CRD VI is now final: non-EU banks must start preparing now | Deloitte UK has been saved
Relevant to: Executives (CFOs, COOs, CROs, Chief Control Officers etc); Heads of Risk, Planning, Transformation, Strategy and Compliance; Legal Counsel; Board Members.
In December 2023, the European Commission published the near-final text of its new Banking Package (following months of trilogue negotiations we covered previously). It is clear that this package will have a significant effect on many non-EU banks European footprints: significantly restricting their ability to provide “core banking” services into the EU, as well as introducing a new harmonised regime for the regulation of TCBs via targeted amendments to CRD VI.
Today, both cross-border services and TCBs are subject to varying national rules across MS. Differences also exist within MS due to national competent authorities (NCAs) waiving certain requirements for individual TCBs. Therefore, establishing more uniform requirements for both is a significant step towards EU-wide harmonisation of the rules governing non-EU banks’ EU activities. However, we do not expect complete uniformity (even within the scope of CRD VI’s provisions) – CRD VI is a Directive, not a Regulation, meaning MS will implement its provisions in their own legal frameworks with inevitable differences in approaches.
We expect CRD VI to enter into force around May 2024. On that basis, we would then expect most of its provisions to begin applying in November 2025, save for the cross-border services restrictions and new TCB regime discussed below that will have effect one year later.
From November 2026, non-EU banks (defined below) will no longer be able to commence or continue conducting cross-border “core banking” services (i.e. accepting deposits and other repayable funds, lending as well as providing guarantees and commitments) to EU-based clients, specifically:
This restriction is then subject to three important exemptions:
Separately, CRD VI also allows for grandfathering of contracts entered into before May 2026. Non-EU banks operating on this basis will need to consider what would be the trigger events that would mean that the contract is considered new such that the grandfathering provision would no longer apply.
Where business cannot comply with any of above exemptions, non-EU banks will only be able to provide “core banking” services in the EU through an EU TCB or subsidiary.
National implementing rules or subsequent guidance may clarify remaining areas of legal ambiguity around the cross-border restriction, which include:
From November 2026, both new and existing TCBs will have to comply with and be re-authorised under a new set of EU-wide minimum requirements. NCAs will be able to decide that authorisations of TCBs granted before this date can remain valid, although they must still comply with the regime.
CRD VI maintains that authorisation may only take place where the NCA has “endeavoured” to sign a “model administrative agreement” with the home state regulator of the TCB in question. TCBs, especially those headquartered (HQed) in jurisdictions with fewer existing relationships to MS’ NCAs, should consult with local NCAs to confirm re-authorisation will be possible.
CRD VI differentiates between two classes of TCB: Class 1 and Class 2 (we expect the majority of TCBs will qualify for the former). TCBs will be designated as Class 1 under the new regime if they:
Depending on TCB classification, the new regime will require TCBs to:
NCAs must periodically employ an independent third-party to assess TCBs’ compliance with the internal governance and risk controls requirements mentioned above.
The EBA will finalise the full details of some of the requirements over the coming years, especially regarding the specific booking arrangements TCBs must apply. At a minimum, this will include keeping a record of assets and liabilities originated by the TCB, those booked or held elsewhere for the TCB’s benefit, as well as off-balance sheet items.
As mentioned above, this new regime constitutes an EU-wide set of minimum requirements. This means only those TCBs currently regulated “below” this new baseline, whether due to less robust existing national-level rules or due to being in receipt of waivers, will face a commensurately larger compliance burden from November 2026.
TCBs may be required to subsidiarise if they meet any of the four following conditions:
In most cases, the NCA shall first impose additional prudential requirements on a TCB, or require it to restructure its assets and activities “in such a manner that they cease to qualify as systemic” or “cease to pose an undue risk” to financial stability. If this outcome is judged to be insufficient, TCBs can still be required to subsidiarise. However, if a NCA feels that alternative measures would be insufficient “to address” “material supervisory concerns”, it can utilise the subsidiarisation power without pursuing other options.
The first condition alone scopes in a large number of TCBs: at end-2020, 16 TCBs (out of a total 106) had more than EUR 10 billion in assets, with 19 more having between EUR 3 and 10 billion in assets.
CRD VI will force non-EU banks to rethink their overall European footprint. Foremostly, simply to comply with the new rules: firms must decide the future of any existing, now non-compliant cross-border services. This may involve setting up or expanding existing TCBs in MS where they have existing cross‑border business, transferring business to an existing (or new) EU subsidiary able to passport across MS or ultimately ceasing business in that MS altogether.
Migrating such business to an EU balance sheet, as well as reforming existing TCBs to comply with the new rules, have operational and financial implications for firms:
While less cost-efficient at first glance, non-EU banks operating or considering setting up multiple TCBs should assess the benefits of consolidating their business into one EU subsidiary. Subsidiaries have passporting rights, so firms avoid the repeated costs and operational strain of setting up and maintaining a TCB in each MS they have material cross-border business in (especially if a non-EU bank’s total TCB assets may grow close to the EUR 40 billion subsidiarisation threshold once asset migration has occurred). Ultimately, any decisions should be made with an eye to right-sizing their entire European (not just EU) footprint in parallel with any rationalisation programmes already in train. For example – cost increases to European banking operations may further incentivise non-EU banks to reconsider the attractiveness of a mid-size European presence. Given the number of relevant considerations, firms should begin identifying a best way forward now, to ensure they are not only compliant but “right-sized” for the November 2026 deadline.
Partner, Deloitte |
Director, Deloitte |
Partner, Deloitte |
Tom is a Senior Consultant in the EMEA Centre for Regulatory Strategy, focusing on capital markets regulation. Before joining Deloitte, he advised the Chancellor at HM Treasury.
David is Head of Deloitte’s EMEA Centre for Regulatory Strategy. He focuses on the impact of regulatory changes - both individual and in aggregate - on the strategies and business/operating models of financial services firms. David joined Deloitte after 12 years at the UK’s Financial Services Authority. His last role was as Director of Financial Stability, working with UK and international counterparts to deal with the immediate impact of the Great Financial Crisis and the regulatory reform programme that followed it.
Alex is a Partner in Deloitte’s Risk Advisory practice. Alex is an ex banking regulator with over nine years of consulting experience, and is a chartered accountant. Alex has deep experience of banking prudential risk and regulation, as well as financial services market access rules. Since 2016, Alex has supported multiple banks in securing banking and investment firm licenses for new operations post-brexit, and co-leads our Brexit banking and capital markets business. Alex also leads engagements on legal entity and booking model restructuring, prudential regulatory requirements, solvent wind down and supports on M&A transactions. He has supported a number of UK banks and investment firms in obtaining authorisation from the PRA and FCA over the past 9 years.
Clare is a partner within Deloitte Legal, who specialises in financial services regulation and regulatory technology (RegTech) law. She has over 15 years’ experience of providing strategic and commercial advice to financial institutions on regulatory matters, whether arising from ongoing business, business change, or significant regulatory change and advocacy projects such as MiFID II and CRD VI. In her previous role Clare chaired AFME’s Investment Research Working Group. She also specialises in digital assets, products and services. Prior to joining Deloitte, Clare held legal and compliance roles at HSBC, and previously was an associate at Freshfields Bruckhaus Deringer LLP and at Travers Smith LLP, where she undertook secondments to a range of buyside and sellside clients.
Jas is a Partner in Deloitte’s Risk Advisory Practice in London. He leads Deloitte’s Booking Model and Front Office Controls Propositions and has more than 13 years’ experience in the financial services sector. He has led numerous advisory projects, including; legal entity design and restructuring programmes, booking model reviews (transparency and optimisation), front office controls investigations; and front-to-back processes and controls reviews.
James is an experienced financial services regulatory lawyer, specialising in banking and capital markets work. James has worked as a regulatory specialist as both an in-house lawyer at one of the world’s largest banks, and for a number of years in private practice at a leading law firm. James has particular expertise in advising on large multi-business or multi product projects, for example: Material regulatory change such as Brexit, MiFID II and the Benchmarks Regulation. Business/strategic change including regulatory issues that arise where an existing business offers new products/services or enters into new markets. Design and development of new products. Business reviews and adaptation to regulatory change. Whilst in private practice James completed both international and client secondments. As part of his in-house role, James had extensive experience of liaising with industry working groups and regulatory authorities.
Margarita is a Senior Manager in Deloitte’s EMEA Centre for Regulatory Strategy, specialising in capital markets regulation. Before joining Deloitte in February 2023, Margarita worked 3.5 years in Wholesale Banks supervision at the Financial Conduct Authority. Prior to that, Margarita spent 10 years at a global investment bank in Equity Research and Regulatory Relations roles. Margarita holds BSc in Management and MSc in Energy, Trade and Finance from Bayes (Cass) Business School.