The latest iteration of capital regulations for banks and investment firms - CRD VI[1]- presents challenge for non-EU (third country) institutions which currently offer, or plan to offer, ‘core banking services’ in the EU. Such activities are currently harmonised in the European Union only to a ‘very limited extent’[2]. CRD VI will introduce harmonized standards, requiring, at least, that in-scope entities offering such services establish an EU authorised branch in the relevant EU Member State. With authorization comes minimum requirements on capital, liquidity, governance and risk management and the booking of transactions.

1.      Determining who is in-scope

The first step is to determine whether your institution currently provides ‘core banking services’ to EU customers from a third country. Those services (defined by reference to Annex I of CRD IV[3]) are (i) taking deposits and other repayable funds; (ii) lending[4]; and (iii) providing guarantees and commitments. Whereas the taking of deposits and other repayable funds are part of the core definition of a ‘credit institution’, the definition of ‘credit institution’ as it relates to lending and providing guarantees is subject to the further criteria that, in relation to any of those activities, the third country undertaking would qualify as a credit institution if it were in the EU.[5]

MIFID services are excluded from this requirement, including MIFID ancillary services such as deposit taking or granting of credit or loans (provided they are ancillary to the principle MIFID activity)[6].

2.      Are exemptions available?

The requirements of CRD VI may not apply where a third country undertaking is providing a service or activity to the following clients or counterparties: (i) those who approach the institution for services on their own exclusive initiative (‘reverse solicitation’); (ii) credit institutions; (iii) other undertakings in the same group[7]; and (iv) interbank and interdealer services.  The European Banking Authority is tasked with providing advice on further potential exemptions for other financial sector entities by June 2025.

The reverse solicitation exemption may appear attractive at first glance, applying where the customer approaches the third country entity. However, reverse solicitation is not well defined in EU law but there are some clear principles which will likely apply to this new regulatory regime: (i) CRD VI states that the reverse solicitation must be on the ‘exclusive initiative’ of the customer; as such, approaches based on marketing or advertising by the institution will infringe this requirement for, as will activities of another entity acting on the institution’s behalf or having close links with the institution; (ii) where the institution relies on reverse solicitation rules for a specific customer, its ability to offer additional products or services thereafter will be limited to those which were the subject of the original enquiry.

At present reverse solicitation is mostly governed by the national rules of Member States and there is a good deal of variance between approaches to this issue. The EU has previously been prescriptive on the use of reverse solicitation in the context of MIFID, including a warning by ESMA in 2021 on abuse of this exception.[8]  Reverse solicitation may therefore be an insufficient exemption for institutions with substantial business and, as ESMA reminded us, if it is questioned by regulators, the next step is potential action for administrative or criminal proceedings for providing services without authorisation.

To prevent abuses of this exemption Article 48k(2)(f) of CRD VI requires reporting by the branch to its competent authority of instances of reverse solicitation.

3.      Those in-scope will have to conduct EU business through an authorised branch

If a non-EU entity is providing such core banking services to EU customers, then it will have to obtain EU authorisation as a branch in the Member State where the activity is taking place. In certain cases, it may be required to create a subsidiary. As well as the application and approval process, this will create an on-going compliance and supervisory relationship with the national regulator of the chosen EU Member State. It will not, however, include a right to passport services into other EU Member States.

Authorised non-EU branches will be graded as either Class 1 or Class 2, with the latter being treated as 'small and non-complex institutions’ in line with the EU principle of proportionality[9] and subject to lighter touch regulation. Grounds for qualification as a Class 1 entity include the third country branch having assets of €5bn or more, accepting retail deposits, having a head undertaking which is subject to EU regulation, being in a high-risk country or a country where there are identified anti-money laundering deficiencies.

4.      Subsidiarisation may be required, or desired

In certain cases, EU Member State competent authorities may require that a third country branch establish a subsidiary in the EU[10]. This can apply where the branch in question is considered systemically important and poses significant financial stability risks in the Union or the Member State where it is established; factors to be considered include volumes of business being transacted, market share, complexity of organisational structure and the degree of interconnectedness with the financial system of the EU and the Member State where the branch is established, as well an assessment of the impact of a closure or suspension of business and how easily it can substituted. A subsidiary may also be required where the aggregate amount of assets of all third country branches in the same third country group are €40bn or over, or the individual branch’s assets are €10m or over.

Unlike an authorised branch, a subsidiary will be able to avail of passporting rights but will be subject to relevant EU regulations such as capital requirements.

5.      Restructuring may be called for

The impact of the requirement to obtain third country branch authorisation, or potentially to create a subsidiary, may prompt a wider business review and restructuring. In particular, the capital and liquidity requirement may prompt a review of current structures and business activities. A restructuring may take many forms, from a review of product offerings to a transfer of business to an existing or new entity. For in-scope entities currently outside of the EU which conduct business in more than one EU country, separate branch authorisations may be required in each case. Some entities already have a subsidiary in place in the EU and if a branch is required to be added under CRD VI, it may be possible to merge activities and entities.

Restructuring of EU business will likely raise the question of the whether to move existing clients to new entities, potentially in new jurisdictions. This will impact client contracts which will need to be assigned to the new entities, and contractual terms will need to be amended to reflect the change of jurisdiction and the businesses specific operating model. Local law advice may be required, as well as project resources to handle multiple legal contract reviews.

6.      Pre-existing customers (acquired rights)

CRD VI provides that no branch authorisation will be required where customer contracts were entered into before 11th July 2026 (referred to as ‘acquired rights’). However, there is scope for EU Member State divergence in this area, provided that “such measures should apply solely for the purpose of facilitating the transition to implementation of this Directive and should be narrowly framed to avoid instances of circumvention.”

This provision is perhaps more complex than it might initially seem. We have seen with other EU regulations that material amendments to existing contracts may act to create a new contract for the purpose of the regulation. Secondly, where existing customers enter new contracts with the new EU branch, the result could be a split book of customer contracts across new and old entities. Thirdly, what of contracts entered into in this six-month period before 11th January 2027 if the new branch is not yet authorised and in operation? Will they need to be formally moved to the new entity and if so, how will this be managed?

There is the potential for EU Member States to grandfather the national law permissions of existing branches of third country entities in their jurisdictions[11]. However, although this will be welcome, it is subject to the requirement that the minimum requirements of CRD VI have been met, meaning that those who might benefit from grandfathering will likely need to upgrade their current compliance levels.

7.      CRD VI has been called Brexit 2

Brexit, it is fair to say, did not resolve the myriad issues of UK financial service institutions with activities in the EU. CRD VI’s requirement for branch authorisations picks up some of those loose Brexit threads since the UK is now a third country to the EU and the activities of UK financial institutions in the EU will be subject to the authorised branch or subsidiary requirements of CRD VI.

The Financial Conduct Authority previously identified four methods of UK firms continuing to provide services into the EAA post-Brexit[12]: using local law permissions, local law exemptions, reverse solicitations and equivalence decisions. CRD VI will like impact local law permissions and exemptions and the use of reverse solicitation which UK firms may currently rely on and require UK institutions – as third country institutions – to seek at least branch authorisation. As the UK proceeds with its own plans to separate from EU regulations, firms will need to plot their route between these two jurisdictions carefully.[13]

8.      Timelines

CRD VI was published in the Official Journal on 19th December 2024. Member States are required to have transposed the directive by 10th January 2026. However, Article 1(9) of CRD VI[14], setting out the requirement to establish a branch, allows Member States to delay compliance for one year until 11th January 2027 (except for acquired rights provisions discussed above[15]). The same one-year extension also applies to Article 1(13) of CRD VI[16] on prudential supervision of third country branches (except for reporting requirements[17].)

As always, regulatory timelines seem far away but firms should be starting work now if they have not done so already, particularly so that they understand the potential impact on their businesses, giving time address legal issues which will arise.

9.      What you should be doing?

A good place to start will be a review of what core business services, and by what methods, the third country entity is currently providing services into which EU countries. Then, looking at your overall European Union coverage will inform whether you will need to obtain branch authorisations (or updates if grandfathering is available), move business lines, change existing practices or consider wider restructuring changes.

Based on the scale of the change you are facing you may need additional legal, tax or regulatory advice. You will need to consider capital and liquidity implications of such changes, as well plan for governance structures and personnel changes to meet the new requirements.

If formal authorisations are required, you will need to plan for the time and resources that these can involve, including if you are applying in more than one EU Member State.

The regulations are complex, raising multiple legal issues such as reliance on reverse solicitation or grandfathering. In addition, there is the variance that we might expect from EU Member States exercising their discretions to consider, as well as the further Level 2 regulations and technical standards from bodies such the European Banking Authority which have yet to be published.

10.  How can Temple Square Chambers help?

Temple Square Chambers specialises in UK, EU and international financial services and regulation. Its members are experienced in advising on large regulatory projects, regulatory authorisations, restructurings and contract review and remediations.

Keith Blizzard has over 20 years’ experience in financial services and specialises in EU and UK regulation. He is an experienced contracts lawyer experience in loans and associated documents. He has worked on many regulatory, restructuring and contract remediation projects.

[1] Directive (EU) 2024/1619, amending Directive 2013/36/EU. See also CRR III (Regulation (EU) 2024/1623, amending Regulation (EU) 575/2013).

[2] Recital 17 of CRD VI states: “The regulation of branches established by undertakings in a third country to provide banking services in a Member State is subject to national law and only harmonised to a very limited extent by Directive 2013/36/EU.”

[3] Annex I points 1, 2 and 6 of CRD IV (2013/36/EU) (amended by CRD V ((EU) 2019/878).

[4] ‘Lending’ including, inter alia: consumer credit, credit agreements relating to immovable property, factoring, with or without recourse, financing of commercial transactions (including forfeiting).

[5] The third country undertaking would qualify as a credit institution or would fulfil the criteria for a large investment firm set out in Article 4(1), point (1)(b), of Regulation (EU) 575/2013 if it were established in the Union, including the quantitative criteria relating to the value of its assets.

[6] See Article 21c(5) of CRD VI, referring to Annex I of Directive 2014/65/EU (MIFID).

[7] See Article 48i CRD VI.

[8] ESMA Public Statement 13.1.21 ESMA 35-43-2509.

[9] See Regulation (EU) 575/2013

[10] Reference is to the requirements in Title III, Chapter 2 of 2013/36/EU on the requirement for credit institutions to obtain authorisation before commencing activities.

[11] Article 48c(6) CRD VI.

[12] Considerations for firms after the transition period | FCA. Note the adherence of EEA countries to CRD VI is currently under consideration.

[13] See Financial Services and Markets Act 2023.

[14] Inserts the new Article 21c into 2013/36/EU.

[15] As set out in Article 21c(5) of the new Title VI of 2013/36/EU.

[16] Replacing Title VI of 2013/36/EU.

[17] As set out in Article 48l and 48k of the new Title VI of 2013/36/EU.