Germany is one of the biggest and most important markets for banking business in the world. Its banking system is based on three pillars: commercial banks, public law banks (including savings and loan associations and state banks) and cooperative banks. Commercial banks are private companies governed by private law; usually they are listed or unlisted stock corporations, or unlisted limited liability companies. Savings and loan associations are public law entities owned by municipalities or counties. They usually focus on local or regional business. Cooperative banks are customer-owned entities; their members democratically control, govern and own these banks (following the one person, one vote principle).
The number of banks in Germany as at the end of October 2018 was as follows: 263 commercial banks with assets of around €3.62 trillion; 878 cooperative banks with assets of around €925 billion; and 393 public law banks with assets worth around €2.16 trillion.2 The five largest banks in terms of assets are Deutsche Bank, DZ Bank, KfW, Commerzbank and Unicredit Bank (HypoVereinsbank).
II THE REGULATORY REGIME APPLICABLE TO BANKS
i The basic structure of banking regulation
Banking regulation in Germany comprises two basic elements: a licence system to prevent untrustworthy institutions from doing business, and provisions regulating the way licensed institutions should operate, including a bank's minimum capital and liquidity, risk management and general conduct of business.
Germany participates in the single supervisory mechanism (SSM) established within the eurozone. The SSM covers the main aspects of prudential regulation of institutions that conduct at least deposit and lending business (CRR credit institutions). Within the SSM, responsibilities are shared between the European Central Bank (ECB) and national competent authorities (NCAs): the ECB is generally responsible for the direct supervision of significant CRR credit institutions, with NCAs having only an assisting role. With regard to less significant CRR credit institutions, the NCAs are in charge of their direct supervision, with the ECB being generally limited to indirect oversight, but nevertheless having the final word on the granting and withdrawal of authorisations and the assessment of qualifying holdings in CRR credit institutions (common procedures).
The role of NCAs is carried out by the Federal Financial Services Supervisory Authority (BaFin). BaFin is also responsible for all tasks of prudential supervision that have not been conferred on the ECB, and the supervision of financial services institutions, insurance undertakings and asset management companies. The Bundesbank, the German central bank, is responsible for assisting BaFin and the ECB in the supervision of CRR institutions. The tasks of the Bundesbank include the gathering of prudential and statistical information reported by German banks, and the analysis of their compliance with capital adequacy and risk management requirements. The Bundesbank may not issue administrative instructions to individual institutions.
ii Regulatory regime: selected licensing requirements
As a Member State of the European Union, Germany has fully implemented the Capital Requirements Directive (CRD IV)3 and the Markets in Financial Instruments Directive II (MiFID II).4 Therefore, the regulatory regime is quite similar to those of other EU Member States.
Anyone wishing to conduct a banking business (credit institutions) or to provide financial services (financial services institutions) commercially in Germany, or on a scale that requires a commercially organised business undertaking, generally requires a licence or an EU passport.
Banking businesses include, inter alia, the acceptance of deposits or other repayable funds from the public (deposit business), the granting of loans (lending business), safe custody services, and the purchase and sale of financial instruments in one's own name for the accounts of clients (principal broking service). Financial services include, inter alia, the purchase and sale of financial instruments for one's own account as a service for clients, high-frequency trading, portfolio management and investment advice.
Regulated activities are performed in Germany if they are offered to customers in Germany repeatedly and in a commercial manner. This includes services offered from other countries to customers in Germany by mail, telephone, fax or email. Concerning internet activities, an institution is assumed to offer regulated services in Germany if it advertises its products actively through the internet to customers in Germany. Further indications are the adaptation of offers to German law and to the expectations of German customers, as well as a German internet address or cooperation with German institutions.
Institutions are only eligible for a licence if they have a head office in Germany. Foreign entities must therefore set up a German subsidiary or branch. Generally, no particular legal form is required. However, entities carrying out banking businesses must not be operated as a sole proprietorship. Furthermore, to obtain a licence, sufficient initial capital is needed and must be available in Germany. The exact amount of the required initial capital depends on the business conducted.
An institution must employ at least one qualified manager. Credit institutions and financial services institutions that are authorised to own or possess funds or securities of customers must have at least two managers. All managers must be fit and proper, that is to say, sufficiently qualified and trustworthy. Concerning professional qualifications, designated managers must have sufficient theoretical and practical knowledge (i.e., experience) in the business concerned. A person with three years' experience at a bank of similar size and type of business in a leading position is normally deemed to be sufficiently experienced. Trustworthiness could be excluded where the designated manager has committed certain crimes (such as fraud or breach of trust), violated regulatory provisions, or shown bad personal or business behaviour. Supervisory board members must also be trustworthy and sufficiently qualified.
The number of mandates per person is limited for both managers and supervisory board members. Managers and supervisory board members of CRR credit institutions that are of significant importance (this includes, inter alia, all CRR credit institutions under direct ECB supervision) are subject to the following restrictions: one manager position and two supervisory board memberships, or four supervisory board memberships. Directorships held within the same group (which applies to groups of institutions, financial holding groups, mixed financial holding groups and mixed holding groups) are counted as one directorship. With regard to other institutions, supervisory board members are not permitted to hold more than five supervisory board mandates within undertakings supervised by BaFin.
In individual cases, BaFin may exempt entities other than CRR credit institutions from specific regulatory duties (including the licensing requirement) if supervision is not deemed to be necessary. This exemption can also be used, inter alia, by non-EU institutions wishing to provide cross-border services into Germany (see below).
If a banking business is conducted or financial services are provided without the required licence, BaFin may order the immediate cessation of that business. Managers may be subject to criminal liability in these cases.
iii Regulation of branches of foreign banks, representative offices and the cross-border activities of foreign banks
Like German banks, subsidiaries of foreign banks established to conduct regulated business in Germany are subject to licensing procedures and monitoring. Likewise, dependent branches of foreign banks conducting banking business or providing financial services in Germany generally require a licence.
Foreign banks domiciled in another EEA Member State may conduct certain regulated business either through a branch or on a cross-border basis without a German licence if they hold an EU passport. An EU passport requires that the entity is licensed and supervised by the competent authorities of its home state, and that the business the entity intends to conduct in Germany is covered by the home state licence.
No licence is required for a representative office of a foreign bank in Germany. The representative office must not conduct any regulated business. Prior notice of the establishment of such a representative office must be given to BaFin.
No licence is required if foreign banks perform requested services (also known as reverse solicitation). German residents and companies domiciled in Germany may request the services of foreign institutions at their own initiative. An institution offering these services following such a request does not need a licence in Germany, provided it does not conduct any business on German territory or on a cross-border basis (including by means of telecommunication) directed towards potential customers residing in Germany. BaFin specifies, in a guidance note, the differences between requested services that are not subject to the licensing requirement, and cross-border banking businesses or financial services requiring a licence or an EU passport.
An exemption of non-EU institutions from the licensing requirement may be granted by BaFin at its discretion, provided that the bank in question is effectively supervised in its home country by the competent authorities in accordance with internationally recognised standards, and that the competent home country authorities cooperate satisfactorily with BaFin. Additionally, the applicant company must submit a certificate from the competent authorities of its home country confirming to BaFin that it holds a banking or financial services licence, and that the provision of the intended cross-border services in Germany raises no supervisory concerns. As a general rule, an exemption for the conduct of banking businesses and the provision of financial services to private clients will only be granted if a foreign bank uses a German credit institution or an EEA credit institution with an EU passport as an introducing agent.
As a consequence of a bilateral agreement between BaFin and the Swiss Financial Market Authority, Swiss banks have the option of applying for a simplified exemption procedure under which they can directly solicit private German clients without a credit institution acting as an introducing agent; however, in such a case they would be subject to compliance with strict MiFID and other requirements.
iv Regulation of payment services and e-money business
Germany has implemented the second Payment Services Directive5 and the second E-Money Directive.6 Payment services institutions and e-money institutions (other than CRR credit institutions) are required to hold a payment services or e-money licence and are supervised by BaFin. It is possible for licensed payment services and e-money institutions registered in other EEA Member States to conduct their business in Germany through a branch or on a cross-border basis without a German licence if they hold an EU passport.
III PRUDENTIAL REGULATION
i Relationship with the prudential regulator
The ECB and BaFin may examine institutions routinely or in the event of a special cause. The regulators may enter and inspect an institution's offices for this purpose during normal business hours. This right generally also applies to an institution's subsidiaries. Furthermore, BaFin representatives may attend a bank's general meeting and meetings of the supervisory board. An institution and its managers must provide the ECB, BaFin and the Bundesbank upon request with all relevant information and documentation.
Institutions are subject to numerous ad hoc and regular reporting and notification obligations. Generally, notifications must be sent both to BaFin and the Bundesbank, whereas regular reporting (such as COREP and FINREP) is received by the Bundesbank only. Institutions have to notify BaFin and the Bundesbank annually of their participating interests in other enterprises, any qualified participating interests they hold in the reporting institution and the number of domestic branches.
Within the SSM, a slightly different reporting regime applies to CRR credit institutions that qualify as significant and are thus directly supervised by the ECB. Generally, these institutions must submit their notifications to the ECB, with copies going to BaFin and the Bundesbank. An exception applies to those notifications by which significant CRR credit institutions notify their intention to appoint a manager, the appointment of a supervisory board member or the end of term of any of these individuals. In relation to these notifications, the NCAs (i.e., BaFin and the Bundesbank) act as the single point of entry.
ii Management of banks
Typical management structures and the influence of holding companies
Commercial banks in the legal form of a German stock corporation have a management board consisting of the managers and a supervisory board. This two-tiered structure can be seen as an important element of self-regulation and internal governance of banks. The management board is responsible for both the day-to-day affairs of the bank and the business strategy. It represents the bank when dealing with third parties. In performing their duties, managers must act solely in the bank's best interests, without being subject to instructions from any third party, including the supervisory board. The supervisory board is responsible for supervising and advising the management board, and it appoints managers and can dismiss them with reason (a loss of confidence is sufficient to satisfy that requirement). To the extent set out in the bank's articles of association or the management board's by-laws, the management board must obtain the prior approval of the supervisory board for certain transactions and other actions of the bank, which may, for example, include the establishment and closure of branches and the purchase and sale of companies. Supervisory board members are elected by the shareholders; therefore, large shareholders are regularly represented on the supervisory board. Legal persons cannot be members of the boards.
Shareholders may communicate recommendations to the management board and the supervisory board, as long as those recommendations are legally and factually non-binding (unless a domination agreement is concluded).
Limited liability companies
Limited liability companies only require a supervisory board if they have more than 500 employees. The shareholders of limited liability companies may generally render binding instructions to the management board, even regarding the day-to-day business. Nevertheless, the managers in limited liability companies are also solely responsible for compliance with all applicable laws and regulations.
German corporate law allows parent companies to establish the authority to give binding instructions (relating to day-to-day business and business strategy) to the management boards of their subsidiaries by concluding a domination agreement with them. In the case of banks, however, this possibility is not unlimited, because domination agreements conflict with the independence of bank managers required by regulatory law. Therefore, a domination agreement with a bank must provide that the controlled bank's managers must be independent from instructions to the extent necessary to comply with mandatory regulatory requirements.
Regulatory duties of management of banks
A manager of an institution is required to carry out several regulatory duties. For example, he or she must report to BaFin and the Bundesbank (as well as to the ECB if the bank is directly supervised by the ECB) the commencement and termination of activities as a manager or member of the supervisory board or administrative board of another enterprise, as well as the acquisition and disposal of a direct participating interest in an enterprise, and any changes in the scale of such a participating interest.
Restrictions on payments to the management of banks
The compensation of managers of a stock corporation must be appropriate in terms of personal performance and the common level of compensation. For example, to reduce the incentives for managers to focus on short-term profits, stock options are not exercisable in the first four years after they have been granted. These rules do not apply to managers of limited liability companies.
As required under the CRD IV, the variable component of the total remuneration paid to a manager or an employee generally must not exceed 100 per cent of the fixed component. The institution's shareholders may approve a higher variable component, but not exceeding 200 per cent of the fixed component for each individual. In addition, restrictions on payments are part of the Regulation on the Remuneration Systems of Institutions. Pursuant to these requirements, remuneration systems should be orientated around the objectives of the bank's strategy. Incentives to take disproportional risks should be avoided. The remuneration of bank managers should adequately reflect their functions and performance, and should not exceed the common remuneration without particular reason. Remuneration agreements between banks and their managers must be in written form. Banks are obliged to disclose information annually about their remuneration systems, and the total amounts of all fixed and variable compensations.
iii Regulatory capital and liquidity
Regulatory capital requirements
Regulatory capital requirements have been harmonised within the European Union and are part of the Capital Requirements Regulation (CRR).7 The CRR covers regulatory capital requirements in particular with respect to counterparty risk, market risk, operational risk and settlement risk. In addition to the capital requirements laid down in the CRR, banks are required to hold a minimum capital of €5 million in the form of Common Equity Tier 1 (CET1) capital.
Germany has also implemented the new CRD IV regime on capital buffers. For 2019, banks must thus maintain a capital conservation buffer of 2.5 per cent of their total risk exposure as well as an institution-specific countercyclical capital buffer equivalent to the weighted average of the national countercyclical buffer rates of those EU Member States in which relevant credit exposures are located. The current countercyclical buffer rate for Germany has been set at zero per cent. Additional buffer requirements apply to global and other systemically important institutions.
Concerning groups of institutions, (mixed) financial holding groups and financial conglomerates, consolidated supervision is exercised. A group comprises a parent company and subordinated companies. A parent company is an institution or a (mixed) financial holding company that is domiciled in Germany and is not subordinated to other institutions in Germany. Group member institutions taken together must fulfil the capital requirements laid down in the CRR. To determine whether a group has adequate capital, the capital of the group members, on the one hand, and the risk exposure amounts of the group members, on the other, are aggregated. As a general rule, intragroup positions will be eliminated to calculate capital requirements on a group level. If a parent company prepares consolidated accounts under IFRS,8 such consolidated accounts will be the basis of consolidated supervision.
iv Recovery and resolution
As of 1 January 2015, Germany implemented the Bank Recovery and Resolution Directive (BRRD).9 In addition, on 1 January 2016, the SRM Regulation10 came fully into effect, establishing a uniform procedure for the resolution of CRR credit institutions established within the eurozone (single resolution mechanism (SRM)). The European and German recovery and resolution framework distinguishes mainly between the following areas of regulation: recovery planning by the banks themselves; resolution planning by the competent resolution authority; and resolution (i.e., the application by a resolution authority of one or more resolution tools to an institution that is in a crisis situation).
CRR credit institutions and their holding companies are required to prepare, and update annually, recovery plans describing how their financial stability could be restored in the event of a financial crisis. The recovery plans are to be assessed by the competent prudential supervisory authorities (i.e., the ECB for significant CRR credit institutions, and BaFin for less significant CRR credit institutions), which have also been granted extensive powers when recovery plans are regarded as insufficient.
On the other hand, resolution planning and the application of resolution tools fall within the scope of application of the SRM. Within the SRM, competencies and tasks are shared between the Single Resolution Board (SRB), a special agency of the European Union, and the national resolution authorities of the participating EU Member States. The national resolution authority for Germany was, until 31 December 2017, the Federal Agency for Financial Market Stabilisation; its role has since then been taken over by BaFin. While the SRB is competent and responsible for preparing resolution plans and adopting all decisions relating to the resolution of those CRR credit institutions and their parent undertakings that are subject to direct supervision within the SSM by the ECB or are part of a cross-border group, BaFin as the national resolution authority is responsible for resolution planning and the resolution of all other German CRR credit institutions.
When establishing resolution plans, the resolution authority (i.e., the SRB or BaFin) must identify and, where necessary and proportionate, address and remove any material impediments to resolvability. Similar to the powers of the competent prudential regulator when assessing a bank's recovery plan, resolution authorities have the power to require a bank to limit its risk exposures or to divest specific assets to restrict or prevent the development of new or existing business lines, or to require changes to legal or operational structures of the institution and the group, respectively.
Resolution tools and powers may be applied by the SRB or BaFin when an institution is failing or likely to fail, there is no reasonable prospect that any alternative private sector or prudential measure would prevent the failure of the institution, and the resolution action to be applied is necessary and proportionate to ensure the continuity of critical functions of the institution, provided this is necessary to protect depositors, client funds or client assets, to avoid a significant adverse effect on the financial system or to protect public funds from being used in a bail-out scenario. The resolution tools are:
- a sale of business, by which assets, rights or liabilities as well as shares in an institution can be transferred to an acquirer;
- a bridge institution, by which assets, rights or liabilities and shares can be transferred to a bridge bank owned and controlled by the resolution authority;
- an asset separation, by which assets, rights or liabilities can be transferred to a special purpose vehicle with the purpose of maximising the value of these assets through a sale or orderly wind-down; and
- a bail-in, by which shareholders and specific creditors may now be required to participate in losses and the recapitalisation of a credit institution or its group entities in a resolution scenario. With the bail-in tool, the SRB and BaFin have the power to write down equity and liabilities in whole or in part, and to convert liabilities into shares or other CET1 instruments of the respective institution or group entity or of a bridge institution. The requirements for the application of the bail-in tool, as well as the regime of liabilities that are either statutorily excluded from bail-in or may be excluded by the SRB or BaFin, are laid down in the SRM Regulation.
To ensure that sufficient own funds and liabilities are available for the application of the bail-in tool, credit institutions and respective groups must maintain a minimum amount of own funds and 'bail-inable' liabilities as required by the SRB or BaFin (minimum requirement of own funds and eligible liabilities).
IV CONDUCT OF BUSINESS
i German rules concerning banks' organisation and conduct of business
Proper business organisation, including risk management
An institution must have in place a proper business organisation and suitable arrangements to ensure compliance with legal and regulatory duties. BaFin has specified these requirements in detail in its MaRisk (minimum requirements for risk management) circular. Risk management comprises the formulation of an appropriate strategy and the establishment of appropriate internal surveillance procedures. These procedures include appropriate risk management and controlling procedures, stress tests, an independent risk controlling function, a compliance function, and an efficient and independent internal audit function. In addition, BaFin has provided for detailed minimum requirements regarding a bank's internal organisation and procedures when granting loans (e.g., a relatively strict four eye principle) or trading in financial instruments.
According to MiFID II, anyone who provides investment services or performs investment activities (such as reception and transmission of orders in relation to financial instruments, dealing on own account, portfolio management or investment advice) must comply with certain rules of conduct with regard to customers. Investment services enterprises must provide investment services with the requisite degree of expertise, care and prudence in the interests of their customers. These institutions are obligated to enquire about their customers' experience and knowledge of financial transactions, and to provide certain information to their customers. The specific scope of the obligations depends on whether the customer is a private client, a professional client or an eligible counterparty. Professional clients include authorised or regulated enterprises, large undertakings, national or regional governments, central banks and other institutional investors whose main activity is to invest in financial instruments.
In addition to the rules implementing MiFID II, banks are required to ensure that their investment advisers, sales representatives (i.e., persons competent for the definition of sales objectives) and compliance officers have the relevant expertise and necessary trustworthiness for their respective activities. Banks must notify these persons to BaFin prior to the commencement of their activity.
ii Sources of liability in German law
Criminal and administrative liability
Operating without a required licence and doing banking business that is prohibited, as well as violations of the duty to report insolvency or over-indebtedness to BaFin, are causes of criminal liability for bank managers. In addition, non-compliance with certain other regulatory duties is subject to administrative fines. Under German law, a bank itself can be held liable for administrative fines, but not criminal violations.
Civil law liability
Concerning civil law, three sources of liability have to be considered: management's liability to the bank, a bank's liability to its customers and management's liability to customers. Managers must apply the diligence of orderly executives in performing their duties, and may be liable to the company for damages if they fail to do so. A business decision taken by the management board is not considered to be a breach of duties if the management acted on the basis of adequate information, and if the management could reasonably assume that the transaction was in the best interests of the company (business judgement rule). A bank's liability to its customers is, in most cases, a result of the violation of contractual duties. In very exceptional cases, the management may be directly liable to customers.
iii Applicable law on banking secrecy
Except for the statutory confidentiality requirements imposed on officers of the supervisory authorities, there is no special law on banking secrecy in Germany. Banking secrecy in Germany is a result of contractual duties between a bank and its customers. More specifically, banking secrecy is provided for in the bank's general terms and conditions, which are standardised general terms and conditions used by most German banks. Pursuant to these standardised contractual clauses:
the bank has the duty to maintain secrecy about any customer-related facts and evaluations of which it may have knowledge (banking secrecy). The bank may only disclose information concerning the customer if it is legally required to do so, if the customer has consented thereto, or if the bank is authorised to disclose banking affairs.
German data protection law also protects information relating to private individuals. Concerning banking business, data protection concerns can arise, for example, in loan portfolio transactions. The assignor is, on the one hand, obliged to provide the assignee with all the relevant information under German civil law; on the other hand, however, this may be a violation of data protection law.
The funding of banks in Germany is typically based on several pillars: deposits from customers, unsecured and secured capital market products (including, for example, covered bonds), deposits from other banks and ECB funding.
VI CONTROL OF BANKS AND TRANSFERS OF BANKING BUSINESS
i Control regime
Regulation of persons controlling banks and the approval process for a change of control
Based on the German rules that implemented the European Acquisition Directive,11 persons intending to acquire a qualifying holding in an institution have to comply with several requirements.
The term qualifying holding is defined in the CRR, and means a direct or indirect holding in an undertaking that represents 10 per cent or more of the capital or the voting rights, or that makes it possible to exercise significant influence over the management, of that undertaking. According to BaFin, the question of whether an indirect holding representing at least 10 per cent of the capital in a target undertaking exists has to be assessed on a calculation basis (look-through or multiplication approach: for example, a 40 per cent holding in a 30 per cent shareholder of a bank leads to an indirect holding of 12 per cent of the capital in that bank and would therefore be sufficient).
This approach has also been taken by the European Supervisory Authorities (ESAs) in their joint Guidelines,12 published in this respect in December 2016. The ESAs are further of the view that any person who directly or indirectly controls another person that has been identified as an acquirer of an indirect qualifying holding pursuant to the application of the multiplication approach also qualifies as an acquirer of an indirect qualifying holding even if the controlling person does not indirectly hold at least 10 per cent of the target bank's capital. BaFin and the ECB have in the meantime changed their administrative practice and also follow this approach.
A notification must be made once a purchaser has formed the intention to acquire a qualifying holding. Therefore, BaFin may, for example, already have to be notified if and when a letter of intent or an exclusivity agreement is signed. In the notification, the prospective purchaser must state the facts relevant to the amount of the qualifying holding and to the acquisition of the significant influence as well as to assessing its trustworthiness, and must name the seller or sellers of the respective shares. A detailed business plan is required that contains, inter alia, a business strategy for the acquired institution and target figures for the three full business years following the year of acquisition. The intended acquisition may be prohibited within 60 business days if, inter alia, the proposed acquirer or a designated manager is not reliable or financially stable, the institution is at risk of not meeting its regulatory requirements as a consequence of the acquisition, or the transaction is connected to money laundering or the financing of terrorism. In view of the detailed content and form of the notification, it is very important to consider the disclosure requirement in a timely manner in merger and acquisition transactions in which banks are involved. If a holder of a qualifying holding intends to increase the amount of the holding to 20, 30 or 50 per cent, or more, BaFin must be notified again. Conversely, if a shareholder of a bank intends to dispose of its qualifying holding or to reduce the shareholding below these thresholds, it must notify the competent authorities accordingly.
Within the SSM, the ECB is responsible for all shareholder control procedures pertaining to CRR credit institutions, including less significant CRR credit institutions. BaFin retains exclusive responsibility only for those institutions that do not qualify as CRR credit institutions (e.g., financial services institutions). The notifications for all institutions (including CRR credit institutions) must be submitted to BaFin and the Bundesbank. In the case of CRR credit institutions, BaFin will assess the proposed acquisition and submit a proposal for a decision to oppose or not oppose the acquisition to the ECB. The ECB will then issue a resolution and communicate it to BaFin and the interested acquirer.
The Foreign Economy Act and a change of control
The Federal Ministry of Economic Affairs and Energy can prohibit or restrict acquisitions of German enterprises by non-EU residents if the purchase leads to a total takeover or to a stake of at least 25 per cent, and a serious threat to public policy or public safety results from the purchase. The signing of a purchase agreement in relation to enterprises that qualify, inter alia, as operators of critical infrastructures must be notified in writing to the Ministry, and in any event the Ministry may enter into a formal assessment up to three months after having knowledge of the signing of a purchase agreement. Therefore, in cases where no notification is due, it may also be advisable to announce an acquisition voluntarily to obtain transaction security.
ii Transfers of banking business
Concerning the general possibilities of transferring businesses in Germany, there are no special rules for banks. German civil and corporate law provide for the general framework for such transfers.
Under German civil law, it is generally possible to transfer payment claims arising from banking transactions to another bank without the consent of the banking customers concerned. However, the transfer of contractual duties or contracts as a whole generally requires customers' consent. Under certain circumstances, consent can be obtained in the form of deemed consent.
A transfer of banking business to another entity is also possible by means of a split-off or hive-down, which are special schemes under German statutory corporate law. As a consequence of the split-off or hive-down becoming effective, legal title to the assets passes to another company by operation of law. Therefore, it is not necessary to transfer each asset individually. A banking licence cannot be transferred by way of split-off or hive-down. A split-off or hive-down under foreign law may also be used in this context: for example, to transfer the assets of a German branch of a foreign credit institution to a newly established German credit institution, it is possible, and has been tested in practice, to hive-down the assets of the German branch to a new subsidiary of that foreign credit institution registered in the same jurisdiction (becoming the German branch of that subsidiary) and, in a second step, to merge the subsidiary cross-border into the newly established German credit institution.
A further possibility for transforming banking business is to transfer assets by way of an accrual. First, the seller transfers assets to a new partnership by way of a hive-down. The transferee then becomes a partner of the limited partnership, after which the transferor leaves the partnership, which results in the complete transfer of all assets of the partnership to the transferee by operation of law. This model can also be used in cross-border transactions if it is also recognised in the other jurisdiction.
VII THE YEAR IN REVIEW
2018 saw a flurry of new rules and regulations for financial institutions in Germany. In particular, the new rules of MiFID II entered into force in Germany on 3 January 2018, and the respective German transposition act, the German Securities Trading Act, was completely overhauled. Furthermore, the second Payment Services Directive was transposed into national German law with effect from 13 January 2018 and, in particular, introduced new authorisation requirements for account information service providers and payment initiation service providers having a right to receive certain information on current accounts from the classical banks in order to provide their services. In addition, BaFin announced that it does not intend to treat fintechs on more favourable terms than other, more traditional institutions.
Furthermore, the new General Data Protection Regulation,13 which has applied since 25 May 2018, brought new challenges for the financial industry, especially for retail banks and fintechs that rely heavily on the digitalisation of their products and services. Despite the two-year implementation period, many German financial institutions are apparently still not yet fully compliant.14 This appears to be a problem not confined to the financial industry, but other industries as well.
The dominant topic of the year, however, was the preparation for Brexit. Once Brexit becomes effective, the United Kingdom will become a third country for the purposes of access to the single market established within the European Union. As a consequence, UK financial institutions will lose the EU passports under which they established branches or provided cross-border services in the remaining Member States. Likewise, financial institutions in Germany and other Member States will lose their respective passports for doing business in the United Kingdom. To answer the practical questions of institutions in this respect, BaFin has published a list of frequently asked questions, and has established a special contact point for institutions wishing to move their registered offices or operations to Germany. Brexit has also triggered a discussion about the booking model practices used by international banks. In this respect, the ECB as the main regulator within the SSM recently published the SSM's expectations regarding booking models, in particular in relation to certain back-to-back models that have come up in the context of relocating UK institutions to the eurozone. The ECB and national supervisors have made it very clear that they expect banks to have adequate local resources, continuous access to financial market infrastructures without being fully dependent on their parent undertakings in third countries, and not to rely on intragroup back-to-back hedging strategies or remote booking with group entities in third countries. As it became increasingly likely that the United Kingdom would leave the EU without a withdrawal agreement, many UK financial institutions decided to establish a licensed entity in the EU from which they would be able to service their European clients after Brexit. Frankfurt was apparently one of the main benefactors of this development.
VIII OUTLOOK AND CONCLUSIONS
The regulatory agenda for 2019 will continue to be dominated by the SSM, and by the ECB as the trendsetter for banking supervisory matters within Germany and the whole of the eurozone. The ECB has set three focus areas (priorities) for banking supervision within the SSM in 2019 for which specific supervisory action is planned:
- credit risk (e.g., an examination of banks' non-performing loan strategies, an investigation of real estate exposures, and an analysis of collateral management and valuation practices is planned by the ECB for 2019);
- risk management (supervisory action includes a continued targeted review of internal models, a finalisation of the ECB's guidance on the Internal Capital Adequacy Assessment Process and the Internal Liquidity Adequacy Assessment Process, as well as further scrutiny of banks' preparedness for supervisory changes); and
- activities comprising multiple risk dimensions (e.g., banks' preparations for Brexit or the EU-wide stress test that is planned for 2019).
All these priorities are continuing on from 2018, when the ECB had identified banks' business models and profitability drivers as further priorities.
For the first time, BaFin has also published supervisory priorities. For 2019, these are:
- digitalisation (e.g., dealing with changes in financial practices triggered by digitalisation, data security and the improvement of BaFin's own digital infrastructure);
- Brexit (dealing with the loss of passporting rights, continuing cooperation with the UK supervisory authorities, ensuring consumer protection, and continuing and intensifying public communications on the topic of Brexit);
- specifically for the banking supervision, the execution of stress tests for less significant institutions and an examination of IT systems and processes; and
- specifically for securities supervision, in particular the implementation of MiFID II/MiFIR, the PRIIPS Regulation and the Prospectus Regulation, and dealing with new developments on the capital markets (e.g., initial coin offerings).
In March 2019, the German parliament passed a law concerning tax-related and further accompanying regulations for use following the exit of the United Kingdom from the European Union. This law contains, among other things, a transition period of 21 months in which EU passports from UK financial institutions would continue to be recognised under certain conditions should there not be a withdrawal agreement in place at the date of Brexit. An additional transitional regime relates to UK companies that deal on own account in financial instruments in Germany as a member of, or under direct electronic access to, a German trading venue; these companies may continue to do so if they apply for an exemption within the first three months of Brexit.
1 Sven H Schneider is a partner and Jan L Steffen is a counsel at Hengeler Mueller Partnerschaft von Rechtsanwälten mbB.
2 Deutsche Bundesbank, Statistisches Beiheft 1 zum Monatsbericht Januar 2019, p. 106.
3 Directive 2013/36/EU.
4 Directive 2014/65/EU.
5 Directive (EU) 2015/2366.
6 Directive 2009/110/EC.
7 Regulation (EU) No. 575/2013.
8 International financial reporting standards are issued by the IFRS Foundation to provide a common global language for business affairs.
9 Directive 2014/59/EU.
10 Regulation (EU) No. 806/2014.
11 Directive 2007/44/EC.
12 See the Joint Guidelines on the prudential assessment of acquisitions and increases of qualifying holdings in the financial sector (JC/GL/2016/01) dated 20 December 2016. The Guidelines apply as of 1 October 2017.
13 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
14 Cf Handelsblatt, Finanzbranche hat DSGVO noch nicht vollständig umgesetzt, 2 November 2018.