The latest iteration of capital regulations for banks and investment firms - CRD VI[1]- presents a significant regulatory compliance challenge for non-EU (third country) institutions which currently offer, or plan to offer, ‘core banking services’ in the EU. Such activities are currently harmonised in the European Union only to a ‘very limited extent’. CRD VI will introduce harmonized standards, requiring, at least, that in-scope entities offering such services establish an EU authorised branch in the relevant EU Member State. With authorization comes subsequence compliance requirements on capital, liquidity, governance and risk management and the booking of transactions.

1.      Determining who is in-scope

The first step is to determine whether your institution currently provides ‘core banking services’ to EU customers from a third country. Those services are (i) taking deposits and other repayable funds; (ii) lending[2]; and (iii) providing guarantees and commitments. Whereas the taking of deposits and other repayable funds are part of the core definition of a ‘credit institution’, the definition of ‘credit institution’ as it relates to lending and providing guarantees is subject to the further criteria that, in relation to any of those activities, the third country undertaking would qualify as a credit institution if it were in the EU. As such, the initial business review may be relatively complex but it worth spending time on this question as it will potentially impact decision making on how to meet the challenge of CRD VI.

2.      Are exemptions available?

The requirements of CRD VI may not apply where a third country undertaking is providing a service or activity to the following clients or counterparties: (i) those who approach the institution for services on their own exclusive initiative (‘reverse solicitation’); (ii) credit institutions; (iii) other undertakings in the same group; and (iv) interbank and interdealer services.  The European Banking Authority is tasked with providing advice on further potential exemptions for other financial sector entities by June 2025.

The reverse solicitation exemption may appear attractive at first glance, applying where the customer approaches the third country entity. However, reverse solicitation is not well defined in EU law but there are some clear principles which will likely apply to this new regulatory regime: such as the solicitation being on the ‘exclusive initiative’ of the customer; where the institution relies on reverse solicitation rules for a specific customer, its ability to offer additional products or services thereafter will be limited to those which were the subject of the original enquiry.

To prevent abuses of this exemption of CRD VI requires reporting by the branch to its competent authority of instances of reverse solicitation.

3.      Those in-scope will have to conduct EU business through an authorised branch

If a non-EU entity is providing such core banking services to EU customers, then it will have to obtain EU authorisation as a branch in the Member State where the activity is taking place. In certain cases, it may be required to create a subsidiary. As well as the application and approval process, this will create an on-going compliance and supervisory relationship with the national regulator of the chosen EU Member State. It will not, however, include a right to passport services into other EU Member States.

Authorised non-EU branches will be graded as either Class 1 or Class 2, with the latter being treated as small and non-complex institutions and subject to lighter touch regulation. Grounds for qualification as a Class 1 entity include the third country branch having assets of €5bn or more, accepting retail deposits, having a head undertaking which is subject to EU regulation, being in a high-risk country or a country where there are identified anti-money laundering deficiencies.

4.      Subsidiarisation may be required, or desired

In certain cases, EU Member State competent authorities may require that a third country branch establish a subsidiary in the EU. This can apply where the branch in question is considered systemically important and poses significant financial stability risks in the Union or the Member State where it is established; factors to be considered include volumes of business being transacted, market share, complexity of organisational structure and the degree of interconnectedness with the financial system of the EU and the Member State where the branch is established, as well an assessment of the impact of a closure or suspension of business and how easily it can substituted. A subsidiary may also be required where the aggregate amount of assets of all third country branches in the same third country group are €40bn or over, or the individual branch’s assets are €10m or over.

Unlike an authorised branch, a subsidiary will be able to avail of passporting rights but will be subject to relevant EU regulations such as capital requirements.

5.      Restructuring may be called for

The impact of the requirement to obtain third country branch authorisation, or potentially to create a subsidiary, may prompt a wider business review and restructuring. In particular, the capital and liquidity requirement may prompt a review of current structures and business activities. A restructuring may take many forms, from a review of product offerings to a transfer of business to an existing or new entity. For in-scope entities currently outside of the EU which conduct business in more than one EU country, separate branch authorisations may be required in each case. Some entities already have a subsidiary in place in the EU and if a branch is required to be added under CRD VI, it may be possible to merge activities and entities.

Restructuring of EU business will likely raise the question of the whether to move existing clients to new entities, potentially in new jurisdictions. This will impact client contracts which will need to be assigned to the new entities, and contractual terms will need to be amended to reflect the change of jurisdiction and the businesses specific operating model. Local law advice may be required, as well as project resources to handle multiple legal contract reviews.

6.      Pre-existing customers (acquired rights)

CRD VI provides that no branch authorisation will be required where customer contracts were entered into before 11th July 2026 (referred to as ‘acquired rights’). However, there is scope for EU Member State divergence in this area.

This provision is perhaps more complex than it might initially seem. We have seen with other EU regulations that material amendments to existing contracts may act to create a new contract for the purpose of the regulation. Secondly, where existing customers enter new contracts with the new EU branch, the result could be a split book of customer contracts across new and old entities. Thirdly, what of contracts entered into in this six-month period before 11th January 2027 if the new branch is not yet authorised and in operation? They may need to be formally moved to the new entity.

There is the potential for EU Member States to continue (or ‘grandfather’) the national law permissions of existing branches of third country entities in their jurisdictions. However, although this will be welcome, it is subject to the requirement that the minimum requirements of CRD VI have been met, meaning that those who might benefit from potential grandfathering will likely need to upgrade their current compliance levels in any event.

7.      CRD VI has been called Brexit 2

Brexit, it is fair to say, did not resolve the myriad issues of UK financial service institutions with activities in the EU. CRD VI’s requirement for branch authorisations picks up some of those loose Brexit threads since the UK is now a third country to the EU and the activities of UK financial institutions in the EU will be subject to the authorised branch or subsidiary requirements of CRD VI.

The Financial Conduct Authority previously identified four methods of UK firms continuing to provide services into the EAA post-Brexit: using local law permissions, local law exemptions, reverse solicitations and equivalence decisions. CRD VI will like impact local law permissions and exemptions and the use of reverse solicitation which UK firms may currently rely on and require UK institutions – as third country institutions – to seek at least branch authorisation. As the UK proceeds with its own plans to separate from EU regulations, firms will need to plot their route between these two jurisdictions carefully.

8.      Timelines

CRD VI was published in the Official Journal on 19th December 2024. Member States are required to have transposed the directive by 10th January 2026. However, Article 1(9) of CRD VI, setting out the requirement to establish a branch, allows Member States to delay compliance for one year until 11th January 2027 (except for acquired rights provisions discussed above). As always, regulatory timelines seem far away but firms should be starting work now if they have not done so already, particularly so that they understand the potential impact on their businesses, giving time address legal issues which will arise.

9.      What you should be doing?

A good place to start will be a review of what core business services, and by what methods, the third country entity is currently providing services into which EU countries. Then, looking at your overall European Union business will inform whether you will need to obtain branch authorisations (or updates if grandfathering is available), move business lines, change existing practices or consider wider restructuring changes.

Based on the scale of the change you are facing you may need additional advice, expertise and resourcing. You will need to consider capital and liquidity implications of such changes, as well plan for governance structures and personnel changes to meet the new requirements.

If formal authorisations are required, you will need to plan for the time and resources that these can involve, including if you are applying in more than one EU Member State.

The regulations are complex, raising multiple issues such as reliance on reverse solicitation or grandfathering. In addition, there is the variance that we might expect from EU Member States exercising their discretions to consider, as well as the further Level 2 regulations and technical standards from bodies such the European Banking Authority which have yet to be published.

10.  How can Temple Consulting help?

Temple Square Consulting is a consultancy of experts in EU and UK law and regulation. Our depth of knowledge and experience is such, that we understand not only how our clients work but also their commercial objectives and imperatives, which invariably are budget and time sensitive. This is why each mandate necessarily is costed according both to the nature of the work to be undertaken, and your desired outcome as well as the time frame and budget within which delivery is required. We provide an experienced and trusted talent pool from which they select the best fit for each project. In relation to our talent pool, we partner with bankers, accountants and lawyers - only those with whom we have worked previously and successfully.

Keith Blizzard has over 20 years’ experience in financial services and specialises in EU and UK law and regulation and has worked on many regulatory projects, helping clients finding the simplest route to compliance.

[1] See Article 21c, Directive (EU) 2024/1619, amending Directive 2013/36/EU. See also CRR III (Regulation (EU) 2024/1623, amending Regulation (EU) 575/2013).

[2] ‘Lending’ including consumer credit, credit agreements relating to immovable property, factoring, with or without recourse, financing of commercial transactions (including forfeiting).