures. EMIR imposes requirements on financial institutions as well as certain undertakings operating outside the financial sector.

Upcoming changes

The Liechtenstein government has published draft laws implementing relevant EU legislation, including the PSD II, the Market Abuse Regulation (596/2014 – “MAR”) and




the Central Securities Repositories Regulation (909/2014 – “CSDR”). These laws will enter into force in Liechtenstein once the PSD II, MAR and CSDR have been incorporated into the EEA Agreement, which is expected to occur in 2019.


General

The key requirements for the governance of banks are set out in the BankG and BankV and in directly applicable EU law such as the Capital Requirements Regulation (575/2013 – “CRR”). In addition, the FMA complies with relevant guidelines and recommendations of the EBA.

A Liechtenstein Bank shall have: (A) a board of directors for ultimate direction, supervision and control; (B) a management board responsible for the operational management consisting of at least two members, who shall exercise joint responsibility for their activities and may not simultaneously be members of the board of directors; (C) an internal audit which shall report directly to the board of directors; (D) a risk management system independent of the operational business; and (E) adequate procedures for employees to report violations of the BankG and the CRR, as the case may be.

The division of responsibilities between the board of directors and the management board must ensure proper supervision of the business conduct. The members of the board of directors and the management board must have the necessary knowledge, skills, and experience to collectively understand the activities of the bank including the related risks. All members of the board of directors and the management board shall commit sufficient time to perform their functions.

Board of Directors

The board of directors of a Liechtenstein bank are responsible for the overall direction, supervision and control of the bank. The board of directors has non-transferable responsibilities such as: (i) stipulating the internal organisation and issuing internal regulations for corporate governance, business conduct and risk strategy, in particular by ensuring a division of responsibilities and implementation of measures to prevent conflicts of interest, as well as their regular review and amendment; (ii) stipulating the accounting system, financial control and financial planning; (iii) appointment and removal of persons charged with managerial functions; (iv) supervising persons charged with managerial functions in respect of the development of the business as well as their compliance with laws and regulations; (v) compiling business reports and approving interim financial statements, preparing the general meeting of shareholders and executing its resolutions; (vi) monitoring disclosure and communication; and (vii) stipulating and implementing the remuneration policy.

The board of directors has to consist of at least three members. If the board of directors consists of five or more members, it may delegate responsibilities not expressly reserved by law to a committee composed of at least three board members. Banks of material significance for the national economy have to set up – in addition to the standard committees – a risk committee, remuneration committee, nomination committee and an audit committee.

Management board

The management board of a bank is responsible for the business operation and has to




consist of at least two members with adequate experience and qualifications (fit and proper). Members of the management board may not at the same time be members of the board of directors of the same bank.

Remuneration

Liechtenstein banks are required to stipulate and implement sound remuneration policies pursuant to the requirements set out in CRR and Annex 4.4 BankV as well as relevant Level II and Level III acts issued by the European Commission or EBA, such as the EBA guidelines on sound remuneration policies (EBA/GL/2015/22) and remuneration of sales staff (EBA/GL/2016/06). Banks of material significance have to set up a remuneration committee consisting of members of the board of directors.

Further bodies

Banks also need to have an internal audit department that reports directly to the board of directors of the bank. For the sake of clarity, the business operations of a Liechtenstein shall be examined and audited every year by an external, independent audit company which shall be acknowledged by the FMA.

Furthermore, banks shall have a risk management independent of the operational business, a dedicated compliance department, and appropriate procedures by which employees can report violations of the BankG and the CRR. Personnel charged with key functions need to have a good repute as well as adequate experience and professional qualifications.

Place of management

The effective place of management of a bank has to be in Liechtenstein. For this reason, the FMA requires the members of the management board to effectively work in and from Liechtenstein. In addition, a bank has to demonstrate in the licensing process that it will have sufficient substance in the form of office space and key personnel employed in Liechtenstein to be able to effectively operate its business in and from Liechtenstein.

Outsourcing

Banks may outsource certain key functions such as the internal audit function with the prior approval of the FMA. Other functions may be outsourced without the prior approval of the FMA if the outsourcing guidelines pursuant to Annex 6 to the BankV are observed.

The overall direction, supervision and control of the bank by the board of directors and the core management duties may not be outsourced. The outsourcing providers may be located in and outside of Liechtenstein. The bank is required to act with due diligence when selecting and instructing an outsourcing provider, and has to have appropriate resources to adequately monitor the outsourcing provider on a continuing basis.


A bank must have a fully paid-up capital of at least 10 million Swiss francs or the equivalent in euro or US dollars at the time of its authorisation.

In case of investment firms, the minimum capital must amount to at least 730,000 Swiss francs or the equivalent in euro or US dollars. The FMA has the power to reduce the amount of the initial capital in certain cases, taking into account the nature and scope of the intended business of a bank or investment firm. It must be apparent from the business plan at the time of authorisation that the bank’s or investment firm’s own funds will not fall below the initial capital after taking up business.





General

In Liechtenstein, there is no law which exclusively governs the relationship between banks, on the one hand, and customers and other third parties, on the other hand. In fact, the general rules and provisions on contracts and legal transactions, which are laid down in the Liechtenstein Civil Code (Allgemeines Bürgerliches Gesetzbuch, “ABGB”), shall be applicable for the relationship between banks, customers and other third parties, too.

From the various types of contracts laid down in the ABGB, the contract of mandate is probably deployed most often in the banking business. Pursuant to § 1009 ABGB, the agent is obliged to procure the transaction diligently and honestly in accordance with his promise and the granted power of attorney and – with the exception of § 1009a ABGB – to transfer all benefits arising out of the transaction to the principal. He is, even though he has been granted a limited power of attorney, entitled to use all means which are necessarily connected with the nature of the transaction or conform to the declared intention of the principal. If he exceeds the limitations of the power of attorney, he is liable for the consequences.

If, however, the agent is a bank, an investment firm or an asset management company, it may, except in the case of independent investment advice and portfolio management, assume that the principal has waived his right to be transferred any fees, commissions or grants received or still to be received by the agent from third parties, provided that: (a) the agent has complied with all of its disclosure obligations prior to the conduct of business; and (b) the principal has instructed the agent to carry out the transaction after such disclosure. Furthermore, the agent is obliged to point out the mentioned legal consequences in its General Terms and Conditions or other pre-formulated terms and conditions of business, as the case may be (cf. § 1009a ABGB).

Having said that, Liechtenstein banks usually have their own General Terms and Conditions on which they would base any relationship to their customers. In order to be valid and applicable, General Terms and Conditions need to meet certain criteria. Firstly, unusual provisions used by the bank in General Terms and Conditions (or standard contract forms) do not become part of the contract if they are detrimental for the customer and the customer would not have to expect these provisions due to the circumstances, in particular due to the formal appearance of the contract, unless the bank expressly made the customer aware thereof (cf. § 864a ABGB). Furthermore, a contractual provision contained in General Terms and Conditions, which does not determine either of the mutual main obligations, is void in any event if it causes a substantial imbalance of the contractual rights and obligations to the detriment of the customer when considering all circumstances of the case (cf. § 879 para 3 ABGB).

Furthermore, certain provisions laid down in the Consumer Protection Act (Konsumentenschutzgesetz, “KSchG”) shall be considered as well. The Consumer Protection Act, which per definition contains more favourable provisions for customers, supersedes provisions of the ABGB which were otherwise applicable amongst individuals.

Cross-border banking activities

As a principle, a bank shall be entitled to take up its business in Liechtenstein only on the basis of a licence issued by the FMA.

Yet, under the freedom to provide services, a bank having its seat in one of the countries of the EEA may also take up its banking activity in Liechtenstein provided the competent




authority of its home member state has notified the Liechtenstein FMA prior to its first-time activity in Liechtenstein (passport).

A bank outside the EEA may provide banking services in Liechtenstein only through a branch in Liechtenstein. The establishment of such branch shall be subject to a licence which shall be issued by the Liechtenstein FMA.

Other than that, banks from third countries may not provide any banking services in Liechtenstein unless on a “reverse solicitation” basis, whereas the criteria for such “reverse solicitation” are not entirely clear.

Conciliation board

By virtue of the ordinance of 27th October 2009 on the extrajudicial conciliation board in the financial services sector (Verordnung vom 27. Oktober 2009 über die aussergerichtliche Schlichtungsstelle im Finanzdienstleistungsbereich – “FSV”), the Liechtenstein legislator has introduced an extrajudicial conciliation board which supersedes the previously existing bank ombudsman.

The conciliation board may be called upon – amongst others – to settle disputes between customers and banks about the services provided by the bank. The conciliation board acts as a mediator to resolve complaints submitted by customers. The conciliation board is not a court of law. Also it does not have authority to make judicial rulings. In fact, it shall encourage discussions between the disputing parties and lead them to a mutually acceptable solution. Yet, both, the bank and the customers are not bound to accept any generated solution. In fact, they are free to take further legal measures, as the case may be.






Mag. Dr. Daniel Damjanovic, LL.M. (Virginia)


Daniel Damjanovic has been counselling clients in the banking industry for

more than 10 years now. Amongst many others, in 2015, he advised on an

in-bound sale and merger transaction between the third- and fourth-largest

Liechtenstein bank. In 2017, he was lead counsel of the seller on the

Liechtenstein side in one of the largest Liechtenstein cross-border sale

transactions between an Austrian bank and a Liechtenstein bank.

Daniel graduated from the University of Vienna where he obtained a Master

iuris and a Doctoral iuris degree. Moreover, he holds a Master of Laws

degree from the University of Virginia.

Daniel is admitted to the bar in Austria and Liechtenstein. He is also a

lecturer for Liechtenstein Foundation Law & Persons and Companies Law

at the University of Innsbruck.

Mag. Sonja Schwaighofer, LL.M. (King’s College London)


Sonja Schwaighofer advises Liechtenstein and foreign companies and

financial institutions on banking, investment funds and securities markets

regulation, with special focus on the provision of cross-border financial

services and financial products regulation.

Sonja has graduated from the University of Vienna and holds a Master of Law

degree from King’s College, London. She is admitted to the bar in

Liechtenstein and Austria.

Heiligkreuz 6, 9490 Vaduz, Principality of Liechtenstein

Tel: +423 235 81 81 / Fax: +423 235 82 82 / URL: www.marxerpartner.com

Marxer & Partner, attorneys-at-law


Luxembourg

Introduction

The financial services sector is of paramount importance for the Luxembourg economy, representing around 60% of the workforce and accounting for 27% of the total gross value produced in Luxembourg. According to the Luxembourg Bankers’ association and since the 2008 financial crisis, the Luxembourg financial sector has grown almost 10 times faster than its European peers.

The Luxembourg government is strongly committed to further strengthening the competitiveness of the Luxembourg economy by sustaining the long-term stability and development of its financial centre. In the context of Brexit, Luxembourg is steadily attracting UK-based financial institutions seeking to base their European hub in a flexible and business-friendly financial centre.

Finally, as a globally recognised financial centre with international outreach, Luxembourg has positioned itself as a world leader in the sphere of digital financial services and a financial technology hub.

Emerging out of the international e-commerce and e-payments sector thanks to the presence of companies such as PayPal, Amazon and Rakuten, the Luxembourg Fintech sector has diversified into an ecosystem engaged in RegTech, Security & Authentication, DLT & Smart Contracts, Mobile & e-payments, Automated Investment services, Big Data and Analytics.

The EU regulatory context heavily influences domestic legislation, which has to comply with new legislative developments at EU level either in terms of supervision or liquidity.

Luxembourg is also committed to contributing to more financial transparency, inter alia, in the context of the US Foreign Account Tax Compliance Act (or FATCA), or the automatic and mutual exchange of information under the Common Reporting System (CRS), and is moving to offer the required reporting for international banking clients with cross-border interests. Bank secrecy rules have now been eased and automatic exchange of information has been in place since 1 January 2015, with also more stringent reporting, transparency and monitoring requirements for banking activities.

A further trend is the continued diversification of activities into new markets in the financial sector. The government is also keen to ensure an adequate risk management policy at the level of the whole banking and financial sector.


Luxembourg banking regulator

The Financial Sector Supervisory Committee (Comission de Surveillance du Secteur

Denis Van den Bulke & Nicolas Madelin VANDENBULKE



Financier, CSSF) is responsible for the prudential supervision and consumer protection of Luxembourg-based credit institutions. Its supervision also extends to professionals in the financial sector ((PFS) including investment firms, specialised PFSs, support PFSs), alternative investment fund managers, undertakings for collective investment, pension funds, SICARs, securitisation undertakings issuing securities to the public on a continuous basis, regulated markets and their operators, multilateral trading facilities, payment institutions and electronic money institutions. The CSSF also supervises the securities markets, including their operators.

The Banque centrale du Luxembourg (BcL) is in charge of all monetary and financial competences pertaining to a national central bank within the scope of the European System of Central Banks (ESCB). The main tasks assigned to the ESCB include the promotion of financial stability, the definition and implementation of monetary policy at EU level, the conduct of foreign exchange operations, the holding and management of official foreign reserves, and the smooth operation of payment systems. The BcL provides services to the financial sector (information collection, including statistical figures for preparing European monetary policy) and opens accounts only with monetary and financial institutions.

At EU level, the European Banking Authority (EBA) was established on 1 January 2011 as part of the European System of Financial Supervision (ESFS) and took over all existing responsibilities and tasks from the former Committee of European Banking Supervisors (CEBS). These regulatory competences were formally accepted by Luxembourg by means of the Law of 21 December 2012 implementing Directive 2010/78/EU of 24 November 2010 (Omnibus I Directive).

As from 4 November 2014, a two-pillar mechanism known as the European banking union has been implemented in the form of a single supervisory mechanism (SSM) and a single resolution mechanism (SRM).

Regulation (EU) N° 1024/2013 of 15 October 2013 (SSM Regulation) and European Central Bank Regulation (EU) N° 468/2014 of 16 April 2014 (SSM ECB Regulation) detail the rules applying to the SSM and entrust power over ‘significant’ eurozone banks to the European Central Bank (ECB). The three most significant banks in each participating member state qualify as ‘significant’ as well as other banks meeting certain criteria, both in quantitative and qualitative terms. As from 4 November 2014, the ECB became the direct supervisor of 120 significant banks of the eurozone. In Luxembourg, eight entities are qualified as significant and are therefore supervised directly by ECB. The CSSF is in charge of assessing, at least once a year, whether a bank satisfies any of the ‘significant’ criteria. The CSSF remains responsible for the supervision of less significant institutions under the oversight of the ECB.

The SRM was adopted in July 2014 and ensures, where a bank subject to the SSM faces severe financial difficulties, that its resolution will be managed efficiently, with minimal costs to taxpayers and the real economy. The SRM applies as from 2015 together with the Bank Recovery and Resolution Directive.

In Luxembourg, the law of 18 December 2015 on the resolution, reorganisation and winding-up of credit institutions and certain investment firms and on deposit guarantee (the BRR Law), which implemented the Bank Recovery and Resolution Directive of 15 May 2014 (2014/59/EU) (BRR Directive), designates the CSSF as the competent Luxembourg resolution authority, and sets forth a rulebook for the resolution of banks and large investment firms with a view to improving bank crisis-management in the aftermath of the 2008 financial crisis.

VANDENBULKE Luxembourg



Key regulations

The primary statute governing the banking sector is the law of 5 April 1993, as amended, on the financial sector (the Financial Sector Law – FSL). This law governs the Luxembourg financial services sector as a whole, and the banking sector in particular, regulating access to professional activities, the duties and rules of conduct of the financial sector, organising the prudential supervision of the financial sector or the deposit guarantee schemes, and indemnification systems in respect of credit institutions.

The Financial Sector Law incorporates the Capital Requirement Directive IV of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms (2013/36/EU) (CRD IV) and the Bank Recovery and Resolution Directive of 15 May 2014 (2014/59/EU) (BRR Directive).

The Directive 2014/65/UE (MiFID II) which entered into force on 3 January 2018, aims at substituting and repealing MiFID I and protecting consumers investing in financial products. The Luxembourg law transposing MiFID II was enacted on 30 May 2018 and reflects the key changes operated by the MiFID II regulation, which include: increased transparency requirements for all trading venues and products; a new investor protection regime; and the creation of three new PSF (“professionnels du secteur financier”, or professionals of the financial sector) for the communication of financial data.

Other relevant regulations include:

Law of 17 June 1992, as amended, relating to the accounts of credit institutions; •

Law of 23 December 1998, as amended, establishing a supervisory commission of the •financial sector (the 1998 Law);

Law of 12 November 2004, as amended, on the fight against money laundering and •terrorist financing;

Law of 10 November 2009 on payment services; •

Law of 6 June 2018 on transparency of securities financing transactions; •

Law of 28 April 2011 on capital requirements, transposing the Directive 2009/111/EC •of 16 September 2009 into Luxembourg law;

Law of 18 December 2015 on automatic exchange of financial account information in •tax matters;

Law of 27 February 2018 on interchange fees and amending several laws relating to •financial services;

Law of 22 June 2018 amending the Law of 5 April 1993 on the financial sector, as •amended, with respect to the introduction of renewable energy covered bonds; and

Law of 25 July 2018 transposing Directive (EU) 2017/2399 of the European Parliament •and of the Council of 12 December 2017 amending Directive 2014/59/EU as regards the ranking of unsecured debt instruments in insolvency hierarchy and amending the Law of 18 December 2015 on the failure of credit institutions and certain investment firms; and amending certain provisions of the Law of 5 April 1993 on the financial sector.

Recent regulatory themes and key regulatory developments in Luxembourg

Key areas of current regulatory focus

The banking industry is facing a wave of regulatory and reporting obligations resulting from the 2008 financial crisis, mainly imposed by EU regulations. This has imposed new




organisational and technical constraints on financial institutions, which are subject to a whole set of new regulatory requirements.

In particular, following the implementation of the Capital Requirement Directive IV (CRD IV) package and its subsequent regulations, credit institutions based in Luxembourg have been obliged to reshuffle the structure of their capital.

On 17 July 2013 the CRD IV package was transposed – via a regulation and a directive, and the new global standards on bank capital (Basel III) – into EU law and entered into force. The new rules address some of the vulnerabilities shown by banking institutions during the financial crisis back in 2008: the insufficient level of capital (both in quantity and in quality) resulting in the need for unprecedented support from national authorities, by setting stronger prudential requirements for banks, requiring them to keep sufficient capital reserves and liquidity. Furthermore, the CRD IV package unifies capital requirement standards throughout the EU, thereby creating a common ground for comparison.

The adoption of the BRR Directive as set out above, and its transposition under Luxembourg law by the law of 18 December 2015 on the failure of credit institutions and certain investment firms, forms part of this wave of regulatory reforms following the 2008 financial crisis.

On 1 August 2015, the FATCA law adopted on 24 July 2015 (the FATCA Law) became effective. Among other provisions, the FATCA Law implements the intergovernmental agreement entered into on 28 March 2014 between the Grand Duchy and the United States, in order to comply with the FATCA regulation in force in the United States of America. This act requires that any foreign financial institution reports to the U.S. tax administration any U.S. account holders (and US beneficial owners of passive non-financial foreign entities). FATCA imposes a 30% US withholding tax on US-sourced payments to foreign financial institutions (including banks, brokers, custodians and investment funds) that fail to comply with the FATCA rules.

Furthermore, the law of 18 December 2015 on the automatic exchange of financial account information (the AEoI Law), implementing the OECD standard on the automatic exchange of information, entered into force as of 1 January 2016. The AEoI Law has been passed to counter tax evasion, while around 100 countries have already committed to participate in the automatic exchange of financial account information, which represents a big step to the globalised disclosure of income earned by individuals and organisations. Concretely, Financial Institutions (“FIs”) in Participating Jurisdictions as defined in the OECD Common Reporting Standard (“CRS”) will collect tax-relevant information about their clients by enhancing their due diligence procedures. Then, FIs will report this tax-relevant information with respect to their clients (encompasses account holder, beneficial owner and potentially controlling person (together the “Investors”)), who are resident in another participating jurisdiction, to the local tax authorities. Subsequently, the local tax authorities of the FI will exchange the information with their counterpart in the participating jurisdiction where the Investor is subject to tax.

As for anti-money laundering regulations, following recommendations from the OECD’s Financial Action Task Force (FATF), Luxembourg conducted a fundamental reform of its legislation and adopted the law of 27 October 2010. This legislation widened the definition of money laundering, expanding the list of primary infringements and the types of professionals concerned, and reinforcing professional obligations. In Luxembourg, anti-money-laundering rules are not just limited to banks, but are also applicable to any participants in the financial sector, including service providers (auditors, chartered accountants, lawyers, etc.).




The anti-money laundering legislation requires financial actors to verify the identity of their clients or the beneficial owners of an asset before a business relationship is established or a transaction concluded. Throughout the duration of the client relationship, professionals are required to examine transactions, more particularly regarding the source of funds, and must report any sign of laundering to the public prosecutor’s financial information unit (Cellule de Renseignement Financier). It should be noted that banking secrecy laws are not applicable during money-laundering prosecutions.

Considering that the infringement of these requirements constitutes a criminal offence, neither the banks nor the Investors can limit their liabilities.

In addition, Directive (EU) 2015/849 of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (“AMLD IV”) shall further strengthen the AML framework applicable in Luxembourg. This directive will be transposed by three different laws: (i) the law of 13 February 2018 has introduced a new definition of ultimate beneficial owner (“UBO”); (ii) the draft law 7216 establishes a register for trusts (fiducies); and (iii) the draft law 7217 establishes a UBO register. The draft laws 7216 and 7217 have been filed with the Luxembourg parliament (Chambre des Députés) and the legislative process is still ongoing but those laws would most likely be enacted in 2019.

Other recent changes to the regulatory regime for banks

Other recent reforms, aiming at filling the gaps exposed by the financial crisis, have incidentally impacted credit institutions. As set out below, most of these pieces of legislation stem from European initiatives.

EMIR •The European Market Infrastructure Regulation 648/2012 (EMIR) as amended by the Regulation 2365/2015 on OTC derivatives, central counterparties and trade repositories, has been in force since 12 January 2016. The purpose of EMIR is to introduce new requirements to improve transparency and reduce the risks associated with the derivatives market. EMIR also establishes common organisational, conduct-of-business and prudential standards for central counterparties (CCPs) and for trade repositories, and applies to all financial and non-financial counterparties established in the EU that enter into derivative contracts.

Regulation on short selling and credit default swaps •The European legislative framework on short selling and certain aspects of credit default swaps (CDSs) is binding in its entirety and directly applicable in Luxembourg. The provisions governing short selling and certain aspects of credit default swaps in Europe are set out in a variety of EU Regulations (e.g., Regulation No 236/2012 of 14 March 2012 on short selling and certain aspects of credit default swaps, and Regulation (EU) No 826/2012 of 29 June 2012 supplementing Regulation (EU) No 236/2012).

Credit Mortgage Law •Beginning in January 2017, the new law of 23 December 2016 on mortgage credit agreements, transposing EU Directive 2014/17/EU (the “Credit Mortgage Law”), entered into force. Mortgage credit agreements – which had been excluded from the scope of the provisions regarding consumer credit – will now be regulated by new provisions introduced in the Luxembourg Consumer Code. In summary, the Credit Mortgage Law aims at enhancing consumer protection, in particular by imposing new rules on the creditors in their contractual relationship with borrowers. The burden of proof of the proper fulfilment of the obligations to explain, warn, assess the creditworthiness and provide general pre-contractual and contractual information, remains with the creditor.




EAPO Regulation •The European Account Preservation Order Regulation (“EAPO Regulation”) came into force on 18 January 2017 and gives a creditor the possibility to prevent the transfer or withdrawal of his debtor’s assets in any bank account located in the European Union. A preservation order issued in one Member State shall be recognised in the other Member States without any special procedure being required, and shall be enforceable in the other Member States without the need for a declaration of enforceability. Such piece of legislation does not apply in the United Kingdom and Denmark, however.

The scope of the preservation order is essentially restricted to cash accounts, or accounts with similar claims for the repayment of money, such as money market deposits. The EAPO Regulation’s scope is further limited to cross-border civil and commercial matters, apart from certain well-defined matters. In particular, the EAPO does not apply to claims against a debtor in insolvency proceedings. The Preservation Order being of a protective nature only, it only blocks the debtor’s account but does not allow money to be paid out to the creditor.

Developments in the area of fintech

Among the most recent developments in the area of fintech in Luxembourg is a new legal framework applicable to payment services, the activity of electronic money institutions and settlement finality in payment and securities settlement systems. Such framework is laid down under the Law of 10 November 2009 transposing Directive 2007/64/EC of 13 November 2007 on payment services in the internal market (PSD1), and Directive (EU) 2015/2366 of 25 November 2015 (PSD2), replacing and repealing PSD1. PSD2 has been transposed into Luxembourg law by the Law of 20 July 2018 (Payment Services Law).

“Electronic money” is defined under the Payment Services Law as a monetary value representing a claim against the issuer which is:

stored in electronic format, including on magnetic media; •

issued against the remittance of funds with the goal of making payments; and •

accepted by an individual or organisation other than the issuer of the electronic money. •

In addition to issuing electronic money, these establishments are also permitted to supply payment services, to grant loans (under certain conditions) linked to payment services, to supply operational services and other services closely linked to the issuing of electronic money or to the supply of payment services, to manage payment systems and to undertake commercial activity.

An electronic payment establishment under the Payment Services Law is subject to authorisation by the Minister in charge of the financial centre and prudential supervision by the CSSF. The establishment’s head office and central administration must be in Luxembourg.

The regulator pays particular attention to ensuring that the electronic payment establishment has a solid internal corporate governance framework, adequate processes for detecting, managing, controlling and reporting potential risks, and has control and security mechanisms for its IT systems.


Corporate governance

The corporate governance structure adopted by the majority of Luxembourg banks is




composed of a board of directors (the Board) and several day-to-day managers. The Board has general powers over all business and management matters and delegates the day-to-day management of the company to several day-to-day managers or executive committees.

To obtain a banking licence, any credit institution must produce to the CSSF evidence of its shareholders, and the professional standing of its members performing administrative, management and supervisory functions. To carry out such assessment, the following documentation must be filed: (i) a CV; (ii) an extract of professional standing; (iii) any police records; and (iv) any evidence demonstrating that the applicants are of good repute and offering all guarantees of irreproachable conduct on the part of those persons (fit and proper test).

According to the LFS, two persons or more must be responsible for the day-to-day management of the credit institution (known as the “four eyes” principle). Those persons must have sufficient authority to direct the operations of the bank and must evidence adequate professional experience and autonomy on similar activities. There must be no subordination between the day-to-day managers who must reside in Luxembourg or in the close region, and work mainly from Luxembourg.

The ultimate responsibility for a bank remains with its management board. In practice, the CSSF (and, for the largest credit institutions, the ECB) supervises credit institutions very closely.

Organisational requirements

Under the LFS, a Luxembourg credit institution must have robust internal governance arrangements, which include a clear organisational structure with well defined, transparent and consistent lines of responsibility; effective processes to identify, manage, monitor and report the risks they are or might be exposed to; and adequate internal control mechanisms.

The central administrative functions of the credit institution must be located in Luxembourg. This means that executive and day-to-day management must be present in Luxembourg, with the adequate infrastructure.

The credit institution must have sound internal governance arrangements, including:

a clear organisational structure; •

effective procedures in respect of identifying, managing, monitoring and reporting risks •which it is exposed to; and

adequate internal control mechanisms, including sound administrative and accounting •procedures, as well as control and security arrangements for information-processing systems.

The credit institution must be organised in accordance with the “three lines of defence” model:

a first line of defence composed of operational units; •

a second line of defence comprising compliance and risk-management functions; and •

a third line of defence consisting in the internal audit function. •

The credit institution must:

be organised on the basis of the principle of segregation of duties, under which the •allocation of duties and responsibilities must avoid incompatible situations for (non-management) staff members, whatever their position in the hierarchy;

have written procedures for the execution of operations, and control mechanisms to •guarantee the effective implementation of the procedures;




ensure that it has at its disposal the necessary technical equipment for the execution of •operations;

ensure the absolute protection of confidential information provided by customers of the •credit institution;

ensure effective control and quality in relation to its IT functions; and •

set up and maintain an accounting department within the credit institution responsible •for the preparation of the annual accounts and information for periodic transmission to the CSSF. The duties performed by the accounting department cannot be combined with other commercially or administratively incompatible duties.

Luxembourg laws and regulations authorise the outsourcing of technical and back office functions if certain specific conditions, laid down under the LFS and the applicable CSSF circulars and regulations, apply. Further details as to the governance rules and internal controls applying to credit institutions located in Luxembourg are set out under CSSF circular 12/552.


Since January 2014, credit institutions have been subject to CRD IV and the capital requirement regulation. Banks are therefore required to comply with the prescribed liquidity coverage ratio (LCR) and report it to the Luxembourg authorities on a monthly basis. The LCR compares the stock of high-quality liquid assets (HQLA) held by the banks with the total net cash outflows expected over the next 30 days. This requirement aims to ensure that banks maintain enough liquid assets to survive for 30 days in a stress scenario, as specified by the CSSF.

Hence, banks must have total capital of at least 8% of risk-weighted assets (RWAs). Following the transposition of CRD IV, the minimum requirement for Tier 1 capital has been increased from 4% to 6%, and the minimum requirement for common equity Tier 1 (CET 1) has been increased from 2% to 4.5%. CRD IV has also tightened the definition of common equity, and the definition of what amounts to Tier 2 capital has been simplified with all subcategories (such as upper Tier 2 and lower Tier 2) removed; the concept of Tier 3 capital has also been abolished.

In line with Basel III, CRD IV has created five new capital buffers:

(i) the capital conservation buffer;

(ii) the countercyclical buffer;

(iii) the systemic risk buffer;

(iv) the global systemic institutions buffer; and

(v) the other systemic institutions buffer.

The capital conservation buffer has been designed to ensure that firms build up capital buffers outside periods of stress that can be drawn down as losses are incurred. A capital conservation buffer of 2.5%, comprising CET 1, has been established above the regulatory minimum capital requirement.

The bank-specific countercyclical capital buffer requires banks to build up a buffer of capital during periods of excessive credit growth. The countercyclical capital buffer rate has been set by the CSSF for the first quarter of 2019 at 0.25% of RWAs, but this rate is only applicable as from 1 January 2020.




Banks that fail to meet the capital conservation buffer or the countercyclical capital buffer are subject to constraints on discretionary distributions of earnings. Luxembourg is able to apply systemic risk buffers of 1% to 3% for all exposures, and up to 5% for domestic and third-country exposures without having to seek prior approval from the Commission – they are able to impose even higher buffers with prior approval from the Commission. If Luxembourg decided to impose a buffer of up to 3% for all exposures, the buffer would have to be set equally on all exposures located within the EU.

In 2014, credit institutions started reporting elements of the net stable funding ratio (NSFR), which aims to ensure that banks maintain stable sources of funding for more than one year relative to illiquid assets and off-balance-sheet contingent calls. The NSFR is likely to be modified or altered during the course of the coming years. In its circular 14/582, the CSSF republished the European Bank Authority (EBA) guidelines on retail deposits.

In addition to the liquidity ratio, banks are also required to meet strict criteria regarding risk management in general. Banks must implement processes to identify, measure, manage and report liquidity risks to which they are exposed, and adopt internal guidelines to plan and manage their liquidity requirements, including liquidity buffers.


Banks are subject to consumer protection enacted at both the level of the European Union and at the Luxembourg national level. The adoption of the consumption code on 8 April 2011 (code de la consommation) has transposed in the Luxembourg internal regulation the EU Directive 2008/48/CE on credit agreements for consumers. This Directive aims to harmonise the laws, regulations and administrative provisions of the Member States covering credit for consumers, in order to facilitate cross-border services. It increases the transparency of contractual conditions and improves the level of consumer protection. During the pre-contractual phase, the credit institutions must supply clear information on the main features of the credit offered in due course. Apart from an obligation to supply comprehensive pre-contractual information, creditors must supply consumers with adequate explanations so that the latter may choose a contract which corresponds to their needs and to their financial situation. In addition, creditors must evaluate the solvency of their clients before concluding an agreement, whilst also respecting the right of consumers to be informed when their request for credit is rejected.

The contract must restate the main information relating to the credit offer chosen. Consumers may exercise their right to withdraw by notifying the creditor of their intention, without having to justify their decision. This must take place within 14 days from the conclusion of the agreement. Consumers also have the right to make early repayment of their debt.

Consumers investing in financial products are also protected by MiFID II. Building on the rules already in place, the revised MiFID, applicable since January 2018 and transposed in Luxembourg by the law of 30 May 2018, strengthened the existing protection of investors by introducing robust organisational and conduct requirements and strengthening the role of management bodies.

Luxembourg courts remain competent to handle any litigation in respect of consumer protection. However, the CSSF is competent to receive complaints by customers of entities subject to its supervision, and to act as an intermediary with them in order to seek an amicable settlement to these complaints. The opening of the procedure is subject to the condition that the complaint has been previously dealt with by the relevant professional. Therefore, the complaint must have been previously sent in writing to the management of




the professional. If within one month after having sent the complaint to the management, no satisfactory response is received or at least an acknowledgement of receipt, a request for out-of-court complaint resolution with the CSSF can be filed.

Furthermore, the Regulation (EU) 1286/2014 of 26 November 2014 on ‘Packaged retail insurance-based investment products (PRIIPS)’ also imposes more documentary tasks and stricter formalities by introducing a mandatory ‘key information document’ (KID), currently required for investment funds qualifying as UCITS, for a broad range of investment products offered and also distributed by credit institutions to retail investor. The PRIIPS regulation, which is fully applicable since 1 January 2018, goes to show that EU regulatory initiatives address legal loopholes and inconsistencies among sector regulations with a view to achieving a level playing field within the financial sector in its entirety, covering insurances, asset management, financial intermediaries and banking.

Recent developments affecting Luxembourg

Following U.S. Treasury sanctions imposed for institutionalised money laundering activities, the Latvian bank ABLV and its Luxembourg subsidiary, ABLV Bank Luxembourg S.A., was declared by the European Central Bank as “failing or likely to fail” in February 2018. The same month, the Single Resolution Board (SRB), a fully independent EU agency instituted by the SRM acting as the central resolution authority within the EU banking union, decided that resolution action is not necessary for these banks as it is not in the public interest. As a consequence, their winding-up must take place under their respective national laws.

Further to the SRB decision, the CSSF announced the unavailability of deposits with such bank. This triggered the eligibility of any depositor with ABLV Bank Luxembourg S.A., regardless of their nationality or country of residence, to the compensation of any loss by the Luxembourg Deposit Guarantee Fund of up to €100,000.-. On 19 February 2018, the CSSF requested the judicial liquidation and the suspension of payments of ABLV Bank Luxembourg S.A. before the district court (tribunal d’arrondissement) of the tribunal of Luxembourg.

Having regard to the sound financial standing of the Luxembourg bank, the district court of Luxembourg rejected the CSSF’s request for judicial liquidation on 9 March 2018, confirmed the suspension of payments of ABLV Bank Luxembourg S.A., and appointed two temporary administrators, who are now in charge of finding new investors willing to acquire the Luxembourg bank.

The district court of Luxembourg stated that the bank should be acquired within the six following months of this decision, but on 10 October 2018, the district court of Luxembourg further extended this delay of suspension-of-payments regime for an additional four months.

In January 2019, according to the financial media, it was announced that negotiations about the acquisition of ABLV Bank Luxembourg S.A. by another similar actor on the market are still ongoing, and may involve the Luxembourg supervisory commission of the financial sector, which has to approve the acquisition.






Denis Van den Bulke


Denis is the managing partner of VANDENBULKE. He co-heads the

Banking, Finance and Capital Markets practice and heads the Tax and

Investment Funds practices. His broad range of expertise includes cross-

border M&A, corporate finance, venture capital, private equity and

international and European banking and financial law including investment

funds and international equity compensation plans. He advises a large

spectrum of institutional clients in their European cross-border operations,

mainly in the banking and financial sector. His advice encompasses all related

legal and business issues, including securities and corporate law matters, tax

issues, derivatives, accounting and regulatory matters, bankruptcy and

insolvency considerations, and security interest questions.

Denis has been recognised by the main legal guides: The Legal 500 as

European Legal Expert, by Chambers Global as one of the best “Banking &

Finance” and “Corporate & Commercial” Lawyers in Luxembourg; by The Legal 500 and IFLR in the fields of Banking and Finance, Corporate/

Commercial, IP and Tax practices in Luxembourg.

Nicolas Madelin

Tel: +352 26 38 33 50 30 / Email: [email protected]

Nicolas is an associate in the Firm’s corporate and finance department. Nicolas’

practice primarily focuses on advising lenders and borrowers on all aspects of

finance transactions. Nicolas advises loan servicers in providing assistance in

distressed situations, enforcement actions and restructuring of non-performing

loans and distressed assets. Nicolas also advises regularly on cross-border

transactions and on all issues related to corporate law involving incorporation

and setting-up of Luxembourg SPVs as well as shareholders’ agreements.

35, avenue Monterey | L-2163 Luxembourg

Tel: +352 26 38 33 50 / Fax: +352 26 38 33 49 / URL: www.vdblaw.com

VANDENBULKE


Mozambique

Introduction

Mozambique’s banking sector continues to undergo significant legislative reform. Events of the recent past, such as the Bank of Mozambique’s intervention in Moza Banco in 2016 and the ongoing liquidation of Nosso Banco, amongst others, have exposed fragilities in the legal framework in force. As such, there have been noteworthy regulatory developments aiming at harmonisation with Basel core principles and addressing prudential concerns, such as capitalisation and liquidity requirements in the banking sector, as well as others addressed in this article.

The developments in place are expected to impact the current players in the sector and yet more legislative reform is foreseeable, including the introduction of more clear-cut proceedings for the liquidation of credit institutions.

The Mozambican banking system comprises 17 banks; however, most of the system’s activity is focused on three large (and still operating) banks and, since 2015, has been subject to a series of interventions by the Central Bank (the Bank of Mozambique – Banco de Moçambique or the “BM”) in order to implement policies targeting concerns relative to foreign exchange reserves, inflation and currency devaluation, as well as rules and regulations pertaining to own funds and to structural liquidity and sustainability.

In terms of the capital markets, the Mozambican Stock Exchange (“BMV” – Bolsa de Valores de Moçambique), operating under the Ministry of Economy and Finance, is a public institution, where both corporate and government bonds are traded; however, the secondary and derivatives markets remain underdeveloped.


The Bank of Mozambique is the Mozambican central bank and is the entity responsible for banking supervision and which serves as the regulatory authority. Its activity is subject to the rules under its organic statute, set down by Law 1/92, of 3 January 1992. In all matters not expressly reserved to the Ministry in charge of the area of finance, the supervision, regulation and promotion of the securities market in Mozambique is within the competence of the BM. The central bank is incumbent as the banker of the Mozambican State, as advisor to the Government in financial matters, counsel and manager of monetary and exchange policies and of foreign exchange reserves. It also acts as intermediary in international monetary relations and as supervisor to financial institutions operating in the country.

Without prejudice to the above, it is worth noting that the activities of conducting securities investment services are entrusted to the supervision and regulation of the Exchange

Nuno Castelão, Guilherme Daniel & Gonçalo Barros Cardoso Vieira de Almeida



Commission (Central de Valores Mobiliários – the “CVM”). The Securities Market Code (Código do Mercado de Valores Mobiliários – the “CMVM”), approved by Decree Law no. 4/2009, of 24 July 2009, as amended from time to time, is the core legislation for securities, issuers, public offers, regulated markets, investment services in securities, as well as for related supervision and regulation.

Additionally, the supervisory function in Mozambique falls on to the Mozambique Insurance Supervision Institute (Instituto de Supervisão de Seguros de Moçambique – the “ISSM”), which has the duty to regulate and supervise insurance companies and other entities that are authorised to pursue insurance-related activities, such as insurance mediation, reinsurance and management of complementary pension funds.

The current banking system in Mozambique is underpinned by an institutional model of supervision, and it is the BM itself that issues prudential and conduct standards.

The establishment and exercise of the activities of credit institutions and financial companies in Mozambique is regulated by Law no. 15/99 of 1 November 1999 (the Credit Institutions and Financial Companies Act), as amended from time to time, and further detailed by Decree 56/2004, of 25 December 2004 (Regulation of the Law Applicable to Credit Institutions and Financial Companies), as amended from time to time, which sets out the procedures and standards applicable to such entities as a whole, as well as the specific legal frameworks applicable to each type of entity. These legal instruments determine the general requirements for the incorporation of credit institutions and financial companies, as well as the procedure for their authorisation by the BM. Also, given that credit institutions in Mozambique are incorporated as public limited companies (sociedades anónimas), the rules established in the Commercial Code (Código Comercial Moçambicano) should also be taken into account. These are, therefore, the main sources of the regulatory framework that should be analysed in terms of regulation of banking and credit institutions in Mozambique. Nevertheless, and without prejudice to the points of focus set out in the following paragraphs, other regulations apply.

As for the foreign exchange market, it is regulated by Law no. 11/2009 of 11 March 2009 (Foreign Exchange Law), and by Notice 20/GBM/2017 of 27 December 2017, published by the BM in the exercise of its role as the Foreign Exchange Authority of the Republic of Mozambique.

The regulation of the financial system in Mozambique has been under development for the past years and a number of matters have, therefore, become subject to further (or first efforts at, in some cases) regulation. Examples are:

the prevention and combat of money laundering and of the financing of terrorism 1.(implemented by Law no. 14/2013 and further developed by Decree no. 66/2014);

the deposit guarantee mechanism, which has been established for the protection of 2.depositors in commercial banks (as per Decree no. 49/2010);

on microfinance matters, the incorporation and functioning of entities allowed to 3.operate in the microfinance market may be found in the Regulation of Microfinance, approved by Decree no. 57/2004; and

in terms of structural subjects, banking activities and credit institutions’ regulations 4.should also be noted, especially referring to minimum capital requirements and rules (as set out by BM Notice 07/GBM/2017) and bank card regulation (as per Notice of the BM, no. 10/GBM/2017), which assume a special relevance in a developing market such as Mozambique’s.

Vieira de Almeida Mozambique



Similarly to the internationally prevalent practice, banks established and authorised in Mozambique are allowed to engage in a variety of financial activities – as permitted by law, such as: accepting deposits from the general public; entering into credit transactions, including the granting of guarantees, and payment transactions; undertaking the issuance and management of means of payment (such as credit cards, travellers’ cheques and credit letters), as well as other transactions relating to money market instruments, financial instruments or foreign exchange instruments, whether for their own account or the account of others; activities related to the issue and placing of securities; safekeeping, administration and management services for securities portfolios; precious metal trading; and insurance marketing relations.

Banking or credit institutions that are established in Mozambique are also allowed to undertake analogous activities, insofar as they are not prohibited by law, such as finance leasing and factoring services, subject to prior BM authorisation.


In its capacity as regulator and supervisor of the Mozambican financial system, the BM has issued, from time to time, a number of Notices designed to address the specific needs of the Mozambican banking sector. To this end, various regulatory changes have been introduced, of which the following are of particular relevance: (i) changes to the rules and procedures relating to foreign exchange transactions; (ii) changes to the requirements and rules on the ratios and prudential limits of credit institutions; (iii) changes to the rules relating to own funds of credit institutions subject to the BM’s supervision; (iv) the introduction of prudential limits to the exposure of credit institutions; and (v) the introduction of a formula to be used in order to identify credit institution of systemic or quasi-systemic relevance.

Attention should also be drawn to the introduction of new minimum capital requirements for credit institutions, financial companies and microfinance companies, as well as to the rules applicable to payment of overseas transactions via international bank cards, as referred to in the following paragraphs.

It is important to highlight Notice no. 20/GBM/2017, which approves the standards and procedures for foreign exchange transactions, and to draw attention to the changes introduced with respect to the registration and authorisation of such transactions, which underscore the growing liberalisation and digitisation of these transactions. The implementation of a framework specific to the mining sector must also be highlighted, as this sector was not previously covered.

As a result of this Notice, credit institutions are now responsible for the registration of all foreign exchange transactions, and the requirement for prior authorisation for a considerably larger number of capital transactions has been simplified, in such a manner that, subject to the fulfilment of certain criteria, the same transactions may be deemed pre-approved by the BM. This evidences the commitment to the simplification of, and the reduction in the bureaucracy related to, foreign exchange transactions and, more generally, increasing procedural speed.

With regard to the dispositions which determine the ratio and prudential limits of credit institutions, we also highlight that Notice no. 08/GBM/2017 increases the solvency ratio for banks (from 8% to a minimum of 12% by 2020), which is a clear attempt to align with the Basel II recommendations, aiming to ensure adequate liquidity and solvency levels.




Notice no. 07/GBM/2017 approved the minimum capital requirements for credit institutions, financial companies and operators; it affects commercial banks only and raises minimum capital requirements from 70,000,000 MT to 1,700,000,000 MT, so as to better address the risks inherent to their business as well as current trends in the national economy. For overseas payments using international bank cards, such Notice has also introduced relevant regulation. The BM has, additionally, restarted the process of liberalising the use of international bank cards for overseas payments, withdrawing the annual 700,000.00 MT limit for such transactions.

Prior to that, and as a response to the 2008 crisis, and in order to prevent and mitigate negative financial impacts and/or crises in the banking sector, the BM issued Notice no. 02/GBM/2013 in an attempt to promote financial stability and to safeguard depositor interests, and the Mozambican banking system more generally.

Additional international relevance may be indicated in light of Notice no. 03/GBM/2013, which regulates Emergency Liquidity Assistance and aims to ensure the proper operation of solvent commercial banks, which continue to attract deposits but face temporary liquidity issues, as well as to mitigate any issues which could cause systemic problems in, and compromise the normal functioning of, the banking system.

It should be further noted that the BM has, under Notice no. 5/GBM/2018, established certain prudential limits to the exposure of credit institutions to other entities. Pursuant to the same Notice, which specifically targets the concern over concentration of exposure, limits are imposed which vary based on the nature of the relationship between the credit institutions and other entities. Further, the same prudential limits are determined on the basis of what percentage of the credit institution’s own funds each exposure to a given entity represents.

In order to increase its level of supervision, it is worth mentioning that the BM introduced the requirement for banks to regularly disclose information relating to their solvency and liquidity levels, as well as introduce a system under which credit institutions and financial companies which are sanctioned for offences are also publicly disclosed, so as to deter non-compliance and foster stability.

For the future, the BM intends to reinforce its supervision of such entities in order to avoid potential risks, and to adopt measures designed to ensure that institutions, as a whole, align with international practice and comply fully with all standards and recommendations, so as to safeguard the financial health of financial institutions. In the context of market stability maintenance measures, regulatory reform aligned with Basel II is anticipated which will reinforce supervision of the cross-border activity of institutions. A reform of the Credit Institutions and Financial Companies Law to include a framework for the resolution of banks, tailored to the Mozambican financial sector, is also anticipated.

Further, it should be noted that, pursuant to Notice no. 10/GBM/2018, 22 October 2018, the BM has introduced a formula to be used for the purpose of identifying all credit institutions of systemic importance within the Mozambican banking system. The formula is based on the credit institutions’: (i) size, in terms of market share within the domestic banking system; (ii) interconnectedness with other credit institutions; and (iii) substitutability, and it is to be applied annually to each credit institution. Thereafter, the BM shall compile a list including all banks of systemic or quasi-systemic importance and publish it, annually. It is expected that further legislation will follow concerning duties specifically applicable to entities included in the said list, the current legislation imposing only certain additional capital requirements for same institutions.





Banking financial institutions must be incorporated using one of the legal forms established by Mozambican law, usually in the form of a public limited company (sociedade anónima). Shares representing the relevant share capital are required to be nominative, thus allowing knowledge of the identity of the holder, and the share capital must be fully issued and paid-up at the time of the incorporation. These and other additional legal requirements, including the composition of the boards and senior management of banks, are set out in Law no. 9/2004, of 21 July 2004.

Law 9/04 stipulates the requirement of adequate experience for the performance of the specific role of those holding positions of responsibility in credit institutions and financial companies, in particular the members of the board of directors and members of the audit committee. Experience is deemed adequate when the person in question has previously and competently held positions of responsibility in the financial sector, or has a recognised degree of competence in economic, legal or management matters. The duration, responsibilities and nature of the prior experience must be commensurate with the nature and size of the financial institution in question.

The internal control structure applicable to credit institutions and financial entities has been primarily established by BM Notice no. 11/GGBM/99. Risk management and compliance rules are then further developed by BM Notice no. 9/GBM/2017 which, in addition to the internal regulation of accounting practices, business risk and adequate organisational structuring policies, imposes the adoption of prudential limitations and ratios, including limits to the concentration of risks that ought to be duly observed by the banks. Furthermore, BM Notice no. 04/GBM/2013 is a crucial piece of legislation, as it establishes the guidelines for risk management (Directrizes de Gestão do Risco) in order to guarantee the safe and robust operation of credit institutions in general, and for their risk-management systems in particular.

One of the most important roles of management is to create and maintain an effective control system, including adherence to reporting lines and the appropriate division of tasks such as between negotiation, custodial and back-office tasks. In effect, the appropriate division of tasks is an essential element to a robust, internal, risk-management-control system. Shortcomings in the implementation and maintenance of an adequate system for the division of tasks could lead to substantial losses, or in other ways compromise the financial health of the institution. The previously mentioned guidelines for management of such centralised services are, from time to time, reviewed by the BM, as supervisory entity of banking financial institutions.

In this sense and according to such guidelines, institutions must develop risk-management systems which should be reviewed at least once a year and should take into account the control and mitigation of the following risks: credit risk; liquidity risk; interest rate risk; foreign exchange rate risk; operational and strategic risks; and reputational, compliance and IT risks.

As influenced by European and American best practices, it is imperative that risk-management processes implemented by banking financial institutions in Mozambique should pursue the optimisation of the risk/return ratio with which such institutions are faced, and not risk minimisation as it is commonly understood, mainly by implementing four key processes:

(i) Identification: banking financial institutions must be able to identify existing or foreseeable risks;

(ii) Measurement: once identified, risks shall be measured in order to determine their impact on the returns or capital of the institution;




(iii) Control: once measured, the institution must establish and disclose risk-mitigation policies, standards and procedures, which should define responsibilities and lines of authority and together control exposure to the various risks inherent to the institution’s activities; and

(iv) Monitoring: institutions are required to implement an information and management system which effectively monitors risk levels and facilitates the timely adjustment of risk positions and exceptions.


Banks established in Mozambique, in line with other jurisdictions, notably in Europe, are required to comply with a number of requirements and rules to ensure an adequate level of liquidity and solvability. Previously mentioned Notice 04/GBM/2013 further develops the minimum levels of own funds, ratios and prudential limits which have been developed in order to ensure the sustainability of banking activities.

By way of introduction, the Mozambican financial system adopted the Basel II core principles, in the terms incorporated by BM Notice no. 03/GBM/2012 (fully applicable since 2014), aiming to implement in the Mozambican financial and banking sector more sophisticated risk-assessment techniques, particularly with regard to credit, market and operational risk. Such internationally harmonised principles have already been developed, in a primary form, by the Mozambican legislation, namely regarding minimum capital requirements and limitations; having adopted the Basel II principles, it is foreseeable that, in the future, the Regulator will focus on developing risk-assessment matters, especially regarding credit, operational and market risk, as well as market discipline rules, in line with the principles established in the abovementioned BM’s Notice.

Through Notice no. 04/GBM/2013, the BM began implementing prudential rules aligned with the Basel II principles. It established a set of guidelines, based on international best practice, regarding the categories of risk inherent to the most relevant banking activities in Mozambique, namely: credit; liquidity; interest rate; foreign exchange rate; and operational, strategic, reputational, compliance and IT risks.

That said, in terms of relevant rules in this respect, the minimum share capital requirement of 70,000,000.00 MT, as established by Notice 4/GGBM/2005, has been repealed by Notice 07/GBM/2017 and was, thereby, increased to 1,700,000,000.00 MT. This increase is a clear result of Basel II and, in short, seeks to implement a set of reforms designed to increase the quantity and quality of capital, to reduce leverage and pro-cyclicity, and to improve liquidity management. The understanding is that, together, these measures will achieve increased transparency of the financial system, an improved loss-absorption capacity and a significant reduction in the assumption of risk, which will result in a stronger, more resistant banking system in the face of adverse conditions, thus promoting the necessary confidence to foster sustainable economic growth.

Regulatory capital and liquidity requirements in Mozambique are derived from international standards, as the abovementioned Basel II rules, which should be understood as the new international accord on capital adequacy. Like its predecessor, this new regulatory framework defines its scope in three distinct pillars: Pillar 1 – Capital Requirements (capital, risk cover and leverage control); Pillar 2 – Risk Management and Supervision; and Pillar 3 – Market Discipline.

This being the case, Basel II encompasses a set of reforms conducive to the overall




strengthening of capital, which are principally reflected in the composition of financial institutions’ capital, not only through the increase to minimum requirements in terms of own funds, but also through the creation of capital standards, as envisaged by this new regulatory framework. In the same vein, the introduction of a new leverage ratio, together with the guidelines regarding counterparty credit risk and systemic risk, share the same objective.


For many years, there was no specific legal framework addressing the relationship between a bank and its customers in Mozambique. The Credit Institutions and Financial Companies Law did, however, contain a number of general duties with which banks had to comply with regard to their relationship with their customers.

Banking institutions in Mozambique were required to provide customers in each line of business with high levels of technical competence through the necessary human resources and materials for the provision of services, with an appropriate standard of quality and efficiency. Their actions must be organised in the light of principles of diligence, independence, loyalty, discretion and respect for the interests of clients and of the bank itself, with which they are entrusted, as well as compliant with applicable disclosure requirements (relating to rates applicable to lending and borrowing transactions and the cost of services rendered).

Further, the Mozambican Association of Banks (Associação Moçambicana dos Bancos), a non-profit organisation which pursues the development of technical, economic and social activities of banks operating and authorised in Mozambique, and of which all such banking institutions are members (the “AMB”), published in 2006 a Banking Code of Conduct (Código de Conduta Bancária) which sought to govern the relationship between AMB credit institutions, as well as the relationship of those institutions with their customers.

Most recently, the BM has enacted Notice no. 2/GBM/2018, under which the Code of Conduct for Credit Institutions and Financial Companies is set. Pursuant to the same code, which is legally binding, the conduct of the abovementioned entities shall be governed by principles of: (i) assistance to the client; (ii) celerity; (iii) clarity; (iv) competence and credibility; (v) integrity; (vi) legality; (vii) non-discrimination; and (viii) respect for good banking practices. The aforementioned code of conduct sets down certain specific duties for financial entities related to, inter alia, information to clients (e.g., about financial products), data protection, as well as abusive contractual clauses and practices.

The Mozambican banking sector includes a variety of credit institutions, each with its own scope of activity (such as financial leasing companies, credit cooperatives, investment companies, etc.). In spite of that, banking financial institutions are specifically authorised to undertake all activities within the scope of other credit institutions, as well as accepting deposits, credit and payment transactions, money market transactions, financial and foreign exchange transactions, and investment services.

In terms of specific authorised activities towards customers, similarly to other jurisdictions, namely in Europe, deposit-taking is an activity which only four categories of credit institutions may undertake: banks; micro-finance institutions; credit cooperatives; and credit and savings organisations. Among them, only banks and micro-finance institutions are authorised to take deposits from the general public, whilst credit cooperatives and credits and savings organisations may only take deposits from their members. As well as banks, investment companies, micro-finance institutions, credit cooperatives and microfinance operators can also undertake credit transactions.




Banks and brokerage firms are the only entities which may undertake money-market transactions for their own account. There is no banking ombudsman in Mozambique, nor does the concept of a class action exist.

It should also be mentioned that the Mozambican banking system has in place a Deposit Guarantee Fund (Fundo de Garantia de Depósitos) (the “FGD”), as established by Decree no. 49/2010, the objective of which is to refund deposits made in credit institutions, which cannot make such refunds, whether for reasons directly related to their financial situation or because their licence has been revoked. This fund is financed through periodic contributions made by credit institutions. The FGD currently guarantees up to 20,000.00 MT per depositor per credit institution.

Finally, due to the risk of money laundering activities being undertaken through cross-border bank transfers, the applicable legislation expressly requires that banks: (i) identify and verify the identity of the correspondent bank; (ii) gather sufficient information pertaining to the correspondent bank in order to understand the nature of its business and determine, in light of publicly available information, its reputation and the nature of its supervision; (iii) obtain necessary approvals from the correspondent bank’s management in order to establish the correspondent relationship, and document in writing the responsibilities of the correspondent and client bank; (iv) ensure that the client bank verifies the identity of, and applies all continuous monitoring measures regarding, clients with direct access to accounts in the correspondent bank; as well as (v) ensure that bank is authorised to disclose the necessary identification details of its customers.

Law no. 14/2013 (which approves the Law on the Prevention of Money Laundering) establishes the legal framework and preventative and suppression measures with regard to the use of the financial system and non-financial entities for the purpose of money laundering and financing terrorism. In essence, the Law establishes certain duties on financial institutions, such as the duty: to identify and verify the identity of their customers; to notify the Mozambican Financial Information Office (Gabinete de Informação Financeira de Moçambique) (the “GIFiM”) of any suspicious transactions; to refrain from effecting transactions in the event there are grounds to suspect a crime; and to cooperate with the legal authorities, among others.

Additionally, Decree no. 66/2014 of 29 October 2014 (Regulation on the Prevention of Money Laundering) establishes the procedures to implement the prevention and suppression measures laid down in the Law on the Prevention Money Laundering. In this regard, it is worth mentioning that the BM issued Notice no. 04/GBM/2015, which establishes the guidelines for, and steers financial institutions in regard to, the prevention of these types of crime.






Nuno Castelão


Nuno has been a Principal Consultant at Vieira de Almeida’s (VdA) Banking

& Finance practice since January 2017. In such capacity, he has been active

in financing transactions in Portuguese-speaking countries including Angola,

Mozambique and Timor-Leste, and has established the legal department of

Banco Nacional de Comércio de Timor-Leste in Díli, Timor-Leste.

Nuno previously worked in London for eight years in the International Capital

Markets department of Allen & Overy LLP, where he focused on financing

transactions (equity and debt), including debt programmes, issuances of Senior

Notes, Regulatory Capital, and Asset-Backed Securities. Nuno was also involved

in liability management transactions, and advised on banking regulatory.

Between 2000 and 2006, Nuno worked at VdA’s Banking & Finance

department, where he was involved in domestic and cross-border banking and

capital markets transactions.

Before 2000, Nuno worked in the Structured Finance Unit of the Portuguese

branch of ABN Amro Bank and in a Brazilian law firm in Sao Paulo, Brazil.

Nuno is admitted to the Law Society of England and Wales as a Solicitor, the

Portuguese Law Society as Advogado, the Brazilian Law Society – São Paulo

section – as Advogado and to the Timor-Leste Law Society (Conselho de Gestão e Disciplina da Advocacia de Timor-Leste) as Advogado.

Guilherme Daniel


Guilherme Daniel founded Guilherme Daniel & Associados in 2016. In such

capacity, he is actively involved in several matters mainly in Corporate, Energy

and Natural Resources (particularly, Oil & Gas) and Infrastructure.

He provided support to the Ministry of Energy and has participated in the

drafting of key legal instruments in the downstream petroleum sector

regulation since 2006.

Gonçalo Barros Cardoso


Gonçalo joined Guilherme Daniel & Associados in 2017, as an Associate, and

has concentrated his practice on matters related to Banking, Exchange Control,

Corporate and Energy & Natural Resources. He worked with Uría Menéndez –

Proença de Carvalho as a Trainee Lawyer and later as a Junior Associate, between

2014 and 2017, in the departments of Litigation, Corporate and Finance.

Gonçalo holds an LL.M. degree from the University of Cambridge and a Law

Degree from Universidade Católica Portuguesa. He is admitted to the

Mozambican Bar Association.

Rua Dom Luis I, 28, Lisbon, Portugal


Vieira de Almeida


Netherlands

Introduction

Following the financial crises between 2008–2013, EU (and Dutch) regulatory law has seen a historic overhaul unlike anything before. This has led to Dutch banks being subject to an extremely detailed, opaque and expansive set of regulatory requirements, and thus a significant increase in regulatory compliance costs.

The Dutch legislator has been highly critical of the banking sector. This resulted in some gold-plating rules above and beyond EU banking legislation. For instance, in the past few years there has been a continuous focus on stricter inducement, remuneration and ethical conduct regulations. This regulatory strictness does seem to have abated to a certain extent, possibly with the intention of attracting banks to the Netherlands after Brexit. Some non-EU banking groups have already decided to use the Netherlands as their EU hub.

As the financial crises have largely been overcome, banks are facing new – non-financial – challenges, and regulators and supervisors are shifting their attention accordingly. Three of those challenges, which have the full attention of Dutch supervisory authorities, are profitability, cyber-resilience and integrity.

New non-traditional market entrants, such as bigtechs and fintechs, as well as new technology, may put pressure on the business models of the banks. In a historically non-competitive market, Dutch banks are experiencing increasing competition from specialised mortgage credit providers and fintech (payment) companies. Banks are now also increasingly involved in developing fintech initiatives themselves to counter new competitive financial services providers. Dutch regulators appear to be open to such new initiatives.

Recent cyber-attacks have led to banks being on the highest alert regarding the way they manage their IT and Business Continuity risks. The trend towards mobile banking and own fintech developments make cyber-resilience even more urgent.

Also, in recent years, as a result of the ‘Panama’ and ‘Paradise’ papers, the global geopolitical situation and the market access of new, often unregulated financial market players, the Dutch regulators are increasingly focusing on integrity of the banking sector. This includes a tightening of supervision on customer due diligence, anti-money laundering, tax evasion and sanctions rules.


Dutch financial regulatory framework

The largest part of the Dutch legislation on the financial services industry is derived from European legislation. An increasingly smaller part consists of specific national rules.

Bart Bierman & Eleonore Sijmons Finnius



Regulatory rules are incorporated into the Dutch Financial Supervision Act (Wet op het financieel toezicht (Wft)) and further decrees and regulations. The Wft includes provisions on market entry, the integrity and soundness of business operations and internal procedures, governance requirements, capital requirements, the conduct of business, the offering of securities and prospectus requirements.

In addition to the Wft, many directly applicable EU regulations contain regulatory rules for Dutch financial institutions. We note that some of this EU legislation results from agreements within the Financial Stability Board or the Basel Committee on Banking Supervision, thus being in line with international standards.

As a result of the introduction of the Wft in 2007, the Dutch legislative and supervisory structure has changed from the traditional sectoral model to a functional model on a cross-sectoral basis. The Netherlands applies a ‘twin peaks’ model: there is a prudential supervisory authority and a conduct supervisory authority.

Dutch financial sector regulators

Prudential supervision in the Netherlands is primarily carried out by the Dutch Central Bank (De Nederlandsche Bank (DNB)). As a result of the EU Banking Union, prudential supervision on banks is also conducted by the European Central Bank (ECB). Conduct supervision is carried out by the Dutch Authority for the Financial Markets (Autoriteit Financiële Markten (AFM)). DNB and AFM cooperate in order to avoid overlap and to promote the efficiency and effectiveness of their supervision. The responsibilities and powers of the AFM and DNB are laid down in the Wft and the General Administrative Law Act (Algemene wet bestuursrecht).

DNB •DNB is responsible for prudential supervision of financial undertakings. It is also responsible for integrity supervision and supervises compliance with the Anti-Money Laundering and Anti-Terrorist Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme (Wwft)) by financial undertakings that fall under the scope of DNB’s prudential supervision. DNB assesses and enforces the adequacy of the procedures and measures implemented by financial undertakings to combat money laundering and terrorist financing. DNB is the central bank of the Netherlands and is, in that capacity, responsible for systemic supervision, oversight of the payment system in the Netherlands and monetary tasks.

DNB is a strict supervisory authority, but tends not only to focus on formalistic compliance with rules per se, but also on effects that it deems undesirable. In comparison to other supervisory authorities, DNB is generally less data-driven but more governance/conduct-driven.

ECB •As a result of the introduction of the EU Banking Union on 4 November 2014, the ECB is the main prudential supervisory authority for all banks with a seat within the euro currency area. This has significantly changed the role of DNB. The ECB now conducts direct prudential supervision on six significant Dutch banks, thereby closely working together with a national team of supervisors from DNB. Regarding less significant Dutch banks, DNB remains the direct prudential supervisory authority. Nevertheless, the ECB continues to be of great influence due to its powers to adopt regulations, create guidelines, recommendations and take binding decisions, all of which have to be followed by DNB. Furthermore, the ECB formally decides on approvals for banking licences and declarations of no-objection

Finnius Netherlands



(regardless of whether the relevant bank is significant or not). So far, it appears that the ECB is more formalistic and more data-driven than DNB.

AFM •The AFM is responsible for supervising the conduct of business of all financial undertakings that are active on the Dutch financial market. Conduct supervision focuses on ensuring orderly and transparent financial market processes and the exercise of due care in dealing with clients by financial undertakings. The AFM is also responsible for market abuse supervision, prospectus supervision and matters regarding the trading infrastructure.

The AFM is a strict supervisory authority that is not hesitant to impose formal measures such as fines or orders subject to a penalty – which measures are generally published – when the interests of consumers are at stake.


EU developments

As set out above, Dutch banking regulation is largely dictated by the EU. The main reasons for the EU’s interest in banking regulations are the recent financial crises. After the credit crisis and the euro crisis, the EU found that the effects of a failing bank could not be contained within national borders. There was a tight nexus between national EU Member States and their local banks. Banks appeared to have a significant amount of sovereign debt on their balance sheet, whilst national governments would have to bail these banks out if they were to fail, resulting in a vicious cycle.

As a result, there is a strong desire for one harmonised set of bank regulatory rules and methodologies at EU level, countering regulatory arbitrage and overly close ties between banks and their national supervisory authorities. Those harmonised rules are laid down in the so-called Single Rulebook. The EU consistently uses the directly applicable regulations more often. Through the EU Banking Union, the EU has created one uniform institutional banking supervisory mechanism.

Since the worst parts of the crisis seem to be behind us, the EU is increasingly looking for a consolidation, and even a clean-up of the regulatory framework for banks. The EU legislator is trying to perfect the post-crisis regulations and further harmonisation, all the while looking for rules that may stimulate the economy. Below we will list a number of current EU regulatory developments.

Brexit The UK’s vote to leave the EU has raised significant challenges for financial institutions operating in and from the UK. To prevent possible future EU market access limitations, some UK banks are considering creating EU continental subsidiaries in another Member State.

Due to logistical reasons, financial services infrastructure, workforce, language skills, tax structure and quality of life, the Netherlands is generally considered a suitable option for an EU-based regulated subsidiary. However, the Dutch 20% bonus cap is considered a disadvantage.

Although Brexit is imminent, the full implications of Brexit for banks and other financial institutions still remain unclear. Although there are UK temporary transitional regimes in place, for which EU banks and other financial institutions may register for providing services into the UK, there is currently still no clarity or agreement on the permanent set-up after

Finnius Netherlands



Brexit. Even if there will be no EU passport into or from the UK, there might be a regulatory equivalence regime. ‘Equivalence’ would mean that the EU would consider the standards of regulation and supervision in a bank’s non-EU home state to be equivalent to those of the EU. That would allow for a lighter market entry regime for those banks.

CRD V and CRR II Although CRD IV and CRR entered into force only five years ago, the European Commission (EC) has already reviewed and revised CRD IV and CRR in 2016, and the EU Council published compromise proposals in early 2018. The proposed “CRD V and CRR II” measures aim to further reduce risk in the banking sector. It is expected that agreement on these proposed measures will be reached mid-2019, which would mean that they could enter into force in the course of 2021.

Some of the proposed measures likely to have the greatest impact on banks are:

1. Banks’ capital requirements

Some of the existing capital requirements will be set as mandatory minimum rules. For example, a binding leverage ratio of 3% will be introduced. Also, a liquidity requirement for long-term assets, the Net Stable Funding Ratio (NSFR), will be mandatory to comply with.

Certain existing capital requirements will be amended to further de-risk banks and to take account of systemic importance. For example, the quality of capital that can be taken into account to calculate the large exposures limit (only Tier 1 capital) will be improved.

The conditions under which supervisory authorities may require Pillar 2 add-ons to a bank’s capital buffer will be harmonised and enhanced.

2. Group structures

The new rules introduce an approval requirement for the holding companies of banking groups and financial conglomerates. An EU intermediate holding company is required for non-EU significant bank groups with more than two EU entities.

3. Proportionality

The new proposals contain measures aimed to apply a regulatory requirement on a proportionate basis, taking into account a bank’s size and complexity. This includes proportionality with respect to remuneration. One of the amendments consists of exempting deferred variable remuneration and payment in non-cash instruments with respect to: (i) banks with a balance sheet total of €5 billion; or (ii) persons receiving variable remuneration of less than €50,000 (being less than 25% of that person’s annual salary).

MiFID II The Markets in Financial Instruments Directive (MiFID) has been reviewed and amended, resulting in “MiFID II” and the regulation “MiFIR”. The MiFID II legislative package entered into force in all EU Member States on 3 January 2018.

Some MiFID II highlights are:

the introduction of a new regulated trading platform – Organised Trading Facility (OTF) •– intended to capture trades that are currently executed on non-regulated platforms (such as certain derivatives and bond trades);

strengthened pre/post-trade transparency reporting requirements; •

Finnius Netherlands



stricter governance requirements and more accountability on investment firms’ senior •management;

new and stricter rules for commodity derivatives trading; •

new rules relating to the increased use of technology performed electronically at very •high speed (e.g. high-frequency trading); and

investor protection to safeguard clients’ interests by providing the client with increased •information on products and services. This also includes enhanced product governance and inducement rules.

BRRD/SRMR

The Bank Recovery and Resolution Directive (BRRD) and the Single Resolution Mechanism Regulation (SRMR) provide for measures relating to the recovery and resolution of failing banks. Under the Banking Union, the SRMR sets out a single resolution framework for significant banks, and has introduced a common resolution authority: the Single Resolution Board (SRB).

Provisions of the BRRD and the SRMR include, inter alia, resolution powers and instruments like the bail-in tool. If the resolution authority deploys bail-in, certain types of the bank’s debt can be written off or converted into share capital. Banks must have up-to-date recovery plans in line with the BRRD and the SRMR. The resolution authority will draw up a resolution plan for every bank. The bank can be asked to provide input for the purpose of the resolution plan. Furthermore, banks are subject to Minimum Requirements for own funds and Eligible Liabilities (MREL).

In order to properly apply the available resolution tools, the BRRD and the SRMR grant resolution authorities the right to impose temporary restrictions on termination rights of any party to a financial contract with a bank under resolution. The suspension of termination rights is only allowed when the bank continues to perform its delivery and payment obligations, and as a temporary measure.

The EC has proposed to amend the BRRD and the SRMR. The amendments seek to further strengthen, harmonise and specify the recovery and resolution frameworks. The proposed amendments include the following:

The introduction of the Total Loss Absorbing Capacity (TLAC) requirement for Global •Systemically Important Banks (G-SIBs), which requires them to hold a minimum level of capital and other instruments that can absorb losses in case of resolution of the G-SIB. This requirement will be integrated in the existing MREL requirement.

The MREL will be lowered to twice the applicable capital requirements and an add-on •is only possible though an MREL guidance, which can only be enforced when this guidance is deliberately ignored by the bank.

A moratorium tool that can be applied by the supervisory authority in the early •intervention phase (i.e. pre-resolution) with respect to a bank’s payment obligations. These payment obligations can be suspended for a maximum of five days.

Another amendment related to resolution is the provision of an EU harmonised hierarchy for specifically issued ‘non-preferred’ unsecured debt instruments (senior debt). This facilitates banks to issue a new class of loss-absorbing debt instruments that can be used for a possible bail-in under the BRRD. This new “non-preferred” debt instrument meets the BRRD’s MREL and the TLAC. These provisions for the new debt instrument were included in a separate directive which was implemented in Dutch law in 2018.

Furthermore, the SRB will continue the implementation of its oversight function with regard

Finnius Netherlands



to less significant banks in order to further harmonise resolution mechanisms across Member States.

Capital Markets Union

In September 2017, the EC published new proposals for stronger and more integrated European financial supervision for the EU Capital Markets Union, building on its 2015 Capital Markets Union Action Plan.

By creating a Capital Markets Union, the EC is trying to stimulate the economic growth potential of Europe by strengthening and diversifying financing sources for European companies and long-term investment projects. The subsequent CMU proposals are numerous and cover a broad area.

For instance, the EU has adopted a Regulation on securitisation, which entered into force on 1 January 2019, with the purpose of promoting a safe and liquid market for securitisation. Recent CMU-related proposals include, among other things: (i) an action plan for financing sustainable growth and legislative proposals for sustainable finance; (ii) guidance on protection of cross-border EU investments; (iii) an action plan for financial technology (fintech); (iv) proposals for regulation on crowdfunding; and (v) proposals on covered bonds, investment funds and assignment of claims.

Developments in the Netherlands

Over the past few years, the Dutch government has been very critical of the banking sector. As a result, it has introduced a number of rules that are stricter than the EU standard or which supplement the EU rules. For instance, in recent years, the Dutch Act on the Remuneration Policy of Financial Undertakings introduced a 20% bonus cap applicable to all employees of Dutch financial undertakings. This created a more stringent bonus cap than the European standard laid down in CRD IV. Furthermore, the Dutch legislator has focused on the banking sector’s integrity. It has, for instance, introduced a bankers’ oath applicable to all bank staff. Such an oath is linked to a code of conduct, with disciplinary rules applicable to all employees in the Dutch banking industry. If such employees violate their oath, they can be sanctioned by a disciplinary board.

Despite the fact that the Netherlands currently has a government that promotes and facilitates the Dutch business environment and scope, self-regulation was left to the banks – for example, with regard to a code of conduct in relation to SME loans. Recent announcements of the Ministry of Finance indicate that the rules for banks, especially in the field of remuneration, are unlikely to be eased in the near future.

Each year a Dutch Financial Markets (Amendment) Act (Wijzigingswet financiële markten) is presented and adopted. For 2019, the legislative proposal for this Act contains mainly integrity-related topics. For example, DNB and the AFM will have the possibility to change, limit or withdraw a licence of a financial undertaking in case the undertaking violates the sanctions rules.

Another relevant development is that the Dutch legislator is still in the process of implementing the Second EU Payment Services Directive (PSD2). While it should have been implemented on 13 January 2018, in the Netherlands it will likely be implemented in the first quarter of 2019. The implementation act has been adopted by Dutch Parliament, but at the time of writing it is still to be determined when this act will enter into force. Under PSD2, banks must among other things share their payment account data with third-party payment services providers through open application programming interfaces (“APIs”), and securely authenticate all account access and payment authorisations.

Finnius Netherlands




Dutch banks are subject to a large number of detailed requirements on governance and internal controls. This section lists the key requirements. We note that a very important source of governance requirements for Dutch banks is the EBA’s Guidelines on Internal Governance. The governance of a bank should be designed and implemented on the basis of the principle of proportionality. Some governance provisions only apply to significant banks, given their size, internal organisation, scale and the complexity of their operations.

Suitability and integrity screening

All daily policymakers – which includes management board members and supervisory board members – of a bank are subject to a prior suitability test and integrity screening, and have to pass both. For banks, the so-called “Fit and proper” tests are conducted by DNB and/or ECB (depending on the significance of the relevant bank).

As of 1 April 2015, suitability and integrity screening is extended to staff members who are hierarchically positioned directly below the management board and who can influence the risk profile of the bank. This is called the ‘second echelon’ and usually includes senior management, such as heads of control functions (key function holders) within the bank. The bank itself must determine which staff members fall into this category, and must initiate the relevant procedures.

Furthermore, parties seeking a declaration of no-objection for holding or acquiring a qualifying holding in a bank will also be screened for integrity. A participation in a bank can be a “qualifying holding” when it represents a direct or indirect stake of at least 10% of the shares and/or voting rights in the bank.

Dutch suitability testing is generally very thorough and is based on the supervisor’s assessment of many (subjective) competences of a candidate.

Supervisory board committees

A Dutch bank must have a supervisory board. The supervisory boards of banks are required to establish certain committees. The following committees may be required, depending on a bank’s significance:

a nomination committee; •

a risk committee; •

a remuneration committee; and •

an audit committee. •

Internal control environment

Banks are required to ensure controlled and sound business operations. They must have an adequate organisational structure and clear reporting lines. According to the Wft, the internal organisation should include:

a ‘three lines of defence’ model, which has: •

an organisational unit that monitors if the business line is in compliance with legal •regulations and internal rules of the bank (compliance function, second line of defence); and

an organisational unit that assesses independently, at least annually, whether the •organisational structure is effective (audit function, third line of defence);

a risk management department, that should assess and manage risk – such as credit risks, •market risks and operational risks;

Finnius Netherlands



a customer due diligence process; •

a systematic integrity risk analysis; •

a procedure on the prevention of conflicts of interest; •

a procedure on the administration and reporting of incidents; and •

a recovery plan in case of financial difficulties. •

Significant banks are also required to have an independent risk-management function that is subject to additional rules. This function should be entirely independent from other operational functions and have direct access to the management and supervisory board. It must also have the authority to report directly to the supervisory board, if necessary.

DNB has named the prevention of financial-economic crime as one of its supervisory priorities for 2019. This aspect of supervision is not part of the SSM, which leaves DNB as the primary integrity supervisor for both significant and less significant banks.

Sound remuneration policies

The financial crisis has led to national and international scrutiny on whether incentives generated by bank executives’ remuneration schemes led to excessive risk-taking. This has resulted in remuneration rules for banks included in CRD IV. These rules are applicable to senior management and so-called ‘identified staff’. The CRD IV remuneration rules contain, for instance, requirements to defer part of the variable remuneration over a period of three to five years, and to pay out a part of the variable remuneration in non-cash instruments.

At a national level, the Act on Remuneration Policy (Financial Enterprises) (the Dutch Remuneration Act) entered into force on 7 February 2015. The Dutch Remuneration Act contains stricter rules than the remuneration rules in CRD IV, most notably the bonus cap of 20% of the fixed annual remuneration. The Dutch Remuneration Act is applicable to all types of regulated financial undertakings and their subsidiaries, and the bonus cap applies to each person working under the responsibility of the bank. A few exceptions to the 20% bonus cap are available. However, constructions to circumvent the bonus cap and other rules laid down in the Dutch Remuneration Act are explicitly prohibited as well.

Outsourcing of functions

The outsourcing of certain functions by banks is permitted but is subject to strict conditions. One of these conditions is that an outsourcing agreement should be in place. The bank itself remains responsible for the performance of outsourced functions and activities.


Dutch banks are subject to a very detailed set of capital requirements regulations set out in CRD IV, CRR, and a large number of underlying binding technical standards and guidelines. The CRR contains the European implementation of the Basel III Framework. As an EU regulation, the CRR is directly applicable in the Netherlands. As an EU Directive, CRD IV has been implemented in the Netherlands in the Wft. CRR and CRD IV became fully effective on 1 January 2014.

In a nutshell, the CRD IV/CRR framework contains the following capital requirements:

Minimum own funds: a bank must maintain a buffer consisting of own funds in relation •to the risk-weighted exposure of its assets. The capital buffer must be at least 8% and may be much larger, with possible additional buffers such as a capital conservation buffer, a counter-cyclical buffer and a buffer for systemic importance. Furthermore, the bank’s supervisor may impose higher ‘Pillar II’-buffers. The buffers must be met

Finnius Netherlands



with capital instruments that meet a number of requirements. The capital can consist of equity (Common Equity Tier 1), subordinated perpetual capital instruments that are contingently convertible into equity (Additional Tier 1) and subordinated loans with a maturity of more than five years (Tier 2).

Liquidity Coverage Ratio (LCR): a bank must have a liquidity buffer that consists of •sufficient liquid assets to cover a bank’s net outflows in a stressed period of 30 days. The buffer must be higher than the outflows. The relevant assets are weighted based on their liquidity.

Net stable funding ratio (NSFR): a bank currently only needs to disclose its NSFR •ratio, which reflects the bank’s stable funding in relation to its long-term assets (such as mortgage loans). Pursuant to the CRR 2 proposals mentioned above, the NSFR will become a mandatory requirement.

Leverage ratio: The leverage ratio is an unweighted capital requirement and is •determined by dividing a bank’s total Tier 1 capital by that bank’s unweighted exposure (consisting of the bank’s assets plus off-balance items). Currently, a bank only has to disclose its leverage ratio. Pursuant to the CRR 2 proposals mentioned above, a leverage ratio of at least 3% will become mandatory.

The competent supervisory authorities (ECB for significant Dutch banks and DNB for less significant Dutch banks) assess the banks’ capital position annually. The assessment is part of the annual Supervisory Review and Examination Process (SREP). The ECB has determined a harmonised approach for all national supervisory authorities for conducting the SREP. Depending on the outcome of the SREP, the authorities may impose additional ‘Pillar II’ capital requirements on a bank.

We note that as of December 2017, some changes to the Basel III Framework (Basel 3.5 or Basel 4) were published. Among other things, a capital output floor of 72.5% based on the standardised approach is introduced. The Basel 3.5 framework will only take effect once transposed into EU legislation, which will likely not occur before 2022.


Duty of care

The Wft contains various provisions regarding the duty of care of banks in relation to its clients. Generally speaking, the degree of protection depends on the type of client and degree of professionality of the client. Professional clients need less protection than retail clients.

The duty of care also differs per financial service provided by banks. Consumer protection rules apply, for instance, to the provision of loans (consumer credit and mortgage loans) and regular banking activities, such as deposits. If banks provide these services to parties acting in the course of their business, the protection requirements do not apply. When it comes to investment services (under MiFID), professional investors are also protected.

The duty of care requirements largely consist of providing detailed information before entering into any agreement with the client, and during the contractual relationship as well (when a transaction is executed, for example). Banks are also often required to verify whether the specific financial service is suitable for the client, based on their personal situation. Apart from the regulatory duty of care, there can also be a duty of care under civil law which, if violated, can lead to liability for damages suffered by the customer or even a third party.

Finnius Netherlands



Integrity (Anti-money laundering, etc.)

The European Anti-Money Laundering Directives are implemented in the Dutch Anti-Money Laundering and Anti-Terrorist Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme (Wwft)). The purpose of the Wwft is to combat money-laundering and the financing of terrorism. The Fourth EU Anti-Money Laundering Directive was implemented into Dutch law in 2018. The Fifth EU Anti-Money Laundering Directive needs to be implemented in January 2020.

The adequacy and effectiveness of the procedures and measures implemented by financial institutions to combat terrorist financing and money laundering are assessed and enforced by DNB. Banks must conduct customer due diligence when onboarding a new client. The scope of such due diligence must be risk-based (low, medium, high risk), depending on the type of client, jurisdiction, the service provided, the distribution channel, etc.

The monitoring of integrity risks in relation to, for instance, money laundering, continues to be a high priority in DNB’s supervision. DNB requires each bank to employ a systematic integrity risk analysis (SIRA). The SIRA is a cyclical process, which consists of: i) the identification of risks; ii) the assessment of the likelihood of a specific risk occurring; iii) the determination of the most important risks; and iv) decisions on control measures to be taken. This process should be reviewed by the financial undertaking on a regular basis.

Deposit Guarantee Scheme and Investor Compensation Scheme

If a bank is bankrupt and thus no longer able to meet its obligations, its clients can rely on the Deposit Guarantee Scheme or the Investor Compensation Scheme if certain criteria are met. Both are based on EU legislation. The Deposit Guarantee Scheme guarantees an amount of €100,000 per person per bank, regardless of the number of accounts held. The Deposit Guarantee Scheme is pre-funded. In other words, Dutch banks must contribute to a Dutch Deposit Guarantee Fund on the basis of the size of their activities. We note that, in view of the EU Banking Union, there are currently proposals for a European Deposit Insurance Scheme at an EU level. However, these plans are politically controversial, and it is not clear when they will be realised.

Retail investors who are provided with an investment service or ancillary service, or who put their financial instruments in the care of a bank, will be compensated if the bank is no longer able to meet its obligations under the investment service agreement. The maximum amount compensated is €20,000 per person.

Alternative dispute resolution regarding financial services

In the Netherlands, all financial services providers must be affiliated with the Dutch Financial Services Complaints Tribunal (Klachteninstituut Financiële Dienstverlening (KiFiD)). KiFiD is a form of alternative dispute resolution. The aim of KiFiD is to provide an accessible facility for consumers who have a dispute with or alleged claim against their financial services provider. KiFiD offers mediation facilities in the form of an ombudsman. KiFiD also offers an alternative judicial procedure. KiFiD is only able to give a binding judgment if both parties agree thereto.

Finnius Netherlands



Finnius Netherlands


Bart Bierman


Bart is a partner at Finnius. He advises banks and other financial institutions

on the impact of regulatory law, financial civil law and derivatives law on

their business. He focuses on regulatory rules impacting a financial

institution’s capital, internal organisation, governance and group structures.

Bart advises, for instance, on the Capital Requirements Directive and

Regulation (CRD IV/CRR), the Bank Recovery and Resolution Directive

(BRRD), the Banking Union (SSM and SRM), the Payment Services Directive

(PSD II) and the Markets in Financial Instruments Directive (MiFID II).

Bart is recommended in The Legal 500 EMEA guide, Banking & Finance:

Regulatory. The Legal 500 2017 writes: “Bart Bierman combines ‘accuracy’

and ‘good knowledge of the industry’.” Chambers Europe recognises Bart as

a notable practitioner in its 2018 guide. Bart frequently publishes articles in

law journals and in literature. He also regularly lectures on regulatory topics.

He is a visiting lecturer at the Financial Law Master at Leiden University.

Eleonore Sijmons


Eleonore is an associate at Finnius. She advises banks and other financial

institutions on different regulatory topics, such as capital requirements

(CRD/CRR), market access and authorisations, governance and internal

procedures. Eleonore previously worked as a supervisor at the Dutch Central

Bank, supervising a significant bank. She is familiar with the world of

European prudential supervision.

Jollemanhof 20A, 1019 GW, Amsterdam, The Netherlands

Tel: +31 20 767 01 80 / URL: www.finnius.com

Finnius


Nigeria

Introduction

‘Banking regulation’ refers to the processes and procedures adopted by banking regulators to oversee, regulate, monitor or control the activities of any or all banking institution(s). These processes define the parameters within which banks should operate and subjects them to certain requirements, guidelines and restrictions aimed at promoting market transparency between banking institutions and their customers.

The banking sector occupies a vital position in the Nigerian economy and therefore subjects itself to constant reform, to enable it to function efficiently. The reforms have been directed principally towards financial intermediation and financial stability, to inspire confidence in the system.1 The 2004 reforms are still seen as the most impactful in the Nigerian banking regime, as they led to the consolidation of the banks by raising their capital base from 2 Billion Naira to 25 billion Naira, and a reduction in the number of banks from 89 to 25 in 2005.2 Although the number of commercial banks in the country reduced drastically during this period, the banking sector purportedly retained reasonable asset value as a result of the consolidation.

The overall impact of the banking system reforms in Nigeria seems to have had two dimensions; on the one hand it has favoured economic growth, as it has generated more employment opportunities and provided abundant resources for industrialisation; on the other, it has increased the wealth of shareholders and directors and narrowed the prospects for inclusive national growth.3

Currently, the Central Bank of Nigeria (CBN) maintains that foreign investment has fallen sharply from 2017 but that the outlook for the Nigerian economy in the second half of 2019 is “optimistic” given higher oil prices and production; however, rising foreign debt and uncertainty surrounding the 2019 presidential election have been a drawback for existing reforms in the banking sector.4

This chapter seeks to give an overview of: the current structure of the Nigerian Banking industry; the regulatory bodies and key legislation overseeing this industry; the proposed banking regulatory reforms sought to be adopted; and an insight into the ethics, best practices and related issues concerning overall governance in the Nigerian banking and financial sector.


Primarily, the Central Bank of Nigeria (CBN) is the key regulatory body of the banking sector. The CBN is responsible for the overall supervision of banking policies and consumer protection in the banking industry.5 The CBN regulates these two key sectors via the sub-departments housed within the CBN, namely: banking supervision & other financial institutions; and the consumer protection department. In respect to consumer protection,

Dr. Jennifer Douglas-Abubakar & Ikiemoye Ozoeze Miyetti Law



the CBN is aided by SERVICOM, which is an acronym for Service Compact, established in 2004 to promote effective and efficient service delivery in the MDAs (Ministries, Departments & Agencies). SERVICOM is an institutional mechanism conceived to fight service failure by ensuring that organs of government in Nigeria deliver to citizens and other residents in the country the services they are entitled to.


The foremost laws governing the regulation of banks in Nigeria is the Banks and Other Financial Institutions Act (BOFIA) 1991 (As amended) and the Central Bank of Nigeria Act 2007. These laws empower the Central Bank of Nigeria (CBN) to supervise and regulate banks and other financial institutions in Nigeria. The CBN is the apex regulatory and supervisory body for the Nigerian banking industry. However, there exists other legislation that assists with the regulation of banking operations in Nigeria. These include:

Companies and Allied Matters Act (CAMA) 1990: This legislation establishes the 1.Corporate Affairs Commission, which regulates all registered companies in Nigeria including banks and other financial institutions.

Nigerian Deposit Insurance Corporation Act 2006: This Act establishes the Nigerian 2.Deposit Insurance Corporation (NDIC). The Corporation is responsible for insuring all deposit liabilities of licensed banks and other deposit-taking financial institutions operating in Nigeria. They equally assist the monetary authorities with formulating and implementing banking policies to ensure sound banking practices and fair competition among financial institutions.

Foreign Exchange (Monitoring and Miscellaneous Provisions) Act 1995: This Act 3.established the Foreign Exchange Market and provides the regulatory framework for foreign exchange transactions in Nigeria.

Financial Reporting Council of Nigeria Act 2011: This Act established the Financial 4.Reporting Council of Nigeria. The council has powers to enforce compliance with accounting, auditing, corporate governance and financial reporting standards. It also develops and publishes accounting and financial reporting standards for the preparation of financial statements of public interest entities, which include banks and other financial institutions.

Economic and Financial Crimes Commission (Establishment) Act 2002: This Act 5.establishes the Economic and Financial Crimes Commission. The agency is charged with effectively coordinating the fight against money laundering and financial crimes. The EFCC collaborates with the CBN on the anti-graft war and helps with the review of BOFIA laws in order to find solutions to money-laundering trends and other corrupt practices.

Investments and Securities Act 2007: This Act establishes the Securities and Exchange 6.Commission (SEC). The SEC is responsible for the regulation of the capital market to ensure protection of investors; maintain a fair, efficient and transparent market; and reduce systemic risk. It is important that a majority of the banks in Nigeria fall within the category of public limited liabilities companies and are within the regulatory powers of SEC.

Asset Management Corporation of Nigeria Act 2010: This Act establishes the Asset 7.Management Corporation of Nigeria for the purpose of efficiently resolving the non-performing loan assets of banks in Nigeria.

Though there are no specific roles played by supra-national regulatory bodies in Nigeria, the CBN has on behalf of the country, signed several treaties and agreements with friendly

Miyetti Law Nigeria



neighbouring nations; seeking to partner with each other in the harmonisation of their monetary and fiscal policies as well as modelling a cause that could lead to the creation of an ECOWAS Single currency. Such agreements gave rise to the establishment of the West African Monetary Agency (WAMA) in 1996, and the West African Monetary Zone in 2000.

Restrictions on the activities of banks

To preclude any aberrations in banking activities, notable restrictions have been imposed on Nigerian banks. These include: restrictions on the use of unstructured supplementary service dates (USSD) for the transfer of funds which provides for daily withdrawal limits;6 the regulation on the Scope of Banking Activities & Ancillary Matters 2010, which introduced a narrower banking model; and the limitation on Nigerian banks performing non-banking activities such as insurance and security businesses. These restrictions have led to the divestiture of non-banking activities of banks, and further reconstitution of banks into holding companies that own separate banking and non-banking subsidiaries.7

Recent, impending or proposed changes to the regulatory architecture

The CBN has proposed a maximum capital base of 100 Billion Naira for banks operating in Nigeria.8

This initiative aims to allow banks with the proposed maximum capital base to operate internationally, while other national banks whose capital falls below the threshold would be confined to operating nationally.

Equally, there is a suggestion for the banks’ present structure to evolve into a holding company module, with the parent company holding investments in banks and the non-core banking independent subsidiaries. The CBN plans to prescribe separate minimum share capital requirements for each category of banks; this seems to be a reversal of the 2000 and 2005 reforms in the banking sector and is meant to promote growth in the Nigerian banking industry.9


Since the 2008 financial crisis, there is an emphasis on due diligence with respect to loan processing, fee recognition and service charges to customers. Equally, banks have been mandated to report performing and non-performing loans, and treasury trades activity with respect to fixed income and forex.

Recovery and resolution regimes

The Nigeria Deposit Insurance Corporation (NDIC) is empowered to provide financial and technical assistance to failing or distressed banks in the interest of depositors. Types of failure-resolution mechanisms the Corporation has implemented include;

(a) Financial Assistance: this is a form of Open Bank Assistance (OBA), in which an insured bank in danger of failing is allowed to continue to operate by giving the failing bank some assistance in the form of a direct loan, guarantee for loan taken by the bank or acceptance of accommodation bills.

(b) Technical Assistance: the authorities’ intervention could take the form of takeover of management and control of the bank, changes in management or assisted merger with another viable institution.

(c) Purchase and Assumption Transaction: this is a resolution transaction in which a healthy bank purchases some or all the assets of a failed bank and assumes some or all the liabilities of the failed bank.

Miyetti Law Nigeria



(d) Bridge bank: a bridge bank refers to a temporary bank established and operated by the deposit insurer to acquire the assets and assume the liabilities of a failed bank until a final resolution can be accomplished.

A crucial part of the resolution process was the establishment of the Asset Management Corporation of Nigeria (AMCON) by the AMCON Act. The rationale behind establishing AMCON was to achieve a resolution of the banking crisis with minimal impact on depositors, other creditors of the banks, and taxpayers. AMCON is used as a vehicle to free the banks from the weight of their non-performing assets and accelerate the resolution process in the banking industry.

The CBN also makes an annual contribution of 50 billion Naira into the banking sector Resolution Cost Fund – established for the purposes of paying the AMCON bonds from 2011–2020.

The most recent example of recovery and resolution regime in Nigeria is the takeover of Skye Bank by a bridge bank, Polaris Bank (driven by the AMCON). The CBN, in conjunction with Nigeria Deposit Insurance Corporation (NDIC), created Polaris Bank to assume all assets and liabilities of Skye Bank. The NDIC not only insured all customer deposits with Skye Bank, it also injected 786 billion Naira into Polaris. The strategy is for AMCON to capitalise the bridge bank and begin the process of sourcing investors to buy out AMCON.

Rules on derivative trading

Nigerian banks and financial institutions are subject to the rules on derivatives trading.

In Nigeria, parties trading in derivatives must properly document their transactions and state the rights and obligations of all parties to the transactions. In 2011, the CBN issued the Guidelines for FX derivatives in the Nigerian Financial Markets. The Guidelines regulate the activities of authorised dealers of foreign exchange (i.e. banks, bureaux de change and discount houses) in regard to derivative trading. Derivatives are also regulated by the Securities and Exchange Commission of Nigeria (SEC).

Under the definition of ‘securities’, the Investment and Securities Act (ISA) 2007 includes futures, options and other derivatives. Section 54 of the ISA also mandates a public company that enters into derivative trading to register it with SEC.

The Nigerian Stock Exchange (NSE) also has a Rulebook of the Nigerian Stock Exchange Derivative Market and on December 28, 2017, the NSE stated that it would create a guideline for listing and trading of derivatives on its platform. The guidelines would regulate the activities of trading members and other market participants in the Exchange Traded Derivative markets. The NSE and the Nasdaq in July 2017 also announced the launch of a new market surveillance platform which processes real-time market information to detect anomalies.

Fintech

Although there is no specific or single legislation regulating fintech businesses in Nigeria and no regulation exists for crowdfunding, the CBN has shown significant interest in promoting and regulating fintech in Nigeria.

The CBN, in conjunction with NDIC, has set up a committee to create guidelines and policies for technology and technological developments. SEC has also indicated interest in regulating crowdfunding in Nigeria. An NGO called FinTech Association of Nigeria has over 60 corporate members, spread across several sectors. The NGO has interfaced with a lot of government agencies and associations like the Central Bank of Nigeria (CBN), National Insurance Commission (NAICOM), Security & Exchange Commission (SEC), and the Nigerian Communication Commission (NCC).

Miyetti Law Nigeria



The most prevalent fintech businesses in Nigeria are mobile payment, mobile lending and personal finance. Regulations and regulators for fintech businesses differ and depend on the type of business – a list of the regulations are outlined below:

(a) Lending: BOFIA allows for the registration of marketplace lenders as Banks or Other Financial Institutions. Additionally, all marketplace lenders must register as money lenders in accordance with the Money Lender Laws of the state they operate in.

(b) Payments: CBN regulates mobile payment and transfers by virtue of the CBN Guidelines on Mobile Services in Nigeria 2015. The Nigerian Communications Commission (NCC) regulates fintech businesses where the services provided involve mobile phones by virtue of the Licence Framework for Value Added Services issued by the NCC.


The Code of Corporate Governance for Banks and Discount Houses 2014 categorically provides that the board of directors of a bank and its management are accountable and responsible for the performance and affairs of the bank, in line with the provisions of the Companies and Allied Matters Act (CAMA) 2004. The Governance Code states that the board shall be made up of qualified persons of proven integrity who shall be knowledgeable in business and financial matters and who shall be in conformity with the CBN Guidelines on Fit and Proper Persons Regime. The guidelines provide the qualification criteria for the appointment of a person to the management team of a bank.

The Code, on the other hand, further states that there shall be a minimum number of five and maximum number of 20 directors on the board. The board shall consist of executive, non-executive directors and independent directors, with the number of non-executive directors exceeding the executive directors. The reasons for the appointment of the independent directors are in line with Corporate Governance best practices: to ensure the appointment to the board of persons who have no material relationship with the bank – a relationship which may impair the director’s ability to make independent judgments or compromise the director’s objectivity.

In a bid to ensure stability and the introduction of new ideas, the Code limits the tenure of a non-executive director to a maximum of three (3) terms of four (4) years.

The guidelines prescribe the term of an independent director to a maximum of two terms of four years each, and encourage the banks to have a clear succession plan for their executive directors.

In determining the remuneration to be paid to directors, the Code states that particular attention shall be paid to ensure that banks align the executive and board remuneration with the long-term interests of the bank and its shareholders. To further ensure accountability, a committee of non-executive directors shall determine the remuneration of the executive directors, and executive directors shall not be entitled to receive sitting allowances or directors’ fees.

Banks are to disclose the following regarding remuneration in their annual reports:

details of the shares held by directors and their related parties; •

the remuneration policy of the bank put in place by the board; •

total executive compensation, including bonuses paid/payable; •

total non-executive directors’ remuneration, including fees, allowances; and •

details of directors, shareholders and their related parties who own 5% or more of the •banks’ shares.

Miyetti Law Nigeria



Essentially the board is responsible for overseeing the management of the bank’s compliance with laid-down rules, regulations and laws. This task is made easier when the bank has a designated unit or department solely focused on compliance.

In a bid to combat the laundering of proceeds of crime or other illegal acts, Section 9(1) of the Money Laundering Prohibition Act 2011 mandates every financial institution and designated non-financial institution to assign an officer of the company who is at management level at its head office and all its branches, who shall be the compliance officer. In a bid to lessen the burden on banks and make compliance with this directive easier, the CBN approved the establishment of zonal compliance officers for banks who – at the minimum – must be at the same level with the management of the zone where they work; that is to say, there is no need to have compliance officers for every bank branch.

In order to ensure strict compliance with all extant laws and regulations in relation to foreign exchange transactions, Financial Action Task Force (FATF) and Anti Money Laundering/Combating the Financing of Terrorism (AML/CFT), the CBN also, in a Circular to all Deposit Money Banks 2016, directed banks to not only appoint a chief Compliance Officer (CCO), who shall not be below the rank of a General Manager, but an Executive Compliance Officer (ECO) who shall not be below the rank of an Executive Director. The CCO reports to the ECO, who in turn reports to the Board. The CBN shall penalise any ECO and/or ECO found wanting in his/her duties.

CAMA mandates every public company (Deposit Money Banks are required to be public limited liability companies) to have an Audit Committee (statutory audit committee) in addition to other relevant committees. The Code equally directs every board to have the following committees which shall be headed by a non-executive director: Risk Management Committee; Audit Committee; Board Governance Committee; Nominations Committee.

The Code of Corporate Governance for public companies requires all public companies to have an internal audit function. Where the board fails or decides not to have an internal audit function, substantial reasons must be disclosed in the company’s annual report, with an explanation as to how assurance of effective internal processes and systems such as risk management, internal control etc., will be secured.

There is no local regulation laid down providing for the segregation of staff used for front office trading activities from staff used for middle and back office activities but banks have, as a matter of internal operational risk-management policy, set down various rules guiding the segregation of staff used for front office trading activities from staff used for middle and back office administration activities.

The extent to which banks outsource their internal functions varies. Nevertheless, the following internal audit functions are normally outsourced by Nigerian banks:

(a) Establishment of Accounting System.

(b) Monitoring/Supervision of Accounting System.

(c) Evaluation of Accounting System.

(d) Design of Internal Control System (ICS).

(e) Who will serve as Custodian of ICS.

(f) Soundness, Adequacy & Application of ICS.

(g) Ensuring Compliance with Established Policies, Plans & Procedures.

(h) Examination of Financial Report before External Audit.

(i) Economy, Efficiency & Effectiveness of Operations.

Miyetti Law Nigeria



(j) Verifying the Existence of Assets.

(k) Conducting Special Investigations.

(l) Detailed Test of Transaction & Balances.

(m) Human Resource Management.

(n) Security of Documents (e.g. audit trail).

(o) Security of Information Technology (IT) Database.


The CBN is the major regulator of capital requirements, pursuant to its regulatory powers in Sections 13 and 57(1) of the Banks and other Financial Institutions Act (BOFIA 1991). The content of the sections are traced to the Basel II/III Accords in Nigeria. A number of the Guidance Notes and calculations of regulatory capital are periodically issued by CBN, which spells out capital requirements for financial institutions. They include the following: 2013 Guidance Notes on Regulatory Capital Measurement and Management for the Nigerian Banking System; the 2010 Regulation on the Scope of Banking Activities and Ancillary Matters; and the Guidance Notes on the Calculation of Regulatory Capital.

In specifying approaches for computing risk-weighted assets for credit risk, market risk and operational risk for the purpose of determining the regulatory capital of individual banks, the Regulations also adjusted certain sections of the Basel II/III Accords to reflect the peculiarities of the Nigerian environment. The Bank regularisation has increased the capital requirements for micro-finance banks in the country, in a bid to tackle the challenge of inadequate capital base in the sub-sector.

In 2011, pursuant to the Circular dated October 4, 2010 (Regulation on the Scope of Banking Activities and Ancillary Matters), the CBN repealed the Universal Banking Guidelines and introduced a new licensing model. The new model permits banks/banking groups to retain non-core banking businesses by transforming into a non-operating Holding Company (the HoldCo) structure. The non-operating HoldCo is now expected to hold an equity investment in banks and non-core banking businesses in a subsidiary arrangement.

This arrangement attempts to ring-fence depositors’ funds from risks inherent in the non-core banking businesses. The only banks permitted to carry on business in Nigeria under the Circular are commercial banks and specialised banks. The commercial banks, consisting of regional, national and international banks, operate under a monoline banking licence, whilst non-interest banks, micro-finance banks and primary mortgage institutions operate under a specialised banking licence. Following this distinction of banks and their licences, the CBN increased the bank capital requirements for each category of bank:

A regional commercial bank, operating in not more than ten (10) contiguous states, is •required to maintain a minimum capital base of Fifteen Billion Naira (₦15,000,000,000.00) and a capital adequacy ratio of 10%.

A national commercial bank, operating within every state of the federation, is required •to maintain a minimum capital base of Twenty-Five Billion Naira (₦25,000,000,000.00) and a capital adequacy ratio of 10%.

An international commercial bank authorised to operate internationally is required to •maintain a minimum capital base of One Hundred Billion Naira (₦100,000,000,000.00) and a capital adequacy ratio of 15%.

In addition to the above, the Framework for Regulation and Supervision of Domestic

Miyetti Law Nigeria



Systemically Important Banks (DSIBs) also set out additional regulatory requirements for capital adequacy ratios for Systemically Important Banks. This includes a Higher Loss Absorbency (HLA) or additional capital surcharge of 1% added to their respective capital adequacy ratio minimum of 15%. The Regulation also increased the frequency and intensity of on-site and off-site supervision of DSIBs, and mandates quarterly disclosures of their financial condition and risk-management activities to the CBN.

The Guidance Notes on the Calculation of Regulatory Capital lay down the new supervisory regulations for assessing the capital adequacy levels of banks and banking groups. The Guidance Notes also provide for supervision and disclosure of the banks by requiring continuous reports on regulatory capital to be forwarded to the CBN. The 2013 Circular on the implementation of Basel II/III in Nigeria mandates banks to carry out their Internal Capital Adequacy Assessment Process (ICAAP) on an annual basis and forward the report to the CBN for review.

Furthermore, banks are required to comply with the Basel II Pillar 3 disclosure requirements on a bi-annual basis. In line with the transition to Basel II/III, a number of the Nigerian deposit money banks sought out ways to raise both Tier I and Tier II capital. One of these measures included the setting-up of the Asset Management Corporation of Nigeria (AMCON) to buy up the toxic assets of banks’ non-performing loans, thereby positively impacting on the liquidity of these banks. In contrast, AMCON has not had much of an impact on the capital adequacy of these banks.

The action of the CBN to implement Basel II/III has produced laudable results, and even more commendable is the inclusion of firm controls against synthetic securitisation, designed to manipulate banks’ capital adequacy requirements. This shows that the CBN was being progressive by incorporating some principles from the Basel III accords in its guidelines years away from the 2019 deadline. Although the implementation of the Basel II/III standards by the CBN in Nigeria is ongoing, a target date for full implementation of the Basel III standards is yet to be set.

In a most recent development, the CBN announced the upward review of the minimum capital requirement in a circular dated October 22, 2018 to all micro-finance banks in the country. The minimum capital requirement for unit and state micro-finance banks was raised by 900%, to 200 million and 1 billion Naira, respectively from 20 million and 100 million Naira, while that of national micro-finance banks increased by 150% from 2 billion to 5 billion Naira. To meet these requirements, existing micro-finance banks are expected to explore the possibility of mergers and acquisitions and/or direct injection of funds. There is billed to be a release of the Revised Regulatory and Supervisory Guidelines for Microfinance Banks, Code of Corporate Governance for Microfinance Banks, while sector-specific Prudential Guidelines for Microfinance Banks will “be issued in due course”.

According to the circular, the new minimum capital requirement takes immediate effect for new applications, while existing micro-finance banks will be required to fully comply with effect from April 1, 2020. Director of the Financial Policy and Regulation Department of the CBN, Mr Kevin Amugo, said the apex bank reviewed the minimum capital requirement in exercise of the powers conferred on it by the Banks and Other Financial Institutions Act, and in furtherance of its mandate to promote a sound financial system in the country.

The CBN announced the upward review of the minimum capital requirement in a circular dated October 22, 2018 to all microfinance banks in the country. According to the circular, institutions that meet the capital requirements, as well as demonstrate the existence of strong

Miyetti Law Nigeria



corporate governance in their operations, will be allowed to open an account at the CBN office within their state of operation.


Regulations applying to banks’ dealings with third parties

In dealing with deposits, all licensed banks in Nigeria are compulsorily required to insure their deposit liabilities with the Nigerian Deposit Insurance Corporation (NDIC), based on the NDIC Act which also prescribes the claim payable to a customer in the event of failure of the bank. The amount payable is dependent on the status of the banking institution.

The Act prescribes a maximum amount of Five Hundred Thousand (500,000.00) Naira for commercial and merchant banks, while the maximum for micro-finance and primary mortgage institutions is set at Two Hundred Thousand (200,000.00) Naira. Aside from depositors whose money falls under the purview of deposit insurance schemes, who must be paid full value of their deposits as at when the banks failed, uninsured depositors’ compensation is reflective of the value of funds that were domiciled in certain failed bank institutions in Nigeria.

Addressing customer complaints against banks

Where a bank customer is dissatisfied with services provided by their bank or other financial institution, the first step in seeking redress is to report the issue to the bank branch where the issue originated. If after two weeks the issue remains unresolved, the customer may escalate the matter to the Consumer Protection Department of the CBN. This is in line with the 2011 CBN circular directing all banks to expand their existing ATM Help Desk to handle all types of consumer complaints.

Compensation schemes that cover customers of banks and key features

The CBN directed that Financial Institutions shall develop a Customer Compensation Policy to address various categories of complaints which may arise due to service failures, which must be publicly displayed by the institutions, either on the bank’s website or in branches. However, it has been our finding that banks have failed to follow this directive and there seems to be little or no consequence for non-compliant banks.

Where there is a failure in instant payment transaction and a bank fails to reverse funds into a customer’s account within 24 hours, the customer would be entitled to a payment of 10,000 Naira from the bank. This is in line with the CBN-issued directive in 2018. This is set to take effect from 2 October 2019.

Restriction on inbound cross-border banking

A framework in line with the core principles of the Basel Committee on Banking Supervision has been put in place for the supervision of cross-border institutions, which makes it clear that both the home and host country must grant separate and explicit permission for the setting-up of a bank establishment across a border. The home authority is at liberty to decline permission for the establishment of a branch/subsidiary where they believe the bank has failed to meet the standards set.

Following the expansion of cross-border banking in Nigeria, the CBN instituted the Banking Supervision Department to oversee the supervision of cross-border institutions.

Further, the CBN has entered into bilateral Memoranda of Understanding with other jurisdictions which contain details on information-sharing, on-site examination, confidentiality of shared information and consolidated supervision. However, an issue

Miyetti Law Nigeria



faced with the supervision includes a lack of understanding due to differing languages, lack of uniformity of banking standards, etc.


Following the inclusion of Nigeria in the list of non-cooperative countries in the fight against money laundering by the Financial Action Task Force (FATF) and under threat of a FATF countermeasure in 2002, Nigeria enacted three pieces of legislation to combat money-laundering:

(i) Economic and Financial Crimes Commission (Establishment) Act, 2004 – which established the Commission, charged with responsibility for all economic and financial crimes, including money-laundering.

(ii) An amendment to the 1995 Money Laundering Act, which has now been repealed by the Money Laundering (Prohibition) Act 2011 – which makes comprehensive provisions prohibiting the laundering of the proceeds of crime or illegal acts.

(iii) An amendment to the 1991 Banks and other Financial Institutions Act, which gave the Central Bank of Nigeria (CBN) greater power to deny bank licences, and allowed the CBN to freeze suspicious accounts.

Other regulatory frameworks include:

(i) Guidelines on Electronic Banking in Nigeria, which requires all banks to secure CBN approval before deployment of a new, or enhancement of an existing, electronic banking platform. It also spells out the obligations of the banks to users and prescribes penalties and sanctions for any breach.

(ii) CBN Anti-Money Laundering and Combating the Financing of Terrorism (Administrative Sanction) Regulations, 2018 which imposed sanctions on banks who commit infractions against the policy.

(iii) CBN (Anti-Money Laundering and Combating the Financing of Terrorism (in Banks and other Financial Institutions in Nigeria) Regulations, 2013.

(iv) National Financial Intelligence Unit: The Unit (NFIU) comprises various units charged with the duty of developing AML strategies and investigating potential crimes.

(v) Special Control Unit against Money Laundering: The Special Control Unit against Money laundering (SCUML) has the mandate to monitor, supervise and regulate the activities of all designated non-financial institutions (DNFIs) in Nigeria, in consonance with the country’s anti-money-laundering regime.

(vi) The FATF which is an administrative inter-government body established by the G7 with a mandate of setting the standards and promoting effective implementation of legal, regulatory and operational measures for combating money laundering and terrorism financing.

(vii) The Inter-Governmental Action Group against Money Laundering, which was created by ECOWAS in 2000 and is responsible for the prevention and control of money laundering in the region, of which Nigeria is a member.

Acknowledgments

The authors would like to thank other people who worked on this contribution: Jude Odi, Umar Nalado, Fatimah Muhammad-Dattijo, Maryam Muhammad, Simisola Salau, Omeiza Ibrahim and Ifedolapo Oladimeji.

Miyetti Law Nigeria



Endnotes

1. https://www.proshareng.com/admin/upload/reports/GovWarwick150211.pdf.

2. https://www.cbn.gov.ng/OUT/SPEECHES/2012/GOV_WARWICK_150211.PDF.

3. http://ijbssnet.com/journals/Vol_5_No_13_December_2014/10.pdf.

4. https://hyattractions.wordpress.com/2017/12/23/what-are-the-banking-sector-reforms-in-nigeria/.

5. https://www.vanguardngr.com/2018/04/protecting-banking-consumers/.

6. http://saharareporters.com/2018/04/27/cbn-places-restrictions-ussd-transactions.

7. https://www.cbn.gov.ng/supervision/framework2.asp.

8. https://www.proshareng.com/news/Capital%20Market/CBN-proposes-N100-billion-maximum-capital-base-for-banks/10129.

9. https://www.aelex.com/the-future-of-nigerian-banks/.

Miyetti Law Nigeria



Miyetti Law Nigeria


Dr. Jennifer Douglas-Abubakar


Jennifer Douglas-Abubakar is the Managing Partner at Miyetti Law in Nigeria.

Her practice focuses on corporate financing transactions and transnational

asset recovery. Jennifer provides strategic counsel and general advisory to

governments, domestic and international corporations navigating the

regulatory environment in Nigeria. Jennifer is also the Editor-in-Chief of the

Miyetti Quarterly Law Review.

Ikiemoye Ozoeze


Ikiemoye is the Practice Coordinator and a Senior Associate at Miyetti Law

in Nigeria. She is an adept lawyer who manages and supervises practice, with

areas of expertise in Corporate commercial transactions, Business

development, Asset Tracing and Debt Recovery. She has a keen interest in

Legal Research, Environmental Law and Cyber Law.

1 Nwaora Close, Off Gana Street, Maitama, FCT Abuja, Nigeria

Tel: +234 8 090 205 905 / Fax: +234 9 460 3442 / URL: www.miyettilaw.com

Miyetti Law


Portugal

Introduction

The Portuguese economy ended 2018 on a reasonably strong footing, with the economy benefiting from healthy dynamics in the tourism and real estate sectors, and improved investment in recent years. The momentum has continued with the improvement of leading indicators, the expansion of industrial production, low interest rates and a declining unemployment rate (down to 6.9% in August of 2018), all of which helped boost private consumption. Although the fiscal risks remain high, in the first semester of 2018 the government managed to achieve a deficit of 1.9% of GDP (-6.1% in relation to the same period of the previous year).

Noting a slight improvement of the Portuguese economy, but following global concerns regarding the credit crunch, two trends are already being felt. On one side, granting of credit appears to be on an accelerated growth curve; on the other side, banks operating in Portugal are undertaking a collective deleverage effort, visible, notably in the disposal of non-performing loans (according to the report of October, 2018 by the Bank of Portugal (the “BoP”) on the Portuguese banking system, the ratio of non-performing-loans has been reduced by 6.2 percentage points over the past two years) or through the shut-down or disposal of certain branches or business lines.

A considerable number of new and relevant regulatory frameworks entered into force or will continue to apply in Portugal throughout 2018 and 2019, from which we highlight a few that are further detailed below:

(i) EU Directive 2014/65 on markets in financial instruments (“MiFID II”) and EU Regulation 600/2014 on markets in financial instruments (“MiFIR”), both in force since 2 July 2014, became applicable in EU member states on 3 January 2018. The transposition of MiFID II was concluded this year, through the enactment of Decree-Law 35/2018, of 20 July (“Decree-Law 35/2018”).

(ii) The Packaged Retail and Insurance-based Investment Products (“PRIIPs”) Regulation equally became applicable in Portugal on 1 January 2018, aiming to better protect retail investors by increasing the transparency and comparability of investment products.

(iii) The revised Payment Services Directive (“PSD II”) will enter into force soon, having just been enacted on 5 November 2018, while Law 83/2017, which entered into force on 17 September 2017, introduced several important amendments to the Portuguese legal regime on money laundering and terrorist financing, in line with EU Directive 2015/849.

Benedita Aires, Maria Carrilho & David Nogueira Palma Vieira de Almeida



(iv) EU Regulation 2016/679, also known as the General Data Protection Regulation (“GDPR”), aimed at unifying the regime on the processing and movement of personal data throughout the Union, became applicable in Portugal on 25 May 2018, forcing a change in privacy policies for every company functioning in Portugal that deals with private data.

(v) Law no. 83/2017, of 18 August, on measures to combat money laundering and the financing of terrorism was also enacted, taking a step forward from the previous regime.

(vi) Law proposal referring to senior non-preferred deposits and/or instruments has been approved and transposes Directive (EU) 2017/2399, of Parliament and of Counsel, of 12 December 2017.

(vii) Law no. 25/2018, of 20 July, which amended Decree-Law no. 357-B/2007, of 31 October, which establishes the regime for consultation for investment in financial instruments.


General overview

Portuguese banks – and credit institutions in general – are subject to the supervision of two different authorities: in respect of core banking activities such as collecting deposits and granting credit, these are subject to the supervision of the BoP; whilst as financial intermediaries, acting as such and performing securities-related transactions, Portuguese banks are subject to the supervision of the Portuguese Securities Market Commission (“CMVM”). Consequently, the set of rules to which Portuguese institutions are exposed is twofold: the Portuguese General Framework for Credit Institutions and Financial Companies (enacted by Decree-Law no. 298/92, of 31 December, as amended from time to time, the “Banking Law”), and the Portuguese Securities Code (enacted by Decree-Law no. 486/99, of 13 of November 1999, as amended from time to time, hereinafter “PSC”), which accommodated in domestic legislation a wide range of directives, including the prospectus directive, the transparency directive, the takeover directive and the directives on markets in financial instruments. Around this legal inner circle, there is a vast number of regulations issued by the BoP and the CMVM.

The BoP, as the Portuguese central bank, forms part of the European System of Central Banks (“ESCB”) which is composed of the European Central Bank (“ECB”) and the national central banks of the European Union Member States. Although the securities segment is not so intensively organised, the CMVM is part of the European Securities and Markets Authority (“ESMA”), an association that embraces the European supervisory authorities.

Portugal also forms part of the Economic and Monetary Union (“EMU”), the project of Banking Union which relies on three pillars in order to assure the stability and sufficiency of the integration process already carried out by the member countries. These are: the Single Supervisory Mechanism; the Single Resolution Mechanism; and the European Deposit Insurance Scheme. Noting that the previous two pillars are already implemented and properly functioning, the latter is still to be implemented and its absence leaves the Banking Union unbalanced and posing risks to financial stability. In fact, the Banking Union is missing the implementation of a common system for deposit guarantee and the central responsibility for financial stability, both of which are crucial to ensure stability and to consolidate the integration of those steps already taken.

Vieira de Almeida Portugal



The bank regulatory regime

A credit institution qualifying as a bank, as defined in the Banking Law, is an undertaking conducting the business of receiving deposits or other repayable funds from the public and granting credit for its own account to third parties in general.

Banking activities in Portugal are governed by the Banking Law, which regulates the taking-up and pursuit of banking business. Banks correspond to one of several types of credit institutions and financial entities provided for in the law, operate under the concept of a universal financial licence, and may engage in a long list of activities such as: the acceptance of deposits or other repayable funds from the public; granting credit, or any form of lending, including the granting of guarantees and other payment commitments; financial leasing; and factoring. Banks having their head office in Portugal, as well as branches of banks having their head offices abroad, are qualified to carry on the aforementioned activities subject to Portuguese law.

Branches of banks incorporated in EU Member States may carry out in Portugal the activities listed in Annex I to the EU Directive 2013/36, which the same bank would also be authorised to carry out in its home jurisdiction, provided a number of prerequisites are met. According to the Banking Law, in respect of the activity of overseas banks not having a branch in Portugal, banks authorised in their home country to provide the services listed in Annex I to Directive 2013/36, may still carry on such activities in Portugal, even if they are not established here. As a prerequisite for the commencement of such services in Portugal, the supervisory authority of the bank’s home jurisdiction must notify the BoP of the activities that the relevant institution intends to carry out, and certify that such activities are covered by the authorisation granted in the home country, which demonstrates the continuous cooperation required between EU supervising authorities.

It should also be noted that the supervisory system has generally changed following the recent establishment of a single supervisory mechanism (“SSM”) and a single resolution mechanism (”SRM”) which are made up of the ECB and national competent authorities, the ECB being responsible for the overall functioning of the SSM and SRM and having direct oversight of the eurozone banks in cooperation with national supervisory authorities.

Recent regulatory themes and key regulatory developments in Portugal

The resolution framework

International context and background The banking crisis which started in 2008, and its effects, triggered deep international reflection on the lack of efficient rules, mechanisms and intervention powers of supervisors in credit institutions.

At the European level, this reflection resulted in the publication of Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014 (“BRRD”), which established a framework for the recovery and resolution of credit institutions and investment firms.

The aim of the BRRD was to equip national authorities with harmonised tools and powers to tackle crises at banks and certain investment firms at the earliest possible moment, and to minimise costs for taxpayers.

In Portugal, the BRRD was transposed by Decree-Law no. 31-A/2012, of 10 February 2012, Decree-Law no. 114- A/2014, of 1 August 2014 and Decree-Law no. 114-B/2014, of 4 August 2014, setting forth a legal discipline for intervention in credit institutions, consisting in a three-pronged strategy: (i) corrective intervention tools; (ii) provisory administration




tools; and (iii) resolution tools. Notwithstanding, full transposition of the BRRD was achieved with Law 23-A/2015, which not only further amended the Banking Law but also implemented into the Portuguese legal order EU Directive 2014/49 on deposit guarantee schemes, thus protecting the depositors of all credit institutions and further contributing to the safeguard of the stability of the EU banking system as a whole.

The resolution tools and financial support In the present section, we focus on the essential features of the resolution tools under the Banking Law, since before this framework entered into force, the only way out for a credit institution facing a severe financial situation with no obvious cure would be licence revocation and subsequent winding-up.

According to the Banking Law, the BoP may decide to apply four different resolution measures to failing institutions, neither of which involves obtaining previous consent of the intervened institution’s shareholders or any third party:

a) the sale of business tool;

b) the bridge bank tool;

c) the asset separation tool; and

d) the bail-in tool.

In a sale of business scenario, the BoP will decide on the transfer, in whole or in part, of assets, rights or liabilities of the intervened credit institution to one or more institutions authorised to pursue the same activity in the Portuguese market.

When deciding on the bridge bank scenario, the BoP resolves on the transfer, in whole or in part, of assets, rights or liabilities of the intervened credit institution to one or more bridge institutions specifically incorporated for such purpose, which, in turn and at a later stage, will be sold in the market or will transfer its assets and liabilities to one or more institutions authorised to pursue the banking activity in the Portuguese market. The remaining assets and liabilities not transferred to the bridge institution stay on the balance sheet of the failed bank, which typically enters into winding-up proceedings applicable to credit institutions.

In the asset-separation scenario, the BoP may determine the transfer of assets, rights or liabilities of an institution under resolution or a bridge institution to one or more asset management vehicles, so as to maximise the respective value in a subsequent alienation or liquidation.

Finally, in a bail-in situation, the BoP may also decide to apply bail-in measures to a given credit institution for the purpose of reinforcing its capital position and own funds, so it may continue to carry out its banking activity, whilst complying with regulatory requirements. In this regard, the BoP is empowered to reduce the nominal value of credits that constitute credit institution liabilities and to increase the share capital by the conversion of eligible liabilities through the issue of ordinary shares. Through this tool, losses end up being allocated to shareholders and creditors, thus shifting the burden of bank rescues from taxpayers to bank creditors.

Similarly to what happens in other countries, the Portuguese resolution legal framework creates a Resolution Fund, the purpose of which is to provide financial support for the implementation of resolution measures, such as subscribing the share capital of a bridge bank. At this point, an inevitable question must be raised: what are the financial resources of the Resolution Fund?

Answering the above, the Banking Law and the Resolution Fund Regulation set forth that the financial resources of the Resolution Fund are essentially revenues from banking sector




contributions; initial and periodic contributions by participant institutions; loans, preferably granted by participant institutions; investment revenues; donations; and any other income, revenues or values arising from an institution’s activities, or that are attributed to it either by law or contract.

Furthermore, should the Resolution Fund not have enough financial resources, the participant institutions and/or the State shall be called upon to make additional contributions, and the former may also be requested to grant guarantees. In the present context, where credit institutions struggle both to meet demanding capital requirements and generate liquidity for injection in a weak economy, it is hard to anticipate how, under what funding pressure and in what timings the necessary resources for the Resolution Fund could be gathered and maintained. This issue is even more crucial in a bridge bank scenario, where the Resolution Fund happens to be its sole shareholder. Resolution tools must comply with the guiding principle, prescribing that shareholders and creditors of the failed credit institution should bear first losses, in accordance with the creditors’ hierarchy set forth in the Portuguese Insolvency Code, and that creditors of the same class should be treated in an equitable manner; however, the general scope of this analysis does not cover burden-sharing issues.

A common framework: Loss absorbing and recapitalisation capacity of institutions In the context of a bail-in, in order to ensure there are sufficient financial resources available for the write-down of debt or for the conversion of liabilities into equity, the BRRD requires resolution authorities to set minimum requirements for own funds and eligible liabilities (“MREL”) which must be met by financial institutions. At a global level in 2015, the Financial Stability Board and the Basel Committee on Banking Supervision have adopted a total loss-absorbing capacity (“TLAC”) standard, focusing specifically on global systemically important banks, requiring institutions to have an adequate amount of liability to ensure the absorption of losses and recapitalisation in the resolution phase.

According to the Banking Law, the BoP is to determine, on a case-by-case level, the set of minimum requirements for own funds, and eligible liabilities to be complied with, based on each individual financial situation. The ultimate objective to be ensured is that institutions have sufficient loss-absorbing and recapitalisation capacity to ensure smooth and fast absorption of losses and recapitalisation, with a minimum impact on financial stability, while aiming to avoid an impact on taxpayers. The TLAC minimum requirement shall be met with subordinated liabilities that rank in insolvency below liabilities excluded from TLAC – which can be achieved by: contractual subordination – legal effects of a contract; statutory subordination – the laws of a given jurisdiction; or structural subordination – a given corporate structure.

In this context, it is important to note that EU Directive 2017/2399 (which is to be transposed into national law by 29 December 2018) amends the BRRD by creating a new asset class of “non-preferred” senior debt that ranks in insolvency above own-funds instruments and subordinated liabilities that do not qualify as own funds, but below other senior liabilities. This seeks to enable institutions to use the less costly ordinary senior debt for their funding or other operational reasons and issue new non-preferred debt to obtain funding, while complying with the TLAC subordination requirement. In this scope it is worth mentioning the seniorisation of uncovered deposits in relation to ordinary secured creditors, but below in ranking to covered deposits.

Combating money laundering and terrorism financing

EU Directive 2015/849 was enacted with the purpose of aligning the EU framework with the Financial Action Task Force recommendations, placing a special emphasis on the creation




of a European-wide registry of beneficial ownership. For this purpose, corporate and other legal entities incorporated within the Union’s territory are required to obtain and hold adequate, accurate and current information on their beneficial ownership, including the details of the beneficial interests held. This information must be held in a central or public register, ensuring that such information is accessible not only to law enforcement and financial institutions, but also to any person or organisation that can demonstrate a “legitimate interest” in the disclosure of such information.

In Portugal, the regime was transposed by Law 83/2017, amended from time to time and complemented by several Notices enacted by the BoP, which introduced several amendments to the Portuguese legal regime on money laundering and terrorist financing. The legal concept of money laundering was expanded to include additional types of behaviour, new national and international cooperation standards, and a new set of entities subject to its scope. It further densified the existing supervisory and reporting duties and amended the previous sanctions framework, with the inclusion of new criminal offences and misdemeanours. More recently, the Bank of Portugal issued Notice no. 2/2018, of Bank of Portugal, adopting the sectorial regulation set out in the abovementioned law, and regulating the exercise of duties arising therefrom.

Furthermore, Law 89/2017 approved the legal framework of the Central Register of Beneficial Ownership (“BOCR”), transposing Chapter III of EU Directive 2015/849, which consists of a database managed by the Institute for Registrations and Notaries with updated information on the natural person(s) who, directly or indirectly, or by means of a third party, own(s) or control(s) entities subject to registration. Further to this Law, entities subject to the BOCR must regularly declare sufficient information about their beneficial owners.

The MiFID II / MiFIR legislative package

As mentioned above, the MiFID II/MiFIR legislative package has been applicable from 3 January 2018, published with the aim of creating a level playing-field for firms to compete in the EU’s financial markets, and to ensure a consistent level of consumer protection across the EU.

This new regulatory package aims at: ensuring a greater transparency for all market participants, while also increasing market safety, efficiency and fairness; implementing enhanced governance for trading venues; on-exchange trading of standardised derivatives; more intensive regulation of commodity derivatives; and greater consolidation of market data.

Investor protection has been stepped up through: the introduction of new requirements on product governance and independent investment advice; improved pre- and post-trade transparency; the extension of existing rules to structured deposits; and the improvement of requirements in a variety of areas such as responsibility of management bodies, cross-selling, staff remuneration, inducement and information, more extensive reporting of transactions and conflicts of interest, and complaints handling.

The transposition of MiFID II/MiFIR into Portuguese law was concluded in 2018 with the enactment of Decree-Law 35/2018, a legal act which amends the rules on the marketing of financial products and on the organisation of financial intermediaries and transposes the MiFID II and several other related EU regulations.

Decree-Law 35/2018 not only brought several changes to relevant Portuguese legal diplomas, such as the Securities Code and the General Framework for Credit Institutions and Financial Companies, it also contains three new legal frameworks: the legal framework




for the design, marketing and supply of investment advice services on structured deposits; the legal framework for PRIIPs; and the legal framework for central securities depositories.

From the lengthy set of changes introduced, we highlight those on client categorisation, adequacy obligations, information duties, investment services and conflicts of interest, which will have a considerable impact on the day-to-day activities of financial institutions. In light of this, considerable work has been done by financial institutions and financial intermediaries in reassessing internal policies and procedures to meet demanding new obligations.

PRIIPs

According to the PRIIPs Regulation, a PRIIP product constitutes any investment where, regardless of legal form, the amount payable to the retail investor is subject to fluctuations because of the exposure to reference values or to the performance of one or more assets which are not directly purchased by the retail investor. The regulation applies to PRIIPs products and services purchased by an EEA Resident Retail Investor, regardless of their nationality, being applicable worldwide, irrespective of where a PRIIP is purchased, as long as it is purchased by an EEA Resident Retail Investor.

Having entered into force on 1 January 2018, the Regulation pursues the objective of increasing the transparency and comparability of investment products through the issue of a standardised short form disclosure document - the PRIIPs Key Information Document (“KID”), thereby making it easier for retail investors to understand and compare the key features, risks and costs of different products within the PRIIPs’ scope. The CMVM is the competent authority to supervise the production, marketing and consultancy services related to PRIIPs, and the PRIIPs regulation shall be the sole applicable instrument on this matter until further CMVM regulation is issued.

The KID has to be produced by the entities operating in the banking, insurance and securities sectors of the financial markets and be submitted to the CMVM, any changes thereof being required to be adequately disclosed.

It is important to note that the PRIIPs Regulation sets out the regulatory context to be complied with for trade and marketing of complex financial products and unit-linked life insurance products, thereby superseding the former regime set out in the CMVM Regulations.

Digital currency

It is worth mentioning digital currency and its regulatory regime applicable in Portugal, due to the exponential growth observed last year, and the increasing interest from the supervising authority, financial institutions and their clients in the sector. The Decree-Law no. 317/2009, of 30 October, amended from time to time (“Decree-Law 317/09”) regulates which entities may issue digital currency, the requirements that a financial institution must meet in order to be able to issue and deal with digital currency, and the need to segregate the activities performed by the same financial institution.

Additionally, Decree-Law 317/09 grants the possibility of outsourcing operational functions related to the issuing of digital currency to other entities, if the BoP is previously informed of this intention and the financial institution guarantees the maintenance of internal quality control, and ensures that the BoP is capable of verifying the fulfilment of all applicable legal norms.

The revised Directive on Payment Services (“PSD II”)

EU Directive 2015/2366 entered into force on 12 January 2016 and provided that the respective transposition should have taken place by 13 January 2018, thereby providing




Member-States with a two-year period for the introduction of the necessary changes in national law. On 12 November 2018, Decree-Law no. 91/2018 (“Decree-Law 91/2018”) was enacted, introducing PSD II into Portuguese Law.

The directive creates new types of payment services, enhances customer protection and security, and enlarges its scope of applicability when compared to the previous directive. Banks will become obliged to provide free access to customer data and account information to licensed third-party businesses, in cases where the customer has given explicit consent. It seeks to promote payment innovation in the current technological context and constitutes an important step toward the Digital Single Market in Europe, the European Commission strategy to ensure access to online activities under conditions of fair competition and a high level of consumer and personal data protection.

Decree-Law 91/2018 introduces PSD II regarding access to the activity of payment institutions and the provision of payment services, as well as access to the activity of digital currency institutions and the provision of digital currency-issuing services.

This Decree-Law will change the regulation of new payment services existing in the market, to allow for new payment services providers that share information between themselves, as long as they are authorised to do so by their clients.

Additionally, such Decree-Law establishes: cross-border payments in the European Union; the technical and business requirements for credit and direct debit transfers in euros; the currency exchange rates applicable to operations paid through cards; and regulates the provision of information regarding accounts and the initiation of payments.

The STS Regulation

EU Regulation 2017/2402, which establishes a general securitisation framework at the EU level (“STS Regulation”) entered into force on 17 January 2018 and will become applicable to all securitisation products from 1 January 2019 onwards. Besides creating a new framework for simple, standard and transparent securitisations, the regulation will affect due diligence requirements, risk-retention requirements and transparency rules.

At a national level, a preliminary bill amending the current Portuguese Securitisation Law in light of the STS Regulation is currently under discussion, having been subject to a public consultation which ended on 14 December 2018.

EU Regulation on Data Protection

The GDPR is aimed at unifying the regime on the processing and movement of personal data throughout the Union, and has been applicable in Portugal since 25 May 2018.

The new regime replaces the Data Protection Directive 95/46/EC and introduces significant changes, imposing a set of new obligations on companies, with non-compliance resulting in heavy fines (rising up to 4% of annual global turnover). Rules on consent have been strengthened and extraterritorial applicability has been introduced, as the regulation applies to all companies which happen to process the personal data of data subjects residing in the Union, regardless of the company’s location.

Senior non-preferred deposits and/or instruments

This law proposal seeks to transpose Directive (EU) 2017/2399, of Parliament and of Counsel, of 12 December 2017, establishing the privileged ranking of deposit credits vis-à-vis common credits – noting that these credits will continue to be ranked junior to those credits that have already benefited from creditor privileges, and the ranking of the credit in the case of debtor’s insolvency will be maintained.




The purpose of the creation of these new debt instruments is to allow credit institutions to fulfil the subordinated requisite of minimum own funds and eligible credits with instruments less burdensome than own funds’ instruments, and still be able to sustain losses in resolution and contribute to the internal recapitalisation of the credit institution in a credible way, without risking the fulfilment of the principle “no creditor worse off”.

Consultation for investment in financial instruments

Law no. 35/2018, of 20 July, amending Decree-Law no. 357-B/2007, of 31 October (“Law 35/2018”), which establishes the regime for service of investment in financial instruments advice, seeks to: provide better assurance of the adequate professional qualification of advisors; increase independence in the provision of services; improve the procedure of adequacy evaluation; and reinforce the informational duties towards clients (before and after the execution of the contract).

Law 35/2018 aims at imposing a duty of evaluation of the adequacy of the structured deposits, in order to provide the client with the best product available, bearing in mind its characteristics. This is achieved by imposing minimal information obligations and an obligation to categorise clients in the context of the commercialisation of the structured deposits, and imposing duties that the financial institutions must comply with during the negotiation of contracts, among others.


EU Directive 2013/36, on access to the activity of credit institutions and the prudential regulation of credit institutions and investment firms, sets forth the general principles on the internal governance and prudent management of institutions. In this vein, the Banking Law establishes that management and supervisory bodies of credit institutions are responsible for defining, overseeing and implementing governance arrangements that are adequate to ensure the effective and prudent management thereof, including the necessary segregation of duties and the prevention of conflicts of interest.

The Banking Law further establishes that it is the duty of management and supervisory bodies, within their respective competences, to:

a) assume overall responsibility for the credit institution and approve and oversee the implementation of its strategic objectives, risk strategy and internal governance;

b) ensure the integrity of accounting and financial reporting systems, including financial and operational controls, and compliance with the law and relevant applicable standards;

c) oversee the disclosure process and the information duties towards BoP; and

d) accompany and control activity at top management levels.

Banks should plan and apply, in a proper manner, their remuneration policy, and must record in specific documents the respective procedures and any other items required for its implementation. Pursuant to the BoP Notice no. 10/2011, the implementation of a remuneration committee, which must comply with several rules and procedures, is mandatory provided that certain requirements are met by the financial institution at stake.

As regards information disclosure, banks must disclose information concerning the remuneration of both corporate bodies and employees, and the information shall be included in the respective corporate governance report and in the internal compliance report to be sent to the BoP or the SSM.




Portugal implemented CRD IV through Decree-Law no. 157/2014, dated 24 October 2014. Although the majority of CRD IV rules were already in force, the national legal framework has been further strengthened regarding the requirements for the relationship between the variable (or bonus) component of remuneration and the fixed component (or salary), and with regard to the disclosure and transparency of the remuneration policy, and practices applicable by institutions, including information on the link between pay and performance.


Although the financial crisis triggered an increase of legislation on the protection of banking clients and investors, bank-customer relationships have been on the legislators’ and regulators’ radar long before harsh times began.

In reference to deposit-taking activities, it is important to make reference to the abovementioned deposit compensation scheme, designated the Deposit Guarantee Fund (Fundo de Garantia de Depósitos, “DGF”), which is aimed at guaranteeing the reimbursement of deposits held with credit institutions incorporated in Portugal and with Portuguese branches of credit institutions incorporated in a non-EU State, in case the latter do not possess a compensation scheme equivalent to the DGF. Reimbursement is guaranteed up to the amount of €100,000 per depositor.

When considering the relationship of both financial intermediaries and banks with their customers, rules set forth in the PSC and the Banking Law must be taken into account. The PSC obliges financial intermediaries to keep effective and transparent procedures to handle non-qualified investors’ claims, compliant with some predetermined requirements. As for the Banking Law, it sets forth that credit institutions should adopt codes of conduct, which are disclosed to the public and include all principles and rules underlying the bank/client relationship, as well as information on claims-handling procedures. Furthermore, the Banking Law provides for the possibility of customers directly presenting claims to the BoP. Although it is not mandatory, major banks in Portugal currently have their own Ombudsman, in charge of claims receipt and follow-up.

Banks and other financial intermediaries should also mandatorily comply with the general consumer complaint procedures which, among other measures, oblige operators to have available a complaints book, with any claims being followed up by the competent supervisory authority.

Turning to other innovations in banking activity, we focus on lending activities, in relation to which Decree-Law no. 227/2012, of 25 October, establishes a set of rules that should be complied with by credit institutions within the follow-up and management of breach of contracts and non-judicial settlement of payment defaults. In a clear protective move of small companies and consumer borrowers in difficult times, this document also creates a banking clients’ support network aimed at preventing the breach of credit contracts, and promoting non-judicial settlement of credit contracts-related conflicts.

The residential mortgage loan product has also been on the radar of the Portuguese legislator and the BoP, with the corresponding regime being amended by Decree-Law no. 74-A/2017, of 23 June, and establishing a range of measures evidencing the increased difficulties for Portuguese households to comply with their obligations towards the financial system. Some of these changes have a general scope but others specifically target the responsible granting of credit, attending to the correct evaluation of real estate, the proper management of conflicts of interest, and the obligation to provide out-of-court means of litigation. In turn, this legal framework shall be read and applied together with a set of duties that shall be complied with




by the banks, such as the Banking Law, among others, within the negotiation and enforcement of this type of loan.

This is without prejudice to, and coexists with, the regulation issued by the BoP, in 2014, on the minimum information duties under consumer credit contracts. This regulation has been adopted following Decree-Law no. 133/2009, of 2 June, which established a set of duties of information to be provided by credit institutions prior to entering into consumer credit contracts, having specified the terms, frequency and formalities according to which the said information shall be provided.






Benedita Aires


Benedita Aires joined VdA in 2003 and is a partner in the Banking & Finance

practice where she has been involved in several transactions, in Portugal and

abroad, mainly focused on the issuance and placement of debt, equity and

regulatory capital instruments and other structured financial products and

classic financing. She has also been actively working in securitisation

transactions, covered bonds issuances, asset financing and other types of asset-

backed transactions. She has been recently actively involved in public

recapitalisation transactions and the application of resolution measures to

Portuguese banks, including the incorporation of bridge banks and the approval

of the state aid and restructuring plans for such banks by the European

Commission, and has also been involved in the sale process for financial

institutions. Seconded to Clifford Chance LLP, London office, integrating the

Structured Debt team during 2007 to 2008, she is admitted to the Portuguese

Bar Association and registered as a European Registered Lawyer.

Maria Carrilho


Maria Carrilho joined VdA in 2013. She is an associate at the Banking &

Finance practice where she has been actively involved in several transactions,

namely securitisation and real estate financing. Maria holds a Law degree

from New University of Lisbon, Faculty of Law and is currently preparing a

thesis for the Masters in Law and Management from Católica School of

Business and Economics, Faculty of Law.

David Nogueira Palma


David joined VdA in 2018, as a Trainee at the Banking & Finance practice.

He holds a Law degree from the University of Lisbon and he is currently

concluding his Masters degree in Corporate law at the Catholic University of

Portugal (School of Lisbon). Furthermore, he is a post-graduate in Companies

law and he is concluding his post-graduate studies in Advanced Banking law

at the University of Lisbon.

Rua Dom Luís I, 28, Lisbon, Portugal


Vieira de Almeida


Russia

Introduction

The Russian banking sector continues to experience crisis times in 2018. According to the latest data, by 2018, the state’s share in the banking system had increased to 70%, compared with 63% at the beginning of 2017. This share was the highest among all market sectors in Russia (66% in oil and gas). Until the largest banks are rehabilitated by privatisation, the share of the public sector will have a tendency to further increase, although this growth will not be as significant as in 2017.

The nationalisation of banks is a rather frightening tendency, since the state may not manage investments optimally, because it tends to provide additional resources not to the most efficient banks, but to those which need to maintain an adequate financial position. Secondly, at present there are no transparent and public criteria for the effectiveness of the management teams for all state financial institutions, which are also appointed by the state.

On the one hand, the growth of state participation in the banking system, along with a sharp reduction in the number of large private Russian banks, may lead to a change in the nature and quality of competition: the largest state-owned banks will increasingly compete with each other, both for funding sources and for high-quality borrowers. The specificity of such competition between state-owned banks is their relatively uniform high credit quality, due to the support of the state or the largest state-owned companies. On the other hand, the state can be a very inefficient owner, which can lead to a great waste of money.

In addition to the above, the following trends can be identified.

Cleaning of the banking sector, which continues at a very fast pace, although one •could expect some slowdown in this part of the dynamics. Over the year, the number of operating credit institutions fell by 14%, which is significantly more than in 2017 (-10%), and roughly corresponds to the result of 2016 (-15%).

Positive dynamics of lending to households, much higher than expected. The volume •of the retail loan portfolio increased by almost 3 trillion rubles in 2018, which was a record result in the Russian Federation. A “mortgage boom” played a significant role in this.1 Against the background of such impressive growth, the Central Bank of the Russian Federation has already noted the overheating of the retail market. But now the mortgage market shows only growth, not negative dynamics.

Pension reform was one of the most important news in Russia. As a result of •transformations, in the coming years women will retire at 60 instead of 55, and men

Alexander Linnikov, Sergei Sadovoy & Leonid Karpov Linnikov & Partners



at 65 instead of 60. It is assumed that in the long run this will have a significant impact on the banking sector. The number of deposits may increase, as people will try to increase their savings.

Due to geopolitical and inflationary risks, the refinancing rate was raised twice at the end of the year, from 7.5% (from February) to 7.75% (in December). Generally the refinancing rate, which is the amount of interest on an annualised basis payable to the central bank of the country for loans that the Central Bank of Russia provides to credit organisations, is determined by taking into account two factors. These factors are the actual economic situation in the country, and the rate of inflation.

Banks reacted by increasing their market rates, while bond rates in financial markets are likely to provide a further increase, or at least the absence, of a significant decrease of the refinancing rate.

Risks for the Russian economy remain at a high level, and the source of these risks is both the world economy and the internal state of the Russian economy. On the one hand, there are a lot of statistical data on the Russian economy indicating relatively good growth and a favourable state of the business sphere; while on the other hand, consumer and business sentiment are at a very low level, investments are not stable, and in a number of sectors companies are experiencing significant financial difficulties.

It is also worth mentioning the sanctions previously imposed on Russia by the United States and European states. In 2018, the list of sanctions has only increased. The new list of US sanctions (Specially Designated Nationals, SDN) included 26 people and 15 companies from the Russian Federation.

Among them are businessmen Oleg Deripaska, Igor Rotenberg, Victor Vekselberg and such companies as Rusal, and En+ Group. Companies from the list are not allowed to attract financing with the participation of US banks and investors. Their management and controlling shareholders are prohibited from obtaining visas or entering the country. Companies are also limited in exporting goods or receiving any financial services in the United States.


According to the Constitution of the Russian Federation of 1993, the state authority in banking which exercises control over all state and private financial institutions is the Central Bank of the Russian Federation (the “Bank of Russia” or the “CBR”). The Bank of Russia is the core element of the regulatory and supervisory structure consisting of the following institutions:

1. Bank of Russia is the state authority responsible for the stability of the Russian national currency (Rubles) and the regulator of financial markets, exercising powers granted to it by the Constitution and federal laws (including the Law on the Central Bank, the Banking Law, the Law on the Organisation of Insurance Business, and many others). Within its sphere of competence the Bank or Russia issues mandatory rules and regulations, and carries out a vast range of supervisory powers.

2. The Deposit Insurance Agency is the state corporation (a particular type of non-profit organisation) that provides guarantees for all of the deposits of individuals placed in Russian banks up to the amount of 1,400,000 rubles (roughly $25,000). Although less publicly visible than the Bank of Russia, the DIS plays a very significant role in the financial sector.

Linnikov & Partners Russia



3. The Federal Financial Monitoring Service (often referred to as the financial intelligence agency) is the federal executive authority in charge of prevention of money laundering and terrorist financing. The FFMS also coordinates the relevant activities of other federal authorities, as well as acting as a national centre for the assessment of threats to national security.

4. The Banking Sector Consolidation Fund is the special-purpose state investment fund established by the Bank of Russia to finance the recovery of credit institutions selected for financial sanitation. The Fund is managed by a single shareholder represented by LLC, “The Management Company of the Banking Sector Consolidation Fund”, owned by the Bank of Russia. Thus, the management company is an autonomous unit of the Bank of Russia. Now, under the management of the fund, several banks are undergoing a sanitation process: PJSC Bank “Otkritie Financial Corporation”; PJSC “BINBANK”; JSC “ROST BANK”; JSC “Bank AVB”; PJSC “Asian-Pacific Bank”; and PJSC “Moscow Industrial Bank”.

Key legislation of the Russian banking sector

Rules, defining the legal status of banks and setting supervisory standards for the banking sector, are set by the federal laws and regulations of the Bank of Russia. The following laws may be considered principal sources of banking regulation:

a) The Federal Law of July 10, 2002 № 86-FZ “On the Central Bank of the Russian Federation” (the “Bank of Russia Law”) defines the legal status, sets goals and objectives, and defines the main functions and powers of the Bank of Russia – the national financial sector regulator. The law also develops and reinforces the provisions of the Constitution by affirming the principle of complete independence of the Bank of Russia from other state authorities of the Russian Federation, state authorities of the subjects (regions) of the Russian Federation, and local self-governance institutions.

b) The Federal Law of December 2, 1990 № 395-1 “On Banks and Banking Activity” (the “Banking Law”), in combination with the Bank of Russia Law, outlines the structure of the Russian banking system and sets the framework of banking regulation and supervision mechanisms. The Banking Law limits the exclusive capacity of banks (as opposed to all other general capacity legal persons) to a single type of business – it is directly prohibited for banks to engage in any other commercial activities besides the banking business.

However, this limitation does not apply to operations with financial derivatives – for example, clearing and factoring transactions.

c) The Federal Law of August 7, 2001 № 115-FZ “On prevention of legalisation (laundering) of income obtained by illegal means and financing of terrorism” (the “AML Law”) regulates the relations between Russian and foreign nationals and apatrides2 and entities performing operations with monetary funds and other property (i.e. banks and other financial institutions) and state authorities of the Russian Federation that exercise control over operations with such funds and property for the purposes of prevention, detection, and curtailing of acts of legalisation (laundering) of income obtained by illegal means and financing of terrorism.

d) The Federal Law of July 26, 2006 №135- FZ “On Protection of Competition” (the “Competition Law”) defines the institutional and regulatory framework for




the protection of competition, including the prevention and suppression of monopolistic activity and unfair competition in the financial sphere.

The Competition Law provides set rules and definitions that are used by the Bank of Russia for a series of important purposes, including: (1) definition of control over credit institutions by single individuals, entities or groups of persons; and (2) qualification of collective direct or indirect purchasers of qualified holdings in credit institutions (over 10% of shares) as groups of persons, in which case a preliminary authorisation of the Bank of Russia for such purchase would be required.

e) The Federal Law of December 23, 2003 № 177-FZ “On Insurance of Private Deposits in the Banks of the Russian Federation” (the “Deposit Insurance Law”) sets the legal, financial, and organisational framework for the functioning of the state Deposit Insurance System which provides unconditional coverage for deposits of individuals in Russian banks up to the limit set by the law.

f) The Federal Law of June 27, 2011 № 161-FZ “On the national payment system” (the “National Payment System”): establishes the legal and organisational basis of the national payment system (which is a set of money transfer operators (including electronic money operators), bank payment agents (subagents), payment agents, and federal postal organisations when they provide payment services in accordance with the legislation of the Russian Federation); regulates the procedure for the provision of payment services, including the transfer of funds, the use of electronic means of payment and the activities of the subjects of the national payment system; and determines requirements for the organisation and operation of payment systems, the procedure for supervision and monitoring in the national payment system.

g) The Federal Law of July 29, 2018 № 249-FZ “On amendments of the Federal Law “On licensing of certain types of activities” and art. 3 of the Federal Law “On Banks and Banking Activity” and the Fundamentals of the legislation of the Russian Federation on the notariat”; the Federal Law № 133-FZ of June 4, 2018 “On Amending Certain Legislative Acts of the Russian Federation” (the “Modification Acts”) are the most important laws in the Russian banking sector in 2018, introducing a certain amount of innovation to the sphere.

The main innovations in 2018 concern the safety of customers in the implementation of remittances (money transfers). Since last year, the Central Bank of the Russian Federation has had the right to provide information on cases and (or) attempts to transfer funds without the client’s consent (including information on transactions, accounts and deposits for cases where attempts have been made to transfer money funds without the consent of the client) to credit organisations, operators of payment systems, and operators of payment infrastructure services.

Previously, such information was considered to be a banking secret, which made it difficult to quickly resolve such problems, as a result of which the final consumer of banking services suffered.

h) The Order of the Ministry of Finance of the Russian Federation of 02.04.2013 № 36n establishes new mandatory International Financial Reporting Standard (IFRS) 9 “Financial Instruments” for all Russian credit institutions, replacing the old standards. The purpose of the standard is to establish principles for the




preparation and presentation of financial statements in terms of financial assets and liabilities, presenting relevant and useful information, estimating the amounts, timing and uncertainty of future cash flows.

The standard establishes requirements for recognition and assessment, impairment, derecognition of the general hedging procedure, without replacing the requirements for accounting for macro hedging (hedging the fair value of a portfolio relative to an interest rate), since it is allocated to a separate project. The standard establishes the principles for recognising expected credit losses over the entire term of a financial instrument.

i) The Federal law of 31.12.2017 № 486-FZ “On the syndicated loan and the introduction of amendments to certain legislative acts of the Russian Federation” establishes a new form for the Russian legislation – the syndicated loan. The new legislative act regulates relations arising in connection with the provision to the borrower of a loan or loan by several lenders acting together (a syndicate of lenders).

According to the law, a borrower under a syndicated loan agreement may be a legal entity or an individual entrepreneur, and creditors, including Vnesheconombank, foreign banks, international financial organisations, foreign legal entities, which, in accordance with their personal law, are entitled to conclude credit agreements, management companies and specialised depositories, as well as other Russian legal entities in cases stipulated by the law.

Recent regulatory themes and key regulatory developments in the Russian Federation

In 2018, the Bank of Russia continued the “clean-up” of financially unstable credit institutions from the banking sector which were unable to guarantee the integrity of funds of their creditors and depositors. The main “clean-up” tool used by the regulator was the revocation of banking licences and liquidation of financial institutions approaching a state of insolvency.

According to the official statistics of the Bank of Russia, as of January 1, 2018, in total 561 credit organisations operated in Russia. At the same time, on December 1, 2018, 490 credit institutions remained.3 Thus, more than 70 credit institutions lost their licences in 2018. The main reasons for revoking licences continue to be: non-compliance with laws regulating banking activities, and regulatory acts of the Central Bank of the Russian Federation; as well as violation of legal requirements in the area of countering the legalisation of proceeds from crime and terrorist financing.

In general, there were virtually no important revocations; not a single bank from the Top 50 of the Russian banking sector lost its licence in 2018. The largest case was the revocation of the licence of the bank OFK in March (assets: 51 billion rubles, 103rd place in the banking system by assets as of March 1, 2018).

The next important topic of 2018 is the transition of existing banks to a new type of licensing. The new licensing system is the basis of the proportional regulation in the banking sphere. All valid licences had to be gradually replaced by the end of the 2018. The following comparative table shows the differences in supervisory requirements for the two new licence types.




Proportional supervision requirements

Basic licence banks

Universal licence banks

All banking operations except:

placement of funds, attraction of deposits and •placement of precious metals, issuance of bank guarantees to foreign legal entities and foreign organisations that are not legal entities under foreign law, as well as individuals whose personal law is the right of a foreign state;

performance of leasing operations with the •said entities and the issuance of guarantees in respect of the said subjects; and

opening of correspondent accounts with •foreign banks, except for the opening of foreign bank accounts for the purposes of participation in the foreign payment systems.

All banking operations allowed under the Banking Law.

Exemption from the application of the new and technically complex international standards.

Mandatory compliance with all supervisory requirements to the full extent and duty of timely implementation of the newest international standards, regardless of complexity.

Basic prudential supervision requirements:

two standards of capital adequacy (aggregate •and core);

one current liquidity ratio; •

two standards of credit risk concentration; and •

five-year transitional period established to •achieve gradual compliance with certain prudential supervision requirements (H6 – single borrow risk requirement).

All applicable requirements retained to full extent with no exceptions.

Net stability funding and financial leverage requirements (for systemically significant credit institutions) not applicable.

Net stability funding and financial leverage requirements (for systemically significant credit institutions) applicable from January 1, 2018.

Variable mandatory provisions and average provisions ratios applicable; may not exceed those set for universal licence banks.

Fixed mandatory provisions and average provisions ratios retained.

Two-year cycle for the supervisory assessment of quality of risk and capital management systems, capital adequacy and the listing of indicators used to assess the quality of internal procedures for assessing capital adequacy (UASP), in accordance with a reduced list of mandatory ratios.

The current regime of supervisory assessment of the quality of risk management systems and capital, capital adequacy retained with a one-year evaluation cycle.




In December of 2018, the transition period, during which Russian banks with capital of less than 1 billion rubles had to either increase capital to at least 1 billion rubles, or change their status to a bank with a basic licence or a non-bank credit organisation, ended. As of December 30, 2018, the Bank of Russia replaced the licences of 149 operating banks in connection with their obtaining the status of banks with a basic licence. Three banks with a universal licence changed their status to a non-bank credit organisation.4

Given their small capital, for reasons of protection against accepting increased risks, basic licence banks are prohibited from conducting a number of operations with foreign persons and opening accounts in foreign banks, other than accounts for participation in foreign payment systems. From January 6, 2019, an order from the Bank of Russia will come into effect, expanding the list of securities with which banks with a basic licence are entitled to conduct operations and transactions.

According to the Bank of Russia Ordinance No. 4979-U of November 27, 2018, “On Securities Requirements with which Banks with a Basic Licence are entitled to perform operations and transactions when carrying out activities on the securities market”, a bank with a basic licence is entitled to perform operations and transactions with securities that meet the following requirements:

securities, the issuer of which is the bank itself, except in cases where such securities •are the subject of transactions made on the instructions of the bank’s client with the basic licence;

securities issued by the Bank of Russia on its own behalf for the purpose of •implementing monetary policy, placed and circulated among credit institutions;

non-issuable securities that are not eligible for organised trading (except for promissory •notes issued by persons whose shares or bonds are not included in the quotation list of the first (highest) level of the trade organiser in whose capital the Bank of Russia participates). If the condition for inclusion of a person who issued the bill into the quotation list is no longer observed, operations and transactions of the basic-licence bank with such notes are carried out in accordance with paragraph 7 of this clause;

mortgage securities; •

securities acquired (received) by the bank before obtaining the status of a bank with a •basic licence and owned by it, which are not included in the quotation list of the first (highest) level of the trade organiser in whose capital the Bank of Russia participates

As part of the supervisory assessment of the economic standing of basic licence banks, a reduced list of indicators will be used to calculate the aggregate results for the asset evaluation and liquidity group (RGL) for a basic licence bank. The Bank of Russia reserves the right to determine the specific terms of economic assessment of the banks.

Current regime of supervisory assessment of economic standing retained.

Facilitated financial reporting requirements – the number of reporting forms reduced.

All reporting forms in accordance with the list in the Instruction of the Bank of Russia of 11.24.2016. 4212-U “On the list of forms and procedure for compiling and submitting forms of reporting to the Central Bank of the Russian Federation”.




(within one year from the date of receipt of the status of a bank with a basic licence); and

securities owned by a bank with a basic licence or accepted by it as collateral for •obligations excluded by the organiser of trading in whose capital the Bank of Russia participates from the quotation list of the first (highest) level (within one year from the date of disclosure by the organiser of trading relevant information on the bank’s website).

The third topic is the continuing trend towards nationalisation of the banking sector. In 2017 and 2018, the funds of the Banking Sector Consolidation Fund were used to finance the recovery of the following federal-scale banks of substantial social importance: PSB (Promsvyazbank), Otkritie Bank, BIN bank, Rost Bank, BIN Bank Digital, Uralprivatbank. Thus, there was an infusion of state funds into former private banks, which, together with other steps of the Central Bank of the Russian Federation, turned these banks into banks with state participation:

Promsvyazbank, 99.9% of shares of which is now owned by the state corporation Deposit •Insurance Agency. On January 19, 2018, the Government of the Russian Federation chose Promsvyazbank as the specialised bank for state defence orders and large government contracts. On February 22, 2018, the State Duma of the Russian Federation adopted amendments on the transfer of Promsvyazbank to defence bank status;

Otkritie bank, 99.9% of shares of which are now owned by the CBR; and •BIN bank, merged for now with Otkritie bank, is also currently under state control. In •March 2018, the Bank of Russia approved the additional capitalisation of BIN bank in the amount of 56.9 billion rubles. After acquiring an additional issue of shares of BIN bank, the Bank of Russia became its main shareholder: the share of the Central Bank of the Russian Federation in the authorised capital of BIN bank exceeded 99.9%.

It is worth noting that all the above banks used to be in private hands. At the moment, since their former owners did not comply with the regulations of the Central Bank of the Russian Federation and their further functioning could lead to a large-scale crisis, the state had to take control of them forcibly.

In general, the Russian banking sector has adapted to harsh economic realities. In 2018, the banking sector was characterised by moderately good growth rates of customer funds (corporate funds and household deposits). The volume of funds on corporate clients’ accounts for 11 months of 2018 nominally increased by 7.5%, against a decrease of 0.2% for the same period last year. At the same time, deposits of private persons in January–November of the current year increased by 4.5%, against growth of 3.3% in 2017. Also, the banking sector in 2018 received more than 1,280 billion rubles in profits.5


Over the last two years, the Bank of Russia has significantly revised the professional qualification and business reputation standards for the management of credit institutions. Uniform requirements for the business reputation of purchasers (owners) of large portions of shares, members of management bodies, and officials of banks, insurance companies, non-state pension funds, management companies, and microfinance companies, came into force. These points are contained in the Federal Law No. 281-FZ of July 29, 2017 “On Amending Certain Legislative Acts of the Russian Federation” (the “Management Requirements Act”), which has introduced a cross-functional approach in assessing the




compliance of individuals (including candidates for managerial positions in companies and banks) with business reputation requirements.

The Management Requirements Act also extended the qualification and reputation requirements and the relative procedure of notification on compliance (non-compliance) beyond the executive officers of financial institutions – to the personnel of the Internal Audit Service (IAS) and Risk Management Service (RMS). The purpose of the law is to make the governing bodies of banks and financial companies more responsible and professional. In addition, this innovation will supposedly help eradicate unfair competition practices in financial markets.

The Management Requirements Act eliminates discrepancies between the personnel regulations in different activities (banking, insurance, stock market, etc.) and introduces uniform procedures and requirements to ownership structure, corporate governance, composition and qualification of management bodies of all types of financial institutions, including:

uniform procedure for preliminary approval by the Bank of Russia of purchase of and/or •acquisition of control over qualified holdings (over 10% of shares);

uniform financial standing and qualification requirements for owners and effective •controllers of qualified holdings;

uniform procedure of preliminary approval by the Bank of Russia of candidates for the •positions of CEOs and members of collective executive bodies;

uniform qualification and business requirements to candidates and acting corporate •officials;

standard procedure of sending notice by the Bank of Russia mandating elimination of •violations of the qualification and business reputation requirements by managers, shareholders, controllers (for example, notice mandating removal of members of the board of directors); and

uniform procedure and format of disclosure of information on the ownership structure, •shareholder, and effective controllers.

The Bank of Russia maintains a database (registrar) containing information on persons with business reputation found to be non-compliant with the requirements of the law. As of January 1, 2018, the database contains information on a total of 5,795 individuals who previously held management positions in credit and non-credit financial organisations or owned (controlled) qualified holdings in credit institutions. In accordance with the Management Requirements modification Act, the managers of financial institutions have the right to request information from the registrar and appeal disqualification decisions of the Bank of Russia. Upon review of the matter by the Bank of Russia, a person has the right to apply to contest the appeal decision of the Bank of Russia in court. The new law also provides for the possibility of a “lifelong” ban for individuals on holding management positions and ownerships (control) of shares, which applies exclusively to credit institutions (banks) on two conditions:

criminal conviction for unlawful actions in the bankruptcy of a credit institution, •deliberate and (or) fictitious bankruptcy of a credit institution; and

repeated gross violation of business reputation requirements. •

Persons with the following “achievements” cannot be persons controlling financial institutions:




Unexpired or outstanding conviction for committing an intentional crime. •

Criminal conviction for an intentional crime with an exemption of punishment due to •the expiration of the statute of limitations for criminal prosecution if, on the day of appointment (election) to the position, or the day the Bank of Russia receives documents for state registration of a credit institution, the 10-year period since the date of the entry into force of the conviction has not expired.

Criminal conviction for unlawful conduct in the course of bankruptcy of a credit •institution, deliberate and/or fictitious bankruptcy of a credit institution.

Two of more counts of administrative liability for unlawful actions in the course of •bankruptcy of a legal entity; or deliberate and/or fictitious bankruptcy of a legal entity within three years preceding the day of its appointment (election) to the management position, or the day of receipt by the Bank of Russia of documents for state registration of a credit organisation (with the exception of cases when such administrative infractions entailed administrative sanctions in the form of a warning).

Finding by the court of a person liable for the obligations of a financial institution, or •to liability in the form of collecting damages in favour of a financial institution in accordance with the Federal Law “On Insolvency (Bankruptcy)” if, on the day preceding the day of receipt by the Bank Russia documents for the state registration of the credit organisation, 10 years has not expired from the date of entry into force of the judicial act.

Finding of a person liable by the court within 10 years preceding the date of appointment •(election) for the position or day of receipt by the Bank of Russia, of documents for state registration of the credit organisation of intentional generation of losses to any legal entity in the performance of his duties as a member of the board of directors (supervisory board); the sole executive body, its deputy; a member of the collective executive body; chief accountant or deputy chief accountant of the legal entity; head or chief accountant of the branch of the legal entity; including temporary performance of duties in these positions, or in the exercise of the powers of the founder (participant) of the legal entity.

The person, within 10 years preceding the date of appointment (election) for the position •or day of receipt by the Bank of Russia of documents for state registration of the credit organisation, had the right to issue mandatory instructions or the ability to otherwise determine the actions of a financial organisation (irrespective of the period during which the candidate had such a right or opportunity), which was declared bankrupt by the court (unless the shareholder submits to the Bank of Russia conclusive evidence of non-involvement of the person in decision-making or actions (inactions) leading to bankruptcy).


The minimum requirement for own funds (capital) for banks from 2018 is set at 1 billion rubles for universal licence banks and 300 million rubles for basic licence banks. In case of failure of the banks to meet the own-funds requirements they may, under certain conditions, “downgrade” to the status of non-banking institutions or microfinance companies. The minimum amount of own funds (capital) for non-banking credit institutions is set at 90 million rubles, except for some extraordinary cases.

There have not been any changes in the rules and methodology for the assessment of the




value of own funds (capital) of credit institutions. Bank of Russia remains committed to the application of internationally accepted rules, including Basel III standards. Credit institutions are required to comply with the Regulation of the Bank of Russia № 395-P of December 28, 2012, “On the methodology for determining the value of own funds (capital) of credit institutions (Basel III)”.


Since June 2018, legislative changes, providing the possibility of identifying individuals remotely, have entered into force. The Federal Law No. 482-ФЗ “On Amendments to Certain Legislative Acts of the Russian Federation” (hereinafter – the “Modification Act”) establishes the main principles and rules of remote identification.

Remote identification is designed to simplify access for individuals to financial services. For remote access to them, it is necessary first of all to establish identity with the help of biometric personal data (face and voice image) in any bank included in the special list of the Bank of Russia. Thus, the primary identification is carried out by one of the authorised banks that have the right to register individuals in the Unified Identification and Authentication System (ESIA) and the Unified Biometric System (UBS). After identification of a personal presence in a bank branch, such bank enters the citizen’s data into the ESIA, as well as obtaining biometric parameters and sending them to the Unified Biometric System.

When contacting a credit organisation, an individual will be able to pass authorisation to the ESIA, confirming his biometric data using modern means of communication that provide access to the internet. If the biometric data coincides with that previously entered into the system, the citizen has access to all financial services, from opening an account to receiving a loan.

The remote identification procedure is as follows:

In the presence of the individual, his identification is carried out by one of the banks. •At the request of the individual, the bank is obliged to record their biometric data, transfer it to Unified Biometric System, and transfer non-biometric information to the Unified Identification and Authentication System (ESIA). If an individual does not have an account in the ESIA, it is generated automatically.

When contacting another bank remotely, an individual chooses the remote identification •option. The consumer is transferred to the authorisation web-page in the ESIA, where he enters his login and password. He also provides his biometric data (for example, using a special mobile application). The biometric data is verified by the UBS, and if the data match, the ESIA transmits to the bank the identification information of the individual.

The bank conducts additional checks – for example, whether there is information about •a person on the list of those associated with extremist or terrorist activities, as well as suspicions of money laundering, financing of terrorism or financing of the proliferation of weapons of mass destruction.

According to the law, the bank is entitled to conclude the necessary agreements with an •individual (for example, a bank account agreement) using a simple electronic signature issued in personal presence when registering with the ESIA.

According to the Modification Act, in cases specified by federal laws, after identification with the personal presence of a citizen of the Russian Federation free of charge and with his consent, state bodies, banks and other organisations post in electronic form:




information required for registration of an individual in the ESIA, as well as other •information, if such information is provided for by federal laws; and

biometric personal data of a citizen of the Russian Federation – in a unified personal •data information system that provides processing, including the collection and storage of biometric personal data, their verification and transmission of information about the degree of their compliance with the biometric personal data of a citizen of the Russian Federation (the UBS).

The identification of an individual with the use of information technologies is carried out without his personal presence in cases established by federal laws, by submitting to state bodies and organisations:

information about a citizen of the Russian Federation, placed in a single system of •identification and authentication, in the manner established by the Government of the Russian Federation; and

information on the degree of compliance of the provided biometric personal data of a •citizen of the Russian Federation with his biometric personal data contained in a single biometric system.

The authors of the article also thank Attorney-at-Law Anton Minakov ([email protected]) for his help and great contribution to writing this article.

* * *

Endnotes

1. Persons with no national allegiance. 2. http://www.cbr.ru/statistics/print.aspx?file=bank_system/cr_inst_branch_010118.htm

&pid=lic&sid=itm_3982. 3. http://www.cbr.ru/press/event/?id=2344. 4. http://www.cbr.ru/Collection/Collection/File/14213/Bbs1812r.pdf.






Alexander Linnikov


Alexander Linnikov graduated from the International Law Department of

Moscow State University of International Relations in 1999; in 2001 he

received a Masters degree from the same university. Alexander received his

Ph.D. from the Moscow State Law Academy in 2008.

Alexander founded Linnikov & Partners in 2000. In 2016 Linnikov was awarded

the title of Honorary Advocate of the Moscow Regional Chamber of Advocates.

In 2018, Alexander Linnikov was awarded the title of “Honorary Attorney of

Russia”. He is an expert in Russian banking and financial law, foreign

investments, international trade, and white-collar crime. He is a member of the

Expert Council of the Federal Antimonopoly Service of Russia and the Civic

Society Council under the Chairperson of the Council of the Federation.

From 2018 Alexander Linnikov is a vice-rector for international cooperation

of the Financial University under the Government of the Russian Federation.

Alexander Linnikov is fluent in English, Italian, and German.

Sergei Sadovoy


Sergei Sadovoy graduated from the Moscow State University of International

Relations in 1996. In 2001 he joined Linnikov & Partners and became a

member of the Moscow Regional Bar. He is the leader of the L&P banking

and corporate practice. In 2007, the banking practice team of Alexander

Linnikov and Sergei Sadovoy won the National Banking Prize – for the best

legal advice in the banking sphere and impeccable professionalism.

Sergei is an expert in banking, financial, corporate, and tax law and a

commonly recognised authority in practical matters of state supervision of

financial institutions and antimonopoly policy. He advises Russian and

international clients on issues of Russian law and handles complex M&A

projects in different industries. Sergei regularly contributes practice-oriented

articles to Russian and international editions.

Sergei Sadovoy is fluent in English and Spanish.

Leonid Karpov


Leonid Karpov is a senior associate of Linnikov & Partners Law Firm. His

main practice areas are litigation and commercial arbitration, banking and

finance, currency control and regulations. Leonid also handles economic and

tax crimes cases as a defence attorney.

Leonid graduated from the Moscow State Law Academy (MSLA) in 2006 and

holds a Ph.D. from the same academic institution (2013). Leonid also

contributed to several fundamental academic editions, including the EU Law

textbook of the MSLA EU Law Department (2013), and co-authored

International Standards of Legal Discipline of Business of Credit Institutions

(2014) with his supervising partner Alexander Linnikov. Mr. Karpov is a

member of the Moscow Regional Chamber of Advocates, is a native Russian

speaker and fluent in English.

Presnenskaya Naberezhnaya, 8/1, MIBC “Moscow-City”, City of Capitals Compound,

Moscow Tower, Suite 215, 123112, Moscow, Russia

Tel: +7 495 783 8612; +7 495 783 8615 / Fax: +7 495 783 86 14 / URL: www.linnikovandpartners.com

Linnikov & Partners


Singapore

Introduction

For the third consecutive year in 2018, Singapore ranked fourth worldwide and second in Asia Pacific on the Global Financial Centres Index. Today, over 200 banks have a presence in Singapore and an increasing number are basing their operational headquarters here to service their regional activities. Singapore’s success as an international financial centre is underpinned by its pro-business environment and effective regulatory framework – in particular, following the 2008 financial crisis, Singapore has been refining the regulatory framework to strengthen the resilience of her banking system. Simultaneously, in the light of financial technology (“fintech”) advancements, Singapore seeks to achieve sustainable growth of its financial services sector through well-managed innovation. With Singapore’s careful and forward-looking attitude to banks and regulation on banking and securities, one can expect Singapore’s status as a thriving international financial centre to be entrenched.


Regulatory entities

The Monetary Authority of Singapore (“MAS”) is Singapore’s central bank and sole bank regulator, and oversees all financial institutions in Singapore.

Beyond MAS, international regulatory bodies possess varying degrees of influence over the regulatory regime in Singapore by virtue of Singapore’s membership and participation in international finance fora and committees. These regulatory bodies include the International Monetary Fund, the World Bank, the Financial Stability Board (“FSB”), the Basel Committee on Banking Supervision (“BCBS”), the International Organization of Securities Commissions, and the Financial Action Task Force (“FATF”). MAS works closely with these entities to implement domestic regulatory regimes that correspond with international standards.

At the domestic level, the Association of Banks in Singapore (“ABS”) publishes guidelines for consumers and banks as well as codes of practice for various areas of banking practices. The Singapore Foreign Exchange Market Committee (“SFEMC”) promotes adherence to the FX Global Code for wholesale market participants. SFEMC also publishes the Singapore Guide to Conduct and Market Practices for the Wholesale Financial Market for principles and market conventions relating to wholesale FX trading.

Key legislation and regulations

The Banking Act (Chapter 19) (“BA”), together with its subsidiary legislation including the Banking Regulations (“BR”) and the Banking (Corporate Governance) Regulations (“CG

Ting Chi Yen & Poon Chow Yue Oon & Bazul LLP



Regulations”), is the primary legislation governing the licensing and regulation of the businesses of banks in Singapore. Additionally, the notices, circulars, and other publications issued by MAS must be complied with by banks in Singapore.

Capital market services, financial advisory services, and insurance brokering are regulated activities under the Securities and Futures Act (Chapter 289) (“SFA”), the Financial Advisers Act (Chapter 110) (“FAA”), and Insurance Act (Chapter 142) (“IA”) respectively. While licensed banks are generally exempt from separate licensing under the SFA, FAA and IA, they are still required to conduct regulated activities in compliance with requirements provided thereunder.

General restrictions on businesses of banks

Singapore has in place an anti-commingling policy to segregate financial and non-financial businesses of banks in Singapore – banks in Singapore are generally restricted to conducting banking and financial businesses and businesses incidental thereto, unless otherwise authorised by MAS.

Nonetheless, the BR permits banks in Singapore to engage in non-financial business that is related or complementary to its core financial business, provided that the aggregate size of the non-financial business is limited to 15% of the bank’s capital funds, and must not comprise any of the following businesses:

(i) property development;

(ii) manufacturing or selling of consumer goods;

(iii) provision of hotel and resort facilities;

(iv) property management of properties not held by the bank or any of its major stake companies;

(v) owning, operating, or investing in facilities for the extraction, transportation, storage, or distribution of commodities; and

(vi) owning, operating, or investing in facilities for processing, refining, or otherwise altering commodities.

Separately, banks in Singapore are also prohibited from acquiring or holding:

(i) any equity investment in a single company, the value of which exceeds in the aggregate 2% of the bank’s capital funds;

(ii) directly or indirectly, a major stake in any entity without MAS’ prior approval – however, it is permissible for banks to acquire or hold wholly-owned subsidiaries for the purpose of segregating risks arising from carrying on any non-financial businesses so as to prevent such risks from affecting the financial soundness and stability of the bank; and

(iii) interests in or rights over immovable property, wherever situated, the value of which exceeds in the aggregate 20% of the bank’s capital funds or such other percentage as MAS may prescribe.

In September 2017, MAS published a consultation paper proposing to refine the anti-commingling policy in two aspects:

(i) streamlining the BR requirements to make it easier for banks to conduct permissible non-financial businesses that are related or complementary to their core financial business; and

(ii) allowing banks to operate digital platforms that match buyers and sellers of consumer goods or services, as well as the online sale of such goods and services.

Oon & Bazul LLP Singapore



While MAS’ proposals have not come into force, the consultation paper evinces MAS’ responsiveness and efforts to stay abreast of the evolving banking landscape and technological advancements.

Different types of banks

To conduct banking business in Singapore, banks are required to be licensed by MAS. There are three categories of bank licences, namely: (a) full bank licence; (b) wholesale bank licence; and (c) offshore bank licence.

Full banks may engage in the full range of banking activities permitted under the BA. However, foreign banks with full bank licences may only operate a limited number of office branches and automated teller machines (“ATMs”). Nonetheless, the qualifying full bank (“QFB”) scheme allows QFBs to operate at more locations, share their ATMs and relocate their branches freely.

Wholesale banks may carry on the same range of banking activities as full banks with the exception of Singapore-dollar (“SGD”) retail banking activities. They operate within the MAS Guidelines for Operation of Wholesale Banks.

Since April 2016, MAS has stopped issuing offshore bank licences and will be converting all existing offshore banks to wholesale banks. The streamlined two-tier licensing framework distinguishes full banks with access to the retail market from wholesale banks that specialise in wholesale business.

Beyond the aforementioned categories of banking licences, financial institutions may be authorised to operate as merchant banks under the MAS Act. Generally, merchant banks are involved in, among other activities, corporate finance, and management consultancy. Merchant banks are prohibited from accepting deposits from the public and raising money through issuing promissory notes, commercial papers, or bills of exchange.

Recent regulatory themes and key regulatory developments in Singapore

In line with Singapore’s robust regulatory framework, several key legislative changes have been introduced which account for developing advances in banking (including the advent of fintech and digital offerings) as well as added protection from fallout owing to bank restructuring/resolution. These changes represent Singapore’s aims to increase consumer protection and to incite fintech developments. As will be seen below, the E-Payments User Protection Guidelines is one regulatory amendment that pursues both goals. Additionally, the recent increase in fintech regulations and guidelines evinces Singapore’s desire to maintain her sound financial system while encouraging fintech innovation.

Banking (Amendment) Act 2016 (“BAA”)

In November 2018, the BAA came into force, introducing several key changes to the BA.

First, to enhance prudential safeguards and depositor protection, MAS is empowered to direct a foreign bank to transfer all or part of its banking business in Singapore to a company incorporated in Singapore by the bank or its parent bank, where necessary or expedient in the interest of the public, the depositors or the domestic financial system. This measure is intended to ensure the bank’s compliance with Singapore’s capital standards and corporate governance requirements by virtue of its Singapore incorporation. Further, MAS is empowered to require any bank to maintain a minimum leverage ratio to ensure the maintenance of sufficient liquidity in line with international standards.

Second, to strengthen corporate governance, MAS is empowered to direct the removal of




key appointment holders (“KAH”) if, in MAS’ opinion, the KAH is not fit and proper. To enhance MAS’ oversight, banks are required to immediately inform MAS after becoming aware of any matters which may negatively affect the fitness or propriety of any KAH.

The BAA also repealed the provision that made bank directors jointly and severally liable for any bank losses arising from credit facilities or exposures to the directors and their related parties. MAS assessed that such provisions did not provide effective oversight over related party transactions; there was also feedback that such provisions discouraged candidates from assuming bank directorships. Instead, MAS’ powers to direct a bank to terminate and restrict transactions that the bank enters into with its related parties, if these are deemed detrimental to depositors’ interests, have been enhanced.

Further, the amendments shield a bank’s external auditors who disclose information in good faith to MAS in the course of their duties from potential liabilities, thereby reinforcing the external auditors’ complementary role in assessing a bank’s risk and internal controls. Where MAS is dissatisfied with the performance of an external auditor, it may direct the bank to remove and replace the auditor.

To strengthen banks’ risk management controls, MAS’ approval will be required to establish new places of business for the conduct of certain businesses. This change aims to increase the MAS’ oversight of the activities of banks in order to ensure that banks implement sufficient AML-CFT safeguards before establishing places of business. Banks will also be required to immediately inform MAS of material adverse developments, including developments affecting financial soundness or reputation. Additionally, MAS will be empowered to inspect local and overseas subsidiaries of a bank incorporated in Singapore and, conversely, the parent supervisory authority of a foreign or merchant bank will be permitted to inspect the bank’s financial activities in Singapore with MAS’ approval.

Monetary Authority of Singapore (Amendment) Act 2017 (“MASAA”)

Following FSB’s update to the Key Attributes of Effective Resolution Regimes for Financial Institutions, MAS issued a public consultation on the proposed enhancements to MAS’ resolution regime. This culminated in the amendments proposed in the MASAA, which introduced additional measures to enhance Singapore’s resolution regime.

With effect from October 2018, the MAS Act now features additional resolution mechanisms such as the statutory bail-in regime for banks; temporary stay on termination rights of counterparties; cross-border recognition of resolution actions; creditor safeguards through the creditor compensation framework; and resolution funding arrangements. These amendments enhance MAS’ resolution regime for financial institutions in Singapore while maintaining the continuity of their economic functions.

Securities and Futures (Amendment) Act 2017 (“SFAA”) and subsidiary legislation

The SFAA, which came into effect in October 2018, seeks to enhance transparency and improve oversight of Singapore’s over-the-counter (“OTC”) derivatives markets operators and intermediaries.

The SFAA empowers MAS to require OTC derivatives products that meet prescribed criteria to be traded on organised trading facilities such as exchanges. This complements MAS’ existing powers to require reporting of trade information and central clearing of certain OTC derivatives contracts, and increases transparency in the derivatives market.

Finally, the SFAA streamlines existing regulatory regimes for commodity derivatives and exchange-traded derivatives. Commodity derivatives market operators and intermediaries, which are currently regulated under the Commodity Trading Act (Chapter 48A), will be




regulated under the SFA, such that they will not be subject to two regulatory regimes.

The Securities and Futures (Clearing of Derivatives Contracts) Regulations that came into effect on 1 October 2018 were introduced by MAS to require OTC derivatives to be cleared on central counterparties, to make the trading of OTC derivatives in Singapore safer by mitigating inherent credit risks. The mandatory clearing requirement will apply to SGD and USD fixed-floating interest rate swaps (the two most widely traded interest rate derivatives in Singapore). Additionally, banks whose aggregate outstanding notional amount exceeds S$20 billion will be required to clear their trades through central counterparties regulated by MAS.

Payment Services Act 2019 (“PSA”)

MAS seeks to create a smart financial centre, relying on technology to increase efficiency and allow for better risk management. Part of the initiative involves the creation of the fintech regulatory sandbox, a safe space for financial institutions to experiment and roll out innovative products and solutions. The sandbox framework was created in recognition of financial institutions’ risk-averse attitude towards the implementation of new financial products, which often translates to missed opportunities for fintech innovation. Accordingly, by providing a controlled environment for experimentation, it may encourage the adoption of novel financial products.

Currently, the Payment Systems (Oversight) Act (“PS(O)A”) and the Money-changing and Remittance Businesses Act (“MCRBA”) regulate payment services relating to stored value facilities.

In January 2019, the Payment Services Bill was passed in Parliament. When the PSA takes effect, the PS(O)A and the MCRBA will be repealed and the PSA will regulate all payment services. The PSA will empower MAS to regulate payment services to safeguard against:

(i) money-laundering and terrorism financing;

(ii) loss of funds owed to consumers or merchants due to insolvency;

(iii) fragmentation and limitations to interoperability; and

(iv) cyber risks.

To achieve its aims, the PSA will comprise two regulatory approaches: a licensing regime for payment services providers; and a designation regime for specific payment services. Under the licensing regime, a licence will be required to provide payment services for listed activities. Under the designation regime, MAS can designate a specific payment service as a designated payment system for the purposes of the PSA provided that certain conditions are fulfilled. These conditions include, among others, where disruption of the operations of the payment system could trigger widespread consequences in Singapore’s financial system.

E-payments User Protection Guidelines

In seeking to establish a baseline protection for consumers on digital payment services, MAS introduced the E-payments User Protection Guidelines. These guidelines were issued in September 2018 and came into effect in January 2019. The guidelines set out the duties of both consumers and financial institutions, while situations where consumers or financial institutions will be liable for losses arising from digital payment services will be delineated. The guidelines also delineate the liability caps on the amounts payable, and dispute-resolution processes for unauthorised or mistaken payment transactions.

A Guide to Digital Token Offerings

MAS published A Guide to Digital Token Offerings in November 2017 to provide guidance on the application of the SFA and FAA in relation to digital tokens in Singapore.




Where digital tokens fall within the definition of securities in the SFA, issuers of such tokens are required to lodge a prospectus with MAS prior to offering such tokens, unless exempted. Issuers or intermediaries of such tokens are also subject to licensing requirements under the SFA and FAA. In May 2018, MAS warned eight digital token exchanges in Singapore not to facilitate trading in digital tokens that constitute securities or futures contracts without authorisation from MAS. An initial coin offering was also warned to stop the offering of its digital tokens in Singapore.

MAS also emphasised in the guide that relevant MAS notices relating to prevention of money laundering and countering the financing of terrorism (“AML-CFT”) would apply to digital token offerings.

Principles to Promote Fairness, Ethics, Accountability and Transparency in the Use of Artificial Intelligence and Data Analytics in Singapore’s Financial Sector (“FEAT Principles”)

In November 2018, MAS issued the FEAT Principles to provide guidance to firms offering financial products and services on the responsible use of artificial intelligence and data analytics. Particularly, firms are encouraged to strengthen internal governance frameworks. The FEAT Principles aim to foster confidence in the use of artificial intelligence and data analytics in the provision of financial products and services.


Banks incorporated in Singapore are required to comply with the CG Regulations and MAS’ Guidelines on Corporate Governance for Banks, Financial Holding Companies, Direct Insurers, Reinsurers and Captive Insurers which are Incorporated in Singapore (“CG Guidelines”). Further, Singapore-incorporated banks that are listed on the Singapore Exchange are required to adhere to the Code of Corporate Governance 2018 on a “comply-or-explain” basis.

Under the CG Regulations and the CG Guidelines, MAS’ approval is required for the appointment of KAH and directors of banks incorporated in Singapore. Under MAS Notice 622A: Appointment of Chief Executives of Branches of Banks Incorporated Outside Singapore, such requirement is similarly applicable to the appointment of chief executives and deputy chief executives of Singapore branches of foreign banks. Additionally, the chief executive and deputy chief executive of the branch of the bank in Singapore are responsible for ensuring the branch’s compliance with the relevant laws of Singapore.

The CG Regulations require banks incorporated in Singapore to establish board committees in accordance with requirements prescribed by MAS. These requirements are explored below.

Board composition

Pursuant to the CG Regulations, a bank incorporated in Singapore must ensure that the majority of the board are independent directors. An independent director must:

(i) be independent from any management and business relationship with the bank;

(ii) be independent from any substantial shareholder; and

(iii) not have served on the board of the bank for a continuous period of nine years or longer.

Additionally, the majority of the board must be Singapore citizens or permanent residents. For foreign-owned banks incorporated in Singapore, at least one third of the board must be Singapore citizens or permanent residents.

The CG Guidelines further state that the directors of the board and its committees should collectively provide an appropriate balance of diversity of skills, experience, gender, and knowledge of the bank.




Nominating Committee

The Nominating Committee reviews nominations for the appointment of the bank’s KAH. As stated under the CG Guidelines, the Nominating Committee should assist the board in determining whether a director is independent in character and judgment and whether there are relationships or circumstances which are likely to, or could appear to affect, the director’s judgment.

The Nominating Committee should comprise at least three directors, the majority of whom, including the Chairman, should be independent. The lead independent director, if any, should be a member of the Nominating Committee.

Remuneration Committee

The Remuneration Committee recommends remuneration frameworks for the bank’s KAH and reviews remuneration practices. The CG Guidelines provide guiding principles that the Remuneration Committee should take into account when planning remuneration. For instance, long-term incentive schemes are generally encouraged and remuneration should be pegged to performance.

The Remuneration Committee should comprise at least three directors, the majority of whom, including the Chairman, should be independent. All members of the Remuneration Committee should also be non-executive directors.

Risk management and internal controls

Pursuant to the CG Regulations, banks incorporated in Singapore must establish a Risk Management Committee responsible for managing risks on an enterprise-wide basis and the adequacy of the bank’s risk management functions.

The board of directors should also establish an Audit Committee to review the bank’s financial reporting issues; the adequacy and effectiveness of the bank’s internal controls and audit functions; and the remuneration and terms of engagement of external auditors.

The Audit Committee should comprise at least three directors, the majority of whom, including the Chairman, should be independent. All members of the Audit Committee should be non-executive directors.

MAS Guidance on Private Banking Controls is also relevant for internal control policies as the same recommends AML-CFT policies and practices required for private banking business.

Outsourcing

Banks must comply with MAS Guidelines on Outsourcing and maintain a register of their outsourcing arrangements which is to be submitted to MAS (annually or upon request). In particular, the guidelines identify cloud services operated by service providers as a form of outsourcing and recognises that institutions may leverage such services to enhance their operations. However, the risks inherent in cloud services are not distinct from other outsourcing arrangements and accordingly, the necessary risk management practices should apply in the subscription to cloud services. MAS also provides further guidance on IT outsourcing in MAS’ Technology Risk Management Guidelines.

MAS Notice 634: Banking Secrecy – Conditions for Outsourcing states that in all outsourcing arrangements involving the disclosure of customer information to the service provider, banks must preserve the confidentiality of customer information. Further, banks must comply with the Personal Data Protection Act 2012 (No. 26 of 2012) (“PDPA”). In particular, when transferring personal data outside Singapore, banks must ensure that the




recipient outside Singapore is bound by legally enforceable obligations to provide a standard of protection comparable with the PDPA.

Related party transactions

MAS Notice 643: Transactions with Related Parties, in effect since 21 November 2018, requires board approval of a special majority of three-fourths of its board for material related party transactions. Further, the ambit of MAS Notice 643 extends to transactions of overseas branches and subsidiaries. Additionally, for banks to ensure that their related party transactions are conducted on an arm’s length basis, appropriate policies and procedures should be implemented.


Capital adequacy requirements

MAS Notice 637: Notice on Risk-based Capital Adequacy Requirements for Banks Incorporated in Singapore sets out the capital adequacy requirements for banks incorporated in Singapore. Generally, these requirements are set higher than the Basel III global capital requirement.

The key requirements under MAS Notice 637 are as follows:

, these requirements are set higher than the Basel III global capital requirement.

The key requirements under MAS Notice 637 are as follows:

MAS Notice 637 also state that banks incorporated in Singapore must maintain a capital conservation buffer to be introduced in the following dates:

Minimum liquid assets framework

MAS Notice 649: Minimum Liquid Assets and Liquidity Coverage Ratio requires the bank to possess liquidity risk management practices. In particular, banks must hold sufficient liquid assets to meet their estimated short-term cash outflows. This is to ensure that banks will be in possession of sufficient liquid assets to draw down when faced with a liquidity crisis.

MAS Notice 649 provides two categories of liquidity risk management framework: Minimum Liquid Asset (“MLA”); and Liquidity Coverage Ratio (“LCR”). A bank incorporated and headquartered in Singapore or a domestic systemically important bank (“D-SIB”) need only comply with the LCR framework. The framework provides for a detailed assessment of the bank’s liquidity as well as the buffer that the bank would be required to possess to avoid a funding squeeze during liquidity stress. Smaller financial institutions may be given a choice on whether to comply with the LCR or MLA framework.

From 1 Jan 2016

From 1 Jan 2017

From 1 Jan 2018

From 1 Jan 2019

Capital Conservation Buffer 0.625% 1.25% 1.875% 2.5%

Minimum CAR

Minimum Common Equity Tier 1 (“CET1”) Capital Adequacy Ratio (“CAR”) 6.5%

Minimum Tier 1 CAR 8%

Minimum Total CAR 10%




MAS Notice 651 on Liquidity Coverage Ratio Disclosure further imposes reporting obligations as to the LCR information for D-SIBs that are incorporated in Singapore. MAS Notice 651 also provides guidance on disclosure of non-mandatory quantitative and qualitative information that a D-SIB is encouraged to make. Cumulatively, the disclosures facilitate market participants’ understanding of the D-SIB’s liquidity risk profile and promote market discipline.

In line with the BCBS’ Net Stable Funding Ratio (“NSFR”) Standard, MAS introduced MAS Notice 652: Net Stable Funding Ratio setting out the minimum all-currency NSFR requirements that D-SIBs are required to comply with. MAS Notice 653: Net Stable Funding Ratio Disclosure then sets out the disclosure requirements for D-SIBs in relation to its NSFR. Together, the two MAS Notices are designed to complement the LCR requirements in Singapore.

Rules governing banks’ relationship with their customers and other third parties

In Singapore, besides the statutory legislation, the bank-customer relationship is governed largely by contract and tort law by virtue of Singapore’s common-law heritage. Consequently, liability may arise from contractual or negligence claims.

From a common law perspective, the bank-customer relationship can be characterised as a debtor-creditor relationship. The bank has the obligation to honour the customer’s mandate regarding the payment of money from the customer’s bank account. Generally, banks are legally obliged to repay the deposited sum upon demand. The relationship may also be characterised as trustee-beneficiary; bailor-bailee; or principal-agent, depending on the facts of each case. In most cases, banks owe a duty to act with reasonable care to the customers.

Section 47 of the BA provides that customer information shall not be disclosed by a bank in Singapore or any of its officers except as expressly provided for in the BA. Contravention of section 47 is an offence that is punishable: (a) in the case of an individual, to a fine not exceeding S$125,000 or to imprisonment for a term not exceeding three years, or to both; or (b) in any other case, to a fine not exceeding S$250,000.

Banks are required to adhere to the PDPA in the collection, use and disclosure of personal data. The PDPA requires the bank to only collect, use or disclose personal data with the individual’s knowledge and consent, for purposes that were communicated to the individual, in a reasonable manner. Additionally, under the PDPA, individuals must be given the right to access and to correct their personal data.

Where the banks’ activities fall within the scope of the SFA and FAA, compliance with the relevant legislation is necessary. This includes the requirement to provide proper risk-disclosure statements, disclosure of product information when recommending investment products, and ensuring proper segregation of certain customer monies and assets. The Consumer Protection (Fair Trading) Act also empowers consumers (i.e. an individual not acting exclusively in the course of business) of “financial products” and “financial services” to seek civil redress for unfair practices.

ABS Code of Consumer Banking Practice

ABS introduced the Code of Consumer Banking Practice to promote good consumer banking practices, increase transparency as to banking services, develop a fair bank-customer relationship, and foster greater confidence in the banking sector.

Under the code, the members of ABS undertake to provide certain standards of banking practice including making available a contact point to handle customers’ queries, providing




sufficient information as to the key features and risks of their financial products and committing to a 14-day timeline for investigation of customers’ complaints.

Dispute resolution

Apart from litigation and arbitration, disputes between banks and customers may be adjudicated by the Financial Industry Disputes Resolution Centre (“FIDReC”). FIDReC is an independent institution which specialises in the resolution of disputes relating to banking and financial services. All licensed banks are FIDReC members.

From January 2017, the jurisdiction of FIDReC in adjudicating disputes between consumers and financial institutions is up to S$100,000 per claim. FIDReC’s services are available to all consumers who are individuals or sole-proprietors. However, it is not mandatory to refer disputes to FIDReC for resolution.

FIDReC’s dispute resolution process begins with mediation, failing which, the matter will then be heard before a FIDReC Adjudicator or a Panel of Adjudicators.

Money laundering and tax evasion

As a member of the FATF, Singapore has complied with most of the FATF’s recommendations concerning AML-CFT. The following legislation were enacted to pursue the objectives of AML-CFT:

(i) Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act (Chapter 65A);

(ii) Terrorism (Suppression of Financing) Act (Chapter 325);

(iii) United Nations Act (Chapter 339); and

(iv) Mutual Assistance in Criminal Matters Act (Chapter 190A).

MAS Notice 626 on Prevention of Money Laundering and Countering the Financing of Terrorism requires banks to take appropriate steps to identify and assess their money laundering and terrorism financing risks and to comply with requirements relating to correspondent banking, wire transfers and record keeping. As part of their due diligence, banks must continually monitor their business relationships and check the status of their customers against relevant information sources. The Guidelines to MAS Notice 626 further state that when screening customers results in a “positive hit” against relevant sanctions lists, the bank is obliged to immediately and without notice, freeze the funds or other assets of designated persons and entities that it has control over.

As part of an initiative by the G20 and the Organisation for Economic Co-Operation and Development (“OECD”), the Common Reporting Standard (“CRS”) was implemented to detect and deter tax evasion through the use of offshore accounts. Given that Singapore is on the OECD’s “white list” of countries, it has committed to implementing the Automatic Exchange of Information under the CRS. The Income Tax (International Tax Compliance Agreements) (Common Reporting Standard) Regulations 2016 requires and empowers banks to implement necessary processes to obtain CRS information from account holders for submission to IRAS.

Deposit insurance scheme

All full banks are required to participate in a deposit insurance scheme under the Deposit Insurance and Policy Owners’ Protection Schemes Act (“DIPOPSA”). The DIPOPSA introduces limited protection for depositors by insuring their deposits for up to S$50,000 per depositor per member. The recently-tabled Deposit Insurance and Policy Owners’ Protection Schemes (Amendment) Bill proposes to increase the maximum deposit insurance coverage to S$75,000.




Technology developments

In embracing digital disruption, banks in Singapore have developed new ways of banking as part of their strategic imperatives. For instance, DBS Bank developed the mobile wallet DBS PayLah! which allows users to transfer funds via a mobile number. For interbank transfers, consumers in Singapore have access to the PayNow service which allows for the transfer of SGD funds between nine participating banks by using a payee’s mobile number or Singapore identification number.

Strides in digitisation were also made for merchant banking. In May 2018, HSBC announced that it successfully executed a letter of credit transaction using a blockchain application. The Infocomm Development Authority of Singapore and Bank of America Merrill Lynch worked with HSBC in 2016 on a prototype of the application. The documentation for the transaction was completed in 24 hours, as opposed to a 5 to 10 days’ timeline for conventional paper-based documentation related to letters of credit. With the reduced need for paper reconciliation, businesses can enjoy a faster turnaround time and access to greater liquidity.

MAS is also involved in the progress towards digitisation. Beginning in 2016, MAS started Project Ubin to experiment with blockchain technology. The project was developed with the goal of evaluating the implications of having a tokenised form of SGD on a digital ledger, and its potential benefits to Singapore’s financial ecosystem.

The emergence of technology as a disruptor has shaped the development of novel banking practices. With MAS’ oversight, customers of banks in Singapore can continue to expect to have growing access to a wider array of safe and innovative banking services.






Ting Chi Yen – Partner


Chi Yen regularly acts in a wide range of cross-border matters involving

working capital, trade finance, structured finance, acquisitions, project,

syndicated and asset financing. He also advises banks and financial

institutions with compliance, AML / KYC and other regulatory requirements.

His clients comprise multinational lenders, including local and foreign banks,

financial institutions, and leasing companies in jurisdictions such as

Singapore, Hong Kong, Malaysia, India, South Korea and Japan. He also has

particular expertise in working with borrowers from commodities houses,

traders and shipping lines. He is able to advise on complex insolvency and

corporate restructuring scenarios and the realisation of securities/enforcement

of non-performing accounts and provides lenders with practical and

economical solutions.

In addition, Chi Yen has a breadth of experience in all aspects of non-

contentious shipping work and frequently acts for shipping lines and banks in

the financing, sale and purchase of vessels, registration and mortgages in local

and international ship registries, including leasing arrangements, charterparties,

carriage and freight. His practice includes real estate and conveyancing and

covers the acquisition, disposition and securitisation of residential, industrial

and retail/commercial properties.

Poon Chow Yue – Associate


As an associate of the firm’s Banking & Finance practice, Chow Yue’s banking

and finance experience is broad, and includes asset finance, trade finance, and

restructuring work. In particular, Chow Yue has acted for various clients in

ship financing transactions, including sale and leaseback structures, and tax-

driven structures. Chow Yue has also acted for a fintech company in the

development and launch of its invoice crowdfunding platform.

Besides transactional banking work, Chow Yue has experience in contentious

banking disputes as well as enforcement proceedings – she has recently acted

for a bank in successfully defending a forgery claim before the Financial

Industry Disputes Resolution Centre (FIDReC). Chow Yue also regularly

advises financial institutions on regulatory compliance matters.

Beyond the banking and finance sphere, Chow Yue has acted for clients in

both local and cross-border transactions spanning a diverse range of industry

sectors including shipping, finance and oil and gas.

36 Robinson Road, #08-01/06, City House, Singapore 068877

Tel: +65 6223 3893 / Fax: +65 6223 6491 / URL: www.oonbazul.com

Oon & Bazul LLP


South Africa

Introduction

South Africa has a sophisticated banking system, backed by a sound regulatory and legal framework that aims to ensure systemic stability in the economy, institutional safety and soundness and to promote consumer protection.

The South African Reserve Bank (“SARB”), as the central bank, is responsible for bank regulation and supervision, and for promoting the soundness of the domestic banking system through the effective and efficient application of international regulatory and supervisory standards, and for minimising risk. The SARB issues banking licences to banking institutions including mutual banks, and monitors their activities in terms of the Banks Act 94 of 1990 and the Mutual Banks Act 124 of 1993, respectively.

South Africa is committed to the development of an effective and efficient global financial regulatory architecture and in this regard, the SARB participates in a number of international fora such as the G20 and the Financial Stability Board (“FSB”).

Technology continues to have an impact on banking activity, and there is no doubt that the myriad of technology will change the face of banking going forward. Technologies have the potential to reduce customer cost and to enhance the consumer experience and a number of SA banks have invested in, or acquired, fintech start-ups or businesses.

Banks are also collaborating with peer-to-peer lenders, and innovative payment systems such as third party mobile wallets are being used by established banks.

South Africa has also seen the advent of the “Fintech bank” where some entities, relying on their sophisticated technology platforms, have applied for and been granted banking licences.


The Financial Sector Regulation Act 9 of 2017 (“FSRA”) established a ‘twin peaks’ model of financial sector regulation for South Africa by means of two regulators, namely a Prudential Authority, operating within the administration of the South African Reserve Bank (“SARB”), and a new Financial Sector Conduct Authority (“FSCA”). The Prudential Authority supervises the safety and soundness of banks, insurance companies and other financial institutions, while the FSCA supervises how financial services firms conduct their business and whether they treat customers fairly.

The objectives of the FSCA include enhancing and supporting the efficiency and integrity of the financial system and protecting financial customers. As a market conduct regulator, the FSCA has a particular focus on the most vulnerable customers, namely retail clients or consumers. The outcomes-focused, market-conduct regulatory and supervisory approach

Angela Itzikowitz & Ina Meiring ENSafrica



of the FSCA, seeks to protect consumers by ensuring that financial institutions demonstrate that they consistently treat their customers fairly in their provision of financial products and services.

The provision of credit (by banks and any other entities offering credit) is regulated by the National Credit Act 2005 (“NCA”). The NCA provides for the establishment of the National Credit Regulator (“NCR”) and the National Credit Tribunal (“NCT”). The NCR was established by the NCA and is responsible for (among other things) the regulation of the credit industry, the registration of industry participants, investigation of complaints and ensuring the enforcement of the NCA. The NCT is an independent body distinct from the NCR. It is empowered to adjudicate any application made to it, and may make any order provided for in the NCA in respect of such an application. In addition, it may adjudicate on allegations of prohibited conduct and impose the various remedies provided for in the NCA.

Other than the FSRA, the key legislation applicable to banks is the following:

the Banks Act 94 of 1990 and regulations published in terms thereof, providing for the •regulation and supervision of the taking of deposits from the public;

the Mutual Banks Act 124 of 1993, which provides for the regulation and supervision •of the activities of mutual banks;

the Co-operative Banks Act 40 of 2007, which provides for the regulation and •supervision of cooperative banks and acknowledges member-based financial services cooperatives as a different tier of the official banking sector;

the South African Reserve Bank Act 90 of 1989, which regulates the SARB and the •monetary system;

the National Payment Systems Act 78 of 1998 (“NPS Act”), which provides for the •regulation and supervision of payment, clearing and settlement systems in South Africa;

the Currency and Exchanges Act 9 of 1933, which regulates legal tender, currency •exchanges and banking. Exchange Control Regulations issued in terms of that Act impose exchange controls that restrict the export of capital from South Africa;

the Financial Intelligence Centre Act 38 of 2001 which regulates the combatting of •money-laundering and the financing of terrorist activities;

the Financial Advisory and Intermediary Services Act 37 of 2002, which regulates the •rendering of financial advisory and intermediary services to clients;

the National Credit Act 34 of 2005 (“NCA”), which regulates consumer credit, prohibits •certain unfair credit and credit-marketing practices as well as reckless credit-granting;

the Consumer Protection Act 68 of 2008 (“CPA”), which regulates the provision of •goods and services (including financial services) to consumers, unless exempted;

the Financial Markets Act 19 of 2012, which provides, inter alia, for the regulation of •financial markets, the custody and administration of securities and insider trading; and

the Protection of Personal Information Act 4 of 2013 (“POPI”) which, once fully •effective, will regulate the manner in which personal information may be processed by establishing conditions, in harmony with international standards, that prescribe the minimum threshold requirements for its lawful processing.

The Banks Act places restrictions on the kind of business banks can conduct. Under •Section 78 of that Act, banks are not permitted to:

hold shares in any company of which such bank is a subsidiary; •

ENSafrica South Africa



lend money to any person against security of its own shares or of shares of its •controlling company;

grant unsecured loans or loans against security that, in the opinion of the Registrar, •is inadequate for the purpose of furthering the sale of its own shares;

show bad debts; losses or certain costs as assets in its financial statements or returns; •

conclude a repurchase agreement in respect of a fictitious asset or an asset created •by means of a simulated transaction;

purport to have concluded a repurchase agreement without the agreement being •substantiated by a written document signed by the other party, and the details of the agreement being recorded in the accounts of the bank as well as in the accounts that may be kept by the bank in the name of the other party; and

pay out dividends from its share capital without the prior written approval of the •Registrar.

A bank must hold all its assets in its own name, excluding: •

any asset bona fide hypothecated to secure an actual or potential liability: •

in respect of which the Registrar has approved in writing that the asset may be •held in the name of another person; or

falling within a category of assets designated by the Registrar as assets that •may be held in the name of another person.


The principal regulatory challenges for the banking industry remain ongoing compliance with Basel III and the implementation of the FSRA. Full compliance with the Basel III framework is still being phased in. Certain transitional arrangements have been made to afford the banks sufficient time to meet the higher standards set by Basel III.

A draft Conduct of Financial Institutions Bill (“CoFI”) was published in December 2018. The object of CoFI is to establish a consolidated, comprehensive and consistent regulatory framework for the conduct of financial institutions that will:

protect financial customers; •

promote the fair treatment and protection of financial customers by financial institutions; •

support fair, transparent and efficient financial markets; •

promote innovation and the development of and investment in innovative technologies, •processes and practices;

promote trust and confidence in the financial sector; •

promote sustainable competition in the provision of financial products and financial •services;

promote financial inclusion; •

promote transformation of the financial sector; and •

assist the SARB in maintaining financial stability. •

The National Payment System Department (“NPSD”) of the SARB published a policy paper on the ‘Review of the National Payment System Act 78 of 1998’ in December 2018 (“NPS Policy Paper”). The NPS Policy Paper contains several recommendations, which include that:




the NPS Act should be able to consider and adopt, where appropriate, international •standards and principles to the extent that is appropriate for South Africa and does not stifle innovation;

the primary objects should be stated as: promoting the financial stability, safety, •efficiency (including interoperability), transparency and integrity of the NPS; the safety and soundness of payment institutions and activities; and confidence in the NPS;

the secondary objects should be stated as the prevention of financial crime, promotion •of financial inclusion, and support of the FSCA in its consumer protection objective;

the SARB should be responsible for licensing all entities that provide payment services •and operate payment systems, after consultation with the FSCA;

it is recognised that in future the SARB may wish to allow or require settlement of other •emerging currencies, such as central bank digital currencies and VCs, or designate other settlement systems, and the NPS Act should be enabling in this regard, with specific requirements being provided for in subordinate legislation;

the provision of retail payment services/activities (e.g. remittance services, e-money, •mobile money) where money is not due to a third party should be allowed, whether the entities providing such services are banks or non-banks. Such entities should be exempted from the definition of the business of a bank in the Banks Act 94 of 1990 and be subject to a risk-based and proportionate regulatory, supervisory and oversight framework. This could also be effected through an amendment to the Banks Act and the necessary provisions in the NPS Act, while at the same time maintaining financial stability.

Financial technology (“fintech”) in South Africa is not currently regulated, and while South Africa does not yet have innovation facilities (such as a regulatory sandbox), the SARB and the FSB (now “the FSCA”) are considering the applicability of such innovation facilities. In 2016, the Intergovernmental FinTech Working Group (“IFWG”) was established at the SARB, comprising members from National Treasury, the SARB, the FSCA and the Financial Intelligence Centre. The IFWG aims to develop a common understanding among regulators and policymakers of fintech developments and policy and regulatory implications for the financial sector and economy.

At the start of 2018, a joint working group was formed under the auspices of the IFWG to specifically review the position on crypto assets. The working group is represented by the members of the IFWG, and the South African Revenue Services forms the Crypto Assets Regulatory Working Group. The IFWG also issued a consultation paper on policy proposals for crypto assets. In this consultation paper it is explained that the IFWG and Crypto Assets Regulatory Working Group are of the view that regulatory action should not be delayed until the most appropriate regulatory approach has become clear, but rather act and amend as innovation evolves.

As to recovery and resolution, the SARB issued Directive 1 of 2015, which specifies the minimum requirements for the recovery plans of banks, controlling companies and branches of foreign institutions. The level of detail and range of recovery options must be commensurate with the risk profile of the relevant bank or institution. These requirements are in line with the international standard for resolution planning set out by the Financial Stability Board in its ‘Key attributes of effective resolution regimes for financial institutions’ released on 4 November 2011.

The Directive sets out the following governance requirements:




the development, maintenance, approval and annual review of the recovery plan should •be subject to an appropriate governance process with clearly assigned roles and responsibilities for operational staff, senior management and the board of directors (or committee of similar standing, in the case of a locally registered branch of a foreign bank);

the board of directors should express its view on the recoverability of the bank from •severe financial stress based on the recovery options identified in the recovery plan; and

an overview of any material changes or updates made since the previous version of the •bank’s recovery plan needs to be included in the recovery plan.

If the Registrar is of the opinion that a bank will be unable to repay deposits made with it or will probably be unable to meet any other obligations, the Minister of Finance may, if he or she deems it desirable in the public interest, by notifying the CEO or chair of the board of directors of that bank in writing, appoint a curator to the bank.1 On such appointment, the management of the bank vests in the curator, subject to the supervision of the Registrar, and those who until then were vested with its management are divested of it. The curator must recover and take possession of all the assets of the bank.2 The appointment of a curator does not amount to the bank being wound up or liquidated.

Subject to the supervision of the Registrar, the curator must conduct the management of the bank in such a manner as the Registrar may deem to best promote the interests of the creditors of the bank concerned and of the banking sector as a whole, and the rights of employees in accordance with the relevant labour legislation.3 The curator may dispose of all or part of the business of a bank to enable an effective resolution of a bank under curatorship.4 If, at any time, the curator is of the opinion that there is no reasonable prospect that the continuation of the curatorship will enable the bank to pay its debts or meet its obligations and become a going concern, the curator must inform the Registrar in writing forthwith.5

The curator may be empowered to cancel any guarantee issued by the bank concerned prior to its being placed under curatorship, excluding such guarantee which the bank is required to make good within a period of 30 days as from the date of the appointment of the curator. A claim for damages in respect of any loss sustained by, or damage caused to, any person as a result of the cancellation of a guarantee, may be instituted against the bank after the expiry of a period of one year as from the date of such cancellation.6

A curator may further be empowered to raise funding from the SARB, or any entity controlled by the SARB, on behalf of the bank and, notwithstanding any contractual obligations of the bank, but without prejudice to real security rights, to provide that security may be instituted against the bank after the expiry of a period of one year as from the date of such provision of security.7 A curator may also propose and enter into an arrangement or compromise between the bank and all its creditors, or all the members of any class of creditors, in terms of section 155 of the Companies Act 71 of 2008.8

The Registrar has the right to apply to a court for the winding-up of any bank under the Companies act, and also has the right to oppose any such application made by any other party.9 Only a person recommended by the Registrar may be appointed as liquidator or provisional liquidator of a bank.

While the SARB has been considering deposit insurance, South Africa does not yet have a system of depositor protection guaranteeing depositors’ money in the event of a bank failure.





The board of directors of a bank is ultimately responsible for ensuring that an adequate and effective process of corporate governance, consistent with the nature, complexity and risk inherent in the bank’s on-balance sheet and off-balance sheet activities, and which respond to changes in the bank’s environment and conditions, is established and maintained.10 The process of corporate governance includes the maintenance of effective risk management and capital management by a bank.11 On an ongoing basis, the overall effectiveness of the process relating to, inter alia, corporate governance, internal controls, risk management, capital management and capital adequacy must be monitored by the bank’s board of directors.12

The board of directors of a bank or a committee appointed by the board for such purpose must, at least once a year, assess and document whether the processes relating to corporate governance, internal controls, risk management, capital management and capital adequacy implemented by the bank successfully achieve the objectives specified by the board; and at the request of the Registrar, provide the Registrar with a copy of the report compiled by the board of directors or committee in respect of the adequacy of the processes relating to corporate governance, risk management, capital management and capital adequacy.13

In addition, the external auditors of a bank must annually review the process followed by the board of directors in assessing the corporate governance arrangements, including the management of risk and capital, and the assessment of capital adequacy, and report to the Registrar whether any matters have come to their attention to suggest that they do not concur with the findings reported by the board of directors, provided that when the auditors do not concur with the findings of the board of directors, they provide reasons for their non-concurrence.14

Every director of a bank or controlling company is required to have a basic knowledge and understanding of the conduct of the business of that bank, and of the laws and customs that govern the activities of such institutions. Although not every member of the board of directors of a bank or controlling company is required to be fully conversant with all aspects of the conduct of the business of a bank, the competence of every director of a bank must be commensurate with the nature and scale of the business conducted by that bank and, in the case of a director or a controlling company, as a minimum, must be commensurate with the nature and scale of the business conducted by the banks in the group.15

In view of the fact that the primary source of funds administered and utilised by a bank in the conduct of its business is deposits loaned to it by the general public, it is further the duty of every director and executive officer of a bank to ensure that risks that are of necessity taken by such a bank in the conduct of its business are prudently managed.16

The board must establish, inter alia, a remuneration committee consisting only of non-executive directors of the bank or controlling company.17 The functions of the remuneration committee include working closely with the bank or controlling company’s risk and capital management in the evaluation of the incentives created by the compensation system, and ensuring that performance measures are based principally on the achievement of the board-approved objectives of the bank or controlling company and its relevant functions.

In order to evaluate and improve the effectiveness of a bank’s risk-management control, capital management and governance processes and/or systems, a bank must establish an independent and objective internal audit function.

A bank must also have in place, as part of its risk-management framework and governance structure, an independent compliance function. The independent compliance function must




ensure that the bank continuously manages its regulatory and supervisory risks; that is, the risk that the bank does not comply with applicable laws and regulations or supervisory requirements. The compliance function must be headed by a compliance officer of the bank, who must perform his or her functions with such care and skill as can reasonably be expected from a person responsible for such a function in a similar institution.

A bank must further implement and maintain robust structures, policies, processes and procedures to guard against the bank being used for purposes of market abuse such as insider trading and market manipulation, and/or financial crimes such as fraud, financing or terrorist activities and money laundering.


In 2013, the SARB implemented an amended capital framework aligning it to the requirements of Basel III. The capital framework is set out in the Banks Act and the regulations promulgated thereunder. A bank must manage its affairs in such a way that the sum of its primary and secondary capital, its primary and secondary unimpaired reserve funds (and where the bank trades in financial instruments), its tertiary capital in South Africa does not at any time amount to less than the greater of 250 million rand, or an amount that represents a prescribed percentage of the sum of amounts relating to the different categories of assets and other risk exposures of the bank, calculated as prescribed in the regulations relating to the banks.

A bank must furthermore hold in South Africa liquid assets amounting to not less than the sum of amounts, calculated as prescribed percentages not exceeding 20% of such different categories of its liabilities as may be prescribed in the regulations relating to banks. A bank may not pledge or encumber any portion of these liquid assets. The Registrar is empowered to exempt the bank from this prohibition, on such conditions and to such an extent, and for such a period, as he or she may determine.

A controlling company must further manage its affairs in such a way that the total of its common equity Tier 1 capital, additional Tier 1 capital and Tier 2 capital, and its common equity Tier 1 unimpaired reserve funds, additional Tier 1 unimpaired reserve funds and Tier 2 unimpaired reserve funds, does not at any time amount to less than an amount that represents a prescribed percentage of the sum of the amounts relating to the different categories of assets and other risk exposers, and calculated in such a manner as prescribed. In addition, the capital and reserve funds of any regulated entity included in the banking group and structured under the controlling company must not at any time amount to less than the required amount of capital and reserve funds determined in respect of the relevant regulated entity, in accordance with the relevant regulator responsible for the supervision of the relevant regulated entity.18


The Banks Act regulates deposit-taking activities and provides that no person other than a registered bank may take deposits from the general public as a regular feature of its business, or advertise for deposits. It does not, however, regulate the relationship between a bank and its customers. This relationship is based on the common law, and the contract between a bank and its customer is one sui generis. The Financial Advisory and Intermediary Services Act 37 of 2002 regulates financial services such as advice and intermediary services, including banking services, and the Consumer Protection Act 2008 includes within its reach financial services offered to consumers. The fundamental consumer rights it protects include




restriction against unwarranted direct marketing, fair just and reasonable term and conditions, and fair and honest dealing. Banks are also subject to the Code of Banking Practice issued by the Banking Association of South Africa. The Code is a voluntary code which sets out minimum standards for service and conduct by banks.

Subject to certain exemptions, the National Credit Act 2005 applies to banks (and all entities) extending credit. Generally an agreement is a credit agreement if there is a deferral of payment and a fee; charge or interest is levied for such deferment. Subject to certain limited exclusions, any person extending credit will have to register as a credit provider with the National Credit Regulator and is subject to a plethora of ongoing obligations once registered. The cornerstone of the National Credit Act 2005 is the prevention of reckless credit-granting and debt relief measures to deal with the problem of over-indebted customers. The National Credit Act requires pre-assessment of customers and is prescriptive as to the process relating to affordability assessment.

South Africa has a banking ombud and other statutory ombuds such as the FAIS ombud, credit ombud and insurance ombuds. As stated above, South Africa does not yet have a system of deposit insurance.

Anti-money laundering (“AML”) and Counter Terrorist Financing are regulated by the Prevention of Organised Crime Act 1998, Protection of Constitutional Democracy Against Terrorist And Related Activities Act 2004 and the Financial Intelligence Centre Act 2001 (“FICA”).

FICA was significantly overhauled by the FICA Amendment Act 1 of 2017, which provides for a risk-based approach to combating AML. A risk-based approach (although not defined in FICA) in essence permits a regulated institution to determine the relevant risk of its clients and to tailor its controls on the basis of the risk appraisal. The regulated (accountable) institutions, which include banks, are measured against the reasonableness of, and justification for, the design of their controls.

A risk-based approach is often contrasted with a rule-based approach, where the regulator determines the controls that the regulated entity must apply. In a rule-based system, institutions are measured against their compliance with prescribed controls. The main difference between the two approaches (rule-based versus risk-based) is the allocation of responsibility for determining the risk, as well as the appropriate risk-management actions.

To give effect to the risk-based approach, accountable institutions are obliged to draft a ‘Risk Management and Compliance Programme’. A ‘Risk Management and Compliance Programme’ is defined in FICA as the programme contemplated in section 42(1) of FICA. In terms of that section, an accountable institution must develop, document, maintain and implement a programme for anti-money laundering and counter-terrorist financing risk-management and compliance.

Under section 42(2) a Risk Management and Compliance Programme must, among other things, enable the accountable institution to:

identify; assess; monitor; mitigate; and manage, the risk that the provision by the •accountable institution of products or services may involve or facilitate money-laundering activities or the financing of terrorist and related activities;

provide for the manner in which the institution determines if a person is a prospective •client in the process of establishing a business relationship or entering into a single transaction with the institution; or a client who has established a business relationship or entered into a single transaction;




provide for the manner in which and the processes by which the establishment and •verification of the identity of persons must be performed by the institution; and

provide for the manner in which the institution determines whether future transactions •that will be performed in the course of the business relationship are consistent with the institution’s knowledge of a prospective client.

Under section 29 of FICA, any person who conducts business in South Africa is obliged to report suspicious or unusual transactions to the Financial Intelligence Centre established under FICA.

* * *

Endnotes

Section 69(1) of the Banks Act. 1.

Section 69(2A) of the Banks Act. 2.

Section 69(2B) of the Banks Act. 3.

Section 68(2C) of the Banks Act. 4.

Section 69(2D) of the Banks Act. 5.

Section 69(3)(i) of the Banks Act. 6.

Section 69(3)(j) of the Banks Act. 7.

Section 69(3)(k) of the Banks Act. 8.

Section 68(1)(k) of the Banks Act. 9.

Section 60B(1) of the Banks Act. 10.

Regulation 39(2). 11.






Section 64C of the Banks Act. 17.

See in general Section 70A of the Banks Act. 18.






Prof. Angela Itzikowitz


Professor Angela Itzikowitz is an executive in ENSafrica’s banking and

finance department. She specialises in banking and financial market

regulation, including finance and regulatory reform, card and related electronic

payment instruments, derivatives, loan agreements, collective investment

schemes, insurance, money laundering and debt origination and securitisation.

She has done a significant amount of work in South African Development

Community (“SADC”) countries such as Uganda, Kenya and Zambia

including regulatory law reform through capacity-building projects. More

recently, she drafted and advised on the Finance and Development Protocol

for SADC in her capacity as a senior legal expert. She has also advised the

World Bank on deposit insurance and bank insolvencies.

Angela has participated in a number of financial market initiatives in Asia in

collaboration with colleagues from Beijing, Shanghai, Hong Kong and India.

She also acts for a number of European banks, asset managers and investment

advisors.

Angela is a professor in banking and financial markets law at the University

of the Witwatersrand and she teaches at Queen Mary College, the University

of London, on legal aspects of international finance. She is the author of The

Law of South Africa Banking and Financial Markets, has co-authored a number

of books and has published numerous articles in local and foreign journals.

She is a member of the Board of International Scholars, London Institute of

Banking and Finance, and is a Professorial Fellow at the Asian Institute of

International Financial Law, University of Hong Kong. She is also a visiting

Professor at Shanghai University of Finance and Economics and Peking

University, is the recipient of a number of international fellowships and awards

and sits on a number of advisory committees and company boards.

Dr. Ina Meiring


Ina Meiring is an executive in ENSafrica’s banking and finance department.

She is regarded as one of the top finance regulatory experts in South Africa

and her clients include leading local and international financial institutions.

Her experience includes advising on banking and financial services regulation

and consumer law matters, including the South African Consumer Protection

Act, 2008; the National Credit Act, 2005; and the Protection of Personal

Information Act, 2013. Her expertise further includes advising on corporate

governance, exchange control, securitisations, payment instruments and

payment methods.

Ina is a member of the expert group appointed by the South African Reserve

Bank for the review of the National Payment System Act, 1998. She has

authored chapters on South African banking regulation for a number of legal

publications, and has lectured at the University of Johannesburg and the

University of South Africa.

The MARC, Tower 1, 129 Rivonia Road, Sandton, Johannesburg 2196, South Africa

Tel: +27 11 269 7600 / URL: www.ensafrica.com

ENSafrica


Spain

Introduction

From late 2008, the Spanish banking sector underwent a deep restructuring process ultimately driven by regulatory responses to the severe crisis which the sector and the country faced post-2007. After reshaping the sector completely, the worst of the crisis is over and we now face a more stable, more transparent and sounder financial sector. However, the relative stability we have enjoyed these last couple of years was disrupted in June 2017 by Banco Popular’s failure and its acquisition by Santander for one euro, bringing a battle of claims by shareholders. We still believe that restructuring will continue, via further concentration and repositioning. As an example, recent relevant transactions include: the sale of EVO Banco by Apollo to Bankinter; the sale of 49% of Wizink by Santander (previously owned by Popular) to Varde Partners; and Abanca acquiring the Spanish business of Caixa Geral. The next in the pipeline could be Bankia, a large, listed bank in which the State still holds a significant controlling stake, but which it has announced plans to divest.

Until 2009, it was probably accurate to describe the Spanish banking sector as unique among its European counterparts. While the country was, and is, home to two of the world’s largest banking corporations (Santander and BBVA) – present in other European jurisdictions and outside the EU, most significantly in Latin America – such large corporations did not account for more than 30% of the domestic deposit market share; the rest was in the hands of many other institutions, including a wide array of mid- and small-sized companies. Bank of Spain’s census as of early 2009 comprised some 80 private banks (of which roughly 10 had a material market share), 80 credit cooperatives (accounting, altogether, for 5% of the share, approximately) and 45 savings banks (cajas de ahorros), representing, roughly, 50% of the market. Branches of foreign institutions (almost exclusively EU-incorporated) were and are present, but hold a negligible share of the retail market.1

The relevant presence of savings banks was doubtlessly the most salient feature of the Spanish banking system. Cajas were a genuinely Spanish type of institution, with no full equivalent in any other Western jurisdiction. The Supreme and Constitutional Courts described them in several judgments as ‘foundation-like’. Strictly speaking, savings banks were foundations not subject to the governance rules in the Foundations Act. As foundations, they lacked capital or any equivalent fund composed of legal instruments bearing voting rights. Their corporate governance depended on a complex set of mechanisms ultimately enacted by regional laws which placed them under the control of regional powers. For this reason, it has been argued that savings banks were similar to German Landesbanken.

The deep crisis changed this landscape dramatically.

The banking sector was severely hit by the real estate crisis. Excessive exposures to developers

Fernando Mínguez Hernández, Íñigo de Luisa Maíz & Rafael Mínguez Prieto

Cuatrecasas



and builders accounted for a very significant proportion of the banks’2 assets. That, in addition to the effects of the general economic crisis, led many institutions into serious trouble if not actual insolvency. All institutions were affected, but savings banks were particularly in trouble, since their exposure was almost entirely domestic and highly concentrated in real estate.

The regulatory response to the crisis came, both at the National and European levels, in the form of a wide array of measures (see the section entitled, ‘Recent regulatory themes and key regulatory developments in Spain’ below) that, ultimately, have changed (and still keep on changing) the banking sector and the regulatory architecture itself. The legislative measures have addressed virtually all aspects relating to the financial sector, encompassing: (i) measures to provide liquidity and solvency support to banks; (ii) measures to promote concentration among institutions and to set up restructuring alternatives, including resolution mechanisms; (iii) changes in the legal regime of savings banks; (iv) provisioning requirements; (v) strengthening corporate governance; (vi) new and significantly higher capital requirements; and (vii) changes in the supervisory and regulatory architecture. But the measure that will probably prove to be most far-reaching over time is the introduction of the EU (Eurozone) Single Supervisory System (the “SSM”), with the ECB taking over most of the supervisory duties of the former Member States’ domestic supervisors (a measure that took full effect on 4 November 2014) and the implementation of the Banking Recovery and Resolution Directive (“BRRD”)3 and, again for the Eurozone, the Single Resolution System (the “SRM”).

During the crisis, the State had to take over some banks and provide support to others. The banking sector recapitalisation needs, evidenced through successive stress tests conducted both at the EU and domestic levels, led to Spain’s request for financial assistance from the EU in the form of a €100 billion credit facility (of which the amount actually used was €40 billion). In order to obtain the line, in July 2012 Spain entered into a MoU with the EU on financial sector policy conditionality (“MoU”) which led to further regulatory measures, including the creation of an asset management company named SAREB4 (commonly known as “bad bank”) in operation from December 31, 2012. To a good extent thanks to the creation of SAREB – followed by the banking sector in general – the country now enjoys an active secondary market for loans and REOs and a developed servicing industry. All this has provided the banks with efficient tools to implement their NPL management strategies.

As a result of all this, the landscape of the banking sector has changed very significantly. Savings banks have de facto disappeared (with two tiny exceptions), their banking business having been taken over by banks, and the savings banks themselves have become foundations, some of them still holding significant stakes in banks, while others do not. Concentration has also happened, to a lesser extent, within the subsectors of cooperatives and banks. The State took over several financial institutions, all of which were subsequently auctioned and acquired by other privately held entities except Bankia (where the State remains the controlling shareholder, but it is likely that such stake will be finally sold by the State at the right time) and Banco Mare Nostrum, a mid-sized, unlisted bank, which a few months ago merged into Bankia to facilitate the State’s divestment when all its stake in Bankia is finally sold. The Fund for Orderly Bank Restructuring (Fondo de Reestructuración Ordenada Bancaria – FROB)5 has played a crucial role in the restructuring process of our banking system. The FROB has ultimately become the Spanish executive resolution authority, and is thus integrated within the SRM.

In addition to the traditional credit institutions supervised by Bank of Spain, due to the weakness of most local banks, there are also new players in the banking sector providing credit and marketing other financial products without any supervision, since they take advantage of

Cuatrecasas Spain



the fact that collecting funds from the public is the only typical banking activity strictly reserved to credit entities.6 This trend of non-bank channels which supplement the regular banking sector will continue progressively in Spain. Therefore, the “shadow-banking” phenomenon, the new cryptocurrencies and the need to supervise these incoming entities or not, constitutes a major debate not only in Spain but also at EU level for harmonisation purposes. Due to the low ROE in the banking sector, Spanish financial institutions are very focused on increasing efficiency and yields to compensate the low level of interest rates, and are concentrated on new strategies such as “going digital” and investing in “fintechs” to develop new tools and applications. The crowdfunding initiatives and non-financial return models (outside the scope of Law 5/2015, of April 27, when dealing exclusively with donations, sale of assets and services, and free-interest loans) are growing, particularly through online platforms, but the overall amounts and transactions remain low. In addition, some of the Spanish financial institutions are also expanding into nearby markets such as Portugal and the UK, taking advantage of certain credit institutions on sale after being rescued by the local authorities. On the other hand, there are increased rumours of banks’ integration in Spain to face the challenges resulting from low capital returns and in order to gain efficiency. There are even rumours about the first integration of a large Spanish credit institution with another EU large financial entity.

The latest Financial Stability Report issued by Bank of Spain dated November 2018 provides an updated description of the Spanish banking sector.7 In a nutshell, some key references are as follows: (i) consolidated P&L of the financial sector has increased by 12.5% due to the high reduction in losses derived from asset depreciation; (ii) total consolidated assets decreased by 0.5%; (iii) loans and credits to the private sector have decreased by 2.9%; (iv) the NPL rate (tasa de morosidad) has gone down to 3.6% (meaning a decrease from 4.5% compared to 2017), although the impaired assets level is still high (increase default signs in consumption), despite the important reduction in the past years (-60% since 2013); (v) recourse of Spanish banks to the Eurosystem continued at a high level (€168bn) but has at least not increased in the last three years (average allocation to Spanish entities was 22%); (vi) private deposits at banks and their patrimony on a consolidated basis increased by 0.6% but in total decreased by 1.3%; (vii) the level of provisions due to asset deterioration has also decreased due to better performance, and impaired assets (“dudosos”) have been reduced by 26.7% in the last year; and (viii) common equity tier 1 capital ratio (“CET1”) has been reduced slightly to 11.9%, and has only increased by 0.3% since 2014. The report also cites evidence that the credit to SMEs in Spain went down 7.2% and that the Spanish banking system is more efficient than comparable systems in the main European jurisdictions and the European average.

Brexit has set up a new economic and financial scenario for Spain (as for most continental countries). It is extremely difficult to anticipate the effects of Brexit, since it would directly depend on the final scenario of the UK’s exit from the EU (due on 29 March 2019) and the negotiations for the subsequent UK-EU relationship. In any case, there are high risks of a “hard Brexit”, meaning a big challenge for all sectors, but no doubt that financial services would be affected, particularly those activities that are more dependent on the “EU passport”. At this stage, we have seen some relevant relocations of business related to financial activities into other jurisdictions by large financial institutions, and Dublin, Frankfurt and Luxembourg will take some operations. A “hard Brexit” will accelerate banks’ contingency plans and movements in their balance sheets from the UK to their affiliates in EU jurisdictions. On the other hand, the Spanish banks’ activities abroad are increasing very significantly. Activities in the US and in the UK already represent more than half of the international exposure of Spanish financial institutions.

Cuatrecasas Spain




Spanish regulatory architecture is traditionally based on a sectoral approach (with a different regulator for banks, investment companies and insurance companies). Banking supervision, traditionally attributed to Banco de España (the country’s central bank) underwent a very significant change after the implementation of the SSM and SRM Regulations.8

The most relevant public authority for banks is now the ECB9 which: (i) is responsible for licensing; (ii) controls transfers of significant holdings; (iii) is responsible for prudential supervision, including on- and off-site direct inspection of most relevant institutions10 and receives reporting; and (iv) may trigger the exercise of disciplinary powers. However, stating that the ECB has become “the” banking supervisor is an oversimplification, since Bank of Spain, further to cooperating with the ECB in its supervisory tasks, still holds regulatory powers, may, within a larger or lesser scope depending on topics, issue regulations on solvency, conduct, accounting and other matters relating to banks11 and is the sole supervisor for certain other financial intermediaries.

Although it is the most important, Bank of Spain is not the only national public authority of relevance to banks. Apart from the Ministry of Finance:

The National Securities Market Commission (Comisión Nacional del Mercado de •Valores – CNMV) holds authority over banks, whether listed or not,12 as providers of investment services.13

The SEPBLAC14 is the Spanish financial intelligence unit and controls the application •of anti-money laundering and terrorist financing prevention rules in accordance with FATF standards (to which banks are subject). It holds supervisory capacity of its own and may exercise disciplinary powers in its field.

The Deposit Guarantee Fund (Fondo de Garantía de Depósitos en Entidades de Crédito •– FGD) is privately ex ante funded by banks via compulsory periodical contributions, and is governed by a committee which is split on a 50/50 basis between representatives of the banks themselves and Bank of Spain. The Spanish FGD is like the US FDIC and has wide capacity to adopt preventive measures rather than acting like a mere deposit box, though its role is nowadays much less salient than it used to be.

The Fund for Orderly Bank Restructuring (Fondo de Reestructuración Ordenada •Bancaria – FROB)15 is a public institution, created in 2009 to cover the FGD’s lack of financial capacity to deal with a systemic crisis. Its function was to provide support to (and eventually take over) banks in need of restructuring. In 2012 its legal status was re-shaped to turn it into a resolution authority and in 2015 adapted to the BRRD and integrated with the rest of Eurozone resolution authorities as part of the SRM.

Spain is a member of the EU and the Eurozone and, therefore, most banking legislation and regulations – when not directly in the form of EU regulations – are based on directives or adapted to them. Thus, in many areas, Spanish banking law is highly similar or even identical to other EU jurisdictions. The primary EU statutes applicable, as amended from time to time, are:

The Capital Requirements Directive. The text now in force is EU Parliament and the •Council 2013/36/EC of 26 June 2006 (“CRD IV”), coupled with Regulation (EU) 575/2013 of the EU Parliament and the Council, of the same date (“CRR”).

The Banking Recovery and Resolution Directive. Directive 2014/59/EU of the •European Parliament and of the Council of 15 May.

Cuatrecasas Spain



The MiFID II-MiFIR package. •

The Third and Fourth Anti-Money Laundering Directive. EU Parliament and Council •Directive 2005/60/EC of 26 October 2005 and superseded by Directive 2015/849 of 20 May 2015 and to be implemented before 31 December 2017.

The minimum reserves regulation. Council Regulation (EC) nº 2531/98 of 23 •November 1998.

The SSM Regulations: Council Regulation (EU) nº 1024/2013 of 15 October 2013 and •ECB Regulation (EU) nº 468/2014 of 16 April.

The SRM Regulation: Regulation (EU) nº 806/2014 of the European Parliament and of •the Council of 15 July.

EU legislation, in turn, is mostly framed on international standards issued by relevant committees and organisations, among which is the Basel Committee on Banking Supervision. CRD IV and CRR implement Basel III.

In 2011, the EU upgraded its supervisory framework by turning the pre-existing “level III” committees16 into as many EU supervisory authorities. For the banking sector, the relevant authority is the EBA, which has taken over the role of the CEBS. The EBA performs an array of tasks, including the issuance of guidance on supervisory policy matters. During its three first years of operation, EBA, further to maintaining CEBS’s standards, has produced many significant documents that have either regulatory content on their own or are applied as interpretation criteria, not only for EU but also for national law.

In 2013–2015, Spain carried out a significant effort towards the systematisation of its banking law. For many years the country lacked a comprehensive source of banking legislation that could mirror the Italian or French Banking Codes. In addition, between 2008 and 2012 the regulatory management of the crisis resulted in a very high number of pieces of legislation (mostly executive), amended multiple times within a short timeframe, which also needed to be re-cast. While banking law is still a vast domain, the most relevant statutes further to those directly applicable EU laws, are:17

Royal Legislative Decree 4/2015, of October 23, approving the restated text of the •Securities Markets Act (regulates, among other matters, investment services and implements MiFID18).

Bank of Spain’s Autonomy Act 13/1994 of 1 June. •

The Money Laundering and Terrorist Financing Prevention Act 10/2010 of 28 April •(implementing the III AML Directive).

Royal Decree-law 16/2011, of 14 October, on the Credit Institutions Deposit Guarantee •Fund (merged the previous schemes into a single FGD).

Credit Institutions and Investment Firms Recovery and Resolution Act 11/2015 of 18 •June (gives the FROB its present legal status and institutes a comprehensive restructuring and resolution framework, implementing the BRRD).19

Savings Banks and Banking Foundations Act 26/2013 of 27 December. •

Credit Institutions Ordination, Supervision and Solvency Act 10/2014 of 26 June, •developed by Royal Decree 84/2015 of February 13.

As stated, these acts and other relevant legal provisions are developed by a high number of specific regulations. Due to the technical nature of the matters, it is not unusual that the development is not completed in a single step but requires a multiple-tier set of regulations from different authorities. Highly complex parts of the rulebook, or matters that require a

Cuatrecasas Spain



very detailed degree of specification, are frequently left for Bank of Spain’s regulations (Circulares) which, while forming the lowest tier in the cascade of regulations, become the most directly applicable and are thus perceived by the banks as essential.20

Finally, mirroring EBA guidance, in recent times there is yet another tier of (albeit “soft”) regulation being developed, named “Bank of Spain Guidelines” and other “good practices” codes. These may be direct adoptions of EBA Guidelines (most frequently) or developed ad hoc by the Bank.

Recent regulatory themes and key regulatory developments in Spain21

After the December 2015 elections, it took over 10 months and another call to the polls, and the whole of 2016, for Spain to have a fully empowered government – which, however, was a minority one and lasted only until mid-2018. In June 2018, after a no-confidence vote, the centre-right government was replaced by a new cabinet whose parliamentary support has proven unstable. This means that, since 2015/16, the country has entered a certain impasse when it comes to regulatory developments, with very significant delays in the implementation of relevant EU directives. This is in stark contrast with recent past experience since, as stated above, the years since the outbreak of the crisis had seen unprecedented regulatory activity in Spain in many fields: after the adoption of the CRD IV/CRR package, the country has been lagging behind on important pieces of financial legislation, namely: the MiFID II-MiFIR package; the IDD (insurance distribution directive); PSD2 (second payment services directive); and the MDC (mortgage credit directive) – note that these are 2014/15 directives, all of which should have been implemented by early 2018.

Some of the latter have been finally implemented; however late, by recourse to executive legislation (in the form of Royal Decree-laws). This has been the case with MiFID II (finally implemented by means of Royal Decree-law 14/2018 of 28 September after a partial, and very limited, implementation in late 2017 by means of another Royal Decree-law) and PSD2, implemented by means of Royal Decree-law 19/2018, of 23 November. The fourth AML directive was also implemented in 2018 by means of executive legislation. The IDD and the MCD should come next, in early 2019.

On a domestic level, the establecimientos fiancieros de crédito – a type of non-deposit-gathering credit institution which plays a minor but not irrelevant role in the Spanish market – await the development of their regulations, after a project posted for consultation in 2015 – a proposed development of Act 5/2015 – which has not translated into an actual piece of law.

A very relevant and long-lasting set of measures have been implemented, related to the legal status of savings banks. As mentioned above, these institutions are a particular type of foundation, thus unable to issue shares or any other vote-bearing securities (a fact that, among other implications, made it impossible for them to merge except with another savings bank). Reform was implemented in successive stages, ultimately leading to the de facto disappearance of savings banks. Current regulation is contained in the Savings Banks and Banking Foundations Act 26/2013 of 27 December.

Savings banks may (and do) still exist under their traditional status, as slightly amended. However, keeping such traditional status now carries significant limitations: the geographical scope of activities is limited and the balance sheet may not exceed €10 billion. If those conditions are not met, the savings bank must transfer its business to a bank and become either an ordinary foundation (if its participation in a bank falls below 10%) or a “banking foundation”. Banking foundations are under Bank of Spain’s supervision and the higher their stake in a bank, the more stringent their obligations. Banking foundations holding 50%

Cuatrecasas Spain



or more of the capital of a bank must create a reserve fund in their own books to meet possible capital needs at the level of the bank.

As mentioned, only two institutions keep their original savings bank form. All others have either disappeared entirely or become foundations. All banking business is now carried out by banks.

Regarding solvency and resilience, Spain got through the crisis by implementing successive ad hoc measures anticipating, or going beyond, Basel III rules. All such measures are now abrogated and the country operates within the general CRD IV-CRR framework, mostly under ECB direct supervision.

The regulatory, supervisory and crisis management architecture of the country was upgraded by the creation of the FROB. The FROB was created by Royal Decree-law 9/2009 of 26 June, and initially conceived as a financial tool. The Credit Institutions Restructuring and Resolution Act 9/2012 turned it into a fully-fledged resolution authority, widely empowered, capable of issuing administrative decisions binding on third parties. From its creation, the FROB has gained remarkable experience in crisis management, resolving, nationalising and re-privatising a relevant number of institutions. Ultimately, as the Spanish branch of the SRB, the FROB has taken part in the resolution process of Banco Popular and its subsequent sale to Banco Santander. Act 9/2012 is now superseded by the BRRD-SRM Regulation and the Spanish Act 11/2015, which are in line with the BRRD.

On its side, the Bank of Spain has made consistent progress in the field of accounting. In late 2016, it published an updating of its provisioning and credit impairment rules and, more recently, in order to keep Spanish rules up to IFRS9 and IFRS15, it adopted a brand new set of accounting standards by means of Circular 4/2017 of 27 November, effective on 1 January 2018, superseding the 2004 standards that, after many amendments (the last in late 2016) have been the basis of the system since the transition to IAS/IFRS. Both IFRS9 and the new Spanish standards carry out a major change in loan loss allowance calculation policies, shifting from an “incurred loss” model to an “expected loss” (through the entire remaining life of the loan) model.

The relative lack of activity of Spanish lawmakers and standard setters has contrasted deeply with regulatory activity at the EU level. Both the EU Commission and the EBA have issued numerous rulings, secondary regulations (mostly in development of the CRR and other major legislative pieces) and guidelines on various topics, from solvency to remuneration practices.


External controls

As in many other jurisdictions, Spanish credit institutions’ conduct and activities are specifically regulated and supervised by public administration authorities. This special regime for credit entities is mainly developed in Act 10/2014 of June 26, on Ordination, Supervision and Solvency of Credit Institutions and Act 9/2012 of November 14, on Restructuring and Resolution of Credit Institutions, which has been partially superseded by Act 11/2015 of 18 June, on Recovery and Resolution of Credit Entities and Investment Services Companies, which implements Spain Directive 2014/59/EU. Similarly to other EU jurisdictions, the aim is to set up mechanisms to allow the supervisor access to critical information about the situation and evolution of financial entities, restrict or prohibit practices or operations which increase insolvency risks or reduce liquidity, and reinforce the capital structure and protect their customers. Such regulation is applicable both to Spanish entities and other foreign

Cuatrecasas Spain



institutions operating in Spain (with limitations regarding those acting through an EU passport, under the home country control principle). Breaches of regulation are subject to sanctions (among others, penalties, disqualification, temporary intervention, revocation of licence).

Day-to-day credit institution surveillance is now shaped by the responsibility shift from the Bank of Spain to the ECB. Within the cooperation framework provided by ECB Regulation (EU) nº 468/2014 of 16 April 2014, banks are now being supervised by teams composed of both Bank of Spain and ECB officials.

Although the ECB now concentrates most functions on filing, control, monitoring, surveillance and inspection of all credit institutions in order to foster the solvency, stability and efficient operation of the financial sector and assure full compliance of the banking regulation, enforcement needs the cooperation of national authorities. Under Act 10/2014 (further developed by Royal Decree 84/2015, of February 13), credit institutions and their directors, senior managers or any other individual holding a management position, which breach the regime ruling conduct and discipline, will be subject to administrative liability. Breaches are classified as very serious, serious and minor offences. Under Act 11/2015 (further developed by Royal Decree 1012/2015, of November 6), the supervision and the resolution activities are now clearly separated in order to act at early stages and to avoid conflicts of interest during the decision-making process. Depending on the stage, bodies of Bank of Spain, CNMV or FROB shall intervene in accordance with their functions.

Credit entities, if listed in capital markets, would also be subject, as issuers, to Royal Legislative Decree 4/2015, of October 23, approving the restated text of the Securities Markets Act, which imposes obligations on disclosure of information in connection with the publication of the annual report on corporate governance and the annual report of directors’ remuneration. This is, of course, without prejudice to their duties, also under the same act, as investment services providers.

Internal controls22

Act 31/2014, of December 3, amended the Spanish Companies Act (Royal Legislative Decree 1/2010 of July 2) on corporate governance matters and came into force in December 2014, strengthening the legal requirements that companies have to comply with in regard to the structure and dynamics of their governing bodies: the board of directors and the general shareholders’ meeting. In addition, more specifically for credit institutions, Act 10/201423 has introduced substantial developments in corporate governance matters in order to promote efficient practices, establish internal control mechanisms and develop remuneration policies aligned with the risks taken by credit institutions in the medium term.24 Finally, more recently, Royal Decree 84/2015, of 13 February, develops Act 10/2014, and a new Spanish Code of Good Practices in Corporate Governance for listed companies was released by the Spanish supervisor CNMV in February 2015.25

The most relevant credit institutions in Spain are set up as special public companies (sociedades anónimas) subject to general corporate rules but also to particular requirements.26 The day-to-day management of banks, as in any other company, corresponds to their boards of directors. Pursuant to EU directives, however, the board and its members must meet certain adequacy requisites in order to assure prudent management and prevent conflict of interests. Under this regime, the board of directors is directly liable for the risks assumed by the credit entity.

The current main areas of concern from a corporate governance perspective are the composition, structure and dynamics of the board of directors, the remuneration of its members, and operations related to issuances of capital or debt which may impact on shareholders’ rights. In the case of financial entities, special attention is placed on the last

Cuatrecasas Spain



two aspects, as well as in the risk and control areas and in the independence of the external auditor.

The board of directors of a bank shall be composed by a minimum of five members (in practice, the number of directors in a bank tends to be significantly higher). According to Royal Decree 84/2015, which further develops Act 10/2014, all directors (members of the board), senior management of banks and those individuals responsible for the internal control should have broad expertise and a good professional track-record (meaning sufficient experience in banking and financial services from previous positions to be evaluated depending on the level of responsibility required) and with an outstanding reputation and honourability in order to adequately perform their duties (meaning having no criminal records, not being declared bankrupt and not having been disqualified to conduct public or private activities due to judicial resolutions or convictions). The chairman of the board of directors cannot be the CEO except if the size and complexity of the financial entity so justifies it and the Bank of Spain authorises it. Members of the board, general managers, senior directors and the like are subject to the regime on discipline of Act 10/2014, so they can be sanctioned in case of breach of their duties (the administrative regime does not waive the general liability principle set forth in the Companies Act, but applies in addition to the latter). These individuals are also subject to the incompatibilities regime by which they cannot hold similar positions in other banks and have certain restrictions to be members of the board at other companies. Finally, members of the board and senior management should be identified and filed at the Official Register of Senior Banking Officers (Registro Oficial de Altos Cargos de la Banca) which is managed by Bank of Spain.

The internal requirements imposed on banks aim to guarantee that the directors of credit institutions are properly informed of all significant facts related to the banks so they can comply properly with all their obligations and assume their liabilities. Banks shall have a good administrative organisation and accounting services, as well as internal control procedures to assure sound and prudent management. In addition, Royal Decree 84/2015 of February 13 also establishes that banks shall set up adequate bodies and proceedings for internal control purposes in order to prevent and avoid any transaction which may trigger anti-money laundering provisions.

Particular attention is paid to risk management and control, and the remuneration policies. Financial entities shall set up procedures to identify, manage, control and communicate existing or potential risks. Articles 32 to 34 of Act 10/2014 regulate the remuneration policies, its main general principles and the variable elements of salaries, which shall reflect a steady performance and be duly adjusted to the risks involved. The remuneration of directors and top management of financial entities is scrutinised with special emphasis (approval requirements and disclosure of data), but also the executive director’s remuneration schemes. As a result of the above, together with the board of directors, the bank’s organisation must also comprise certain separated and delegated commissions and committees to periodically inform the board and take care of key aspects such as internal audit and control, remuneration and risk management.27 Best practices in corporate governance also imply improving the level of independence of the board of directors, the adequate composition of its key Committees (Executive, Audit and Control, Remuneration, Nominations, Investment and Risk),28 an efficient evaluation process, and the existence of a solid succession plan.

There is also a special regulation on corporate governance applicable to investment services companies, which was introduced by Royal Decree 358/2015, partially amending Royal Decree 217/2008. As a result, the rules and requirements applicable to managers and their

Cuatrecasas Spain



remuneration regime in credit institutions are now extended to investment services companies in order to improve efficiency and prudence.

Needless to say, “know your client” (KYC) and “anti-money laundering” (AML) internal procedures, and data protection controls, have been given a lot of attention in the Spanish financial sector in recent years. Royal Decree-Law 5/2018, of July 27, has implemented EU regulation on data protection in Spain.


As stated before, since Spain is a member of the EU, capital requirements (and limits to large exposures) are governed by the CRD IV and the CRR. The Bank of Spain, by mid-2014, dictated a supplementary regulation to cover the few matters the CRR leaves to national discretion. It is to be remarked, however, that the CRR sets the absolute minimum all banks must comply with (the so-called Pillar I). Banks may face tighter capital requirements from the application of institution-specific ratios under national legislation implementing the CRD IV (Act 10/2014), if decided by the ECB/Bank of Spain. The implementation of the CRD IV framework was completed by means of Bank of Spain’s Circular 2/2016, of February 2, which fills certain technical gaps, mostly in the form of national discretions contained in the CRR.

The CRD IV-pack replaced a complex and short-lived set of national rules, designed to restore confidence in the banking sector, introduced during the crisis. By means of such rules, Basel III was somehow anticipated in Spain. Now the country is entirely back in line with the rest of the EU.

Unlike other EU jurisdictions and following a model which is closer to the US, Spain has quite a quite prescriptive framework of provisioning standards.29 General provisions and rules to account for asset impairment have been until recently set in Bank of Spain’s Circular 4/2004 of December 22. Regulations set minimum amounts for provisions depending on the type of loan, guarantee and time of arrears. In addition, banks are obliged to account for supplementary, generic provisions which are forward-looking in essence and operate counter-cyclically (i.e. the buffer of provisions may decrease as assets get impaired – and thus specific provisions are allocated – and the other way around). The rules were substantially amended in 2016, by means of Bank of Spain’s Circular 4/2016 of April 27, introducing a new text of Annex IX to Circular 4/2004. Circular 4/2004 was subsequently superseded by Circular 4/2017, in force from 1 January 2018. Circular 4/2017 is in line with IFRS 9 (also in force from 1 January 2018).


Spanish law provides, in general, a protective regime to consumers.30 When consumers are dealing with credit institutions, there is also a special regime to protect the banking customer, both as debtor in loan or credit operations and as a creditor for its deposits (Ministerial Order EHA/2899/2011 of October 28, on Banking Services Transparency and Customer Protection; Bank of Spain’s Circular 5/2012 of June 27, on Transparency of Operations and Customer Protection, as amended by Circular 5/2017, of December 22; and Act 10/2014 of June 26, on Regulation, Supervision and Solvency of Credit Institutions).31 The rationale is that improving the information provided to customers and increasing banking transparency will increase competition among credit entities. As a result, the set of rules applicable only to individuals mainly (i) requires a written formalisation of the contracts, their delivery to the customer and bookkeeping duties; and (ii) assures transparency of the terms and conditions applied to

Cuatrecasas Spain



financial products (i.e., fees, interest rates, etc.) by disclosing such information to Bank of Spain and to the general public.32 Such description of characteristics shall be complete, accurate, comprehensive and clear.33 In addition, following Ruling EU 1286/2014, Order ECC/2316/2015, on information obligations and classification of financial products, is already applicable in Spain and primarily protects non-professional and non-institutional investors when commercialising certain financial products (mainly, deposit accounts, insurance policies and pension plans), but excluding those specifically covered under Ruling EU 1286/2014.

The mortgage market is getting a lot of attention from the legislator, due to certain abusive practices by financial entities, as determined by Spanish courts. As a result, there is a project to reform the Mortgage Credit Act, which has not been approved by the Parliament yet. Its main principles and goals are: (i) to increase the protection level to debtors; (ii) to promote more transparency and legal certainty to credit transactions; (iii) to regulate the expenses attributable to each party; (iv) to limit the fees, default interests (up to 9%) and other connected commercial sales by lenders; (v) to provide flexibility so that variable-interest rate loans can be easily transformed to fixed-interest rate loans; and (vi) to reduce the volume of judicial claims raised by customers against financial entities.

Spanish banks as investment services providers are also subject to the Second Markets in Financial Instruments Directive (“MiFID II”). MiFID II covers nearly all transactions on financial products and, among other matters, deals with customer protection. According to MiFID II, customers are classified according to their knowledge and experience (investor categorisation) in order to assess their suitability for each financial product.34 In recent years, Spanish financial entities have made significant efforts to deliver appropriate information on their offered products to customers and to get a better understanding of their clients’ profiles in order to classify them according to their characteristics, background and investment goals.

The effects of anti-money laundering and anti-terrorism financing provisions in the relationships between banks (both Spanish and EU entities rendering services in Spain) and their customers are also worth mentioning. The third AML Directive was implemented by Act 10/2010 of April 28 and the fourth AML Directive was implemented by Royal Decree-Law 11/2018. The obligation to identify the ultimate beneficial owner (“titularidad real”) of an entity acting in Spain has become particularly relevant, as has the creation of the Spanish public registry (“Registro de Titularidades Reales”), but there is also a relevant series of provisions imposing multiple reporting obligations on various grounds, in particular, relating to transactions with foreign counterparties.35

Bank secrecy and bank information have also become major issues under discussion. There is a traditional duty on credit entities and their senior management personnel to safeguard and preserve customers’ financial information (i.e. balances, products, movements and operations, transactions), keeping it strictly confidential, so it shall not be disclosed to third parties, which applies in addition to general personal data protection regulations. However, Spain does not have a strong “bank secrecy” regime, since the customers’ privacy rights may be overcome by various prevailing public interest duties to report to the tax authorities, AML authorities and the supervisor (and, of course, the courts).

In this area, Bank of Spain provides two additional independent public services: (i) Central Information Risk (Central de Información de Riesgos del Banco de España – CIRBE), which is a database managed by Bank of Spain containing all financial transactions involving banks and individuals. As a result, any individual person may check with Bank of Spain the information they have about themselves. All bank members of CIRBE may check the database in order to analyse the solvency of a specific customer and its suitability for a

Cuatrecasas Spain



product; and (ii) Bank of Spain new Department of Market Conduct and Claims (Departamento de Conducta de Mercado y Reclamaciones del Banco de España or “DCMR”) which takes responsibility for the work of the previous Claims Service and adds special expertise on matters related to market conduct, transparency of information, good practices, information to consumers and conflict resolution.36 Therefore, it now deals with all queries and claims from customers in their relationships with credit entities derived from eventual breaches of transparency or customer protection regulation or of good banking practices and financial usages.37 However, before claiming at DCMR, customers must file their claims within the credit entity through its customer service or internal ombudsman in order to have the opportunity to solve the conflict at an earlier stage. For these purposes, consumers may claim before credit entities for facts or events occurring within two years, and credit entities must respond to such claims within two months. Credit entities must file their internal rulings regulating their customer service or internal ombudsman before the Bank of Spain in order to assure they comply with applicable law.

During the financial crisis, the banking sector was also hit by massive litigation involving customers. On one hand, due to the increase of default rates by individuals in residential mortgage loans, foreclosure of mortgages has rocketed in Spanish courts. These judicial proceedings order the eviction of tenants and the immediate sale of the property under an auction process. Evictions are unfortunately widespread and have created social concern, forcing the Government to enact a new framework to protect mortgagee debtors.38 As a result, mortgage enforcement may be suspended or avoided for two years, provided that certain requirements are met by the debtor and their family.

Additional protective measures are foreseen in the future mortgage credit act (implementing the MCD and past-due) under debate at the Spanish Parliament. Restructuring arrangements between debtor and creditor through extensions and write-offs are promoted in order to avoid insolvency situations, and Spanish banks have increasingly adhered to the Good Banking Practices Code for reputational reasons, offering some flexibility in these dramatic social situations. More recently, pursuant to Royal Decree-law 5/2017 of March 17, the moratorium on evicting families in particularly vulnerable circumstances from their primary residence laid down in Act 1/2013 has been extended until 15 May 2020. Moreover, local regulation enacted in certain Spanish regions should also be taken into account when transferring or assigning mortgage loans to third parties. In certain situations, pre-emptive rights vested in the regional government would apply.

The intense litigation continues against financial institutions by investors, bank customers and consumers’ associations, claiming unfair practices in the sale of complex financial instruments. It mainly started dealing with participaciones preferentes (preferred quotas),39 quickly extended to other products such as multicurrency loans, Bankia’s shares in its IPO,40 etc. and later moved into massive litigation in connection with interest rate floor levels in loan agreements and dealing with costs and expenses attributable to the debtor when entering into a mortgage loan or credit. Some judgments have also declared these provisions abusive, awarding compensation to the debtor. A landmark resolution by our Supreme Court in November 2018 reconciled contradictory judgements and finally determined that stamp duty costs derived from the granting of a mortgage shall be paid by the debtor/client.

Finally, more recently, shareholders of Banco Popular are claiming compensation in connection with the Santander acquisition of Popular for one euro. Spanish courts have collapsed under the weight of these massive claims, and Law 7/2017 of November 2, implementing Directive 2013/11/UE, has been enacted in order to promote alternative

Cuatrecasas Spain



dispute resolution mechanisms for consumer disputes, through arbitration within the EU.

Also worth mentioning is that Royal Decree-Law 19/2017 of November 24 on payment accounts has incorporated into Spanish law Directive 2014/92/EU of the Parliament and of Council of 23 July 2014, on the comparability of fees related to payment accounts and payment accounts switching. Finally, as elsewhere in the EU, holders of cash deposits at Spanish credit entities are protected for up to €100,000 per individual by the Deposit Guarantee Fund (Fondo de Garantía de Depósitos de Entidades de Crédito – FGD) according to Royal Decree-law 16/2011 of October 14.

The “shadow banking” system in Spain41

“Shadow banking” or “market-based financing” is an increasing phenomenon in Spain and we can confirm it is already a true alternative source of financing which competes with the traditional banking system. Although direct lending and secondary debt trades were common in other jurisdictions in previous decades, there is no doubt these are quite recent financial activities involving new players in Spain. The spreads offered by private debt funds in Spain have been reduced due to competition and specialisation. As a result, direct lending and traditional financing face competition, particularly in real estate finance and in restructurings when new money is required.

While in other Western jurisdictions non-bank channels can comprise more than 50% of the financial system, in Spain they represent less than 20%, but this has been growing significantly in recent years, particularly in the lending business to SMEs. This rate is further reduced by Bank of Spain to 5% of total assets held by financial institutions, since other financial intermediaries and those entities which do not involve a financial risk, are excluded. It is important to note that lending is not a reserved banking activity in Spain. As a result, neither a licence nor an authorisation is required to grant loans and credits (and consequently to become a beneficiary of any related security or guarantee42) in Spain.43

The severe crisis of the traditional Spanish banks and savings entities in need of recapitalisation has led to an extraordinary process of integration in the financial sector, which ended with few active financial players and will further continue its concentration process. In addition, Spanish debt capital markets are complex and not developed enough to fill this gap and the financial needs of the majority of Spanish companies, particularly SMEs. This situation proved to be the perfect combination for debt funds, hedge funds and other special situations and distressed investors to emerge as a credible alternative by providing tailor-made funding structures and flexibility at reasonable financial cost.

In this way, shadow banking has been supplementing Spain’s traditional banking system and has positively impacted the recovery process of the Spanish economy by providing liquidity to the financial system, and by participating where traditional local banks could no longer be exposed. Therefore, we see more and more situations in Spain in which debt funds perform bank-like functions and compete directly with traditional lenders.

There is increased speculation about the future introduction in Europe of similar limitations or guidelines to leveraged lending, as now apply in the US since the latest 2013 guidelines (in particular, major concern by the US federal agencies are those transactions where leverage levels would be in excess of 6× Total Debt/EBITDA after planned assets sales). It is quite paradoxical that the EU will be implementing similar measures in the near future now that President Trump plans to introduce more flexibility for financial activities in the US by derogating the 2010 Dodd Frank Act. These restrictions may eventually open a window of opportunity for more debt structuring and non-bank lending. It is a fact that during the period

Cuatrecasas Spain



2015–2018, Spanish banks have been increasing their lending activities and, thereby, reducing the market niche and commercial space available for unregulated debt funds.

In Spain we primarily see these new, highly specialised players and institutional investors in the acquisition of secured and unsecured loan portfolios (either performing or non-performing loans) sold by the Spanish “bad bank” (SAREB) or other sound financial institutions. In addition, they have a special interest in lending to SMEs and short-term financing due to the gap left by the Spanish savings banks. It is also now common to see international alternative and unregulated credit providers and traditional local banks being part of sophisticated restructurings of Spanish large companies. Finally, they are also involved in corporate debt trading and securitisation structures (i.e. sale or refinancing the acquisition of large NPL portfolios through the issue of bonds to be acquired by other investors). In summary, they act as traditional banks except for the collections of funds and deposits from the public, and small and mid-market transactions may benefit from this.

Shadow banking is a global phenomenon which cannot be dealt with or regulated on an isolated basis in each jurisdiction. There is no specific regulation in Spain dealing with these new financiers that are acting without specific regulatory controls, but Bank of Spain has already started monitoring their activities and for now, it does not consider it relevant to require further regulation due to the absence of significant risks. However, since they are not supervised as traditional banks are, they could eventually constitute a systemic risk and unfair competition compared to the status of other supervised financial institutions; in particular, because there are no limitations on leverage and liquidity transformation. Indeed, shadow banking is quite strongly connected with the regular banking system. This is why any approach to regulate shadow banking in order to prevent any potential risk for the financial system, must be discussed broadly at EU level,44 or even globally following recommendations from the G-20,45 the International Monetary Fund (IMF)46 and the Financial Stability Board (FSB).47 The future framework should be accommodated for each category of participant and adjusted to the features and specific activities of these debt investors. Furthermore, any prudential regulatory approach should be harmonised for implementation in each jurisdiction.

Having said this, any individual or entity entering into financial transactions or providing financial services in Spain may be required by the Ministry of Economy to periodically disclose any information in connection with its activities, or be subject to inspections48 by Bank of Spain to confirm whether the activity performed is subject to supervision. Moreover, when the financial activities deal with consumers and granting mortgage loans, the lender (or its servicer in Spain) will be required to be registered at the Spanish Consumption Agency by filing the applicable form (Act 2/2009 of March 31).

No doubt we will have to closely follow how all of these international principles and recommendations affecting these debt providers will be implemented in Spain within the following years. The transformation of the Spanish financial sector will continue and should be adequately monitored to detect business opportunities for international debt providers and investors.

Finally, it is worth mentioning “cryptocurrencies” (still unregulated in Spain) and other financing alternatives such as “crowdfunding”, which is now regulated in Spain under Act 5/1015. As a result, these platforms must comply with certain requirements in order to be incorporated, be previously authorised and registered at the special registers of the CNMV, and not conduct activities limited to investment services providers or credit institutions. In addition, the projects to be funded must be subject to scrutiny rules, and any risk involved disclosed to participants.

Cuatrecasas Spain



Endnotes

1. This statement does not hold true if wholesale or investment banking activities are taken into account. Foreign banks play a very significant role in these sectors.

2. Please consider that, unless otherwise stated, we use the term “bank” as meaning the three existing types of banking institution.

3. Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014 establishing a framework for the recovery and resolution of credit institutions and investment firms and amending Council Directive 82/891/EEC, and Directives 2001/24/EC, 2002/47/EC, 2004/25/EC, 2005/56/EC, 2007/36/EC, 2011/35/EU, 2012/30/EU and 2013/36/EU, and Regulations (EU) nº 1093/2010 and (EU) nº 648/2012, of the European Parliament and of the Council.

4. SAREB stands for “Sociedad de Gestión de Activos procedentes de la Reestructuración Bancaria”.

5. For more information see: http://www.frob.es/en/Paginas/Home.aspx.

6. Section 3.1 of the Credit Institutions Ordination, Supervision and Solvency Act 10/2014 of June 26.

7. For more information, see the latest full report at: https://www.bde.es/f/ webbde/INF/MenuHorizontal/Publicaciones/Boletines%20y%20revistas/InformedeEstabilidadFinanciera/IEF_Noviembre2018.pdf.

8. Council Regulation (EU) nº 1024/2013 of 15 October 2013 (SSM) and Regulation (EU) nº 806/2014 of the European Parliament and of the Council of 15 July 2014 establishing uniform rules and a uniform procedure for the resolution of credit institutions and certain investment firms in the framework of a Single Resolution Mechanism and a Single Resolution Fund and amending Regulation (EU) nº 1093/2010 (SRM).

9. For more information, check ECB and Bank of Spain’s websites: https://www.ecb. europa.eu/home/html/index.en.html and http://www.bde.es/bde/en/, respectively.

10. Since one of the relevant criteria is size, virtually all Spanish banking groups of any material significance are under direct ECB control, since they exceed the €30 billion total asset threshold.

11. Bank of Spain rulings are in the form of circulares, which develop laws under its regulatory scope.

12. If listed, or in case they issue listed securities of any kind, banks are subject to Securities Markets’ discipline and regulations on an equal footing with other issuers.

13. Pursuant to the EU directives, banks are, on the basis of their licence, enabled to provide investment services.

14. SEPBLAC stands for “Servicio Ejecutivo de la Comisión de Prevención del Blanqueo de Capitales e Infracciones Monetarias”. For more information: http://www.sepblac.es/ingles/acerca_sepblac/acercade.htm.

15. For more information: http://www.frob.es/en/Paginas/Home.aspx.

16. The Committee of European Banking Supervisors (CEBS), the Committee of European Securities Regulators (CESR) and the Committee of European Insurance and Occupational Pensions Supervisors (CEIOPS).

17. Please note that, save what will come next about savings banks, we omit references to

Cuatrecasas Spain



acts governing structural matters relating to each type of banking institution (for banks, as companies, it would be the Companies Act (“Ley de Sociedades de Capital”) and Structural Amendments Act (“Ley de Modificaciones Estructurales”).

18. It also implements the CAD for investment services companies other than banks.

19. Act 9/2012 has been developed by Royal Decree 1559/2012 of November 15 on the Regime of Asset Management Companies. Act 9/2012 is now superseded by the BRRD-SRM Regulation and the Spanish Act 11/2015.

20. The most relevant of these are the Accounting Regulation (4/2004) and the Credit Register Regulation (1/2013), but there are many others.

21. For further study we recommend reviewing the summary prepared by F. Vicent Chuliá in his Mercantile Law Manual Book Introducción al Derecho Mercantil, Volume II, 23rd Edition, Tirant lo Blanch, Valencia 2012 pp 1711–1713.

22. Until recently, saving banks (Cajas) and banks were the predominant players in the Spanish banking and credit market. However, as a result of the banking sector restructuring, all saving banks have been transformed either to banks or special foundations. Therefore, we will focus generally on management and corporate governance of banks.

23. Its Chapter IV introduces the corporate governance principles contained in Directive 2013/36/EU of 26 June.

24. In addition, it also applies to credit entities the general regime applicable under Spanish Companies Law (Royal Decree-law 1/2010 of July 2) and Act 31/2014 of December 3, amending RDL 1/2010 on corporate governance.

25. http://www.cnmv.es/DocPortal/Publicaciones/CodigoGov/Good_Governanceen.pdf.

26. As mentioned, since savings banks have virtually ceased to exist, the only other significant form of incorporation of credit institutions is as credit co-operatives. As the name indicates, these are co-operatives and thus subject to the corporate governance structures of a co-operative. Notwithstanding, at least for the large ones, credit institutions governance rules supplement general co-operative rules (setting apart the fact that some of them are also issuers of listed fixed income securities and thus subject to Securities Markets’ discipline) so, in practice, corporate governance requirements are very similar to banks’.

27. Vid. Minguez Prieto, R.: Las nuevas tendencias reguladoras sobre el gobierno corporativo de las entidades de crédito (Chapter 31), Corporate Governance, Thomson Reuters Aranzadi, Spain, 2015.

28. On 27 June 2012, Bank of Spain upheld the EBA Guidelines on Internal Governance (GL44) of 27 September 2011. Note that the EBA is working on a revised Guidelines on Internal Governance pursuing further harmonising institutions’ internal governance arrangements, processes and mechanisms across the EU. More information is available at: https://www.eba.europa.eu/regulation-and-policy/internal-governance/guidelines-on-internal-governance-revised-/-/regulatory-activity/consultation-paper;jsessionid=86D6D188E67EAA.

29. But for the recommendations of the Basel Committee, provisioning issues are treated in most jurisdictions as a purely accounting matter and thus left to accounting standards. In Spain, given that the Bank of Spain is also an accounting standards-setter for banks, the matter is de facto part of the supervisory/regulatory policy.

Cuatrecasas Spain



30. Mainly: Royal Legislative Decree 1/2007 of November 16 on Protection of Consumers and Users; Act 34/2002 of July 11 on Electronic Commerce (implementing Directive 2000/31/CE of June 8); Act 28/1998 of July 13 on Sale on Instalments; Act 7/1996 on Retail Commerce (as amended by Act 47/2002 of December 19); and Act 7/1998 on General Contractual Conditions (as amended, among others, by Act 44/2006 of December 29, on Improvement of the Protection of Consumers and Users, and Act 3/2014, of 27 March).

31. In addition, other special protective provisions are included in Act 16/2011 of June 24, on Consumer Credit Contracts; and Act 16/2009 of November 13, on Payment Services.

32. Order EHA/1718/2010 of June 11, on Regulation and Control of Marketing of Financial Products and Services; and Order EHA/1608/2010 of June 19, on Transparency of Fees and Information Requirements Applicable to Payment Services.

33. Section 29 of Act 2/2011 of March 4, on Sustainable Economy, has reinforced the protection to customers of financial services by requiring financial entities to provide them with all necessary pre-contractual information and adequate explanations to duly assess if the offered products match their requirements and the eventual effects in case of non-payment. This regime will be reinforced by the implementation of the Mortgage Credit Directive 2014/17/EU on credit agreements for consumers relating to residential immovable property. The Spanish legislator is currently working on a draft of a new act to implement this Directive in Spain.

34. Act 2/2011 on Sustainable Economy regulates the bank’s liability as lender to consumers and imposes the duty to conduct adequate assessment on customers’ solvency following the criteria established by the Ministry of Finance (Order EHA/2899/2011 of October 28 on Banking Services Transparency and Customer Protection) in order to guarantee the protection to consumers and users of financial services provided by credit institutions. Bank of Spain’s Circular 5/2012 of June 27 (as amended by Circular 5/2017 of December 22) deals with the same principles.

35. On anti-money laundering and anti-terrorism financing see also Royal Decree 304/2014 of May 5, Bank of Spain’s Circular 4/2012 and the Resolution dated August 10, 2012 of the Secretary General of the Treasury and Financial Policy.

36. For more information, please review the Annual Report available at: http://www.bde.es/bde/es/secciones/informes/Publicaciones_an/Memoria_del_Serv/.

37. According to Bank of Spain’s latest information report, in 2016 there were 14,462 claims filed (nearly -28% compared to 2015 which already had a 32% decrease), 1,935 written queries (-40%) and 31,661567 phone queries (-11%).

38. Mainly: Royal Decree-law 6/2012 of March 9; Royal Decree-law 27/2012 of November 15; Law 1/2013 of May 14; and Law 14/2013 of September 27 (Royal Decree-law 6/2012 and Law 1/2013 have been amended by Royal Decree-law 5/2017 of March 17). This regime would also be amended to implement the Mortgage Credit Directive 2014/17/EU on credit agreements for consumers relating to residential real estate property. In addition, please see Act 25/2015 and Royal Decree-law 1/2015.

39. Participaciones preferentes or preferred quotas are a sort of perpetual (subordinated) debt which was issued by many Spanish credit entities in order to obtain funding and improve their capital ratios. Retail banking intensely commercialised this product. Many investors were not aware of the risks involved and as a result of the financial crisis and collapse of some of the financial entities, the value of this product has plummeted.

Cuatrecasas Spain



40. Several judgments from our Supreme Court (SSTS 27 January 2016 nº 23/2016 and 24/2016) declared null and void the subscription of shares of Bankia by minority investors under the IPO transaction. The nullity is based on the lack of due consent since the Supreme Court established the existence of error on the minority investors due to fraud of Bankia because the disclosure of information was not accurate.

41. Minguez Prieto, R.; Buil Aldana, I.: Sistema financiero en la sombra y mercado distressed: una aproximación a sus principales aspectos legales y prácticos, Revista de Derecho del Mercado de Valores, nº 14/2014 (January–June), Spain. Also see the EBA Guidelines’ limits on exposures to shadow banking: https://www.eba.europa.eu/ regulation-and-policy/large-exposures/guidelines-on-limits-on-exposures-to-shadow-banking.

42. However, note than non-credit entities could be subject to certain limitations when benefiting from certain types of security such as floating mortgages (article 153bis of Spanish Mortgage Law).

43. According to Law 10/2014, there is a narrow concept of credit entity which even sets aside the Financial Establishment of Credit (Establecimientos Financieros de Crédito or EFC). In addition to Law 10/2014 and Royal Decree 84/2015, new regulation over EFCs will be implemented following Law 5/2015 on Promoting Business Finance.

44. COM/2013/0614, Shadow Banking – Addressing New Sources of Risk in the Financial Sector, September 30, 2013. More recently in September 2018, the European Systemic Risk Board published the EU Shadow Banking Monitor (No 3), which is available at: https://www.esrb.europa.eu/pub/pdf/reports/esrb.report180910_shadow_banking.en.pdf.

45. Vid., Updated G20 Roadmap towards Strengthened Oversight and Regulation of Shadow Banking in 2015 and the Implementation and Effects of the G20 Financial Regulatory Reforms (Fourth Annual Report, November 2018). More information available at: http://www.fsb.org/wp-content/uploads/P281118-1.pdf.

46. IMF, “Global Financial Stability report”, October 2018. More information available at: https://www.imfconnect.org/content/dam/imf/Spring-Annual%20Meetings/AM18/Public %20Documents/V3%20GFSR%202018.pdf.

47. FSB, Strengthening Oversight and Regulation of Shadow Banking, an Overview of Policy Recommendation, 2013. More information is available at: http://www.fsb.org/wp-content/uploads/r_130829a.pdf; Global Shadow Banking Monitoring Report, 2016. More information available at: http://www.fsb.org/wp-content/uploads/global-shadow-banking-monitoring-report-2016.pdf. Assessment of shadow banking activities, risks and the adequacy of post-crisis policy tools to address financial stability concerns, July 2017. More information available at: http://www.fsb.org/wp-content/uploads/P300617-1.pdf.

48. Additional Disposition 4 of Law 10/2014.

Cuatrecasas Spain



Cuatrecasas Spain


Fernando Mínguez Hernández Tel: +34 91 524 7177 / Email: [email protected]

A former inspector of credit and savings institutions at the Bank of Spain,

Spain’s banking supervisory authority, before joining Cuatrecasas, Fernando

Mínguez developed his career at the Bank of Spain, first as a field inspector,

and later analysing and advising on Spanish and international regulation. He

is a renowned expert in all areas of banking and finance, particularly in the

administrative regulations applicable to credit institutions.

He mainly focuses on advising credit institutions (banks, savings banks, credit

unions, and branches of foreign entities in Spain) on corporate and institutional

matters on an ongoing basis, advising them on the applicable administrative

regime and on transactions in which sectoral regulations play an important role.

He was involved in the structuring and incorporation of the Spanish bad bank.

Íñigo de Luisa Maíz Tel: +34 91 524 7603 / Email: [email protected]

Mr. de Luisa is a partner of Cuatrecasas, Madrid office. Since 1996 he has

specialised in banking and financing transactions, particularly those with

international exposure. He has ample experience in leveraged and acquisition

finance, corporate finance, project finance, etc. His sector expertise covers a

wide range of asset classes, with a strong focus on real estate, energy

(renewables) and infrastructure.

He has also advised on complex debt restructuring and refinancing deals at

pre-insolvency stages and participated in several transactions advising

international investors in the acquisition of distressed debt and non-performing

loans (NPLs) portfolios (both secured and unsecured). He was directly

involved in the incorporation of the Spanish bad bank and its transfer of

impaired assets. More recently, he has regularly participated in bidding

processes of loan portfolios on the buyer’s side.

From 1999 to 2000, he was an international associate in the banking group of

Simpson Thacher & Bartlett in New York. From 2006 to 2008, he was based at

Cuatrecasas’ London office, where he was responsible for the finance practice.

Rafael Mínguez Prieto Tel: +34 91 524 7823 / Email: [email protected]

Mr. Mínguez is a partner of Cuatrecasas, and head of the finance practice at

the Madrid office. He has ample experience in national and international

transactions, including securitisation, structuring, derivatives, capital markets,

corporate debt restructuring, and project finance. He is also an expert in

complex corporate and project finance transactions.

He joined Cuatrecasas on 1 January 2000. Before that, he worked as a civil

servant at the Ministry of Economy and the Treasury (Directorate General of

Foreign Transactions from 1987 to 1989; and Directorate General of the

Treasury and Financial Policy from 1990 to 1999), and was responsible for

Spanish financial legislation on securities markets and credit institutions from

1995 to 1999.

C/ Almagro, 9 – 28010 Madrid, Spain

Tel: +34 91 524 7100 / Fax: +34 91 524 7124 / URL: www.cuatrecasas.com

Cuatrecasas

Switzerland

Introduction

In the aftermath of the financial crisis of 2008/2009, Switzerland launched a massive overhaul of its financial regulations. These reforms followed several objectives. First, banking regulations were revised to ensure the stability of the financial system, in line with the recommendations of the Financial Stability Board (“FSB”) and other international standard-setters. Second, Switzerland reacted to EU law in order to ensure equivalence and to be able to continue to access the European market as a third party state. Therefore, the reforms also aimed to align Swiss law with EU regulations Directive 2014/65/EU on Markets in Financial Instruments II (“MiFID II”) and Regulation (EU) No 600/2014 on Markets in Financial Instruments (“MiFIR”) to ensure Swiss financial institutions’ access to the European financial markets. Finally, the reforms were geared to revising Swiss regulations from a patchwork of sectorial rules to a consistent regulatory framework.

The core of the new Swiss banking regulation will consist of the existing Federal Act on Banks and Savings Banks of 8 November 1934 (“BankA”), the existing Federal Act on the Swiss Financial Market Supervisory Authority of 22 June 2007 (“FINMASA”), the Financial Market Infrastructure Act of 19 June 2015 (“FMIA”), as well as the Federal Act on Financial Services of 15 June 2018 (“FinSA”) and the Federal Act on Financial Institutions of 15 June 2018 (“FinIA”). The latter two are expected to enter into force on 1 January 2020 and will materially change the Swiss regulatory landscape. The changes will affect domestic financial service providers as well as foreign providers with a physical Swiss establishment, but – in a departure from the current regime – also foreign providers that pursue their Swiss business on a cross-border basis only. All of these players have to review the new regulatory requirements and adapt their business accordingly.

Banks in Switzerland have been facing pressure due to regulatory and legal developments. They have led to heavily increased reporting burdens. In addition, the tougher international capital and liquidity standards such as Basel III, issued by the Basel Committee on Banking Supervision (“BCBS”), or the new standards set by the FSB over the last few years, have led to increased costs of a bank’s capital and long-term funding and other regulatory requirements including, e.g., new standards for resolution planning.

Besides these increased burdens, the major challenges currently lie in responding to strong competitive pressure, including from new entrants coming from the technology sector, and more transparency on fees. These challenges are aggravated by the continued low (including negative) interest rates and the strong Swiss currency, which together have resulted in declining profitability.

Furthermore, the current environment has been characterised by a variety of related legal

Peter Ch. Hsu & Rashid Bahar Bär & Karrer Ltd.



developments, particularly in international tax matters. Switzerland implemented the automatic exchange of information based on the OECD CRS standard. In this context, the Federal Act on the International Automatic Exchange of Information in Tax Matters of 18 December 2015 (“AEOI-Act”) entered into force on 1 January 2017, and the Federal Tax Administration for the first time exchanged information with partner states in September 2018. In addition, in the course of the implementation of the revised recommendations of the Financial Action Task Force (“FATF”) and the Global Forum on Transparency and Exchange of Information for Tax Purposes (“Global Forum”), several laws have been amended and further reforms are under way. Since 2016, aggravated tax misdemeanours constitute a predicate offence for money laundering. Furthermore, the legal framework on anti-money laundering and anti-terrorism financing (“AML”) has also become more stringent.

The accumulation of these factors has forced many banks to scale back some of their activities in Switzerland and consequently led to a trend toward consolidation in the Swiss banking sector in recent years. These tendencies toward consolidation are primarily seen with small banks and Swiss subsidiaries of foreign banking groups, while the latter in particular either close down their operations in Switzerland by liquidation or sale, or try to seek a critical mass of assets under management through acquisition or merger.

Despite this currently challenging environment, Switzerland is still a very attractive financial centre, as it combines many years of accumulated expertise, particularly in private banking and wealth management. In particular, the Swiss financial centre is the global market leader in the area of assets managed outside the owner’s home country, with a global market share of 27.5% (see Swiss Banking, Banking Barometer 2018: Economic trends in the Swiss banking industry, August 2018, available at www.swissbanking.org). Professional advice, top-quality services and sophisticated banking products are the traditional strengths of Swiss financial institutions.

A good educational and training infrastructure, guaranteeing a reliable stream of qualified staff, political and economic stability, a flexible labour market and good infrastructure are also convincing arguments to build up Swiss banking presences. Moreover, the global position of Switzerland for currency trading has been further strengthened, since the Peoples’ Bank of China authorised the Zurich Branch of China Construction Bank to act as a clearing bank for the Chinese currency Renminbi in November 2015.

Looking forward, Switzerland has positioned itself to become a hub for innovative financial technologies (“Fintech”). As part of this effort, the Swiss regulatory framework was adjusted to create an appropriate environment for Fintech providers. As a first measure, the Swiss Federal Council adopted amendments to the Federal Ordinance on Banks and Savings Banks of 30 April 2014 (“BankO”) that entered into force on 1 August 2017 (see below). In addition, the Swiss Parliament amended the BankA to introduce a so-called Fintech licence as a new regulatory licence category, with less stringent requirements as compared to the fully-fledged banking licence, with effect from 1 January 2019. The Swiss Financial Market Supervisory Authority FINMA (“FINMA”) has, furthermore, emphasised the technology-neutrality of the regulation and revised several of its circulars to specify the practice of the regulator under the current legislation.


Responsible bodies for banking regulation

FINMA is the supervisory authority for banks, securities dealers and other financial institutions such as collective investment schemes and insurance undertakings. FINMA’s

Bär & Karrer Ltd. Switzerland



primary tasks are to protect the interests of creditors, investors and policyholders and to ensure the proper functioning of financial markets. To perform its tasks, FINMA is responsible for licensing, prudential supervision, enforcement and regulation.

In parallel, the Swiss National Bank (“SNB”), the Swiss central bank, is responsible for monetary policy and the overall stability of the financial system. This includes the mandate to determine banks and bank functions as systemically important, in consultation with FINMA.

Under the so-called dual supervisory system in the banking regulation, FINMA largely relies on the work of recognised audit firms. As the extended arm of FINMA, these audit firms exercise direct supervision over financial institutions. They conduct regulatory audits of the banks on behalf of FINMA. In addition, FINMA may undertake targeted on-site supervisory reviews with the aim of achieving timely and comprehensive supervision. As an exception to the dual supervisory system, FINMA has a dedicated supervisory team which is responsible for monitoring directly UBS Inc./UBS Switzerland Ltd and Credit Suisse Group Ltd/Credit Suisse (Switzerland) Ltd., the two large Swiss banking groups. Furthermore, FINMA also increasingly takes “deep dives” in selected financial intermediaries to get a better understanding of the inner workings of supervised entities.


The key legislation for Swiss banks includes the following:

the FINMASA defines the role and powers of FINMA; •

the Federal Act on the Swiss National Bank of 3 October 2003 defines the role and •powers of the SNB;

the BankA and the BankO provide for the general regulatory framework governing •banks, including the banking licence requirements and accounting rules for banks;

the Federal Act on Stock Exchanges and Securities Trading of 24 March 1995 •(“SESTA”) and the Ordinance on Stock Exchanges and Securities Trading of 2 December 1996 (“SESTO”), which are due to be repealed when the FinIA enters into force, contain, among others, i) rules on licence requirements for securities dealers, and ii) rules of conduct for securities dealers;

the FMIA and the Ordinance on Financial Markets Infrastructures (“FMIO”) contain, •among others, i) licence requirements for stock exchanges, multilateral trading facilities, operators of organised trading facilities, central depositories, central counterparties, payment systems and trade repositories, ii) takeover and disclosure rules referring to listed companies, and iii) regulations on market conduct in securities and derivatives trading; and

the FinSA, when it enters into force, will provide for rules of conduct for all financial •service providers, including banks, as well as rules on prospectus and key information documents for certain financial instruments.

Further important regulations are:

the Ordinance of FINMA on Foreign Banks in Switzerland of 21 October 1996 (“FBO-•FINMA”), which provides for additional requirements for banks controlled by foreign persons as well as branches and representative offices of banks incorporated abroad;

the Ordinance on Capital Adequacy and Risk Diversification for Banks and Securities •Dealers of 1 June 2012 (“CAO”);

the Ordinance on Liquidity for Banks of 30 November 2012 (“LiqO”), governing capital •adequacy and liquidity requirements applicable to banks and securities dealers;




the Ordinance of FINMA on the Insolvency of Banks and Securities Dealers of •30 August 2012 (“BIO-FINMA”) governing the resolution and recovery as well as insolvency proceedings applicable to banks and securities dealers;

the Federal Act on Collective Investment Schemes of 23 June 2006 (“CISA”) and the •Ordinance on Collective Investment Schemes of 22 November 2006 (“CISO”) on investment funds and companies as well as rules on distribution;

the Federal Act on Consumer Credit of 23 March 2001; and •

the AMLA and its implementing ordinances. •

In addition, FINMA specifies its practice in numerous circulars. FINMA circulars as such are, in principle, not binding for Swiss courts but constitute a mere codification of how FINMA interprets and applies the applicable financial laws and regulations. However, the guidance of FINMA circulars might de facto have a binding effect for banks, since a violation may lead to regulatory sanctions.

Furthermore, the Swiss financial sector has a long tradition of self-regulation by self-regulatory organisations (“SROs”). Against this background, FINMA has recognised several self-regulatory guidelines and agreements of SROs as minimum standards, thus incorporating them within the regulatory framework and subjecting non-compliance to enforcement action (see FINMA Circular 2008/10 on “Self-regulation as a minimum standard”). An important example of self-regulation is the agreement on the Swiss bank’s code of conduct with regard to the exercise of due diligence of 2016 (“CDB 16”) by the Swiss Bankers Association (“SBA”), which defines know-your-customer policies that banks and securities dealers must apply. CDB 20, a revised version of CDB 16, will enter into force on 1 January 2020.

Influence of supra-national organisations and regulatory regimes or regulatory bodies

Switzerland is engaged in several international bodies, such as the FSB, the Bank of International Settlements (BIS), BCBS and the International Organization of Securities Commissions (IOSCO). Furthermore, Switzerland is a member of the FATF that sets out international standards in the area of AML and the Organisation for Economic Co-operation and Development (“OECD”), the Global Forum. Finally, although Switzerland is not a member of the G20, it has regularly been invited to participate in this international forum, which plays a leading role in defining international initiatives.

International standards have an increasing importance for Switzerland, as it has to ensure access for its financial institutions to foreign markets, and maintain a good reputation of the Swiss financial market overall. The standards established by supra-national organisations, including, e.g., FSB’s Key Attributes of Effective Resolution Regimes for Financial Institutions dated 15 October 2014, and Guidance on Arrangements to Support Operational Continuity in Resolution dated 18 August 2016, have, thus, a strong impact on Swiss regulation in the financial sector. As a case in point, Basel III had a significant influence on the Swiss regulatory framework, such as the capital adequacy and liquidity standards specified in the CAO and the LiqO.

The Swiss regulatory framework is particularly influenced by developments in the European Union. As an example, the European Union harmonised its capital market regulation with MiFID II and MiFIR. Consequently, the Swiss legislator is following up and voluntarily harmonising certain aspects of Switzerland’s legislation with similar provisions in the FMIA and FinSA, with the aim of ensuring access to the European financial markets (which requires, among others, a regulation that is equivalent to the EU regulation). Furthermore,




the current revision of the Federal Act on Data Protection (“FADP”), which is likely to have an impact on several industry sectors, including the banking sector, aims to harmonise the FADP with the recently revised data protection regime of the European Union, in particular the General Data Protection Regulation (EU) No 2016/679.

The same also applies in the context of derivatives trading. The provisions on derivatives trading of the FMIA are significantly influenced by the respective provisions in the European Market Infrastructure Regulation (EU) No 648/2012 (“EMIR”) and by rules of other international regulatory bodies: for example, FMIA implements the commitments assumed at the G20 summit in Pittsburgh in 2009, and adapts the Swiss regulation of the financial market infrastructures and derivatives trading to international requirements.

Restrictions on the activities of banks

A bank must obtain a licence from FINMA in order to operate in Switzerland, or from Switzerland to abroad. Switzerland follows a model of universal banking. Therefore, a bank is allowed to engage in any other business in the financial industry in addition to its deposit-taking business, if it has an appropriate organisation to carry out such activity, manages the operational risks and meets the requirements for fit and proper conduct of business. There are a few exceptions where an additional licence is required (e.g., if the bank acts as a securities dealer or as a depository of collective investment schemes). Moreover, a bank cannot operate a fund management company, an insurance company or a financial markets infrastructure.

A bank is required to describe in detail the scope of business (including the subject matter and geographical scope) of its activities in the licence application (and in the article of association and the organisational rules). Similarly, a securities dealer is required to describe in detail the scope of business activities in the licence application for a securities dealer (art. 10 SESTA). In case of any changes (in particular, an expansion) of the scope of the business activities of a bank or securities dealer, a bank or securities dealer respectively is required to inform and obtain prior approval of FINMA. Consequently, the scope of a banking and/or securities dealer licence is de facto individualised and, hence, varies from case to case.

In practice, it is, thus, fairly common for banks to be also licensed as securities dealers to provide a full range of banking services to their clients. Furthermore, many larger financial groups have separate entities engaging in fund management. By contrast, financial conglomerates, including both banks and insurance undertakings, are a relatively rare occurrence in Switzerland.

Recent regulatory themes and key regulatory developments in Switzerland

New architecture of the Swiss regulatory framework

The current Swiss regulatory framework is based on the so-called “silo-principle”: the various financial institutions are, in principle, regulated in separate Swiss federal acts. For example, banks are primarily subject to the BankA (and BankO), securities dealers to the SESTA (and SESTO), and fund management companies and asset managers of collective investment schemes are subject to the CISA (and CISO). Similarly, the FMIA and FMIO, which entered into force on 1 January 2016, regulate financial infrastructures.

However, under the new regulatory framework of FinSA and FinIA that is expected to enter into force on 1 January 2020, financial institutions will be subject to a “cross-sectorial regulation”. The FinSA aims to protect customers of financial service providers. It regulates




the provision of financial services by financial service providers (including banks, securities firms, etc., to the extent they provide financial services, but not insurance undertakings) and the offering of financial instruments. It includes e.g.: regulation on client segmentation; rules of conduct; registration requirements for client advisors of financial service providers; rules on prospectus; and information leaflet requirements for financial instruments. In addition, the FinSA introduces the concept of a mandatory affiliation with an ombudsman office.

FinIA will regulate the licence requirements for certain financial institutions, including securities firms (under the current SESTA and SESTO, referred to as “securities dealers”), fund management companies, managers of collective assets, asset managers and trustees). In contrast, banks will remain subject to the regulatory requirements set out in the BankA (and BankO). Asset managers and trustees will be subject to a FINMA licence requirement but supervised by a FINMA authorised private supervisory body.

On 24 October 2018, the Federal Council initiated a consultation procedure for the three draft ordinances to implement FinSA and FinIA, namely the Financial Services Ordinance (“FinSO”), the Financial Institutions Ordinance (“FinIO”) and the Supervisory Organisation Ordinance (“SOO”). The consultation procedure lasts until 6 February 2019. It is expected that the final versions of the ordinances will enter into force together with FinSA and FinIA on 1 January 2020. Upon the entry into force of FinIA and FinIO, the SESTA and SESTO will be repealed.

Regulation of systemically important banks

In the financial crisis of 2007-2008, the Swiss government had to bail out UBS AG, the largest Swiss bank, with a capital injection of CHF 6 billion and liquidity support from the SNB. Consequently, Switzerland decided to take a position as a forerunner in the global efforts to improve the resolution of systemically relevant institutions carried out under the aegis of the FSB.

The Swiss approach consists of a policy mix of stringent capital requirements, both on a risk-weighted and absolute (through a leverage ratio) basis, for (“SIBs”) and liquidity ratios, as well as recovery and resolution planning by the financial institutions and FINMA, acting as a resolution authority. In addition to the standard capital requirements, Switzerland phased in the requirements regarding total loss-absorbing capital (“TLAC”) to ensure that sufficient capital is available to finance the resolution of SIBs.

Unlike other jurisdictions, however, the Swiss framework did not impose explicit requirements on ring-fencing or bans on proprietary trading. By contrast, it relied on a carrot-and-stick approach. The stick consisted of a regulatory requirement imposed on SIBs to ensure that they can be resolved in an orderly manner without compromising their systemically relevant functions. At the same time, the regulator was empowered to grant discounts to SIBs who take additional measures to enhance their resolvability. This led the two global SIBs (“G-SIBs”), UBS AG and Credit Suisse Group AG, to restructure their corporate group to be controlled by a holding company, which is to serve as a single point of entry in resolution, to carve out their domestic business in a separate financial institution, and create dedicated service entities to ensure that the domestic business, which houses the core of the systemically relevant activity, can remain viable even if the group enters into resolution.

Resolution stay and bail-in

To facilitate the resolution of the SIBs, Swiss law was amended to grant FINMA the authority to order a resolution stay applying to all termination rights, and automatic termination clauses




triggered by the commencement of resolution proceedings for a period of two business days (art. 30a BankA). To ensure the enforceability of these powers, all banks and securities dealers are required to take measures to ensure that agreements that are not subject to Swiss law and the jurisdiction of Swiss courts provide for the contractual recognition of a resolutions stay. However, whereas the resolution stay powers of FINMA extend to all agreements, FINMA determined that only certain financial arrangements needed to be covered by the contractual recognition (art. 56 BIO-FINMA).

Furthermore, FINMA was also granted the power to bail in or write off unsecured and unprivileged claims in connection with the approval of a resolution plan (art. 31 (3) BankA and art. 49 BIO-FINMA). However, unlike the resolution stay and the approach in the EU, Swiss law does not require a contractual recognition of bail-in powers. This is a testimony to the fact that FINMA relies more on capital requirements and, for SIBs, TLAC than on bail-in powers to carry out a resolution of financial institutions.

Fintech

To ease the Swiss regulatory regime for providers of innovative financial technologies (Fintech), including e.g. crowdfunding and crowd-lending, electronic payment services, robo-advice and crypto-currencies, the Swiss Parliament introduced the following three measures:

Third-party monies accepted on interest-free accounts for the purpose of settlement of •customer transactions do not qualify as deposits from the public (and therefore do not count towards a potential banking licence requirement) if the monies are held for a maximum of 60 days (instead of only seven days, as was the case before the amendment) (art. 5 (3)(c) BankO).

Firms accepting deposits from the public or publicly offering the acceptance of deposits •are exempted from the banking licence requirement as long as: i) the deposits accepted do not exceed CHF 1 million; ii) no interest margin business is conducted; and iii) depositors are informed, before making the deposit, that the firm is not supervised by FINMA and that the deposit is not covered by the depositor protection scheme (art. 6 (2) BankO). This exemption from the banking licence requirement is available to Fintechs as well as any other type of business that fulfils the requirements. It aims at creating an innovation space, a so-called “sandbox”.

The new Fintech licence – a licence with more lenient requirements compared to the •fully fledged banking licence – was introduced by an amendment of the BankA with effect as of 1 January 2019. This regimes applies for institutions that hold deposits of less than CHF 100 million. Under this licence, the deposits may not be invested and no interest may be paid on them. If the customers are protected through additional safeguards, FINMA can approve a higher deposit ceiling on a case-by-case basis. The holders of a FinTech licence are neither subject to the depositor protection regime nor are they required to comply with the capital adequacy requirements under the CAO. Accounting is carried out in accordance with the Federal Code of Obligations (“CO”), which is a further relaxation compared to the rules for a bank. A notable further relaxation is the minimum capital requirements, which according to the BankO should amount to at least CHF 300,000 or 3% of the public deposits they hold, instead of satisfying the complex capital adequacy rules of the CAO. Further adjustments regarding corporate governance, risk management and compliance are also possible, although FINMA has not yet published how it will proceed. However, the requirement to be subject to the AMLA remains unchanged compared to the fully fledged banking licence.




Implementation of the Basel III requirements

Switzerland has largely implemented the core requirements of Basel III in the CAO, the LiqO and various FINMA circulars. These requirements first applied exclusively to systemically important financial institutions, and were then extended to all banks.

Capital requirements: On 1 January 2017, the amended CAO entered into force, implementing the adjusted regulations of Basel III on credit risk capital requirements for derivatives, fund investments and securitisations for banks. The amendments introduced definitive rules on derivative positions vis-à-vis central counterparties and revised the capital requirements for all types of bank claims vis-à-vis all types of investment funds, as well as the capital adequacy rules on securitisation positions in the banking book. Along with the CAO, FINMA revised its Circular 2017/7 “Credit risks – banks” (“Circular 2017/7”) introducing the implementing provisions. Further amendments to Circular 2017/7 entered into force on 1 January 2019 with regard to the calculation of the minimum capital requirements for the default fund of central counterparties to reflect additional changes made to the CAO.

On 1 January 2018, new rules introducing a leverage ratio and a new risk diversification provision in line with Basel III were introduced in the CAO. The changes included the introduction of an unweighted capital adequacy requirement based on the leverage ratio of 3% for all non-systemically important banks, and up to 10% for SIBs as an additional safety net. The provisions on risk diversification stated inter alia that risk concentrations may generally only be measured according to core capital (Tier 1) and that banks are restricted in their use of models for determining risk concentrations. Further changes concerned the overrun of the upper limits enshrined in the CAO, the weighting of certain assets, as well as the adjustment of some special rules for SIBs. To reflect the changes made to the CAO, FINMA revised its Circular 2015/3 “Leverage ratio – banks” (“Circular 2015/3”), which entered into force on 1 January 2018, as well as its Circular 2019/1 (formerly 2008/23) “Risk diversification – banks”, which entered into force on 1 January 2019 and imposes a maximum limit on the size of individual loans as well as several relaxations for smaller institutions.

On 1 January 2019, further amendments to the CAO entered into force, introducing gone-concern capital requirements for domestically focused SIBs (“D-SIBs”; PostFinance AG, Raiffeisen and Zürcher Kantonalbank).

In connection with the requirements for managing interest rate risk in the banking book and standards on disclosure, FINMA further revised the following circulars: FINMA Circular 2011/2 “Capital buffer and capital planning – banks”; FINMA Circular 2013/1 “Eligible capital – banks”; Circular 2015/3, FINMA Circular 2016/1 “Disclosure – banks”; FINMA Circular 2019/2 “Interest rate risks – banks”; and Circular 2017/7. The changes introduce inter alia new disclosure tables as well as adjustments to the determination of eligible capital, which accommodate the treatment of expected credit loss provisions under the International Financial Reporting Standard (IFRS) 9.

The revised Basel III standards also entail new rules to determine the capital adequacy for market risks. In Switzerland, the new market risk rules are expected to enter into force on 31 December 2020 at the earliest.

Liquidity requirements: Under the LiqO (as in force since 2012), banks have to appropriately manage and monitor liquidity risks. It was thus possible to transpose part of the international liquidity standards of Basel III into Swiss law. In a further step, the revised LiqO, which entered into force on 1 January 2015, has also adopted the new quantitative liquidity




requirements in accordance with the international liquidity standards. In particular, a liquidity coverage ratio (LCR) has been introduced for short-term liquidity, requiring banks to provide for sufficient high-quality liquid assets. A bank should, among other things, be able to survive for at least 30 days in the event of a liquidity stress scenario, with client deposits being withdrawn or difficulties with securing refinancing on the capital market. To reflect the changes made to the LiqO, FINMA revised its Circular 2015/2 “Liquidity risk – banks” (“Circular 2015/2”), which entered into force on 1 January 2018.

The amendments to the LiqO and Circular 2015/2 do not yet include provisions on the net stable funding ratio (“NSFR”), which must be implemented as a second minimal standard for the liquidity of banks. The Swiss Federal Council decided to defer the implementation of this new ratio at least until the end of 2019, because of substantial delays in the international timetable.

Administrative assistance

The implementation of the FMIA also entailed several changes in other areas, e.g. with regard to administrative assistance, where FINMA is not required to inform the relevant customer prior to transmitting the information to the requesting authority if the purpose of the administrative assistance and the effective fulfilment of the requesting authority’s tasks were to be jeopardised by the prior notification (art. 42a (4) of the revised FINMASA, entered into force on 1 January 2016).

Automatic exchange of information and tax compliance

In response to the criticism of the Swiss financial centre, Switzerland adopted a “White Money Strategy”, which led to the adoption of the automatic exchange of information in tax matters and extended the AML framework to taxation fraud. This strategy was heavily influenced by the recommendations of the FATF and the Global Forum in connection with international AML standards, as well as the pressure of the OECD to adopt the OECD automatic exchange of information in tax matters with countries abroad (“AEOI”).

Against this background, a legal foundation for introducing the AEOI in Switzerland was created with the AEOI-Act that entered into force on 1 January 2017. Under the AEOI-Act, financial institutions subject to the AEOI-Act must collect specific data from 2017 onwards and submit it to the Swiss Federal Tax Administration which, in turn, exchanges the data with the tax authorities of the partner states. In view of the AEOI’s activation with 38 states on 1 January 2017, Swiss financial institutions started to collect relevant data, and Switzerland exchanged data with most of the 38 partner states for the first time at the end of September 2018. In December 2017, the Swiss Parliament adopted the AEOI with a further 38 partner states. As a result, Swiss financial institutions have been collecting account information referring to further 38 partner states since 1 January 2018, and Switzerland will exchange it for the first time no later than September 2019.

Furthermore, the recommendations of FATF also influence the revision of the AMLA and prompted a first revision that came into effect on 1 January 2016, implementing, e.g., new regulations in connection with business relationships and transactions with politically exposed persons. Currently, a further revision is under way, proposing among others to explicitly oblige and to regularly check that the information is up to date. This would create a basis for the existing practice and codify case law. Furthermore, due diligence obligations for the provision of certain services relating to the establishment, management or administration of companies and trusts are proposed. The revised AMLA is expected to enter into force on 1 January 2020 at the latest. The country review of the FATF also led to an ongoing revision of the ordinance of the FINMA on Combating Money Laundering and




Terrorist Financing in the Financial Sector of 3 June 2015 which addresses shortcomings identified in the FATF country review.

The Swiss Federal Council launched the consultation on the implementation of the recommendations of the Global Forum on 17 January 2018. The proposed text is currently being discussed in Parliament. The draft bill aims, in addition to change to corporate law, to facilitate the exchange of tax-related information.

Implementation of the Foreign Account Tax Compliance Act

On 2 June 2014, the agreement between Switzerland and the United States on cooperation to simplify the implementation of the Foreign Account Tax Compliance Act (“FATCA”) entered into force. Under this agreement, the implementation of FATCA in Switzerland was based on the so-called “Model 2”, which means that Swiss financial institutions disclose account details directly to the US tax authority, with the consent of the US clients concerned. However, in October 2014, the Swiss Federal Council approved a mandate for negotiations with the US on switching to “Model 1”, which might lead to the application of the automatic exchange of information between Switzerland and the US. It is still unknown at the present time when there will be a corresponding agreement between Switzerland and the United States.


Key requirements for governance of banks

In order to obtain and maintain a banking licence, Swiss banks must, inter alia, comply with specific governance requirements as outlined in particular in the BankA and BankO, and further specified in guidelines and publications of FINMA, in particular the new FINMA Circular 2017/1 “Corporate governance – banks” (“Circular 2017/1”) which entered into force on 1 July 2017. It remains to a large extent in line with the former FINMA guidance, except for a number of changes in specific areas. A significant change introduced by Circular 2017/1 is a shift from a “comply or explain” approach to a more differentiated approach, allowing FINMA to apply the requirements of Circular 2017/1 to the extent they are proportionate. This allows FINMA to consider on a case-by-case basis the characteristics of each bank in terms of size, complexity, structure and risk profile.

Good reputation and guarantee of a proper business conduct

Persons entrusted with the bank’s administration and management must enjoy a good reputation and guarantee proper business conduct (art. 3 (2)(c) BankA). Furthermore, qualified shareholders of a bank (i.e. persons holding at least 10% of the capital or voting rights or that otherwise have a significant influence on the bank) must guarantee that their influence will not have a negative impact on the bank’s prudent and solid business activity (art. 3 (2)(cbis) BankA).

Separation of board of directors and executive management

The governance of Swiss banks is characterised by a strict separation between the board of directors, which is responsible for oversight, and the executive management.

A bank’s board of directors as a body and each board member must meet specific conditions, including the following:

To comply with the independence requirement, the board members have to structure •their personal and business relationships in such a way as to avoid possible conflicts of interest with the bank. In particular, at least a third of the board members must be




independent (Circular 2017/1 N 17 et seq.). FINMA may, in justified exceptional cases, grant exceptions. This might be relevant in financial groups, in particular.

The board of directors as a whole must have adequate management expertise and the •required knowledge and experience in the banking and financial services sector. It must be sufficiently diversified to ensure that all key aspects of the business, including finance, accounting and risk management, are adequately represented (Circular 2017/1 N 16).

The board of directors must comprise at least three members. However, the actual •number of directors required depends on the size, complexity and risk profile of the bank (art. 11 (1) BankO and FINMA explanatory notes to the draft Circular 2017/1 N 3.2.2) and, in practice, a board generally has at least five members.

Committees of the board of directors

The larger and more complex banks, which belong to the supervisory categories 1 to 3 (out of five), are required to establish an audit and a risk committee, irrespective of the total number of members of the board of directors. However, banks in the supervisory category 3 may combine the two committees (Circular 2017/1 N 31).

A majority of the members of both committees must be independent and the chair of the board of directors may not be a member of the audit committee or chair the risk committee. Furthermore, each committee must have sufficient knowledge and experience of the areas for which it is responsible (Circular 2017/1 N 33).

Internal audit function

The board of directors, in principle, has to establish an internal audit function that directly reports to the board or one of its committees, typically to the audit committee. The internal audit function works independently from the daily business processes and, in particular, provides an important basis for the assessment of whether the bank has implemented an adequate and effective internal control system (Circular 2017/1 N 82 et seq.).

Mandatory management functions

Banks in the supervisory categories 1 to 3 have to implement the role of an independent chief risk officer (“CRO”), who has to be a member of the management body if the bank is systemically relevant. Such CRO may be responsible also for other independent control functions (e.g. for the compliance function) even in the case of systemically relevant banks (Circular 2017/1 N 67 et seq.).

Remuneration of a bank’s employees

As a general rule, a bank’s remuneration system must not offer any incentives for an employee to disregard the bank’s internal control mechanisms. In particular, the remuneration system for employees of the internal audit, the compliance function and the risk function may not contain incentives that could lead to a conflict of interests. Therefore, their remuneration (among others, through salaries and bonuses) may not depend on the performance of individual products and transactions.

The FINMA Circular 2010/1 “Remuneration schemes” (“Circular 2010/1”) outlines minimum standards for remuneration schemes of banks and other financial institutions. In particular, it includes the requirement of a remuneration scheme to be simple, transparent, implementable, and oriented towards the long term. The Circular 2010/1 mandatorily only applies to banks of the supervisory category 1 (i.e. to UBS and Credit Suisse) and the two largest insurance groups, being Zurich and Swiss Re (see Circular 2010/1 N 6 and 7). However, it applies as a non-binding code of best practice to all other institutions. In




addition, FINMA may in justified cases require such other institutions to mandatorily implement the Circular 2010/1 in full or in part, if appropriate in the light of the circumstances (Circular 2010/1 N 9).

On 1 January 2014, the Ordinance against Excessive Compensation of 20 November 2013 implementing the so-called “Say-on-Pay” Initiative entered into force, toughening the formal corporate governance regime for listed companies. Among others, it prohibits severance payments (golden parachutes), advance payments and similar extraordinary payments to directors or senior managers. Furthermore, the aggregate compensation of directors and the senior management is subject to the approval of the general meeting of shareholders. In the course of the ongoing revision of the company law, the Swiss Federal Council proposes to further implement the Minder Initiative by including provisions on “say-on-pay” in the CO.

Scope and requirements for outsourcing of functions

All significant functions of a bank may, in principle, be outsourced, except for the direction, supervision and control by the supreme governing body, central executive management functions and functions that involve strategic decision-making (FINMA Circular 2018/3). In addition, decisions on entering or terminating a business relationship may not be outsourced. Furthermore, banks of the supervisory categories 1 to 3 are required to have an autonomous control body in the form of a separate risk control and compliance function. Operational risk management and compliance tasks may be outsourced by banks of all supervisory categories. The bank must keep an inventory of the outsourced functions.

Furthermore, the bank, its audit firm and FINMA, must have the contractual right to verify the service providers’ compliance by inspecting and auditing all information relating to the outsourced function at any time, unrestrictedly. Outsourcing to another country is admissible if the rights of inspection and control rights of the bank itself, its audit firm and FINMA are assured and the restructuring or resolving of the bank in Switzerland, including access to the required information, are possible at any time.

Accounting rules

Value adjustments for default risks in banking are to be calculated in future on the basis of expected losses. For this change, FINMA will draft a new ordinance on accounting which will also incorporate parts of the FINMA Circular 2015/1 “Accounting – Banks”. The date of entry into force of this new ordinance is not yet known.


In order to obtain a banking licence from FINMA, a bank must have a fully paid-in share capital of at least CHF 10 million (art. 15 (1) BankO). However, in principle, FINMA requires a bank to have additional capital of at least CHF 10 million but usually more (which might be contributed e.g. in the form of a subordinated loan as well), depending on the intended scope of the bank’s business activities.

In addition to the statutory capital requirements, banks are also subject to regulatory capital requirements based on the Basel III Framework. The CAO specifies in more detail the regulatory capital required by Swiss banks, particularly depending on the bank’s size and scope of business. The required capital comprises, in principle, the following parts:

Minimum required capital: A bank must hold at least 8% of the risk-weighted positions •as minimum required capital, whereof at least: i) 4.5% must be held in the form of common equity tier 1 (CET 1) capital (CET 1 ratio); and ii) 6% must be held in the form of Tier 1 capital (Tier 1 capital ratio) (art. 42 (1) CAO).




Capital buffer: A bank must, in principle, hold a capital buffer between 2.5% and 4.8% •of their risk-weighted positions, in particular, in the form of CET 1 capital, depending on the supervisory category of the bank (art. 43 (1) and appendix 8 CAO; art. 2 (2) and appendix 3 BankO).

Counter-cyclical buffer: Upon request of the SNB, the Swiss Federal Council may, if •necessary, require the banks to hold a counter-cyclical buffer of a maximum of 2.5% of their risk-weighted positions in Switzerland in the form of CET 1 capital to: i) enhance the banking sector’s resilience against the risk of excessive credit growth; or ii) counteract excessive credit growth (art. 44 CAO). Currently, the Swiss Federal Council has activated the counter-cyclical buffer to counteract the risk of a real estate bubble fuelled by cheap mortgage loans, and requires banks to hold a counter-cyclical buffer of 2% of their risk-weighted positions whereby a residential property in Switzerland acts as real security (in accordance with art. 72 CAO).

Extended counter-cyclical buffer: Banks with a balance sheet of at least CHF 250 billion, •of which the total foreign commitment amounts to at least CHF 10 billion, or with a total foreign commitment of at least CHF 25 billion, have to hold an extended counter-cyclical buffer in the form of CET 1 capital. This buffer amounts to the weighted average of the counter-cyclical buffers that apply in the member states of the BCBS where the bank’s relevant receivables from the private sector originate, but in no case more than 2.5% of the risk-weighted positions (art. 44a CAO).

Additional capital: FINMA may require a bank to hold additional capital if the minimum •required capital and counter-cyclical buffer does not sufficiently cover the risks of a specific bank (art. 45 CAO).

Leverage ratio: A bank must also maintain a 3% minimum leverage ratio based on the •un-risk-weighted assets and Tier 1 capital (art. 46 CAO and Circular 2015/3).

Additional requirements for SIBs: In addition to the above-mentioned requirements that •apply to all banks, SIBs have to comply with additional requirements, e.g. they must have sufficient own funds to be able to continue their business activities even in the event of major losses (going-concern capital requirements), or they have to permanently hold additional funds to ensure a possible restructuring and winding-up (gone-concern capital requirements) (art. 124 et seq. CAO). G-SIBs are required to hold 100% of their going-concern capital requirement as TLAC. With effect from 1 January 2019, the gone-concern capital requirements also apply for D-SIBs. The new requirements are based on the going-concern capital requirements but, unlike for the big banks, this reflection amounts to only 40%, subject to further rebates for state-owned D-SIBs, as the domestically focused banks are less interconnected internationally and are less systemically important.


Regulations applying to the bank’s dealing with third parties

Banking and securities dealer activities •In Switzerland, the primary law governing the relationship between banks or securities dealers and their clients is the private civil law laid down in the CO. In many instances, a banking or securities dealing relationship is subject to the principles of the law of mandate of the CO. Under such provisions, inter alia, an agent has to act faithfully and diligently (art. 398 (2) CO).

The nature of the legal duties owed by and customs of banks have been developed through court practice and by professional standards established by recognised SROs.




Securities dealers must comply with the rules of business conduct outlined in art. 11 SESTA, including the duty to provide information, the duty of diligence and the duty of loyalty. This provision will be replaced by the provisions of FinSA. Furthermore, rules of SRO recognised by FINMA as minimum standard requirements applicable to certain financial institutions specify these duties. These self-regulatory rules include, among others, the Code of Conduct for Securities Dealers, the Portfolio Management Guidelines of the SBA.

Activities referring to collective investment schemes •A bank responsible for the management of a collective investment scheme, the safekeeping of the assets held in it, or the distribution of it to non-qualified investors in Switzerland, is subject to licence requirements, and has to comply with the code of conduct requirements outlined in art. 20 et seq. CISA, including the duty of loyalty, the duty of diligence and the duty to provide information. These rules are further implemented through the self-regulatory standards set forth in the Code of Conduct of the Swiss Funds & Asset Management Association SFAMA, which is also recognised by FINMA as a minimum standard requirement.

Outlook: FinSA •The rules of conduct applicable to financial service providers, including banks, are going to change fundamentally with the FinSA. Under this new legislation, financial service providers will be required to provide extensive information on themselves, the services and products they recommend, as well as the risks and costs they entail. Furthermore, depending on the type of client and service they offer, they will be subject to further requirements to ensure the suitability or appropriateness of their offering. The implementation of these rules will come together with extensive documentation and record-keeping obligations as well as organisational requirements. In particular, client advisors will need to have the requisite knowledge and expertise to comply with their duties under the rules of conduct and carry out their business.

Rules applying to the general terms and conditions of banks

The use of general terms and conditions (“GTC”) to govern the relationship between the bank and its clients is widespread in the Swiss banking industry. However, Swiss law does not regulate the GTC of banks specifically. Accordingly, the question whether GTC are valid must be established on the basis of the Swiss private law, particularly the general contract law provisions of the CO and art. 8 of the Federal Act against Unfair Competition of 19 December 1986 (AUC) that prohibits the use of GTC that, to the detriment of consumers and contrary to the requirement of good faith, provide for a significant and unjustified imbalance between contractual rights and contractual obligations. Furthermore, specific regulations prohibit banks from including certain terms in their GTC with customers. For example, a right to use client securities may not be included in GTC. Against this background, the use of GTC might, in a typical business-to-customer relationship, be more limited in the banking industry.

Mechanisms for addressing customer complaints against banks

General remarks •Under Swiss supervisory law, FINMA’s mandate includes the protection of creditors, investors and policyholders. However, client protection is understood collectively and therefore FINMA does not adjudicate or even intervene in a dispute between a client and a bank. Furthermore, there are no explicit regulatory rules on handling complaints, although arguably the appropriate internal organisation of a bank requires the implementation of a complaints procedure.




Disputes between a client and a bank are thus the remit of the ordinary courts, subject to the mediation by the Swiss Banking Ombudsman, if the bank is a member of the SBA.

Swiss Banking Ombudsman •As part of its self-regulatory role, the SBA established a separate and independent institution, the Swiss Banking Ombudsman. Members of the SBA are required to submit to the authority of the Swiss Banking Ombudsman

The Swiss Banking Ombudsman is an independent and neutral mediator whose services are free of charge for the banking customer. He is competent to approach specific complaints raised by banking customers against banks based in Switzerland, but has no power to decide. Consequently, he mainly acts as a mediator in disputes to avoid costly and lengthy legal proceedings. The parties are not bound by his proposal but may choose either to accept it or to take other steps, such as starting a lawsuit.

Changes of the enforcement of client’s rights according to the adopted FinSA •In order to facilitate the enforcement of rights for banking clients, FinSA will introduce several changes to the enforcement of Swiss banking clients’ rights, among others an extensive documentation duty that requires financial service providers to document their services in an appropriate manner, and a right of a client to request the delivery of copies of these documents free of charge.

Furthermore, financial service providers will be required to join an ombudsman’s office, which will offer a simple and informal process to settle disputes between clients and financial service providers. For members of the SBA, however, this will not be a major change (see above).

More generally, the government announced that it is generally considering introducing a scheme for collective enforcement of claims in the Swiss Civil Procedure Code. This Swiss form of class action would not be limited to suits against banks and financial institutions but should be generally available for all types of civil disputes. This would further facilitate the enforcement of clients’ rights and reduce the risk of high procedural costs.

Swiss depositor protection scheme

Deposits of Swiss banks are, in particular, protected by the following measures:

a) Client deposits of Swiss banks are, in principle, privileged claims in case of bankruptcy of a bank up to CHF 100,000 (art. 219 (4)(f) 2nd class of the Swiss Federal Act on Debt Collection and Bankruptcy of 11 April 1884 (DEBA) in conjunction with art. 37a (1) and art. 37b (1) BankA). However, the law further distinguishes between certain types of accounts. For example, deposits for vested benefit schemes are treated separately from other bank accounts and may benefit from the privileged status in an additional protected amount of up to CHF 100,000 (art. 37a (5) BankA).

b) Furthermore, client deposits of a bank or securities dealer located in Switzerland are protected to a maximal amount of CHF 100,000 per depositor. This depositor’s guarantee in case of bankruptcy of a bank is ensured by the Swiss depositor protection scheme (“esisuisse”) which requires that all Swiss banks and branches of foreign banks must have their preferential deposits protected by esisuisse.

c) Finally, client custody assets of Swiss banks and securities dealers are deemed by law, in principle, as segregated client assets. Consequently, they will be segregated in case of an insolvency of a bank or securities dealer (art. 37d BankA in connection with art. 36a SESTA).




Furthermore, the Swiss Federal Council decided in February 2017 to strengthen the Swiss depositor protection scheme. The consultation process with respect to the amendment of the BankA is expected to start in 2019. The Swiss Federal Council also plans to close a gap in the regulations on investor protection: the obligation to segregate client holdings booked to client accounts from proprietary holdings shall be extended over the entire custody value chain in Switzerland.


The Swiss approach to inbound cross-border banking services is rather liberal. Banking activities on a pure cross-border basis only (i.e. without any actual or deemed local physical presence) from abroad into Switzerland are, in principle, not subject to a banking licence requirement. Consequently, a foreign banking institution may, in principle, freely offer banking services to Swiss-based customers if it does not establish a physical presence in the meaning of art. 2 (1) FBO-FINMA (i.e. a representative office or a branch) and does not inaccurately represent that it is based or regulated in Switzerland. However, this will change upon entry into force of FinSA, which will extend the scope of Swiss financial market regulation to activities carried out “for clients in Switzerland”. In other words, providing financial services to clients in Switzerland on a cross-border basis will be subject to FinSA.

In contrast, the distribution of shares or units of collective investment schemes, and the placement of certain financial products in Switzerland, are subject to restrictions and licence or prospectus requirements. In particular, only Swiss-licensed representatives, holders of a FINMA distributor licence, or entities adequately licensed in their country of domicile to distribute collective investment schemes, may proceed with any form of distribution of collective investment schemes in Switzerland (art. 13 CISA).

Regulatory framework on AML

Money laundering is subject to criminal sanctions under art. 305bis of the Swiss Criminal Code of 21 December 1937 (“SCC”). Money laundering in the meaning of the SCC includes any act suitable to conceal or disguise the identification of the origin or impede the tracing or the forfeiture of assets that have been obtained through serious crimes and certain tax offences.

Prudentially supervised financial institutions, such as banks and securities dealers, as well as other persons or entities who, on a professional basis, accept or hold third-party assets or who assist in the investment or transfer of such assets, including activities such as (independent) asset management and certain types of credit/lending business, trade finance including factoring with right to recourse, payment services, trading activities, etc., are subject to additional regulatory requirements (art. 2 (2) and (3) AMLA). Financial intermediaries which are not otherwise regulated (e.g. by FINMA through holding a banking or securities dealer licence) have to join a recognised SRO which will review their compliance with Swiss AML rules on a regular basis (art. 14 AMLA).

A major part of the AMLA provisions deal with the due diligence duties in connection with a financial intermediary’s handling of third-party assets including the due identification of the contractual party and the due determination of a potential beneficial owner, whereas, among others, these duties are further specified in the CDB 16.







Dr. iur. Peter Ch. Hsu


Peter Hsu is Bär & Karrer’s key contact for the practice area of banking and

insurance. His practice focuses on banking, insurance, financing and capital

markets. He advises Swiss and foreign financial institutions as well as fintech

businesses on transactional and regulatory matters. Moreover, he regularly

advises clients on M&A transactions, financing and corporate matters as well

in other industry sectors.

He has published several books and articles on topics in banking, insurance

and capital markets and is regularly invited to speak on these topics.

Peter Hsu is ranked as a leading individual in the practice areas of Banking &

Finance as well as Insurance & Reinsurance (Who’s Who Legal 2018).

Rashid Bahar


Rashid Bahar’s practice focuses on banking, finance and capital markets, as

well as general corporate law. He heads the funds, financial products and

asset management practice group.

He regularly advises Swiss and foreign financial institutions on transactional

and regulatory matters. He is often involved in M&A transactions and

complex financings, where he advises both lenders and borrowers. He

regularly represents clients in licensing and enforcement proceedings before

the Swiss Financial Market Supervisory Authority FINMA and other

authorities. Rashid Bahar has extensively published and is regularly invited

to speak on these issues.

Rashid Bahar is also an associate professor at the University of Geneva, where

he teaches corporate law and financial markets regulation. He is a member

of the executive committee of the Center for Banking and Financial Law and

the editorial committee of the Swiss Business Law Review. He was appointed

as an expert member of the working group of the Federal Department of

Finance responsible for drafting the Federal Act of Financial Services

(FIDLEG) and its implementing ordinance.

Brandschenkestrasse 90, CH-8027 Zurich, Switzerland

Tel: +41 58 261 50 00 / Fax: +41 58 261 50 01 / URL: www.baerkarrer.ch

Bär & Karrer Ltd.

Timor-Leste

Introduction

East Timor’s financial system essentially revolves around banking and currency exchange activities. According to data compiled by the Central Bank of East Timor1 (Banco Central de Timor-Leste, hereinafter “BCTL”), the financial institutions currently operating in the East Timorese territory are:

four branches of foreign commercial banks: •

Caixa Geral de Depósitos, S.A. – Timor-Leste (“BNU Timor”) (Portugal); •

Australia and New Zealand Bank (“ANZ”) Banking Group Limited – Timor-Leste •Branch (Australia);

PT. Bank Mandiri (Persero) Tbk. Dili – Timor-Leste Branch (Indonesia); and •

PT. Bank Rakyat Indonesia (Persero), Tbk, Timor-Leste Branch (also from •Indonesia);

one state-owned commercial bank – Banco Nacional de Comércio de Timor-Leste, •S.A.;

three insurance companies: •

National Insurance Timor-Leste, S.A. (locally established but from Singapore);2 •

Sinarmas Insurance, S.A. (Indonesia); and •

Federal Insurance Timor, S.A. (originally from Samoa); •

three currency exchange bureaux; •

nine money transfer operators; •

two other deposit-taking institutions (ODTI); and •

one finance company. •

Looking specifically at the commercial banks and insurance companies, only one of the eight main financial institutions operating in East Timor is of national origin, which serves as a good example of the melting pot of cultures found in the East Timorese territory.3

One of the most obvious and persistent effects of East Timor’s eventful history is, in fact, the influence of a broad range of different legal traditions, which is clearly reflected in its current legal system. In addition to traditional East Timorese customs, the Portuguese, Indonesian and United Nations legal systems continue to influence modern East Timorese law.4

It is also worth mentioning that much of the legal framework currently in force in East Timor – including the key piece of legislation on banking law, UNTAET Regulation no. 2000/8, of 25 February 2000 – was enacted by the United Nations Transitional

Nuno Castelão, João Cortez Vaz & Rita Castelo Ferreira Vieira de Almeida



Administration in East Timor (“UNTAET”), which administered the East Timorese territory from October 1999 until its independence on 20 May 2002. In addition to the UNTAET regulations, Indonesian laws that have not been repealed remain in force, even though the Constitution of East Timor and much of its statutory and regulatory law – such as the East Timorese banking law – are modelled on Portuguese law.5

It is also interesting to note that, unlike other countries throughout the world, the 2008 global financial crisis did not have a significant impact on the East Timorese financial sector and, therefore, no significant legislative proposals were presented in this regard.

Among the latest initiatives in the financial sector, we would highlight the National Strategy for Financial Inclusion 2017–2022, a five-year strategic plan which aims at providing primary financial services at affordable costs to all segments of the East Timorese population, as well as combating financial illiteracy.6

Initiatives aimed at allowing the use of mobile and electronic methods of payment have also been adopted. The National Policy for Information and Communications Technologies (2017–2019), approved by Government Resolution no. 9/2017, of 15 February 2017, established the political basis for the elaboration of legal frameworks on electronic transactions (including e-government), privacy and data protection, cybersecurity and cybercrime, which may have significant impacts on financial services.

A recent step in the promotion of e-commerce platforms was the authorisation granted last August by BCTL to a fintech company’s application to conduct a trial of its e-wallet transfer system service in East Timor. In accordance with the information provided by BCTL,7 this authorisation allows the company to offer e-payment services, cash top-ups and withdrawals through agents of one of the leading telecommunications companies in East Timor, as well as balance enquiries and mini-statements.

Prior to this, in 2014 BNU Timor and Timor-Telecom, the leading telecommunications operator in East Timor, launched the country’s first mobile wallet product (“BNU Mobile”) under the authorisation granted to BNU Timor by BCTL on 3 September 2014. To the best of our knowledge, BNU Mobile has had limited adherence among clients, although it is still in operation.

Nonetheless, the fact that relevant stakeholders continue to invest in mobile and electronic payment systems reveals a certain commitment to innovation in banking technology, which in the long-run may come to revolutionise payments in East Timor, a traditionally cash-based country.

Perhaps the most relevant recent step towards the modernisation of banking services in East Timor, and one that confirms the ambition to expand the access to banking services to all segments of the population, has been the launching of the P24 payment service by BCTL, on 18 December 2018. This service will allow customers to make transactions through any ATM or PoS device, connect the providers of e-wallet services (when such services become significant in the country) and settle taxes and other financial responsibilities to the Government and to private businesses.

It is expected, however, that the P24 service will take some time to be fully implemented. In the initial stages, only BNU and Mandiri ATMs will be linked; BCTL and BRI are expected to join the P24 ATM network in coming months.

Although much remains to be done, the East Timorese financial system is developing gradually.

Vieira de Almeida Timor-Leste




Established in 2011, in replacement of the Central Payments Office (“CPO”) and the Banking and Payments Authority (“BPA”), BCTL is an independent and autonomous public entity that acts not only as East Timor’s central bank, but which is also responsible for regulating, licensing and supervising banks, insurance companies and other entities that carry out financial activities on national territory. BCTL is also the sole entity responsible for the application of corrective measures and administrative sanctions to financial institutions.

Furthermore, BCTL is responsible for managing the country’s payment system, as well as issuing national coins as sub-units of the US dollar,8 and for safeguarding monetary policy in line with the economic policy defined by the East Timorese Government.

Unlike other legal systems, there is no clear distinction between prudential supervision and market conduct supervision.9 BCTL’s powers and responsibilities are set out in its Organic Law, approved by Law no. 5/2011, of 15 June 2011.

The licensing and supervision of banking activities are governed by UNTAET Regulation no. 2000/8, of 25 February 2000 (hereinafter, the “Banking Law”). In addition to the Banking Law, there is a vast number of CPO/BPA/BCTL regulations that should also be considered when analysing the East Timorese banking framework, such as Instruction CPO/B-2000/2 on regulatory capital, Instruction CPO/B-2001/2 on banks’ equity investments and Instruction CPO/B-2000/4 on the qualifications of administrators, among others.

In accordance with the Banking Law, a “bank” means a legal person engaged in the business of accepting deposits from the public in East Timor and using these funds, either in whole or in part, to make extensions of credit or investments for the account and at the risk of the person carrying on the business. Under the Banking Law, no person shall engage in such business without an effective licence issued by BCTL. Furthermore, no bank organised outside East Timor shall be permitted to engage directly in any financial activity in East Timor unless the activity is undertaken through a local branch office for which an effective licence has been issued by BCTL.

Due to the relevance of currency exchange bureaux and money transfer operators in East Timor, we would also highlight UNTAET Regulation no. 2000/5, of 20 January 2000, and BCTL Instruction no. 1/2013 on the licensing and supervision of such activities.


Regulatory legislation is, as already mentioned, quite recent – dating from the first decade of 2000 – and the East Timorese financial system is still relatively unsophisticated when compared with those of other countries, including geographically close countries such as Indonesia or the Philippines.

Furthermore, in recent years the country has faced great political instability caused by frequent changes in government, which has significantly contributed to a decrease in the number of legislative initiatives.

Without prejudice to the foregoing, there is a matter that is currently a hot regulatory topic and that, in our opinion, was the most relevant regulatory development in East Timor: anti-money laundering and the prevention of terrorism financing.

BCTL issued Instruction no. 5/2017 (“AML Instruction”), revoking the previously issued




instruction on related matters, with a view to, inter alia, addressing concerns regarding the quality of the information held on clients with established relationships with banks or clients looking to establish such relationships, as well as the source of the money being used by clients for bank operations.

The AML Instruction came to extend banks’ duties and obligations when accepting new clients or when performing operations with existing clients, and also imposed the creation of internal policies and procedures aimed at fulfilling the purpose of the AML Instruction, such as: identification and verification of clients’ identity; client acceptance; monitoring and permanent control of high-risk bank accounts; notification of suspicious operations to the competent authorities; and document conservation. These developments included the introduction of a form, to be completed by banks when complying with the obligation of notification of a suspicious operation to the Financial Information Unit (Unidade de Informação Financeira) – an administrative unit created by Decree-Law no. 16/2014, of 18 June 2014, with the purpose of analysing information related to suspicious transactions.

There were other important legislative innovations, not directly related to regulatory issues, but which could have a positive impact on the country’s banking and finance sector.

Firstly, on 5 June 2017 Law no. 13/2017 was published, approving the Special Regime for the Determination of Ownership of Real Property (commonly referred to as the “Land Law”), which might help clarify the legal status of land ownership by recognising the different types of private ownership rights.

The Land Law aims at defining ownership of real property through the recognition and attribution of primary ownership rights over real property. It also sets forth the establishment of a National Land Registry, which shall gather all official information on the legal status of immovable property.

The new Land Law could come to have a significant impact on the country’s banking activity, considering that one of the major current issues is the proper constitution of in rem collaterals and its enforceability when needed, which offers banks greater security when lending to clients.

Another relevant development was the entry into force of Decree-Law no. 23/2017, of 12 July 2017, which created a Credit Guarantee System (“CGS”) for Small and Medium-sized Enterprises (“SMEs”).10 This is a public programme, financed by the East Timorese Annual State Budget, which aims to facilitate the concession of credit in priority areas, towards the diversification of the East Timorese economy, through the sharing of the associated credit risk between the East Timorese State and banks, where the State covers up to 70% of the loan. In the event of default by a SME, the State is responsible to the creditors in proportion to the guarantee.

Although certain aspects of the CGS, notably those concerning the requirements to benefit from the system and the respective sanctioning procedures for events of default, should have been regulated by BCTL within 90 days of the date of publication of the abovementioned Decree-Law, no regulation has been published so far and, to the best of our knowledge, the CGS is yet to be implemented.

August 2017 saw the publication of Law no. 15/2017, of 23 August 2017, which approved the New Legal Regime for Private Investment in East Timor, revoking the previous regime of 2011 and aiming, on the one hand, to modernise the country’s legal regime and, on the other, to harmonise East Timorese legislation with the guidelines issued by the Global Investment Agreement of the Association of South East Asian Nations.




This Law grants special benefits to investors, through either a declaration issued by the East Timorese State defining the investor’s benefits (“Statement of Benefits”) or a special investment agreement, which can consist in the granting of five work visas to foreign workers hired as supervisors, directors or employees with technical functions suited to the investment project in question; the right of rental of real estate owned by the State, for an initial period of up to 50 years, renewable for 25 years up to a total of 100 years; and finally, fiscal and customs benefits for projects related to agriculture, livestock, forest, fishing and aquaculture, transformative industries, housing, and tourism activities.

Nevertheless, we note that investments made by the State and by public companies do not fall within the scope of this Law. In addition, investments by legal persons whose share capital is State-owned in more than 50% cannot take advantage of these tax and customs benefits.

Also in relation to this matter, on 21 February 2018 the East Timorese Government approved Government Decree no. 2/2018, which regulates certain points of the New Legal Regime for Private Investment. One of the most relevant provisions of this Decree regulates the minimum investment values that must be observed by investors for these to take advantage of the abovementioned special benefits. The public institute TradeInvest Timor-Leste, I.P. has the obligation to create and maintain up-to-date records of all investments that have been granted these benefits.

Decree-Law no. 34/2017, of 27 September 2017, was also introduced, establishing a new legal regime for the Licensing of Economic Activities. Its main purpose is to simplify the licensing procedure applicable to such activities, notably by centralising the entire procedure to launch an economic activity in a single competent entity, the Department for Business Registry and Verification (“SERVE”).


The East Timorese legislation includes several provisions on the governance requirements applicable to banks, notably provisions with respect to banks’ administrative structure, the qualifications of their administrators and banks’ internal control systems.

Section 16.1 of the Banking Law provides that each bank developing its business under East Timorese law shall be administered by a Governing Board and shall have an Audit Committee. Furthermore, banks shall have a Risk Management Committee or, at least, separate committees for Credit and Asset and Liability Management.

Concerning the composition of the Governing Board, Section 16.3 establishes that it shall have an uneven number of members, between a minimum of three and a maximum of seven.

These Board members shall be appointed by the General Meeting of Shareholders and their mandate cannot exceed four years, without prejudice of eventual re-appointment for subsequent periods.

East Timorese banking legislation also includes provisions on the expertise and qualifications of members of the Governing Board, the Senior Management and the Audit Committee, notably in Section 17 of the Banking Law and in Instruction CPO/B-2000/4 of the CPO11 (“Instruction 4/2000”) on the qualifications of administrators.

Section 17 of the Banking Law sustains that every person elected or appointed as a bank administrator must be a person of good repute and must comply with the criteria established by the CPO in supplementary regulation, regarding qualifications, experience and integrity.

Instruction 4/2000 details the requirements and necessary qualifications applicable to bank




administrators, developing the provisions of Section 17 of the Banking Law. It further defines the concept of “administrator” and sets forth a set of criteria that these individuals must meet, which covers qualifications, experience and integrity.

Among other requirements, the Instruction demands that bank administrators hold a university degree and further states that there should be no evidence of, inter alia, any financial or administrative problems in their previous employment, nor of financial fraud, tax avoidance or default on indebtedness. The minimum years of experience required, depending on the administrator’s specific role,12 is also addressed.

BCTL must approve all members of a bank’s Governing Board. This process is started by the interested bank, which must submit, in writing, a certified copy of the decision of the General Meeting appointing the selected candidate, the candidate’s identification and contacts, information on the candidate’s business or professional activity and his/her curriculum vitae. Information must also be submitted on the candidate’s relationship with other banks (whether as a shareholder or as an administrator) and his/her membership in other companies, partnerships, associations or groups of persons acting together with a common purpose, whether organised as a formal business entity or not.

Alongside this application for approval, banks can also apply for a waiver of some of the requirements outlined above. This application should contain all relevant data related to the proposed administrator, clearly identifying the criteria he/she does not meet and explaining why the bank is seeking a waiver of those requirements. Nevertheless, the following criteria cannot be waived under any circumstance by BCTL: not having been deprived by law of the right to sit on the governing board of a legal entity; not currently serving, nor having served at any time during the immediately preceding 12-month period, as controller of BCTL or on the management of BCTL; never having been convicted of a crime; BCTL not having determined that the proposed administrator was a party to a transaction that violates the Banking Law or any instruction issued under it; and not having been subject to an insolvency proceeding as a debtor.

Section 19 of the Banking Law states that each bank shall have an Audit Committee, defined in Instruction 4/2000 of the CPO as “an independent committee of the bank which establishes and supervises compliance with appropriate accounting procedures and controls, and which provides oversight of the bank’s internal and external audit functions”. This committee shall be composed of three members, also appointed by the bank’s General Meeting of Shareholders for a two-year mandate.

The Audit Committee is responsible for establishing adequate accounting procedures and controls for the bank, and for supervising compliance with these procedures. It is also expected to monitor compliance with banking rules and legislation and to deliver opinions on any matters submitted to it by the Governing Board or any others it may wish to address.

Additionally, banks are required to create a Risk Management Committee, which should comprise three members of the Governing Board. This committee is responsible, inter alia, for establishing and monitoring the implementation of procedures for credit appraisal, asset and liability management. It is also accountable for monitoring compliance with the legislation applicable to credit and other risks, reporting directly to the Governing Board on these matters.

As to the remuneration of the members of the Governing Board, Section 16.4 of the Banking Law and Instruction CPO/B-2001/9 of the CPO (“Instruction 9/2001”) on the Remuneration of Members of the Governing Board and of the Senior Management of newly licenced banks determine that said remuneration is freely established by the General Meeting of




Shareholders. Nevertheless, for the first three years of operations, the remuneration of the members of the Governing Board and of the Senior Management must be approved by BCTL.

This approval process is part of the application submitted for a banking licence, and the request must be accompanied by a certified copy of the decision of the General Meeting of Shareholders or of the Governing Board, respectively, on the remuneration of the Governing Board or of the Senior Management.

BCTL shall decline a proposal on remuneration if, for instance, such proposed remuneration is expected to adversely affect the bank’s future earnings prospects or financial condition.

Any changes made to the remuneration, as presented in the application for a banking licence, shall require BCTL’s written approval prior to their implementation.

Regarding banks’ internal control systems, the CPO issued Instruction CPO/B-2001/5 (“Instruction 5/2001”) on Banks’ Internal Control Systems, which demands the establishment, by banks, of a “sound internal control process, for the purposes of preventing losses, maintaining reliable financial and managerial reporting, enhancing the prudent operation of banks, and promoting stability in the financial system of East Timor”.

Banks shall also, according to Section 32 of the Banking Law, appoint an independent external auditor, recommended by the Audit Committee and approved by BCTL, who shall, among other duties, assist in maintaining proper accounts and records; prepare an annual report on whether the financial statements present a full and fair view of the financial condition of the bank, in accordance with the banking legislation; and inform BCTL, with respect to any bank or any of its subsidiaries, of any fraudulent acts or any irregularity or deficiency in their administration.

Finally, Instruction 5/2001 establishes that banks must ensure an appropriate segregation of duties in operational functions, and that bank employees should not be given conflicting responsibilities. Banks shall pay special attention to areas of “potential conflicts of interest” and shall identify, minimise and subject these to “careful and independent monitoring”.


In what concerns capital requirements, Section 4 of the Banking Law states that BCTL currently has sole competence and responsibility for defining the minimum capital for newly licensed banks, which may not be less than the equivalent of US$2,000,000.

Section 4 of the Banking Law further stipulates that the amount of capital allocated to a bank determines the financial activities it will be permitted to engage in. In fact, Section 24 of the Banking Law further details the range of financial activities that banks can perform, based on their amount of capital (minimum capital, twice the minimum capital and three times the minimum capital). For example, banks with the minimum capital can only receive deposits, bearing interest or not, in one currency; buy and sell for the bank’s own account certain types of debt securities; extend credit, including consumer and mortgage credit; carry out factoring with or without recourse; provide payment and collection services; issue and administer means of payment; buy and sell foreign exchange for cash for the account of a customer; and provide for the safekeeping of securities and other valuables.

Instruction CPO/B-2000/2 (“Instruction 2/2000”) on Regulatory Capital develops the capital requirements applicable to banks and to branches of foreign banks operating in East Timor and lays down the concepts of regulatory, tier one and tier two capital, and their form of calculation.




Instruction 2/2000 also establishes a capital adequacy ratio that must be of at least 12%, based on a comparison of banks’ regulatory capital and their assets and off-balance sheet exposures, according to a predetermined risk-weight factor.

In accordance with Section 49(f) of the Banking Law and Chapter IV of Instruction 2/2000, banks also face limitations in respect of the distribution of dividends, in the sense that such distribution is not allowed if it leads to a situation where the bank fails to comply with the minimum required amount of regulatory capital or the minimum capital adequacy ratio.

Additionally, there is also a CPO Instruction – Instruction CPO/B-2000/3 (“Instruction 3/2000”) – that establishes the liquidity requirements for banks licensed in East Timor, developing several provisions of the Banking Law. The purpose of the Instruction is “to provide for an adequate balance between a bank’s invested funds (assets) and its financial resources (liabilities) and to ensure that a bank is at all times able to fund its operations under any conditions and at a reasonable cost”.

This Instruction further establishes a set of principles contained in Publication no. 69, of February 2000, of the Bank for International Settlements, Basel Committee on Banking Supervision, which can be summarised as follows:

development of a structure for liquidity management; 1.

measurement and monitoring of net funding requirements; 2.

management of market access, with a periodic review of its efforts in the establishment 3.and maintenance of relationships with liability holders;

existence of contingency plans addressing the strategy for handling liquidity crises; 4.

management of banks’ foreign currency liquidity; 5.

existence of an adequate system of internal controls over banks’ liquidity risk 6.management process; and

existence of a mechanism to ensure that an adequate level of disclosure of information 7.about the bank exists, for the management of public perception of banks’ organisation and soundness.

According to Instruction 3/2000, banks’ liquidity ratio shall be of at least 15%, calculated by dividing a bank’s highly liquid assets by its total liabilities (not including equity).

Finally, banks shall report to BCTL, at each month end and in the prescribed format annexed to Instructions 2/2000 and 3/2000, their calculation of regulatory capital, risk-weighted assets, capital adequacy ratio and short-term liquidity ratio.


Bank/customer relationships have always been on the legislators’ and regulators’ radars across the globe and East Timor is no exception.

The main provisions governing these relationships can be found in the Banking Law and in further regulations issued by BCTL.

Firstly, Section 28 of the Banking Law establishes that banks have the obligation to notify their customers (not distinguishing between retail customers, professional clients or more substantial counterparties) of the precise nature of their business and of the terms and conditions associated with the deposits made and credits received by them, including the compound annual rate of interest.

Instruction CPO/B-2001/3 (“Instruction 3/2001”) sets out further regulation on this matter,




establishing that, with respect to the nature of a bank’s business, a certified copy of its licence shall be made public, as well as the financial activities it is authorised to perform. Instruction 3/2001 also states that the types, terms and conditions of deposits and credits offered by the bank at any given moment shall also be publicly disclosed to customers.

Furthermore, this Instruction specifies, in relation to deposits and credits, special requirements concerning information to be provided to customers, inter alia, the types of deposits and credits available, their interest rates, collateral requirements and associated service charges or fees.

In what specifically concerns deposit-taking activities, BPA13 Instruction no. 9/2003 regulates the opening and maintenance of deposit accounts, establishing requirements that banks must comply with when performing these activities. This Instruction also clarifies banks’ duties when closing a customer’s deposit account.

Additionally, Section 2.5 of the Banking Law forbids any person to “make a misstatement of material fact or false representation or do anything to create a false appearance or engage in any manipulative device or practice in relation to the taking of deposit”.

Regarding credit and lending, Instruction CPO/B-2001/8 (“Instruction 8/2001”) on credit documentation establishes a set of requirements that must be complied with by banks, notably the maintenance at the bank’s head office in East Timor of adequate documentation on each credit, “based on the type of credit, the complexity of the credit transaction, and the extent of the borrower’s credit relationship with the bank”, and further explains the minimum credit documentation that shall be included.

East Timor’s law on consumer protection – Law no. 8/2016, of 8 July 2016 (“Consumer Protection Law”) – established a framework for the protection of consumers’ rights and has encouraged improvements in the quality of the services provided by East Timorese companies to their clients.

This is a general framework, which applies to all goods and services provided by companies in East Timor, including banking and financial products.

The Consumer Protection Law sets forth a comprehensive set of rights for consumers, notably the right to be provided with detailed information on products and services being commercialised, and the right to effective legal protection, while also imposing a set of new obligations on suppliers, with non-compliance resulting in fines or even revocation of the authorisation to conduct business activities.

BCTL currently has a procedures manual to deal with non-compliance by financial institutions, which allows for the initiation of proceedings against a non-compliant financial institution.

Banks must firstly provide a response to the person who filed a complaint. If the client remains unsatisfied with the bank’s response or if the regulatory violation was severe, BCTL will adopt a more active role in this process.

Customers also have at their disposal a form, available on BCTL’s website, through which they can address complaints directly to this entity.

BCTL is considering the implementation of more accessible and cost-effective means to solve disputes between banks and customers, such as establishing a financial ombudsman or embracing alternative dispute resolution.

Concerning inbound cross-border activities, Section 2.4 of the Banking Law determines that no bank incorporated under foreign legislation may operate directly in the East




Timorese financial system, unless this activity is undertaken through a local branch for which an effective licence has been issued by BCTL.

Any foreign bank must apply for a licence on the same terms as a national bank, under Section 5 of the Banking Law, and follow the procedure detailed in CPO Instruction no. 1/2000 on the application for bank licences. This application must be accompanied by a set of information, contained in several CPO/BPA/BCTL Instructions.

Finally, as regards anti-money laundering, East Timor has relatively well-developed legislation.

Firstly, Section 21 of the Banking Law states that banks are prohibited from “conceal[ing], convert[ing], or transfer[ing] cash or other property, knowing that such property is derived from criminal activity”, and that they must inform the authorities “responsible for combating money laundering of evidence that property is derived from criminal activity and provide, at the authorities’ request, any additional related information”.

There are several other legal instruments regulating this matter, among which we highlight Law no. 17/2011 (as amended) and the AML Instruction referred to above.

Each of these regulations impose duties and obligations on banks when contracting with clients, whether in the context of an ongoing business relationship or the occasional transaction.

These duties include, first and foremost, the proper identification of customers (based on their legal documents) and verification of that same identification. These duties must be reinforced if the bank is dealing with high-risk clients, such as clients with high net property, politically exposed clients, and non-residents, especially if they reside in countries with no anti-money laundering regulation.

Banks are also expected to maintain records of every transaction performed and of their clients’ information, as well as to develop an internal anti-money laundering and terrorism financing prevention programme, to be used in the training of their employees.

Furthermore, banks must report every operation performed in cash in an amount equal to or higher than US$10,000, whether consisting of a single operation or several interconnected operations.

In addition, banks have a duty to immediately report any suspicious operation to the Financial Information Unit. Once this report has been submitted, banks must refuse the performance of any further operations when the identified risk of money laundering and terrorism financing cannot be reduced or eliminated. Failure to comply with these provisions will lead to misdemeanour proceedings and the bank in question will be faced with a fine of between US$5,000 and US$500,000.

Acknowledgment

The authors acknowledge with thanks David Nogueira Palma’s contribution to this chapter (Tel: +351 213 113 400 / Email: [email protected]).

David joined VdA in 2018, as a Trainee at the Banking & Finance practice. He holds a Law degree from the University of Lisbon and is currently concluding his Master’s degree in Corporate Law at the Catholic University of Portugal (School of Lisbon). Furthermore, David is a post-graduate in Companies Law and is concluding his post-graduate studies in Advanced Banking Law at the University of Lisbon.




Endnotes

On 28 November 2018, BCTL revoked the insurance licence granted to National 1.Insurance Timor-Leste, S.A. and initiated a liquidation process.

Available at https://www.bancocentral.tl/ (accessed on 5 November 2018). 2.

CÂMARA, Paulo et al. – A Governação de Bancos nos Sistemas Jurídicos Lusófonos 3.[Bank Governance in Portuguese Language Legal Systems] (Coleção Governance Lab, Almedina, 2016), pp. 475-476.

‘Introduction to the Laws of Timor-Leste: Legal History and the Rule of Law in Timor-4.Leste’ (USAID, The Asia Foundation & Timor-Leste Education Project, Stanford Law School, 2012), available at https://web.stanford.edu/group/tllep/cgi-bin/wordpress/wp-content/uploads/2013/09/Legal-History-and-the-Rule-of-Law-in-Timor-Leste.pdf (accessed on 27 February 2018), p. 20.

Loc. cit. 5.Press release available at https://www.bancocentral.tl/ (accessed on 5 November 2018). 6.

Available at https://www.bancocentral.tl/uploads/rte/Media%20release/Press%20 7.Release%20Telemor%20E-Wallet.pdf (accessed on 5 November 2018).

The US dollar is the legal tender in East Timor. All denominations of US banknotes 8.and coins circulate in the country.

CÂMARA, Paulo – A Governação de Bancos, op. cit., p. 489. 9.

This system will only be at the disposal of entities who are self-employed entrepreneurs 10.or commercial companies incorporated under East Timorese law and where at least 75% of the shares with voting rights are owned, directly or indirectly, by East Timorese nationals.

As previously mentioned, this entity no longer exists and has been replaced by BCTL. 11.Nevertheless, instructions and notices issued by the CPO are still in force.

Depending on whether the administrator is a member of the Governing Board, a 12.member of the Audit Committee, belongs to the Senior Management of a bank or holds the position of Chief Accountant.

As previously mentioned, this entity no longer exists and has been replaced by BCTL. 13.Nevertheless, instructions and notices issued by the BPA are still in force.







Nuno Castelão


Nuno has been a Principal Consultant at VdA’s Banking & Finance practice

since January 2017. In such capacity, he has advised on financing transactions

in Portuguese-speaking countries, including East Timor, and established the

legal department of Banco Nacional de Comércio de Timor-Leste in Dili.

Nuno previously worked in London for eight years in the International Capital

Markets department of Allen & Overy LLP, where he focused on financing

transactions (equity and debt), including debt programmes, issuances of Senior

Notes, Regulatory Capital and Asset-Backed Securities. Nuno was also involved

in liability management transactions and advised on banking regulatory matters.

Between 2000 and 2006, Nuno worked at VdA’s Banking & Finance department,

where he was involved in domestic and cross-border banking and capital markets

transactions. Before 2000, Nuno worked in the Structured Finance Unit of the

Portuguese branch of ABN Amro Bank and in a Brazilian law firm in São Paulo,

Brazil. Nuno is admitted to the Law Society of England and Wales as a Solicitor,

the Portuguese Law Society as Advogado, the Brazilian Law Society – São Paulo

section – as Advogado, and to the Timor-Leste Law Society (Conselho de Gestão e Disciplina da Advocacia de Timor-Leste) as Advogado.

João Cortez Vaz

Tel: +351 213 113 400 / +670 331 141 8 (Timor-Leste) / Email: [email protected]

João joined VdA in 2012 and is currently an Associate in the Banking &

Finance practice. João also has experience in Mergers & Acquisitions,

Corporate Finance, and Litigation & Arbitration. From 2016 to 2018, he was

the head of VdA Legal Partners’ East Timor office, where he focused on

assisting players and stakeholders in the financial, natural resources and

telecommunications sectors. João holds a Law degree (LL.B.) and a Master’s

degree (LL.M.) from the University of Coimbra. He is admitted to the

Portuguese Bar Association and to the East Timorese Bar Association

(Conselho de Gestão e Disciplina da Advocacia).

Rita Castelo Ferreira


Rita joined VdA in 2015. She is an Associate in the Banking & Finance

practice, where she has been involved in the provision of legal advice on

banking and capital markets’ regulatory and compliance matters, including

banks’ day-to-day activities. In such capacity, she was in Dili in 2018 on a

client secondment. Rita has also advised on several financing transactions,

mainly focusing on the issuance of securities and structured finance products,

advising issuers, offerors, financial intermediaries or investors.

Rita holds a Law degree (LL.B.) from the Catholic University of Portugal

(School of Lisbon), an LL.M. in Law in a European and Global Context from

Católica Global School of Law and an LL.M. in International Financial Law

from King’s College London. She is admitted to the Portuguese Bar

Association and is preparing her admission to the East Timorese Bar

Association (Conselho de Gestão e Disciplina da Advocacia).

Rua Dom Luís I, 28, 1200-151 Lisboa, Portugal. Tel: +351 213 113 400 / Fax: +351 213 113 406 | Timor Plaza,

Rua Presidente Nicolau Lobato, Unidade 433, Comoro, Dili, Timor-Leste. Tel: +670 331 141 8 / URL: www.vda.pt

Vieira de Almeida

Uganda

Introduction

Recently the banking sector in Uganda has experienced changes with the amendment of the Financial Institutions Act 2014. The amendment introduced agent banking, bancassurance, Islamic banking, restrictions on change of ownership, restrictions on mortgage banks and the creation of an independent deposit protection fund, key among them. All these developments are geared towards building a more resilient financial sector and enhancing financial inclusion.

In the quest to build a resilient banking sector and informed by its Financial Stability Report 2013, the regulator noted that it was important to identify certain banks as Domestic Systemically Important Banks (DSIBs), which would reduce the probability of failure, the potential impact of failure, and improve resolution. This obviously is not unique to Uganda, as it has become a requirement borne out of the global financial crisis to ensure that systemically important banks seek capital buffers and do not require government bailouts.

Therefore these reforms can be seen as efforts by the government and the regulator to create a robust and resilient environment in addition to enhancing financial inclusion, which in return could attract investment in the sector.


The Bank of Uganda (BOU), which is the central bank of Uganda, is mandated to regulate banks in Uganda. The BOU is established by law under the Bank of Uganda Act Chapter 51 Laws of Uganda. Under the Financial Institutions Act 2004 (as amended), the BOU is clothed with the mandate to regulate, control and discipline financial institutions. A financial institution is defined to mean a company licensed to carry on or conduct financial institutions business in Uganda, and includes a commercial bank, merchant bank, mortgage bank, credit institution, etc.

The BOU is a single regulator responsible for both prudential supervision and consumer protection. It is important to note that the recent amendment of the Financial Institutions Act providing for bancassurance, an activity that falls under the Insurance Act 2017, calls for regulation by the Insurance Regulatory Authority (IRA) over banks providing the service. This regulation is limited only to insurance activity defined as using a financial institution and its branches, sales network and customer relationships to sell insurance products.

Key legislation or regulations applicable to banks in Uganda are as follows:

The Financial Institutions Act 2004 as amended •

The Financial Institutions (Ownership and Control) Regulations 2005 •

Kefa Kuteesa Nsubuga & Richard Caesar Obonyo KSMO Advocates



The Financial Institutions (Licensing) Regulations 2005 •

The Financial Institutions (Corporate Governance) Regulations 2005 •

The Financial Institutions (Liquidity) Regulations 2005 •

The Financial Institutions (Limits on Credit Concentration and Large Exposures) •Regulations 2005

The Financial Institutions (Insider-Lending Limits) Regulations 2005 •

The Financial Institutions (Credit Classification and Provisioning) Regulations 2005 •

The Financial Institutions (Capital Adequacy Requirements) Regulations 2005 •

The Financial Institutions (Credit Reference Bureaus) Regulations 2005 •

The Financial Institutions (Foreign Exchange Business) Rules 2010 •

The Financial Institutions (External Auditors) Regulations 2010 •

The Financial Institutions (Consolidated Supervision) Regulations 2010 •

The Financial Institutions (Anti-Money Laundering) Regulations 2010 •

The Financial Institutions (Revision of Minimum Capital Requirements) Instrument •2010

The Financial Institutions (Foreign Exchange Business) (Amendment) Rules 2013 •

The Financial Consumer Protection Guidelines 2011 •

The Bank of Uganda Mobile Money Guidelines 2013. •

There are no restrictions on the activities of banks in Uganda. However, the definition of a financial institution business pursuant to the Financial Institutions Act remains the guiding principle. Financial institution business is defined to mean the business of:

(a) acceptance of deposits;

(b) issue of deposit substitutes;

(c) lending or extending credit, including:

(i) consumer and mortgage credit;

(ii) factoring with or without recourse;

(iii) the financing of commercial transactions;

(iv) the recovery by foreclosure or other means of amounts so lent, advanced or extended;

(v) forfeiting, namely, the medium-term discounting without recourse of bills, notes and other documents evidencing an exporter’s claims on the person to whom the exports are sent; and

(vi) acceptance credits;

(d) engaging in foreign exchange business, in particular buying and selling foreign currencies, including forward and option-type contracts for the future sale of foreign currencies;

(e) issuing and administering means of payment, including credit cards, travellers’ cheques and banker’s drafts;

(f) providing money transmission services;

(g) trading for own account or for account of customers in:

(i) money market instruments, including bills of exchange and certificates of deposit;

KSMO Advocates Uganda



(ii) debt securities and other transferable securities;

(iii) futures, options and other financial derivatives relating to debt securities or interest rates;

(h) safe custody and administration of securities;

(i) soliciting of or advertising for deposits;

(j) money broking;

(k) financial leasing if conducted by a financial institution;

(l) merchant banking;

(m) mortgage banking;

(n) creating and administration of electronic units of payment in computer networks;

(o) dealing in securities business as an exempt dealer within the meaning of section 48 of the Capital Markets Authority Act; and

(p) transacting such other business as may be prescribed by the Central Bank.

The recent changes in the law introduced agent banking, bancassurance, Islamic banking, restrictions on change of bank ownership, restrictions on mortgage banks and reforming the deposit protection fund.

Recent regulatory themes and key regulatory developments in Uganda

In 2009, Uganda became part of the Basel III framework within which countries are expected to build a banking sector that is resilient to sustain shocks that affected the global banking system during the 2008 financial crisis. The regulator has been implementing the Basel III framework, and initiated the issuance of the Financial Institutions (Revision of Minimum Capital Requirements) Instrument 2010 which introduced new upward revised minimum capital requirements across the sector. The regulator further identified certain banks in the sector as DSIBs. The DSIBs are required to hold more capital than the other banks. The rationale for identifying DSIBs was because it would reduce the probability of failure and the extent of the impact of failure. Each bank needs to ensure that it has sufficient capital to support its balance sheet and, more importantly, the amount of risk it takes on.

One of the most important tools of bank regulation is the minimum capital adequacy requirement, which is based on the globally agreed approach set out in the Basel Capital Accords. Capital adequacy requirements stipulate that banks must hold a minimum amount of regulatory capital as a percentage of their risk-weighted assets. The purpose of these capital adequacy requirements is to ensure that banks hold a buffer which can absorb losses and thus protect their deposits. If a bank suffers losses because of, for example, bad loans, these losses are first absorbed by the bank’s capital. It is only if the losses exceed the bank’s capital that the bank’s depositors or other creditors will incur losses.

To safeguard depositors, the BOU is mandated under the Financial Institutions Act, 2004 to implement prompt corrective actions, which are triggered by a failure of a bank to comply with the capital adequacy regulations or by other indicators of financial distress. These prompt corrective actions are designed either to restore the bank to a sound financial condition, for example through recapitalisation by its owners or, if that is not possible, to trigger intervention by the BOU to resolve the failing bank in some way, for instance by closure or by selling it to another bank before significant losses to its deposits can occur.

The current legal framework for bank regulation was put in place in 2004, and strengthened




bank regulation following the bank failures that had occurred in the 1990s. Since the enactment of the Financial Institutions Act, 2004, there have been three bank failures in Uganda. The BOU has intervened in these banks in line with the mandatory prompt corrective actions stipulated in the Financial Institutions Act, saving depositors from losing any of their money. In all three cases, the BOU was able to transfer the failed banks’ deposits in full to other banks through Purchase of Assets and Assumption of Liabilities transactions, using the powers conferred on the BOU by the law. In addition, given that the banks which failed collectively comprised less than five per cent of the banking system’s deposits, Uganda has not come close to suffering a systemic banking crisis.

There are no rules on derivatives trading. However, the banks are expected to trade within its minimum capital adequacy statutory requirements.

The regulator normally issues directives and circulars in respect of instructing the banks to assess the readiness of their IT systems against the ever-evolving cyber space. In addition, the regulator will always approve products which are financial-technological in nature, cautioning the banks to have a clear risk-mitigation mechanism in place.

The law-makers have proposed to government to develop laws that would regulate new developments in the banking sector such as the fintech space. In 2013, the central bank enacted Mobile Money Guidelines, which have several regulations that cover areas like consumer protection and recourse, interoperability and financial crime, among others. These guidelines provide the requisites for running a mobile money business in Uganda as:

Any entity providing or intending to provide mobile money services must be a registered •limited liability company.

If the entity intending to provide the mobile money services is not a BOU-licensed •institution, the entity must partner with a licensed institution, which must apply to the BOU seeking approval for the provision of mobile money services in partnership with the mobile money service provider.

The entity must provide proof of its financial position, a business plan and a risk-•management proposal.

The applicant entity must have in place appropriate and tested technology systems. •

The Financial Institutions (Islamic Banking) Regulations, 2018 were gazetted to provide a regulatory framework for conducting Islamic financial business in Uganda. In addition, the revised Financial Institutions (Capital Adequacy Requirements) Regulations, 2018 which introduced an additional capital charge for market risk exposure in the commercial banks and credit institutions, were published in the gazette. Following the gazetting of regulations on Agent Banking in July, 2017, a number of banks rolled out agent banking outlets across the country. All these developments are geared towards building a more resilient financial sector and enhancing financial inclusion levels.

Lastly, the regulatory developments planned in the year 2019, is the enactment into law of the National Payments Systems Bill 2018. The Bill is before parliament. Uganda does not have a comprehensive national payment system to provide an oversight framework for payment service providers, operators and instruments. The Bank of Uganda Act Cap 51 and the Financial Institutions Act 2004, as amended, are either silent or have limitations on the regulation and supervision of payment systems.

The national payment system is one of the principal components of a country’s monetary and financial system, and is therefore crucial in the direction of a country’s economic development.




This legislation is urgently needed to create a harmonised system to ease payment but also to streamline regulation, a key ingredient that is currently missing in the payments system.


Governance and internal controls are made explicit in the Financial Institutions Act 2004, as amended. Part VII of the Act is devoted to providing a good regulatory framework for corporate governance in banks or financial institutions in Uganda.

Notably, this is supplemented by the Financial Institutions (Corporate Governance Regulations) 2005. These regulations were influenced by the guidelines published by the Basel Committee on Banking supervision, based at the Bank for International Settlements, which is responsible for formulating global standards for bank regulation and governance.

The Financial institutions (Corporate Governance) Regulations focus on a number of themes:

(i) The Board of Directors.

(ii) Management committees; i.e. Risk Management Committee, Audit Committee, Asset and Liability Committee.

(iii) Risk management.

The Board collectively must take ultimate responsibility for the performance of the bank and the manner in which it conducts its operations. The Financial Institutions Act and the Financial Institutions (Corporate Governance) Regulations put in place criteria that should be followed when appointing directors. The criteria focus not only on professional requirements but also on the moral probity of an individual. To determine their moral probity, the regulator subjects a director to the ‘fit and proper’ person test. This test is all-round, as it considers the person of the director in relation to: their previous conduct; general probity; their competence and soundness of judgment; whether they have been convicted of an offence; and whether they can be trusted with the interests of depositors and shareholders.

Further, at least five of the directors shall possess demonstrable expertise and experience relevant to the functions of a bank or the financial institution and the principal issues that face the bank such as financial controls, capital management, banking risks and corporate planning.

The corporate governance regulations differentiate between the responsibilities of the Board and the bank management. The Board is mandated to exercise oversight of bank management and hold it to account, which will only be possible if most of the directors are independent of the bank management. To ensure that the Board may be independent, the corporate governance regulations stipulate that at least half of the directors of a bank, including the Chair of the Board, must be non-executive directors.

The Financial Institutions Act and the Financial Institutions (Corporate Governance) Regulations, provide for various committees in the banks: the Audit Committee; the Risk Management Committee; and the Asset and Liability Committee. Where the Human Resources and Remuneration Committee is not specifically provided for under the law, as a practice of good governance all the banks have this committee in place.

The Board is expected to get actively involved in the financial institution’s affairs and risk management by taking the lead in formulating effective risk-management policies and procedures and in monitoring their implementation by the bank’s management. In particular, the Board must ensure the bank has adequate capital; in terms of both its magnitude and quality, and maintain the safe operation of the bank. The corporate governance regulations require the Board to establish two Board Sub-Committees for purposes of risk management; the Risk Management Committee and the Asset Liability Management Committee.




The Risk Management Committee is responsible for the general oversight of risk •management in the bank by establishing guidelines on the financial institution’s tolerance for risk and expectations from investment that shall include limits on loan-to-deposit ratio, limits on loan-to-capital ratio, and limits on exposure to single or related customers.

The Asset Liability Management Committee is responsible for: setting specific •guidelines to manage risk, such as single loan exposure limits and loan-to-capital ratios; reviewing and approving policies that clearly quantify acceptable risk; periodically reviewing controls to ensure that they remain appropriate, and making periodic assessment of the long-term capital maintenance programme; obtaining explanations where positions exceed limits, including reviews of credit granted to substantial shareholders, directors and other related parties; significant credit exposures; and the adequacy of provisions made.

The guidelines set by the Board or its Sub-Committees are expected be consistent with the regulations. For example, the Board may approve policies which would raise the bank’s capital above the minimum statutory capital requirements, but it cannot set capital requirements which are lower than the statutory minimum.

The banking regulations emphasise the importance of the role played by independent internal and external auditors in ensuring good corporate governance and, in particular, ensuring that the bank’s financial statements accurately and fairly reflect its true financial position. Each bank must have an internal auditor who is independent of the bank’s management and who reports to the Audit Committee of the Board. The duties of the internal auditor include evaluating the accuracy of financial information prepared by the bank’s accounting and computer systems and monitoring management’s compliance with the policies and procedures of the bank.

The Board is expected to use internal and external auditors as an independent check on the information provided by the management of the bank. The Board is required to approve the audited financial statements of the bank before they are published. Therefore the Board is expected to have confidence in the competence and independence of the auditors before recommending them to the shareholders for appointment.

In Uganda, the banking sector does not have any rules governing the remuneration of staff. This is left to the discretion of the bank, determined by market forces.

The banks have adopted a risk-based approach. Risk management involves the identification, monitoring, measurement and control of risk to ensure that: the banks’ risk exposure is within the limits envisioned by the board; there is sufficient capital as a buffer available to take the risk; and risk-taking decisions are explicit and clear. Generally, banks face credit, liquidity, market, operational, compliance, reputational and business risks every so often.

The law does not explicitly require banks to have dedicated compliance and risk functions. However, as a practice directed by the regulator, banks have dedicated compliance and risk functions that ensure the banks comply with the law and other directives set by the regulator in the course of running their day-to-day activities.

The law in place does not require banks to maintain a segregation of staff and/or systems. This is left to the discretion of the individual banks as they deem fit to ensure efficiency.

There are no requirements for outsourcing of functions by banks. However, ordinarily, banks pursuing this course of action will always be required to seek approval from the regulator in order to proceed with the appropriate action.





In 2010, the Financial Institutions (Revision of Minimum Capital Requirements) Instrument was issued by the minister of finance. The purpose of this instrument was to revive the minimum capital in order for the banks to have capital buffers in place. This capital is unimpaired by losses of the banks and shall not be less than the stipulated amount. This requirement if breached by any bank, may lead to its takeover by the regulator pursuant to its mandate under the law.

A bank is required to hold tier 1 and tier 2 capital. Tier 1 is core capital or common equity available to absorb losses on a ‘‘going concern’’ basis. Tier 2 capital is total capital which is available to absorb losses on a ‘‘going concern’’ basis.

Following the financial crisis (2007-2008), a more comprehensive set of reforms was introduced by the Banking Committee on supervision. In Uganda’s case it was not until December 2016 that the capital adequacy requirements were raised. On top of the tier 1 and tier 2 capital, it introduced a capital conservation buffer of 2.5% to be held in addition to equity held. This buffer is intended to be available during periods of stress and the bank is not supposed to fall below that buffer. Therefore, core capital plus the conservation buffer puts common equity at 10.5% and total capital at 14.5% of the risk-weighted assets.

Risk adjustment in relation to capital is assigned to different asset categories by weights, depending on their relative convertibility to cash and associated risk. Risk-weighting is meant to ensure banks only undertake transactions on a risk-adjusted return on capital. Weights range from 0% for cash, government and Bank of Uganda schemes; 20% for inter-bank holdings; and 50–100% for all other assets, depending on whether they are counter-guaranteed or not. This helps the banks to adjust for risk the value of balance-sheet and off-balance-sheet items that contribute to the capital position of a bank.

Section 28 of the Financial Institutions Act provides that a bank shall maintain a minimum of liquid assets as determined by the Central Bank. A financial institution shall maintain liquid assets amounting to not less than 20% of deposit liabilities denominated in local and foreign currencies on a weekly average. This is reiterated in the Financial Institutions (Liquidity) Regulations, 2005. Currently the ratio of liquid assets to total deposits is at 50.1%, which is well above the regulatory minimum of 20%.

Rules governing banks’ relationship with their customers and other third parties

Banks’ dealings with third parties

There are no particular regulations that apply to banks’ dealings with third parties. However, the banks are still guarded by the banker-customer relationship. The relationship between a banker and a customer depends on the activities; products or services provided by banks to their customers or availed by the customers. Thus the relationship between a banker and customer is the transactional relationship.

The relationship between a banker and a customer depends on the type of transaction. Thus the relationship is based on contract, and on certain terms and conditions. The relationship confers certain rights and obligations both on the part of the banker and on the customer. The banker-customer relationship is a fiduciary relationship. The terms and conditions governing the relationship are not be leaked by the banker to a third party.

Customer complaints resolution

In 2011, the Bank of Uganda published the Financial Consumer Protection Guidelines. The




purposes of the guidelines are: to promote fair and equitable financial services practices by setting minimum standards for financial services providers in dealing with consumers; to increase transparency in order to inform and empower consumers of financial services; to foster confidence in the financial services sector; and to provide efficient and effective mechanisms for handling consumer complaints relating to the provision of financial products and services. These guidelines set out the key obligations of the banks and also provide for complaints-handling. They impose a duty on the financial services provider, requiring them to put in place and operate appropriate and effective procedures, which it has documented, for receiving, considering and responding to complaints addressed to them by consumers/customers.

The banks in the sector have abided by these guidelines in the course of their day-to-day activities.

The Deposit Protection Fund

The law provides for compensation schemes that cover customers in case the bank fails. Under the Financial Institutions Act, the deposit protection fund was managed and controlled by the Central Bank. However, with the recent amendments of the law, this fund is now independent of the Central Bank. It is a separate legal entity from the Central Bank.

Restrictions on inbound cross-border banking

Under the Financial Institutions (Anti-Money Laundering) Regulations 2010, banks are required under regulation 15 to exercise reasonable caution in their business transactions with persons; including companies and banks from other countries.


The Anti-Money Laundering Act was enacted in 2013. The Act provides for the prohibition and prevention of money laundering. It establishes the Financial Intelligence Authority which is mandated to combat money laundering activities. It has an overall duty to monitor, investigate, and prevent money laundering in the country.

It is also responsible for the enforcement of Uganda’s anti-money laundering laws and the monitoring of all financial transactions inside the country’s borders. The Act also imposes certain duties on institutions and other persons, businesses and professions who might be used for money-laundering purposes referred to as accountable persons, who are required to register with the Authority.

Early this year, the Cabinet approved the Anti-money Laundering Amendment Bill, 2018. The amendment is meant to bolster Uganda’s global reputation – and cooperation in fighting money laundering and terrorism financing.

Essentially, the bill is intended to enable Uganda to join the Egmont Group, a united body of 159 Financial Intelligence Units (FIUs). The Egmont Group provides a platform for the secure exchange of expertise and financial intelligence to combat money laundering and terrorist financing. This group also supports the efforts of its international partners and other stakeholders to give effect to the resolutions and statements of the United Nations Security Council, the G20 Finance Ministers, and the Financial Action Task Force, among others.

Developing countries, like Uganda, stand to benefit from capacity-building provided by the group, and information shared among member financial intelligence institutions.







Kefa Kuteesa Nsubuga


Kefa is an Advocate of the Courts of Judicature in Uganda with over 10 years

of experience. He holds a Bachelor of laws Degree from Makerere University

and a postgraduate diploma in legal practice. Kefa has previously worked

with two International Financial Institutions where he developed experience

in all types of financings; secured and unsecured, syndicated loans and

acquisition financings, before joining M/s KSMO Advocates. He is a partner

in the Corporate and Commercial Department of the Firm and routinely

advises financial institutions and other lenders on a wide range of matters.

Richard Caesar Obonyo


Richard is a founding Partner of the Firm. He specialises in corporate and

commercial services. Richard advises national and multinational corporations,

financial institutions and banking clients on matters ranging from routine

business decisions to more complex business transactions. He has headed the

Corporate and Commercial Department of the Firm since inception, and

lectured corporate law at higher institutions of learning.

With over 16 years of experience as a legal practitioner and lecturer, Richard

has developed proficiency in corporate and commercial law, particularly in

segments of: banking and finance, project and corporate finance, corporate

governance, flotation and acquisitions of companies, share sales and

shareholder arrangements, statutory and regulatory compliance, joint ventures,

corporate restructuring, trade transactions and real estate. Richard has a

passion for his field and enjoys the satisfaction of seeing his clients succeed.

Crested Towers, 5th Floor, Short Tower, 17 Hannington Road, Kampala, Uganda

Tel: +256 414 237 796 or +256 393 111 708 / Fax:+256 414 237 794 / URL: www.ksmo.co.ug

KSMO Advocates

United Kingdom

Introduction

The financial services industry constitutes around 7% of United Kingdom (“UK”) GDP, directly employs approximately 1.1 million people, and contributes a significant proportion of tax revenue to the UK. The banking sector is an important part of the industry, consisting of UK domestic banks and non-UK banks that have established themselves in the UK (many of which use the EU passport to conduct cross border business).

Brexit has created considerable uncertainty for banks operating in the UK. It was reported in the press that London’s 10 biggest investment banks have spent more than £1bn preparing for the UK’s departure from the European Union (“EU”). At the time of writing it was still unclear as to whether or not EU and UK politicians could agree on a deal. In light of the political uncertainty, businesses and regulators in both the EU and the UK have stepped up their preparations for a no-deal Brexit.

From a UK perspective no-deal Brexit preparations have been led by the UK Government, principally through HM Treasury producing legislation that ‘onshores’ (with amendments) existing EU legislation in force immediately before the UK leaves the EU. The UK financial regulators, the Prudential Regulation Authority (“PRA”) and Financial Conduct Authority (“FCA”) have also been busy producing amendments to their rules and guidance to reflect life outside the EU.


Responsibility for UK bank regulation is divided between the PRA (which is part of the Bank of England (“BoE”)) and the FCA. A third body, the Financial Policy Committee, which sits in the BoE, has a primary objective of identifying, monitoring and taking action to remove or reduce systemic risks, with a view to protecting and enhancing the resilience of the UK financial system.

The PRA and FCA both derive their powers from the primary piece of legislation governing UK financial services: the Financial Services and Markets Act 2000 (as amended) (“FSMA”). FSMA makes it a criminal offence to engage in “regulated activities” by way of business in the UK unless authorised or exempt. Secondary legislation which is made under FSMA establishes the list of regulated activities in the UK. This list is updated and amended from time to time for new activities, such as the administration of benchmarks; a regulated activity introduced in 2015. The list was further amended to take into account the implementation on 3 January 2018 of the EU Markets in Financial Instruments Directive (recast) (“MiFID II”) and the EU Markets in Financial Instruments Regulation (“MiFIR”) (discussed further below). Specifically, a new activity of operating an organised trading facility was added.

Simon Lovegrove & Alan Bainbridge Norton Rose Fulbright LLP



For banks, accepting deposits is the defining regulated activity. Accepting deposits is a regulated activity only where deposits are lent to third parties or where any other activity of the firm is financed out of the capital of, or out of interest on, those deposits. This captures banks and building societies in the UK, which must therefore be authorised by the PRA. The PRA and FCA work closely together in the authorisation process, and the PRA is required to obtain the consent of the FCA before granting any permission.

Banks may undertake other regulated activities alongside deposit-taking, such as dealing in investments as principal, arranging deals in investments, safeguarding and administering investments, and certain residential mortgage lending activities. It is important to note that the UK regime regulates most activities only where they are carried on in relation to “specified investments”, a list of which (including shares, debentures, options, futures, contracts for differences, etc.) are prescribed in secondary legislation enacted under the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (the “RAO”). Like the list of regulated activities, the list of specified investments is updated from time to time. For example, with the implementation of MiFID II and MiFIR, certain derivatives relating to currencies, binary contracts and emission allowances were added to the list. In addition, the regulated activities of dealing in investments as agent, arranging deals in investments, managing investments and advising on investments have been applied in relation to structured deposits.

PRA

The PRA is the prudential regulator of UK deposit-taking institutions (as well as insurance companies and certain large investment firms). PRA-regulated firms are also regulated by the FCA in respect of conduct of business matters, and are therefore “dual regulated”.

FSMA gives the PRA two primary objectives: a general objective to promote the safety and soundness of the firms it regulates, focusing on the adverse effects that they can have on the stability of the UK financial system; and an objective specific to insurance firms, to contribute to ensuring that policyholders are appropriately protected. Since 2014, the PRA has had a secondary objective. When discharging its general functions in a way that advances its primary objectives, it must, so far as is reasonably possible, act in a way which facilitates effective competition in the market for services provided by PRA-authorised firms. From 1 January 2019, the way in which the PRA advances its general objective was amended to reflect the aims of bank structural reform (also referred to as ring-fencing, discussed below). This requires the PRA to discharge its functions in a way that seeks to: (i) ensure that the business of ring-fenced bodies (“RFBs”) is carried on in a way that avoids any adverse effect on the continuity of the provision in the UK of core services (retail deposits and related payment and overdraft services); (ii) ensure that the business of RFBs is protected from risks (arising in the UK or elsewhere) that could adversely affect the continuity of the provision in the UK of core services; and (iii) minimise the risk that the failure of a RFB or of a member of a RFB’s group could affect the continuity of the provision in the UK of core services.

The PRA is a forward-looking and judgment-based prudential regulator. This means that it proactively takes action in order to pursue its objectives. For example, it conducts regular stress-testing for the firms it regulates and has adopted regulatory initiatives like the senior managers’ regime (see below). The PRA has different objectives to the FCA but both institutions work together and have agreed to arrangements set out in a Memorandum of Understanding.

Under FSMA, the PRA has a general power to make rules which apply to the firms that it regulates, and to issue related guidance with respect to such firms. The PRA’s rules are

Norton Rose Fulbright LLP United Kingdom



located in its rulebook, whereas guidance which often supplements these rules is located in supervisory statements. The PRA also publishes statements of policy which set out its approach to exercising certain statutory powers, such as its enforcement and information-gathering powers. The PRA has also published approach documents; these set out its approach to the supervision of firms in the banking and insurance sectors. The approach documents are updated regularly, the last time being October 2018.

The PRA expects firms to engage directly with policy material, including its rules, EU material and supervisory statements, and determine, bearing in mind the overarching principle of safety and soundness, whether they meet the PRA’s expectations. The PRA also expects firms not to merely meet the letter of its requirements, nor indeed to game them by engaging in ‘creative compliance’.

FCA

The FCA is the UK financial services regulator responsible for the regulation of conduct in retail and wholesale financial markets. It also has a broader ambit: supervising the trading infrastructure which supports those markets and acting as the prudential regulator for firms not authorised by the PRA.

The FCA has a strategic objective to ensure that markets function well. To do this, it has three operational objectives, which are to:

secure an appropriate degree of protection for consumers; •

protect and enhance the integrity of the UK financial system; and •

promote effective competition in the interests of consumers in the markets for regulated •services.

Whatever the FCA does, or actions it takes, it should be in order to achieve one or more of these objectives.

The FCA became a competition regulator (alongside the Competition and Markets Authority under UK competition law) in relation to financial services on 1 April 2015. This is in pursuit of the competition objective referenced above. The FCA’s competition objective is therefore embedded in its regulatory approach, which includes looking at whether improving competition would improve consumer outcomes, and weighing up the impact of new measures on competition. Consequently, the FCA conducts market studies that seek to assess whether there are competition concerns and, if so, takes steps to address features that inhibit effective competition.

To pursue its objectives, the FCA has a wide variety of rule-making and supervisory powers, including those relating to enforcement, sanction and prosecution. The FCA may also take action in respect of unfair terms in certain types of financial services contracts under the Consumer Rights Act 2015 and the Unfair Terms in Consumer Contracts Regulations 1999. However, the Financial Services Compensation Scheme and the Financial Ombudsman Service are independent of the FCA.1

The FCA aims to be, and this is increasingly evident in practice, a proactive regulator seeking to take action where there is the risk of consumer detriment, but before it takes place. This means that the FCA is increasingly willing to intervene before a product is launched or to use its powers to require a firm to withdraw or amend a misleading financial promotion.

In April 2014, the FCA took over the regulation of consumer credit from the Office of Fair Trading. Various consumer credit activities like credit intermediation (broking) became




regulated activities under FSMA requiring prior authorisation. Importantly, agreements that are covered by the FCA consumer credit regime are subject to detailed rules. Such rules apply to the drafting of the agreements and to the substance of pre- and post-contract information. Failure to comply with these rules can be onerous, with UK courts having powers to re-open credit agreements where they consider that the terms create an unfair relationship between the lender and the borrower, and may change the terms (including amounts payable).

The FCA has also established a Payments Systems Regulator (“PSR”) which became operational on 1 April 2015. The PSR regulates payment systems, which are the mechanisms through which money is transferred between individuals and business when buying goods and services. It is independent of the FCA in terms of the rules it produces but it sits as a subsidiary of the FCA and leverages off the FCA’s existing regulatory infrastructure, such as staff, IT systems, etc.

Recent regulatory themes and key regulatory developments in the UK

European initiatives

(a) Brexit At the time of writing this chapter, the UK was still in the process of negotiating its withdrawal from the EU, despite being scheduled to leave some five weeks away on 29 March 2019.

Both the EU and the UK have been stepping up their contingency preparations for a no-deal Brexit.

From the EU side, the European Commission (“Commission”) has issued Brexit preparedness notices on a wide range of areas which summarise how EU policy and law will change. The preparedness notice for banking services reminds UK entities that they will lose passporting rights once the UK leaves the EU.2 In addition, with the loss of passporting rights, the notice warns that the ability of UK-based entities to perform certain contractual obligations may be impaired. The final part of the notice covers arrangements and exposures, noting in particular that the prudential treatment of exposures to third parties established in the UK may be affected.

In addition to issuing the Brexit preparedness notices, the Commission has adopted temporary equivalence decisions on the future UK legal and supervisory framework for central counterparties (“CCPs”) and central securities depositories (“CSDs”). In a no-deal Brexit, these decisions would come into effect from 30 March 2019. Recognition would allow UK CCPs to continue to provide clearing services to their EU members, and EU banks to meet their obligations to UK CCPs.3

Each of the three European Supervisory Authorities (“ESAs”) – the European Banking Authority (“EBA”), the European Securities and Markets Authority (“ESMA”) and the European Insurance and Occupational Pensions Authority – are also playing an important role in the EU’s work on Brexit. In particular, each ESA has issued opinions4 to Member State competent authorities setting out their supervisory expectations as to how financial institutions should prepare for Brexit.

(b) MiFID II / MiFIR

On 3 January 2018, the Markets in Financial Instruments Directive (“MiFID”) was replaced MiFID II and MiFIR. MiFID II and MiFIR take over the mantle previously held by MiFID as being the cornerstone of EU financial services law, setting out which investment services




and activities should be licensed across the EU, and the organisational and conduct standards that those providing such services should comply with. MiFID II and MiFIR upgraded MiFID by introducing new provisions relating to: non-equity market transparency; regulatory product intervention powers; third country provisions; and high-frequency trading controls.

The UK’s implementation of MiFID II (being a Regulation, MiFIR is directly applicable whilst the UK is a member of the EU5) has taken the form of a combination of legislation made by HM Treasury, in the form of a number of statutory instruments, and rules contained in the FCA Handbook and, to a lesser extent, the PRA Rulebook.

Among other things MiFID II and MiFIR contain a number of provisions relating to the conditions under which non-EU firms may provide investment services to EU-based clients. In respect of access to the EU for third-country firms, the MiFID II/MiFIR regime is divided into two interconnected parts, dealing separately with, on the one hand, per se professional clients and eligible counterparties (“ECPs”) (in MiFIR), and on the other hand, retail and elective professional clients (in MiFID II).

Under MiFIR, Member State national regimes that apply to third country firms providing business to per se professional clients and ECPs will continue until a positive decision is taken by the Commission in respect of the effective equivalence of that third-country jurisdiction to EU prudential and business conduct standards. For three years following this equivalence decision, third-country firms will continue to be able to provide services under the Member State’s national regime. Alternatively, the third-country firm may register directly with ESMA. The benefit of registering with ESMA is that the third-country firm may then provide investment services to, or perform activities directly with, per se professional clients and ECPs anywhere in the EU without having to establish an EU branch. However, before providing such services and activities, the third-country firm must inform clients that they are not allowed to provide services other than to per se professional clients and ECPs, and that they are not subject to supervision in the EU.

MiFID II provides that Member States may require third-country firms seeking to provide investment services and activities to retail and elective professional clients to do so from local branches, which are authorised and supervised in accordance with specified criteria. Where a third-country firm establishes a branch in a Member State that has been authorised in accordance with MiFID II, MiFIR provides that it can “passport” any MiFID II investment services or activities (to per se professional clients and ECPs only) into other Member States from that branch once the Commission has adopted a positive equivalence decision in relation to the relevant third-country jurisdiction.

The third-country branch regime set out in MiFID II is optional. The UK has not implemented this regime and therefore its existing domestic regime for third-country branches remains. Importantly, this means that the UK has retained its key exemption under the RAO known as the ‘overseas persons exclusion’. This exclusion has played an important part in the access of third-country firms to the London market.

(c) PSD2 and the Benchmarks Regulation

The Payment Services Directive was replaced by a new Directive (the revised Payment Services Directive or PSD2) on 13 January 2018. The PSD2 directs banks and credit unions to give open access to their customer data and account information to licensed third party businesses (though with the caveat that this data can only be provided with their customers’ explicit consent). It also focuses on reducing barriers to entry for providers of card and internet payment services, and encourages payments innovation in the context of mobile




technology. Being a Directive, Member States had to transpose the PSD2 into their national law. The UK did this primarily through legislation, the Payment Services Regulations 2017. The FCA also amended its rules and guidance to reflect these new Regulations.

Most of the provisions of the Benchmarks Regulation6 came into force on 1 January 2018. Being a Regulation, it is directly applicable in Member States.7 The UK has introduced statutory amendments to align its regime with the new Regulation. This was primarily through the Financial Services and Markets Act 2000 (Benchmarks) Regulations 2018. The FCA also made changes to its Handbook. The Benchmarks Regulation substantially replaced the UK regime that previously regulated benchmark administrators and contributors.

(d) Anti-money laundering

Member States are required to transpose into their domestic regime the provisions of the Fifth Anti-Money Laundering Directive (“5MLD”) by 10 January 2020. The 5MLD makes a number of changes to the Fourth Anti-Money Laundering Directive, including extending its scope to include providers engaged in exchange services between virtual currencies and fiat currencies. It also clarifies and harmonises among Member States the enhanced due diligence measures to be taken relating to business relationships or transactions involving countries identified as high-risk by the Commission. Another notable development is the improved identification of politically exposed persons. Member States are required to create and keep updated lists of the specific functions that qualify as prominent public functions in their jurisdictions, and to send their lists to the Commission. The Commission is to create and keep updated an equivalent EU-level list, and to publish a single list of prominent public functions, based on all the lists.

At the time of writing, a draft legislative proposal was being reviewed by the EU institutions which would amend the three Regulations founding the ESAs. The proposal would centralise the tasks relating to the prevention and combating of money-laundering and terrorist financing into the EBA. The EBA’s supervisory powers relating to anti-money laundering / combating terrorist financing would be extended from the banking sector to the financial sector as a whole, taking over the supervisory powers currently held by the other two ESAs.

(e) Significant legislative reviews

There are significant legislative reviews currently taking place of the EU’s regulatory framework. These include measures on banking regulation, being proposed amendments to the CRD IV, the Capital Requirements Regulation (“CRR”) and the Bank Recovery and Resolution Directive (“BRRD”). The amendments to the CRD IV and CRR are discussed later in this chapter. In the main, the proposals to amend the BRRD are designed to refine the rules relating to the ‘minimum requirement for eligible liabilities’ (“MREL”). These refinements apply different MREL requirements to a firm that is a global systemically important institution (“G-SII”) as opposed to other non-G-SII banks, which is intended to allow the G-SII MREL framework to align with the Financial Stability Board’s ‘total loss-absorbing capacity’ (“TLAC”) standard. Furthermore, amendment to Article 55 of the BRRD is proposed so that it can be applied in a proportionate manner, reflecting the approach taken in a number of Member States under the existing Directive.

Outside of banking regulation, amendments are being proposed to the European Market Infrastructure Regulation, most notably containing the possibility of imposing a location policy on systemically important central counterparties.




Domestic trends

At the time of writing this chapter, the UK was only weeks away from leaving the EU on 29 March 2019. Despite this, uncertainty remained as to whether or not the UK would crash out of the EU without a deal. But whilst Brexit has dominated the headlines, the examples below illustrate that there are also a number of important home-grown regulatory initiatives, but these are by no means exhaustive.

(a) Brexit By virtue of the UK being in the EU, banks and other financial services firms authorised in the UK are able to provide services into and within other Member States without the need for further authorisation. This is commonly known as ‘passporting’. The ability to passport services means that a financial services firm can either provide its services directly on a cross-border basis or can establish a branch in another Member State, having received authorisation from its home state regulator and without the additional requirements and costs associated with establishing a subsidiary in that Member State. Subsidiaries, in contrast, may be subject to local governance and regulatory requirements, and may require separate capitalisation, both of which increase costs.

The key issue that banks in the UK face with Brexit is the loss of the passport and the associated costs of creating a subsidiary in an Member State. The Commission has stated that it is not prepared to grant passporting rights to UK firms once the UK leaves the EU on the basis that the ‘four freedoms’ – freedom of movement of goods, services, persons and capital – are indivisible. Instead the UK will have to rely on so-called equivalence measures in EU legislation – which is different, and less extensive.

The draft Withdrawal Agreement which was announced on 14 November 2018 provides some relief – if both the UK and the EU ratify it. This is because it provides for a transitional period during which existing EU law (unless otherwise agreed) and the passporting regime will continue to apply until 31 December 2020 (which may be further extended once by one or two years).

The draft Withdrawal Agreement was accompanied by a Political Declaration setting out at a high level the framework for the future relationship between the EU and the UK. This includes a reference to financial services. However, whilst it recognises the need for continuing close cooperation between different regulators and regimes, the basis of such cooperation will be equivalence.

If the Withdrawal Agreement is not ratified, the UK will leave the EU without a deal and this is commonly referred to as a ‘hard Brexit’ or ‘no-deal Brexit’ scenario. Given that political differences remain on the draft Withdrawal Agreement, both the EU (as discussed previously) and the UK have stepped up their contingency planning for a hard Brexit.

The key piece of primary UK legislation is the European Union (Withdrawal) Act 2018 (the “EUWA 2018”). The EUWA 2018 is designed to address the significant legal challenge that will result from the UK leaving the EU. Essentially the EUWA 2018 cuts off the source of EU law in the UK by repealing the European Communities Act 1972 and removing the competence of EU institutions to legislate for the UK. The EUWA 2018 also seeks to preserve existing EU law as it applies in the UK immediately before Brexit and converting it into UK law.

Approximately 60 financial services related statutory instruments (secondary legislation) are being produced under the EUWA 2018. These are intended to amend deficiencies in UK law and retained EU law that arise from the UK leaving the EU without a deal. The UK




Government has also published draft primary legislation, The Financial Services (Implementation of Legislation) Bill (“IOL Bill”), which provides for the UK onshoring so-called in-flight EU legislation, being EU legislation that is not yet in force or applicable within two years of the UK leaving the EU.

Two important components of the UK’s contingency planning for a hard Brexit are the temporary permissions regime (“TPR”) and the financial services contracts regime (“FSCR”). The statutory basis for both is the EUWA 2018.

The TPR will enable firms and funds that currently passport into the UK to continue operating in the UK for a limited period of time after the UK has left the EU. However, to take advantage of the TPR, firms must have made a notification to the PRA/FCA before the end of 28 March 2019. Once in the TPR, the PRA or FCA will allocate the firm with a ‘landing slot’ within which they will need to submit their application for UK authorisation. Landing slots will be allocated after 29 March 2019. The first landing slots are expected to be October to December 2019; the last to be January to March 2021.

The FSCR is a back-stop to the TPR to mitigate contract continuity risks. The FSCR is designed for those EU firms that passport into the UK immediately before exit day which: (i) do not make a notification to enter the TPR; or (ii) make a notification to enter the TPR but exit that regime without full authorisation. The FSCR applies automatically these firms. The FSCR provides limited permissions for these firms to perform existing contracts but, unlike the TPR, does not allow a firm to carry out regulated activities in relation to new contracts, except where necessary to service pre-existing contracts. Firms falling within the scope of the FSCR will be expected to run-off, close out, or transfer obligations arising from contracts that exceed the time limit of the regime (15 years for insurance contracts and five years for other contracts) prior to the end of the regime.

Each of the the BoE, PRA and FCA have been consulting on changes to their rules and guidance stemming from a hard Brexit. However, at the time of writing, they had not published final rules and guidance.

(b) PRA’s supervision of UK branches of international banks

In March 2018, the PRA issued a policy statement regarding its approach to the authorisation and supervision of UK branches of international banks. The approach came into effect on 29 March 2018. The purpose of the policy statement and accompanying supervisory statement is to deal with some of the uncertainty created by Brexit and provide guidance on the PRA’s approach to UK branches of EEA banks once the UK leaves the EU. Significantly, whilst the PRA notes that a branch offers less supervisory control than a subsidiary, it accepts the economic benefits that branches bring. However, the regulator draws a line at branches where there would be risks to UK financial stability.

The PRA’s authorisation framework applies to the whole of the international bank of which the branch is part, rather than just the branch itself. The framework is ‘anchored’ in the PRA’s general objective of maintaining UK financial stability and involves an assessment of a range of factors which include the level of supervisory cooperation with the home state supervisor. The PRA expects branches of international banks operating in the UK to primarily focus on wholesale banking activities and has additional expectations where such branches are systemically important. Where the PRA considers a branch conducting wholesale business to be systemically important, it may impose additional specific regulatory requirements – although if it deems these to be insufficient from a financial stability viewpoint, the regulator will instead require the establishment of a subsidiary. Where an international bank is expected to carry out significant retail banking activities in the UK, the




PRA would expect a subsidiary to be established. The PRA approach sets out certain tests to determine what significant retail activities are.

(c) Ring-fencing

A key UK initiative is ring-fencing, which UK banks have been obliged to comply with from 1 January 2019. The Financial Services and Markets Act 2000 (Banking Reform) Act 2013 introduced a requirement for UK banking groups with more than £25bn of “core” deposits (i.e. those from individuals and small businesses) to “ring-fence” their core banking services from their wholesale and investment banking operations.

This means that most UK banks are adopting new legal structures and ways of operating through large and complex restructuring programmes. All banks subject to this requirement have completed the process of restructuring their business using the ‘ring-fencing transfer scheme’ (“RFTS”) restructuring tool. To use an RFTS, a bank had to make an application to court. RFTS court directions began in 2017 and were all successfully completed in 2018.

The PRA has finalised the policy required by banks to implement the ring-fencing regime. This included final policies on governance, legal entity structures, operational continuity arrangements, prudential requirements, intra-group arrangements, financial market infrastructures and reporting and residual matters. Banks have been required to comply with the structural reform requirements, as set out in each of the policy areas from 1 January 2019.

(d) Senior managers’ regime

Since 7 March 2018, the UK banking industry has been subject to the individual accountability regime. The regime, which replaced the approved persons’ regime, comprises a senior managers’ regime, a certification regime and conduct rules (generally referred to as the “SM&CR”). The SM&CR is being extended to other UK financial services firms from 9 December 2019.

Whilst the FCA’s recent focus has been on extending the SM&CR, there have also been important developments for the banking regime. In particular, in January 2019 the FCA followed up on its discussion paper on whether an individual in charge of a firm’s legal function required approval under the SM&CR, by publishing a consultation paper.8 The FCA has proposed to exclude general counsel and heads of legal from the requirement to be a senior manager. However, there are three important caveats:

it is only when the individual is acting as general counsel / head of legal that they are 1.excluded. If, for example, the individual has another role, e.g. head of compliance, they will be in scope for that other role;

they need to be certified, as they will either meet the test to be a ‘material risk taker’ or 2.a ‘significant harm function’. Most banks have certified their general counsel / head of legal, so this should not be a new change; and

they must comply with Senior Manager Conduct Rule 4 – the duty to disclose matters 3.to the regulator when appropriate.

The deadline for comments on the consultation paper is 23 April 2019. The FCA will consider the feedback received and publish final rules and guidance in Q3 2019 with the effective date of the changes being before implementation of the regime to the non-bank industry, namely before 9 December 2019.

In relation to Brexit, the PRA issued a note in January 2019 which contained FAQs which clarified the interaction between its proposals for applying the SM&CR to firms in the TPR and the FCA’s equivalent proposals.




(e) Retail banking business models

In April 2017, the FCA launched a programme of discovery work – the Strategic Review of Retail Banking Business Models (the “Strategic Review”). In brief, the Strategic Review seeks to review retail banking business models in greater depth, understand how free-if-in-credit banking is paid for, and understand the impact of changes such as reduced use of branches on banks’ business models and the potential impact on consumers. The FCA published its findings in December 2018.

The FCA’s findings stated that its analysis confirmed that the personal current account (“PCA”) is an important source of competitive advantage for major banks. PCAs bring cheap funding from customer deposits and additional revenues from overdraft fees and other charges. As a result of the review, the FCA will be initiating work in three areas: payment services; SME banking; and monitoring of retail banking business models. In addition, it has identified three potential areas which may require co-ordinated action in the future to ensure a retail banking sector that works well for consumers: (i) continued access to banking services; (ii) the appropriate use of consumer data; and (iii) system resilience and effective prevention of financial crime and fraud.

(f) Securitisation

On 1 January 2019, a new framework for European securitisations took effect. Two Regulations, which came into force on 17 January 2018, now apply:

Regulation (EU) 2017/2402 (the “Securitisation Regulation”); and •

Regulation (EU) 2017/2401 (the “Securitisation Prudential Regulation”, or “SPR”). •

Together, this legislative package represents a major milestone in the EU’s Capital Markets Union reform agenda.

The Securitisation Regulation generally applies to securitisations issued on or after 1 January 2019, and does two main things. Firstly, it repeals the main securitisation provisions in existing sectoral legislation applicable to banks (the CRR), insurers (Solvency II) and fund managers (the Alternative Investment Fund Managers Directive) and recasts those provisions in a new, harmonised securitisation regime applicable to all institutional investors including UCITS and pension funds. Secondly, it introduces a concept of “simple, transparent and standardised” securitisation that receive more benign regulatory treatment than other securitisations.

On 19 December 2018, the FCA published a policy statement9 in which it set out final rules and near-final rules and guidance to ensure that its Handbook was consistent with the two Regulations mentioned above.

(g) LIBOR reform

In a speech in July 2018, Andrew Bailey (CEO, FCA) stated that firms should treat a London Inter-Bank Offered Rate (“LIBOR”) transition to alternative interest rate benchmarks “as something that will happen and which they must be prepared for”. On 19 September 2018, the FCA and the PRA wrote to the CEOs of major banks and insurers supervised in the UK, asking for information concerning their preparations for transitioning from LIBOR to alternative interest rate benchmarks. The purpose of the letters was to seek assurance that firms’ senior managers and boards understand the risks associated with the transition and are taking action so that their firm can transition to alternative rates ahead of the end of 2021.

(h) Enforcement The FCA continues to pursue its strategy of credible deterrence and takes significant action




against firms and individuals who break its rules, reinforcing proper standards of market conduct. In 2017, the FCA issued its largest ever financial penalty for anti-money laundering controls failings at a bank (£163,076,224). The FCA has also levied some significant fines on individuals; at the beginning of 2019, the FCA fined an individual £76,000,000 for certain regulatory breaches.

The FCA also published for consultation in 2018 its revised approach to enforcement. The final document setting out the FCA’s approach to enforcement activities is expected in Spring 2019 and is part of the FCA’s mission to introduce greater transparency in their operations.


On 1 January 2014, the “CRD IV” package (comprising the CRR and CRD) was transposed into the UK’s regulatory regime. This recast the regime for banks largely in line with Basel III capital standards.

CRD IV’s detailed regulatory capital rules are predominantly contained in an EU regulation (the CRR), which has direct application in the UK, as it does in all other Member States.10 Accordingly, the PRA decided not to make its own rules to implement provisions of the CRR except in the, relatively few, areas where it has discretion over the application of a rule or the manner in which a legislative objective is to be achieved. The CRD, on the other hand, takes the form of an EU directive and so its provisions are not directly applicable. The CRD makes provision for many of the EU-specific governance enhancements, and the PRA has implemented provisions in its Rulebook to transpose these requirements.

On 23 November 2016, the Commission released proposals to revise CRD IV through amendments to the CRR and CRD (known together as CRD V). These proposals reach across the spectrum of bank capital requirements and result from both agreements at international level in the Basel Committee and Financial Stability Board as well as the need to address European-specific issues. After much negotiation, the European Parliament and the Council of the EU reached a provisional political agreement on the legislative package on 4 December 2018.

Finally, following a call for technical advice on 13 June 2016, the EBA released a discussion paper on 4 November 2016 on a new prudential regime for investment firms. The outcome of this paper, and the EBA’s supplementary market data-gathering exercises, is the 20 December 2017 Commission publication of a legislative proposal, which entirely revises the prudential rules for investment firms and is anticipated to have significant impact on capital and other prudential requirements. At the time of writing, this legislative proposal was still being reviewed by the EU authorities.

(a) Regulatory capital Under the CRR, banks are required, both on a solo and on a consolidated group basis, to calculate and hold capital against:

credit risk, which is, in high-level terms, an estimation of the risk that a debtor or •counterparty will fail to meet its obligations as they fall due, calculated for both assets and off-balance sheet exposures. Banks must adopt either a “standardised” or an “advanced” approach to calculating the risk-weighted assets to which capital charges are then applied. The estimation of risk under the standardised approach is mainly based on external credit ratings, whilst the advanced approaches allow banks, with the consent of the PRA, to build internal models to calculate the capital charge for their exposures;




market risk, which is essentially the risk of loss on investments or positions as a result •of changes in market prices, is based on a “building block” approach, with capital required to be held against position risk, counterparty risk, foreign exchange risk, commodities risk and large exposures risk (note that there are also restrictions on large exposures). A transaction can give rise to capital charges under more than one heading and, again, with PRA approval, it is possible for banks to use an internal model to calculate market risk; and

operational risk, which is the risk of loss flowing from factors such as internal process •or systems failures, or from external events.

Whether an exposure is treated as a market risk or credit risk depends, broadly, on whether the exposure sits on the trading book, i.e. if the purpose is to make a profit or avoid a loss from short-term market changes, then the market risk regime generally applies. Long-term investments, intended to generate an income stream or targeting a capital return from longer-term value appreciation, generally fall within the credit risk rules.

Following the Basel Committee’s work on the ‘fundamental review of the trading book’ (“FRTB”), the CRD V proposals introduce a requirement to have more risk-sensitive market risk capital requirements for trading activity in securities and derivatives. The aim of these revisions to the market risk framework is to improve risk-capture, enhance consistency across banks and prevent regulatory arbitrage. Whilst these proposals generally follow the FRTB standard, certain EU-specific matters are addressed (for example, regarding the treatment of sovereign exposures). The 4 December 2018 update from the EU Council confirmed that agreement had been reached with the Commission, and that the final standards should be implemented as soon as they are finalised at international level.

The so-called ‘output floor’, which limits the effect of internal models to a lower bound of 72.5% of the Standardised Approach, was agreed at the Basel Committee in December 2017 after prolonged negotiation between EU and US regulators. Though much has been made of the impact on EU (and UK) banks due to their generally higher reliance on models in calculating capital requirements, this may be significantly mitigated by corresponding reductions in the risk weights for mortgages and certain other lending under the revised Standardised Approach. EU policymakers are yet to announce whether the output floor and related risk-weighting amendments will be incorporated into the proposed CRD V package.

The CRR’s current regime for restricting banks taking on large exposures to groups of connected counterparties survives largely intact under the CRD V proposals, but amendments are sought to bring it into line with Basel Committee’s 2014 standard. This affects the quality of capital accounted for in calculating the large exposures limit (the proposal recommends only Tier 1 capital whilst currently some Tier 2 capital can be used), and introduces a lower limit of 15% (compared to the normal 25% of eligible capital) for the exposures of G-SIIs to other G-SIIs, as well as requiring all banks to use the Standardised Approach for Counterparty Credit Risk (“SA-CCR”) to determine exposures to OTC derivative transactions.

(b) Amount of capital UK banks are required to hold base regulatory capital of at least 8% of risk-weighted assets plus additional capital reflecting various capital buffers, which are being phased in. These buffers include the CRD IV combined capital buffer (comprising a capital conservation of 2.5% of risk-weighted assets and an institution-specific countercyclical capital buffer), Pillar 2 capital buffers (intended to capture more idiosyncratic and forward-looking risks not otherwise reflected in the generally applicable requirements), and systemic capital buffers




reflecting global or domestic systemic importance. Further, the PRA currently imposes a ‘PRA buffer’ on top of the CRD IV buffer requirements. In practice, UK banks are required to hold regulatory capital significantly in excess of 10.5%.

(c) Types of capital Against their capital requirement, banks must hold capital displaying certain characteristics in specified minimum proportions. The CRR tightened the definition of the highest quality capital, “common equity Tier 1” capital (broadly ordinary share capital and reserves), and:

increased the requirement to hold this capital to at least 4.5% of risk-weighted assets; •and

requires all of the buffers introduced by CRD IV referred to above to be satisfied with •common equity Tier 1.

Banks may satisfy other elements of their capital requirements with “additional Tier 1” (broadly, perpetual subordinated debt instruments with certain features, including no incentive to redeem and automatic triggers for write-down or conversation to equity) and Tier 2 (broadly, subordinated debt with original maturity of at least five years). Further, revised MREL standards (mentioned above) also effectively create a new class of regulatory capital in cases where subordination to ordinary liabilities is required by resolution authorities (albeit that this would be less subordinated than either Tier 1 or Tier 2 regulatory capital).

(d) Liquidity

The CRR codified two liquidity ratios: a “liquidity coverage ratio” (“LCR”), and a “net stable funding ratio” (“NSFR”). The LCR requires banks to maintain sufficient high-quality liquid assets in a liquidity buffer to cover the difference between the expected cash outflows and the expected capped cash inflows over a 30-day stressed period. The PRA began to phase in the LCR on 1 October 2015. The LCR rose to 90% from 1 January 2017 and reached 100% on 1 January 2018, as required by the CRR.

The NSFR is intended to address liquidity mismatches, with the aim of aligning more closely the funding of longer-term (i.e. illiquid) assets with more stable medium- or longer-term liability and equity financing. At present, it remains solely a reporting requirement and does not operate as a constraint on a bank’s operations (though the NSFR data reported may be used by the PRA in its consideration of the appropriate level of Pillar 2 liquidity required). In a report published in December 2015, the EBA recommended the introduction of an NSFR on the basis that it could not find strong evidence that an NSFR would have a negative impact on bank lending, financial assets, markets or trading book positions in banks, apart from some possible adjustment in prices.

The November 2016 CRD V proposals seek to introduce a binding NSFR requirement, with the amount of required stable funding to be calculated by multiplying assets and off-balance sheet exposures by factors that reflect their liquidity characteristics and residual maturities over a one-year period. The NSFR seeks to ensure that a bank has sufficient stable funding to meet its funding needs during a one-year period under both normal and stressed conditions and, like the LCR, the NSFR is expressed as a percentage. Though the NSFR is derived from a proposal of the Basel Committee, the European proposals diverge in certain respects (as recommended by the EBA) which the Commission considers necessary to avoid negative impacts on financing of the European real economy. A binding NSFR has not been introduced according to the Basel Committee’s timetable (which would introduce the NSFR on 1 January 2018), pending further negotiation of the CRD V proposals.




(e) Leverage ratio

At the direction of the Financial Policy Committee, the PRA has implemented a UK leverage ratio framework which took effect from 1 January 2016. The purpose of the leverage ratio is to address the risk of excessive leverage for the group of firms that are the most systemically important in terms of size and critical services provided to the UK economy. The leverage ratio applies on a consolidated basis to PRA-regulated banks and building societies with total retail deposits equal to or greater than £50bn (on an individual or consolidated basis). In-scope firms must hold sufficient Tier 1 capital to maintain a minimum leverage ratio of 3%. As is the case for the NSFR, at the EU level under CRD IV, the leverage ratio is currently only a reporting requirement. Although the Commission’s CRD V proposals seek to introduce a binding leverage ratio of 3%, these do not currently contain a threshold of application and so would extend the UK regime if implanted in their current form.

The UK framework also requires firms to consider whether they also hold a further amount of common equity Tier 1 capital that is greater than or equal to their countercyclical leverage ratio buffer and, if the firm is a G-SII, their G-SII additional leverage ratio buffer. The CRD V proposal does not currently contain a leverage ratio buffer regime for G-SIIs as this remains the subject of international discussions.


The PRA’s approach document to banking supervision (mentioned earlier) is instructive in terms of understanding the regulator’s expectations as regards bank governance and internal controls. Whilst there is insufficient room in this chapter to provide a detailed analysis, the following is worth bearing in mind:

it is the responsibility of each bank’s board and management to manage the bank •prudently, consistent with its safety and soundness;

for a bank to be permitted to carry out regulated activities, the bank as a whole must be •‘fit and proper’. This requirement, for a bank and those managing its affairs, to be ‘fit and proper’ is in addition to the need to comply with applicable laws and regulations. In addition, the senior management of the bank must observe all the conduct rules or standards that apply to them;

the PRA expects banks to have in place clear structures of accountability and delegation •of responsibilities for individuals and committees, including checks and balances to prevent dominance by an individual. Senior individuals are to remain accountable for the actions of those to whom they delegate responsibilities, including where the bank uses third parties in respect of outsourced functions;

banks should have robust frameworks for risk management, including for financial and •operational risks. Controls should be commensurate with the nature, scale and complexity of their business, and promote the bank’s safety and soundness;

banks are expected to articulate for themselves the amount of risk they are willing to •take across different business lines to achieve their strategic objectives. Banks should pay attention to identifying, measuring and controlling risks, including those arising in unlikely but very severe scenarios, and should be consistent with the PRA’s objectives; and

banks should have in place separate risk management and control functions (notably •risk management, finance, and internal audit) to the extent warranted by the nature,




scale and complexity of their business. The PRA expects these functions to support and challenge the management of risks bank-wide, by expressing views within the bank on the appropriateness of the level of risk being run, and the adequacy and integrity of the associated governance, risk management, financial and other control arrangements.


The FCA and PRA have extensive rules dealing with all aspects of banks’ relationships with their customers (such as rules on financial promotions) and third parties (such as the detailed rules on outsourcing). Recent themes of note and of particular relevance to banks are anti-money laundering requirements and the possibility of the FCA introducing a duty of care on regulated firms.

(a) Anti-money laundering requirements

The UK’s anti-money laundering regime underwent significant change during 2017. The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“UK MLD Regulations”) came into effect on 26 June 2017. The UK MLD Regulations replaced the Money Laundering Regulations 2007 and the Transfer of Funds (Information on the Payer) Regulations 2007 with updated provisions that implemented in part the EU Fourth Anti-Money Laundering Directive (“4MLD”) and the EU Funds Transfer Regulation. Similarly, The Money Laundering and Terrorist Financing (Miscellaneous Amendments) Regulations 2018 entered into force on 10 January 2019. This statutory instrument amended the UK MLD Regulations in order to implement amendments to the 4MLD made by the 5MLD (discussed earlier). In response to these domestic changes, the Joint Money Laundering Steering Group (a body made up of leading UK trade associations in the financial services industry) updated its anti-money laundering guidance.

The FCA published finalised guidance concerning the treatment of politically exposed persons (“PEPs”) during the summer of 2017.11 Prior to that, in March 2017 most FCA-regulated firms filed their first-ever financial crime data returns. The report on the data collected (published in November 2018) revealed that almost 120,000 customers fall into the PEP category, with firms having a further 1.6 million other ‘high-risk customers’. Firms are required to subject these ‘high-risk customers’ to enhanced due diligence checks.

The Financial Action Task Force (“FATF”) published in December 2018 the results of its assessment into the UK’s anti-money laundering / counter-terrorist financing regime (“AML/CTF”). The FATF found the UK’s overall AML/CTF regime to be effective in many respects, although certain areas of weakness, such as the supervision and reporting/ investigation of suspicious transactions require addressing.

(b) Vulnerable customers and new duty of care

On 17 July 2018, the FCA published “FCA Mission: Approach to consumers” which outlines the regulator’s approach to consumers. The document sets out the FCA’s vision for well-functioning markets for consumers. The FCA also stated that in 2019 it would consult on guidance for firms on the identification and treatment of vulnerable customers.

At the same time as publishing the Mission document, the FCA also published a discussion paper seeking stakeholder views on the case for and against introducing a duty of care on firms, and seeking views on what form such a provision might take. The deadline for comments on the discussion paper was 2 November 2018. In February 2019, the FCA stated that it would announce its next steps in Spring 2019.




Conclusion

Many banks have already activated their contingency plans to deal with a no-deal Brexit scenario. But whilst Brexit will no doubt continue to preoccupy everyone, it is important to remain conscious of forthcoming regulatory reforms such as CRD V, CRR II, UK senior managers’ regime and the UK duty of care.

Endnotes

1. The Financial Services Compensation Scheme is the UK’s statutory fund of last resort for customers of financial services firms. It can compensate consumers if a financial services firm has stopped trading or does not have enough assets to pay the claims made against it. It is an independent body set up under FSMA. The Financial Ombudsman Service (“FOS”) operates a scheme to resolve disputes, as an alternative to the civil courts. The FOS is operationally independent from the FCA. It provides consumers with a free, independent service for resolving disputes between consumers and businesses quickly and informally.

2. Discussed further in the Brexit section of ‘Domestic trends’.

3. The UK Government has also put in place a temporary recognition regime for non-UK CCPs and a transitional regime for non-UK CSDs. These will enable EU CCPs and CSDs to continue to provide services in the UK in a no-deal Brexit scenario.

4. See, for example, the EBA opinion of 25 June 2018 on preparations for the withdrawal of the UK from the EU.

5. In the event of a no-deal Brexit the UK will onshore, with certain amendments, MiFIR and, where necessary, MiFID II using secondary legislation made under the European Union (Withdrawal) Act 2018. The secondary legislation is the Markets in Financial Instruments (EU Exit) Regulations 2019. At the time of writing, the FCA and PRA were also consulting on changes to their rules and guidance in the event of a no-deal Brexit.

6. Regulation on indices used as benchmarks in financial instruments and financial contracts, or to measure the performance of investment funds.

7. In the event of a no-deal Brexit the UK will onshore, with certain amendments, the Benchmarks Regulation using secondary legislation made under the European Union (Withdrawal) Act 2018. The secondary legislation is the Benchmarks (Amendment) (EU Exit) Regulations 2019. The FCA and PRA are also consulting on updating their rules and guidance.

8. FCA Consultation Paper 19/4: Optimising the Senior Managers & Certification Regime and feedback to DP16/4 – Overall responsibility and the legal function.

9. FCA Policy Statement 18/25: EU Securitisation Regulation.

10. In the event of a no-deal Brexit, the UK will still onshore, with certain amendments, the CRR and where necessary the CRD IV using secondary legislation made under the European Union (Withdrawal) Act 2018. The secondary legislation is the Capital Requirements (Amendment) (EU Exit) Regulations 2018. At the time of writing, the FCA and PRA were consulting on changes to their rules and guidance in the event of a no deal Brexit.

11. Finalised Guidance 17/6: The treatment of politically exposed persons for anti-money laundering purposes.







Simon Lovegrove


Simon Lovegrove is global head of financial services knowledge, innovation

and products at Norton Rose Fulbright LLP. He specialises in knowledge

management and financial services regulation. Simon has led a number of

knowledge initiatives including designing a training programme for a regulator.

He is also widely published in the financial services field. Since 2008 he has

written the financial regulation update that appears in Butterworth’s Journal of International Banking and Financial Law. He is the assistant editor of A

Practitioner’s Guide to MiFID II and co-authored the chapter on third country

firms. He is also the co-editor of A Practitioner’s Guide to Individual Accountability, and authored the chapters on non-executive directors and

Branches of overseas banks. He is co-author of the UK chapter in GLI’s

Blockchain & Cryptocurrency Regulation 2019 (first edition). In 2018, he co-

authored the chapter on bank recovery and resolution laws in Africa which

appeared in the European Investment Bank report, Banking in Africa: Delivering on Financial Inclusion, Support and Financial Stability.

Alan Bainbridge


Alan Bainbridge is a corporate partner based in London. He focuses on

strategic M&A and corporate advisory and has a particular focus on financial

institutions. Alan regulatory advises on bank specific legislation and is co-

author of the Banking Reform Act chapter of Thomson Reuters’ Compliance Officer publication, which provides an in-depth analysis of the key areas of

the Act.

3 More London Riverside, London SE1 2AQ, United Kingdom

Tel: +44 20 7283 6000 / Fax: +44 20 7283 6500 / URL: www.nortonrosefulbright.com

Norton Rose Fulbright LLP


USA

Introduction

The banking industry has long been one of the most highly regulated industries in the United States, based on the “special” role that banks play in allocating credit and operating the payments system.

This chapter provides an overview of the current U.S. bank regulatory framework at the federal level. The United States has what is called a “dual banking system”, meaning that U.S. banks can be chartered by one of the 50 states or at the federal level. However, whether state or federally chartered, a bank will have at least one federal supervisor.

Most banks in the U.S. are owned by bank holding companies (“BHCs”) which are generally prohibited from owning or controlling entities other than banks or companies engaged in activities that are “closely related to banking” or, for BHCs that elect to be treated as financial holding companies (“FHCs”), activities that are financial in nature or complementary to a financial activity. A foreign banking organisation (“FBO”) may establish a banking presence in the United States through a branch or agency or by establishing or acquiring a U.S. bank or Edge Act Corporation subsidiary.

Over the past several years, many regulatory initiatives in the United States derived from the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”), which was a vast set of reforms enacted in 2010 in response to the financial crisis of 2007–2009. Many provisions of the Dodd-Frank Act focus on the largest financial institutions due to their perceived role in causing the financial crisis and the perception of such institutions as “too-big-to-fail”. Under President Donald Trump, the Treasury Department conducted a comprehensive review of the U.S. financial regulatory system and issued several reports on its findings and recommendations, several of which recommend scaling back some of the Dodd-Frank reforms. Furthermore, President Trump has signed into law legislation that has repealed or revised certain provisions of Dodd-Frank. The general trajectory of the Trump administration’s and Congress’s efforts has clearly been in the direction of increased deregulation of the U.S. financial industry.


The United States has a complex regulatory framework that features a myriad of federal regulatory agencies having often overlapping responsibility for banking regulation. A brief description of the relevant bank regulatory agencies follows:

The Board of Governors of the Federal Reserve System (“Federal Reserve”) •

The Federal Reserve System is the central banking system of the United States and conducts

Reena Agrawal Sahni & Timothy J. Byrne Shearman & Sterling LLP



its monetary policy. In addition, the Federal Reserve supervises BHCs (and FHCs), state-chartered banks that are members of the Federal Reserve System, the U.S. activities of FBOs, and SIFIs designated by the FSOC (as described below).

The Federal Deposit Insurance Corporation (“FDIC”) •

The FDIC is the primary regulator for state-chartered banks that are not members of the Federal Reserve System as well as state-chartered thrifts. The FDIC also insures bank and thrift deposits and has receivership powers over banks and certain other institutions.

The Office of the Comptroller of the Currency (“OCC”) •

The OCC is an independent bureau of the U.S. Department of the Treasury led by the Comptroller of the Currency that charters, regulates, and supervises all national banks and federal savings associations as well as federal branches and agencies of foreign banks (although most FBOs operate through state-licensed branches).

The Consumer Financial Protection Bureau (“CFPB”) •

The CFPB has primary authority to develop consumer protection regulations applicable to both banks and non-banks, and to enforce compliance with such laws by banks with $10bn or more in assets and their affiliates, as well as by certain non-banks.

The Financial Stability Oversight Council (“FSOC”) •

The FSOC is chaired by the Secretary of the U.S. Treasury and comprises the heads of eight financial regulators and one independent member with insurance experience. Notably, FSOC is empowered to designate systemically significant non-bank financial institutions (generally referred to as non-bank SIFIs) for supervision by the Federal Reserve. The FSOC’s process for designating SIFIs has been challenged in court, and no such institutions are currently subject to Federal Reserve supervision.

Primary federal banking statutes

The National Bank Act (1863) created the basic framework for the U.S. banking system •and the chartering of national banks.

The Federal Reserve Act, enacted in 1914, created the Federal Reserve System. •

The Banking Act of 1933 generally separated commercial banks from investment banks •and created the system of federal deposit insurance.

The Federal Deposit Insurance Act (“FDI Act”) consolidated prior FDIC legislation •into one act and authorised the FDIC to act as the receiver of failed banks. Section 18(c) of the FDI Act, commonly called the Bank Merger Act, subjects proposed mergers involving FDIC-insured depository institutions to prior regulatory approval. Section 7(j) of the FDI Act, commonly called the Change in Bank Control Act, subjects certain acquisitions of FDIC-insured institutions to prior regulatory approval.

The Bank Holding Company Act of 1956 (“BHC Act”) requires Federal Reserve •approval for a company to acquire a bank (and thereby become a BHC) and requires BHCs to obtain prior Federal Reserve approval to acquire an interest in additional banks and certain non-bank companies.

The act commonly known as the Bank Secrecy Act (1970) requires all financial •institutions, including banks, to establish a risk-based system of internal controls to prevent money laundering and terrorist financing.

The International Banking Act of 1978 (“IBA”) establishes the framework for federal •supervision of foreign banks operating in the United States.

Shearman & Sterling LLP USA



The Gramm-Leach-Bliley Act (1999) generally repealed the provisions of the Banking •Act of 1933 that separated investment banks from commercial banks (Glass-Steagall) and authorised the creation of FHCs.

The Dodd-Frank Act (2010) was the greatest legislative overhaul of financial services •regulation in the United States since the 1930s and made significant changes to the U.S. bank regulatory framework.

The Economic Growth, Regulatory Relief, and Consumer Protection Act •(“EGRRCPA”), Pub. L. 115-174 (2018), relaxed the regulatory requirements imposed by Dodd-Frank for all but the very largest banks, those holding $250 billion or more in assets.

Recent regulatory themes and key regulatory developments in the United States

Political change

U.S. banking regulators have frequently implemented a more stringent (“super equivalent”) version of rules that are part of the post-financial crisis regulatory agenda established by the Dodd-Frank Act and by international standard-setting groups such as the Group of Twenty, the Basel Committee on Banking Supervision (the “Basel Committee”) and the Financial Stability Board. This trend toward super equivalent rules has likely ended.

President Trump has issued several executive orders aimed at halting additional financial regulation (and regulation more generally). On May 24, 2018, President Trump signed into law the EGRRCPA, which, among other things, tailored certain provisions of the Dodd-Frank Act and generally reduced regulatory requirements for banks holding less than $250 billion in total consolidated assets.

Addressing innovation

Another area of increasing regulatory focus is the potential licensing of financial technology companies (“Fintech”). The OCC is considering granting special purpose bank charters to fintech companies. The grant of such special purpose charters would allow fintech companies to comply with a single set of national standards, rather than having to comply with the regulations of multiple states. Effective January 19, 2017, the OCC adopted a new rule creating a formal receivership process for uninsured special purpose national banks. Moreover, in July 2018, the OCC issued a supplement to its Licensing Manual explaining how it would apply its existing standards to fintech companies applying for special purpose national bank charters. State regulatory authorities have challenged the OCC’s authority to issue such charters and such challenges are pending as of January 2019.

Cybersecurity

Cybersecurity has also been an area of increasing focus, and the U.S. federal banking agencies have issued potential standards for comment. Moreover, the New York State Department of Financial Services (“NYSDFS”) now requires banks, insurance companies and other NYSDFS-regulated institutions to adopt a cybersecurity programme that meets certain minimum standards, with full compliance required by March 1, 2019.


The board of directors and senior management of a banking organisation are responsible for ensuring that the institution’s internal controls operate effectively in order to ensure the safety and soundness of the institution. Improving bank governance, and increasing the role




and responsibilities of boards of directors and the risk management function of banking organisations, have been key areas of focus for U.S. banking regulators.

Board of directors

Generally, U.S. corporate law requires that boards of directors exercise a fiduciary duty of loyalty and duty of care to the corporation and its shareholders. Boards of directors of banking organisations must perform these duties, with a focus on preserving the safety and soundness of the bank.

While many regulations make it clear that the board’s role is to oversee and delegate to management, bank boards of directors also have significant responsibilities for overseeing and approving many of the actions taken by the institution under a variety of statutes, regulations, and supervisory guidance. For example, boards of directors are required to approve an institution’s resolution plan, various risk tolerance levels and policies and procedures for stress testing. In August 2017, the Federal Reserve Board requested public comment on a proposed new rule aimed at clarifying and narrowing the respective responsibilities of boards of directors and management, with the purpose of allowing boards of directors to focus their time and energy on their core responsibilities.

Boards of directors themselves have also recently become subject to additional prescriptive requirements regarding their structure and composition. For example, the OCC has adopted “heightened standards” applicable to large national banks that require a bank’s board of directors to include two independent members and impose specific requirements on the board regarding recruitment and succession planning.

Risk management

Risk management is a critical function within banking organisations, and the function has been subject to increasingly prescriptive regulation because risk-management failures were perceived to be a significant cause of the financial crisis.

U.S. BHCs with total consolidated assets of $50bn or more must establish a risk-management framework, designate a Chief Risk Officer (“CRO”), and establish a board-level risk committee with at least one independent member and one risk-management expert.

Banks subject to the OCC’s heightened standards guidelines are required to have one or more Chief Risk Executives who report directly to the CEO and have unrestricted access to the board and its committees to escalate risks. Such banks also must have a written risk-governance framework, a risk-appetite statement and a strategic plan that is reviewed and approved by the board or the board’s risk committee.

Most FBOs also must maintain a U.S. risk committee, and larger FBOs are also required to appoint a U.S. CRO who is employed and located in the U.S. and reports directly to the U.S. risk committee and the global CRO or equivalent officials.

Internal and external audit

The internal audit function within banking organisations generally is responsible for ensuring that the bank complies with its own policies and procedures and those required by law and regulation. In the United States, internal audit must be positioned within the institution in a way that ensures impartiality and sufficient independence.

Internal audit must maintain a detailed risk assessment methodology, an audit plan, audit programme, and audit report. The frequency of internal audit review must be consistent with the nature, complexity, and risk of the institution’s activities. The audit committee is responsible for overseeing the internal audit function. The composition of the audit




committee has similar requirements to that of the risk committee, depending on the size of the institution and supervising federal regulator.

FDIC regulations impose specific independent audit committee requirements on depository institutions that vary by the size of the institution, with institutions having total assets of more than $3bn subject to the most stringent requirements.

The OCC heightened standards guidelines additionally require that the audit function of banks subject to the guidelines be led by a Chief Audit Executive who must be one level below the CEO, have unfettered access to the board, and report regularly to the audit committee of the board.

Compensation

In the mid-1990s, the U.S. federal banking agencies adopted standards prohibiting compensation arrangements that were excessive or could lead to a material financial loss. After the financial crisis, new legislation introduced significant restrictions on compensation for senior executive officers of firms that received certain forms of government assistance, including limits on bonuses, clawback requirements, and various governance requirements.

The U.S. federal banking agencies issued guidance on sound incentive-compensation policies in 2010 which applies to all banking organisations supervised by the agencies and is structured around three key principles: (i) balance between risks and results; (ii) risk controls; and (iii) strong corporate governance.

The federal banking regulators and several other regulatory agencies issued a proposed rule in April 2011, and a re-proposal in May 2016, that would generally prohibit the use of incentive-compensation programmes that encourage inappropriate and excessive risk-taking for financial institutions with more than $50bn in total consolidated assets. As of January 2019, the rule has not yet been finalised.

Intermediate holding company (“IHC”) requirement

Implementing a major change in the U.S. regulation of foreign banks, the Federal Reserve required FBOs with $50bn or more in U.S. non-branch or non-agency assets to establish an IHC by July 1, 2016. The IHC must hold an FBO’s U.S. BHC and bank subsidiaries and substantially all other U.S. non-bank subsidiaries. The IHC is subject to, with limited exceptions, the enhanced prudential standards applicable to U.S. BHCs. In some cases, the Federal Reserve permits an FBO to establish more than one IHC to hold its U.S. subsidiaries.

Resolution plans and related matters

Under the Dodd-Frank Act, large BHCs and FBOs with total global consolidated assets of $50bn or more, and non-bank financial companies designated by FSOC as SIFIs, were required to develop, maintain and file a resolution plan (so-called “living will”) with the Federal Reserve and the FDIC. Following enactment of the EGRRCPA, this requirement will not apply to BHCs with assets of less than $100bn, with the details to be determined by future rulemaking. The resolution plan must detail the firm’s strategy for rapid and orderly resolution in the event of material financial distress or failure under the U.S. Bankruptcy Code. In addition, insured depository institutions with $50bn or more in total assets must submit a separate resolution plan to the FDIC. Firms that do not submit credible plans are subject to the imposition of stricter regulatory requirements. In November 2018, FDIC Chairman Jelena McWilliams announced that the FDIC plans to propose changes in the IDI resolution plan requirements, including a possible revision of the $50bn threshold.

In 2016, the OCC issued guidelines for recovery planning by certain banks (and federal branches of FBOs) with $50bn or more in total assets.




The U.S. banking agencies have issued substantially similar rules that require global systemically important institutions (including the U.S. operations of systemically important FBOs) to amend certain qualified financial contracts to prohibit the immediate termination of such contracts and the exercise of certain other default rights by counterparties if the firm enters bankruptcy or a special resolution proceeding.

Bank capital and liquidity requirements

U.S. banks and BHCs have long been subject to risk-based capital requirements based on standards adopted by the Basel Committee (the “Basel Framework”). In July 2013, the U.S. regulatory authorities adopted a sweeping overhaul (the “Revised Capital Framework”) of their regulations to implement both the Basel III Accord, including both advanced approaches and standardised methodologies, and requirements set forth in the Dodd-Frank Act. The Revised Capital Framework took effect for all institutions subject to the rules (generally those with more than $1bn in total consolidated assets) on January 1, 2015, although several provisions of the Revised Capital Framework are being phased in over a period of several years. On November 21, 2017, U.S. regulators announced an indefinite extension of certain existing capital requirements for banking organisations not subject to the advanced approaches capital rules.

U.S. banking organisations with $250bn in total consolidated assets, or $10bn in on-balance sheet foreign exposure, are subject to the advanced approaches methodology as well as a capital floor established under the standardised approach. Other banking organisations are subject only to the standardised approach. U.S. top-tier BHC subsidiaries of FBOs generally became subject to minimum U.S. capital requirements on July 1, 2015, although they may elect to use the U.S. standardised approach to calculate their risk-based and leverage capital ratios regardless of their size. In November 2018, the U.S. federal banking agencies issued a proposed rule that would modify the thresholds for application of the Basel capital (and liquidity) standards to U.S. banking organisations.

Components of capital

The Basel Framework and the Revised Capital Framework emphasise the importance of common equity Tier 1 capital (“CET1”), set standards for instruments to qualify as CET1, additional Tier 1, and Tier 2 capital, and phase out the qualification of certain hybrid instruments from inclusion as capital.

Minimum capital ratios

The Revised Capital Framework sets forth the minimum risk-based capital ratios for CET1 (4.5%), Tier 1 capital (6%), and total capital (8%). In addition, when fully phased in, banks must hold a capital conservation buffer in the form of CET1 of 2.5%. An institution that fails to maintain capital in excess of the buffer will be restricted in its ability to make capital distributions or pay discretionary executive bonuses. The U.S. regulators are also authorised to impose an additional countercyclical capital buffer of up to 2.5%. No such buffer has been imposed.

G-SIB Surcharge

The eight largest U.S. banking organisations, which are global systemically important banks (“G-SIBs”), are subject to an additional capital surcharge (the “G-SIB Surcharge”). The amount of the G-SIB Surcharge is the higher of two measures that each bank must calculate. The calculations take into account a firm’s size, interconnectedness,




substitutability, complexity, cross-jurisdictional activity and, under one method, reliance on short-term wholesale funding instead of substitutability.

Risk-weighted assets

Although the Revised Capital Framework is largely consistent with the Basel Framework, one important difference arises from the absence of the use of external credit ratings for the risk-weighting of assets in the Revised Capital Framework due to the prohibition in Section 939A of the Dodd-Frank Act on the use of external credit ratings. More generally, comparability of risk-weighting of assets across institutions and jurisdictions has become a matter of significant regulatory attention. In November 2018, the U.S. federal banking agencies proposed the introduction of the Standardised Approach to Counterparty Credit Risk (SA-CCR) in calculating the exposure in derivative contracts starting in 2020.

Market risk capital charge

The Revised Capital Framework also includes a market risk capital charge (implementing the Basel II.5 Framework (introduced in July 2009)) for assets held in the trading book that applies to banks and BHCs with significant trading positions. Unlike the Basel II.5 Framework, the U.S. rules do not rely on credit ratings to determine specific capital requirements for certain instruments. The Basel Committee adopted a revised capital requirement for market risk framework in January 2016 to ensure standardisation and promote consistent implementation globally. Key features include a revised boundary between the trading and banking book, a revised standardised and internal models approach for market risk, and incorporation of the risk of market illiquidity. In January 2019, the Basel Committee issued revised standards, which will come into effect in January 2022. U.S. regulators have not issued proposed regulations to implement the framework in the United States.

Leverage ratio

U.S. banking organisations have long been subject to a minimum leverage ratio. The Revised Capital Framework includes two separate leverage requirements. The 4% minimum leverage ratio requirement represents a continuation of a ratio that has been in place for years (in general, Tier 1 capital divided by average consolidated assets, less deductions). The other applies only to large banking organisations subject to the advanced approaches methodologies and is based on the 3% supplementary leverage ratio in the Basel Framework, which includes certain off-balance-sheet exposures in the calculation of required capital.

In addition, the largest U.S. banking organisations (those with at least $700bn in total assets or $10trn in assets under custody) were subject to an “enhanced” supplementary leverage ratio from January 1, 2018. Covered BHCs that do not maintain a ratio of at least 5% will be subject to limitations on capital distributions and discretionary bonus payments, while depository institutions will be required to maintain a ratio of at least 6% under the prompt corrective action framework (described below). In April 2018, the Federal Reserve and the OCC proposed a rule that would tailor the leverage ratio requirements to the specific business activities and risk profiles of each firm, with the effect of relaxing the leverage ratio requirement.

Consequences of capital ratios

The U.S. prudential bank regulatory framework has several components based on an institution’s capital ratios. For example, in order for a U.S. BHC to qualify as an FHC, it must meet a well-capitalised standard. Similarly, FBOs that seek FHC status must demonstrate that they meet comparable standards under their home country’s capital




requirements. Capital levels also form the basis for the level of deposit insurance premiums payable to the FDIC by depository institutions, the ability of depository institutions to accept brokered deposits, qualification of banking organisations for streamlined processing of applications to make acquisitions or engage in new businesses, as well as other filings with bank supervisors under various laws and regulations. Capital levels also form the basis for the prompt corrective action framework applicable to depository institutions (which provides for early supervisory intervention in a depository institution as its capital levels decline).

Stress testing and capital planning

Stress testing is a key supervisory technique used by U.S. federal banking regulators and in many cases constitutes the binding constraint on large banking organisations. U.S. BHCs and IHCs are required to run company-run stress tests biannually, and supervisory stress tests annually. The quantitative results from the supervisory stress tests are used as part of the Federal Reserve’s analysis under the Comprehensive Capital Analysis and Review (“CCAR”).

The CCAR is an annual exercise the Federal Reserve undertakes at the largest U.S. BHCs to evaluate a firm’s capital planning processes and capital adequacy, including planned capital distributions, to ensure the firm has sufficient capital in times of stress. The Federal Reserve can object to a firm’s capital plan on either a quantitative basis (i.e., a firm’s projected capital ratio under a confidential stressed scenario would not meet minimum requirements) or a qualitative one (i.e., inadequate capital planning process). In recent years, the Federal Reserve has primarily objected to firms’ capital plans for qualitative reasons.

For 2017, the Federal Reserve removed 21 firms from the qualitative portion of CCAR. In addition, the Federal Reserve issued guidance to foreign firms that began the U.S. stress-testing programme in 2017. In 2018, for the first time, these foreign firms’ results were publicly reported.

Based on the results of the 2017 stress tests, the Federal Reserve concluded that the nation’s largest BHCs have capital levels able to withstand even a severe recession. In October 2018, the Federal Reserve invited comment on proposed plans to revise the stress-testing and CCAR requirements so as to reduce the compliance burden on firms in lower-risk categories.

TLAC

In December 2016, the Federal Reserve and FDIC adopted final rules requiring the largest U.S. G-SIBs and certain U.S. IHCs of non-U.S. G-SIBs to comply with new capital-related requirements, including “clean” holding company requirements (relating to short-term debt and derivatives). These requirements are aimed at improving the prospects for the orderly resolution of such an institution. The Rule includes an external long-term debt (“LTD”) requirement and a related total loss-absorbing capacity (“TLAC”) requirement applicable to the top-tier holding company of a U.S. G-SIB and an internal LTD and related TLAC requirement applicable to U.S. IHCs. Long-term debt issued on or prior to December 31, 2016, was grandfathered from provisions of the rule that prohibit certain contractual provisions. Compliance was required by January 1, 2019.

Liquidity

Liquidity has become a key focus of U.S. (and international) regulators in recent years and has become subject to detailed regulations setting quantitative standards in a manner analogous to the risk-based capital regime. In 2014, the U.S. agencies finalised the U.S. Liquidity Coverage Ratio (“U.S. LCR”), which included a “full” approach for the largest banks that exceed $250bn in consolidated assets or $10bn in on-balance sheet foreign




exposure and a more limited, “modified” approach for smaller BHCs that exceed $50bn in consolidated assets. The U.S. LCR, like that released by the Basel Committee, requires firms to hold a prescribed ratio of high-quality liquid assets to withstand a 30-day stress scenario. The Federal Reserve has indicated that it expects to adopt a quantitative LCR-based liquidity requirement applicable to the U.S. operations of FBOs with more than $50bn in U.S. assets.

In 2016, the Federal Reserve approved a final rule requiring all institutions subject to the U.S. LCR to publicly disclose their liquidity coverage ratio on a quarterly basis in a direct and prominent manner.

In 2016, the U.S. federal banking agencies proposed a net stable funding ratio (“NSFR”) rule to implement the final standard previously released by the Basel Committee. Many significant comments were submitted, and the rule is expected to be finalised in 2019. Generally, the NSFR requires covered firms to hold a specified ratio of high-quality liquid assets sufficient to cover the outflows of a one-year stress scenario. On October 6, 2017, the Basel Committee announced its decision to allow national discretion over the NSFR’s treatment of derivative liabilities. In particular, it allowed national jurisdictions to lower the NSFR’s “required stable funding” factor in the NSFR from 20% to as low as 5%.

Regulators have also addressed liquidity in the U.S. by requiring certain firms to conduct liquidity stress tests.


Deposit-taking activities

As a general matter under U.S. federal and state banking law, deposit-taking is limited to duly chartered banks, savings associations, and credit unions. Properly licensed non-U.S. banks also have the same general authority to accept customer deposits as U.S. banks, except that non-U.S. banks (other than several grandfathered branch offices) that wish to accept retail deposits must establish a separately chartered U.S. bank subsidiary.

Virtually all U.S. commercial banks are required to be insured by the FDIC. Deposits are generally insured up to $250,000 per depositor in each ownership capacity (such as in an individual account and a joint account). Except for grandfathered offices, U.S. branch offices of non-U.S. banks are not eligible for FDIC insurance. Funds on deposit in a non-U.S. branch office of a U.S. bank are not treated as FDIC-insured deposits. Also, they are not entitled to the benefits of the depositor preference provisions of the FDI Act unless such deposits are by their terms dually payable at an office of the bank inside the United States. The FDIC requires FDIC-insured institutions with more than two million deposit accounts to maintain complete and accurate data on each depositor and to implement information technology systems capable of calculating the amount of insured money for depositors within 24 hours of a failure. Longer periods are permitted for certain deposit accounts with “pass through” deposit insurance coverage, including trust and brokered deposits.

Brokered deposits are a matter of supervisory concern, and a bank’s reliance on brokered deposits can have a number of adverse supervisory consequences. In 2016, the FDIC issued Frequently Asked Questions that address the identification, acceptance, and reporting of brokered deposits. In December 2018, the FDIC sought public comment on an Advance Notice of Proposed Rulemaking that would address the changes in the financial market and the economic environment since the rules on brokered deposits were last amended in 1991.

Consumer deposit accounts are subject to CFPB regulations that require banking organisations to make disclosures regarding interest rates and fees and certain other terms




and conditions associated with such accounts. Deposit accounts are also subject to Federal Reserve regulations regarding funds availability and the collection of cheques. In recent years, fees associated with various types of overdraft protection products have generated significant litigation and regulatory attention.

In addition, banks are generally subject to reserve requirements with respect to their transaction accounts. Accounts that are not transaction accounts, such as money market deposit accounts, have limitations on the number of certain types of withdrawals or payments that can be made from such an account in any one month.

Lending activities

The lending activities of banks are subject to prudential and consumer protection requirements. Banks are generally limited to extending credit to one person in an amount not exceeding 15% of the bank’s capital. Banking laws generally permit banks to extend credit equal to an additional 10% of capital if the credit is secured by readily marketable collateral. Lending limits also now generally include credit exposure arising from derivative transactions, and in the case of national banks and U.S. offices of non-U.S. banks, securities financing transactions. The lending limits applicable to the U.S. offices of non-U.S. banks are based on the capital of the parent bank. In August 2018, the Federal Reserve adopted a final rule (with compliance required in 2020) to establish single-counterparty credit limits (SCCL) for BHCs and non-U.S. banks with $250 billion or more in total consolidated assets, including IHCs with $50 billion or more in total consolidated assets. Foreign banks can meet limits applicable to their combined U.S. operations by certifying that they meet home country SCCL standards. The exact requirements applicable to IHCs are based on their size.

Lending to consumers is generally subject to a number of U.S. federal and state consumer protection statutes that require the disclosure of interest rates, other loan charges, and other terms and conditions related to the making and the repayment of an extension of credit. A more recent rule requires creditors to make a reasonable, good faith determination of a consumer’s ability to repay any consumer credit transaction secured by a dwelling.

Banking organisations are generally required under the Community Reinvestment Act to meet the credit needs of the communities in which they operate, including low- and moderate-income neighbourhoods. The Home Mortgage Disclosure Act requires banks (and certain non-bank lenders) located in metropolitan areas to collect and report data about their residential mortgage lending activities (e.g., loan applications, approvals, and denials).

Anti-tying statutes generally prohibit a bank from extending credit (or providing other services) to any person on the condition that the person also obtain some other product or service (other than certain traditional bank products) from the bank or an affiliate.

Leveraged lending and commercial real estate lending are additional areas of particular supervisory focus, and interagency guidance has been released with respect to both activities. In October 2017, the U.S. Government Accountability Office stated that the leveraged lending guidelines amount to an actual rule and consequently are subject to Congressional review, which means that Congress could possibly overturn them. In September 2018, the U.S. federal banking agencies issued a statement to the effect that interagency guidance is not binding, such that failure to comply with such guidance in itself should not be cited as a violation of law. This continues to be a topic of active discussion in the U.S.

Volcker Rule

The Volcker Rule is a complex rule that prohibits banking entities from engaging in proprietary trading activities and from sponsoring or investing in, or having certain




relationships with, hedge funds and private equity funds (“covered funds”), subject to certain exceptions and exemptions, and generally requires banking entities to adopt an appropriate compliance programme.

Banking entities are generally defined to include insured depository institutions, BHCs, FBOs that are treated as BHCs under the IBA (which includes a non-U.S. bank that operates a U.S. branch or agency office), and any subsidiary or affiliate of any of these entities.

The ban on proprietary trading essentially prohibits a banking entity from trading as principal in most financial instruments for short-term gain. Exemptions are permitted for (among other activities) underwriting, market-making, hedging and, for FBOs, activities conducted solely outside of the United States.

Covered funds are generally issuers that would be considered an investment company under the Investment Company Act of 1940 but for the exemptions under Section 3(c)(1) or 3(c)(7) of such Act. Exceptions are available for (among other activities) traditional asset management activities and, for FBOs, activities conducted solely outside the United States. One apparently unintended consequence of the Volcker Rule is that foreign funds that have no U.S. investors but are controlled by FBOs (“foreign excluded funds”) are treated as banking entities that are subject to the proprietary trading limits of the Volcker Rule. The U.S. regulatory agencies provided temporary relief until July 21, 2019, pending a more permanent solution.

The EGRRCPA exempts banks from the Volcker Rule that do not have and are not controlled by companies that have: (i) more than $10 billion in total consolidated assets; and (ii) trading assets and liabilities of more than 5% of total consolidated assets. The EGRRCPA also relaxed certain naming restrictions that applied to covered funds sponsored or advised by a banking entity. In June 2018, U.S. agencies proposed regulatory changes to the Volcker Rule that, among other things, would limit the application of a comprehensive compliance program to banks with $10bn or more in trading assets and liabilities, while requiring smaller banks to incorporate the Volcker Rule into the general compliance policies. The proposed framework would also presume compliance for banking entities with less than $1bn in trading assets and liabilities, absent an agency finding to the contrary. Furthermore, the proposals would expand the exemption for foreign banking entities’ activities outside the United States.

Other restrictions on activities

The BHC Act generally restricts BHCs and FHCs from engaging directly or indirectly in non-financial activities. Federal banks chartered by the OCC face similar restrictions. BHCs that successfully elect to be treated as FHCs may engage in a broader range of activities than BHCs that do not make such an election, such as securities underwriting, merchant banking, and insurance underwriting.

In September 2016, pursuant to Section 620 of the Dodd-Frank Act, the Federal Reserve, FDIC and OCC jointly issued a study on the scope of permissible activities and investments that banking entities engage in, and the associated risks. The report recommends changes to mitigate those risks, including: (i) repealing the authority of FHCs to engage in merchant banking and commodities activities; (ii) reviewing certain activities to determine whether changes in regulations are needed; and (iii) clarifying certain prudential rules and regulations. Subsequently, the OCC issued a final rule prohibiting national banks and federal savings associations from dealing or investing in industrial or commercial metals (such as copper cathodes, aluminium T-bars and gold jewellery). It appears unlikely that new restrictions on bank and BHC powers would be imposed during the Trump administration.




Complaints

Consumers can submit complaints about banks (and other consumer product providers) online through the CFPB’s website. Banks are generally required to respond to complaints and are expected to resolve most complaints within 60 days. The CFPB publishes a database of (non-personal) complaint information.

Investment services

Banks with trust powers are generally permitted to provide fiduciary services and investment advisory services to clients. Banks also have limited authority to provide specified securities brokerage services to clients. Full-service brokerage services are typically provided by a broker-dealer affiliate or subsidiary of a bank. One of the more significant issues pending in the United States is when (and if) the Department of Labor’s new rule subjecting many investment recommendations to individual retirement account (and other non-ERISA-plan clients to ERISA’s fiduciary standards and remedies) will be implemented. The Trump administration in effect put a hold on the implementation of the rule pending an analysis of whether it may adversely affect the ability of Americans to gain access to retirement information and financial advice. The Fifth Circuit Court of Appeals vacated the proposed rule in 2018, and the Department of Labor has indicated that it plans to issue a revised rule by September 2019.

Proprietary trading activities

Subject to the limitations of the Volcker Rule, banks generally have the authority to engage in proprietary trading with respect to a range of financial instruments, subject to certain limitations. For example, banks are typically confined to purchasing securities that qualify as investment securities under specified criteria. Banks also generally are not authorised to underwrite or deal in securities, subject to certain exceptions. However, subject to the Volcker Rule, FHCs generally may engage in such activities through broker-dealer subsidiaries.

Money laundering

Banks are subject to extensive and evolving obligations under anti-money laundering laws and economic sanctions requirements. Basic anti-money laundering requirements include know-your-customer (and know-your-customer’s-customer) obligations, suspicious activity reporting, and currency transaction reporting. Compliance with U.S. requirements has proved to be an ongoing challenge for banking organisations, particularly for non-U.S. banks. Deficiencies can result not only in administrative sanctions, but criminal proceedings involving law enforcement authorities. Recent enforcement actions have required banking organisations to dismiss certain specified personnel identified as responsible for compliance deficiencies. State laws may also apply. In 2016, the NYSDFS adopted an anti-terrorism and anti-money laundering regulation that imposes various detailed requirements on the transaction monitoring and filtering programs of New York-regulated institutions. In December 2018, the U.S. federal banking agencies and the Financial Crimes Enforcement Network (FinCEN) issued guidance to the effect that banks should use innovative technology for AML purposes.

Outsourcing

Banks often rely on third parties to deliver various products to their customers and otherwise support their daily operations. While such arrangements are generally permissible, recent regulatory guidance has highlighted the need for banks to carefully manage the risks (including reputational) associated with such outsourcing relationships.




Enforcement actions

U.S. regulators have principally directed enforcement actions at institutions and not individuals at those institutions. However, along with a renewed focus on governance and management, U.S. regulators are now placing more emphasis on the need to hold individuals accountable for their wrongdoing. For example, in 2015, the U.S. Department of Justice issued guidance to bolster its ability to pursue individuals in corporate cases. Under the guidance, cooperation credit for corporations requires that the corporation provide information to the Department of Justice about the role of individual employees in the misconduct, and prosecutors are instructed not to release culpable individuals from civil or criminal liability as part of the resolution of a matter with the corporation.

More generally, enforcement actions aimed at anti-money laundering compliance and improper sales incentives (relating especially to cross-marketing activities) are expected in 2019 and beyond.

Conclusion

Banking regulation in the United States remains an evolving and complex area as regulations and supervisory guidance implementing the Dodd-Frank Act and other post-crisis reforms are revised by a new administration that seeks to reduce regulatory burden on the industry or certain portions of it. Navigating the new framework requires not only a deep understanding of the complexity and nuances of U.S. banking laws but an alert eye to ongoing developments. In addition, some of the requirements being imposed on the U.S. operations of non-U.S. banks (such as the intermediate holding company requirement) are now being replicated outside the United States, thereby impacting the overseas activities of U.S. banking organisations.

* * *

Acknowledgment

The authors would like to acknowledge William Holste, an associate at Shearman & Sterling, for his assistance in preparing this chapter.






Reena Agrawal Sahni


Reena Sahni is a partner in the global Financial Institutions Advisory &

Financial Regulatory Group. She has extensive experience advising on bank

regulation, bank insolvency, recovery and resolution planning and bank capital

markets transactions, including Dodd-Frank implementation for U.S. and non-

U.S. banks and other financial institutions. Ms. Sahni was shortlisted for the

2016 Euromoney Americas Women in Business Law Awards – Best in

Financial Regulation. She was recognised as a “Rising Star” by IFLR 1000

in 2016. Ms. Sahni also advises on corporate governance, OFAC and AML

compliance, internal investigations and regulatory enforcement actions.

Timothy J. Byrne


Timothy J. Byrne is a counsel in the Financial Institutions Advisory &

Financial Regulatory Group of the New York office. He has extensive

experience advising major financial institutions on the bank regulatory aspects

of a wide range of financial products and corporate transactions, including

representing banks and bank holding companies in connection with

applications under the Bank Holding Company Act, the International Banking

Act of 1978, the National Bank Act and the Federal Deposit Insurance Act.

599 Lexington Avenue, New York, NY 10022, USA

Tel: +1 212 848 4000 / Fax: +1 212 848 7179 / URL: www.shearman.com

Shearman & Sterling LLP

www.globallegalinsights.com

Other titles in the Global Legal Insights series include: • AI, Machine Learning & Big Data • Blockchain & Cryptocurrency Regulation • Bribery & Corruption • Cartels • Commercial Real Estate • Corporate Tax • Employment & Labour Law • Energy • Fintech • Initial Public Offerings • International Arbitration • Litigation & Dispute Resolution • Merger Control • Mergers & Acquisitions • Pricing & Reimbursement

Strategic partner: