Germany is one of the biggest and most important markets for banking business in the world. Its banking system is based on three pillars: commercial banks, public law banks (including savings and loan associations as well as state banks) and cooperative banks. Commercial banks are private companies governed by private law; usually they are listed or unlisted stock corporations, or unlisted limited liability companies. Savings and loan associations are public law entities owned by municipalities or counties. They usually focus on local or regional business. Cooperative banks are customer-owned entities; their members democratically control, govern and own such banks (following the ‘one person, one vote’ principle). At the end of November 2016, there were approximately 260 commercial banks. Their assets totalled approximately €3,870 billion. The sum of assets of the approximately 980 cooperative banks amounted to around €850 billion, while the approximately 420 public law banks in Germany held assets worth around €2,110 billion.2


i The basic structure of banking regulation in Germany

Banking regulation in Germany comprises two basic elements: a licence system to prevent untrustworthy institutions from doing business; and provisions regulating the way licensed institutions should operate, including a bank’s minimum capital and liquidity, risk management and general conduct of business.

Germany participates in the single supervisory mechanism (SSM) established within the eurozone. The SSM covers the main aspects of prudential regulation of institutions that conduct at least deposit and lending business (CRR credit institutions). Within the SSM, responsibilities are shared between the European Central Bank (ECB) and national competent authorities (NCAs): the ECB is generally responsible for the direct supervision of significant CRR credit institutions, with NCAs having only an assisting role. With regard to less significant CRR credit institutions, the NCAs are in charge of direct supervision, with the ECB being generally limited to indirect oversight, but nevertheless having the final word on the granting and withdrawal of authorisations and the assessment of qualifying holdings in CRR credit institutions (‘common procedures’).

The role of NCA for Germany is carried out by the Federal Financial Services Supervisory Authority (BaFin). In addition, BaFin is responsible for all tasks of prudential supervision that have not been conferred on the ECB, as well as the supervision of financial services institutions, insurance undertakings and asset management companies. The German Central Bank (Bundesbank) is responsible for assisting BaFin and the ECB in the ongoing supervision of CRR institutions. The tasks of the Bundesbank include the gathering of prudential and statistical information reported by German banks and the analysis of their compliance with capital adequacy and risk management requirements. The Bundesbank may not issue administrative instructions to individual institutions.

ii Regulatory regime – selected licensing requirements

As a Member State of the European Union, Germany has fully implemented the Capital Requirements Directive (CRD IV)3 and the Markets in Financial Instruments Directive (MiFID).4 Therefore, the regulatory regime is quite similar to the regimes of other EU Member States.

Anyone wishing to conduct banking businesses (credit institutions) or to provide financial services (financial services institutions) in Germany commercially, or on a scale that requires a commercially organised business undertaking, generally requires a licence or an EU passport.

Banking businesses include, inter alia, the acceptance of deposits or other repayable funds from the public (deposit business), granting of loans (lending business), safe custody services, and the purchase and sale of financial instruments in one’s own name for the account of clients (principal broking service). Financial services include, inter alia, the purchase and sale of financial instruments for one’s own account as a service for clients, high frequency trading, portfolio management and investment advice.

Regulated activities are performed in Germany if they are offered to customers in Germany repeatedly and in a commercial manner. This includes services offered from abroad to customers in Germany by mail, telephone, fax or e-mail. Concerning internet activities, an institution is assumed to offer regulated services in Germany if it advertises its products actively through the internet to customers in Germany. Further indications are the adaptation of the offers to German law and to the expectations of German customers, as well as a German internet address or cooperation with German institutions.

Institutions are only eligible for a licence if they have a head office in Germany. Foreign entities must therefore set up a German subsidiary or branch. Generally, no particular legal form is required. However, entities carrying out banking business must not be operated in the legal form of a sole proprietorship. Furthermore, to obtain a licence, sufficient initial capital is needed and must be available in Germany. The exact amount of the required initial capital depends on the business conducted.

An institution must employ at least one qualified manager. Credit institutions and financial services institutions that are authorised to own or possess funds or securities of customers must have at least two managers. All managers must be ‘fit and proper’, that is, sufficiently qualified and trustworthy. Concerning professional qualification, designated managers must have sufficient theoretical and practical knowledge (i.e., experience) in the business concerned. A person with three years’ experience at a bank of similar size and type of business in a leading position is normally deemed to be sufficiently experienced. Trustworthiness could be excluded where the designated manager has committed certain crimes (such as fraud or breach of trust), violated regulatory provisions, or has shown bad personal or business behaviour. Supervisory board members must also be trustworthy and sufficiently qualified.

The number of mandates per person is limited for both managers and supervisory board members: managers and supervisory board members of CRR credit institutions that are of significant importance (this includes, inter alia, all CRR credit institutions under direct ECB supervision) are subject to the following restrictions: one manager position and two supervisory board memberships; or four supervisory board memberships. Directorships held within the same group (this applies to groups of institutions, financial holding groups, mixed financial holding groups and mixed holding groups) are counted as one directorship. With regard to other institutions, supervisory board members are restricted to not hold more than five supervisory board mandates within undertakings supervised by BaFin.

In individual cases, BaFin may exempt entities other than CRR credit institutions from specific regulatory duties (including the licensing requirement) if supervision is not deemed to be necessary. This exemption can be used, inter alia, by non-EU institutions wishing to provide cross-border services into Germany (see subsection iii, infra).

If banking business is conducted or financial services are provided without the required licence, BaFin may order the immediate cessation of such business. Managers may be subject to criminal liability in these cases.

iii Regulation of branches of foreign banks, representative offices and cross-border activities of foreign banks in Germany

Like German banks, subsidiaries of foreign banks established to conduct regulated business in Germany are subject to the licensing procedures and monitoring. Likewise, dependent branches of foreign banks conducting banking business or providing financial services in Germany generally require a licence.

Foreign banks domiciled in another EEA Member State may conduct certain regulated business either through a branch or on a cross-border basis without a German licence if they hold an EU passport. An EU passport requires that the entity is licensed and supervised by the competent authorities of its home state, and that the business the entity intends to conduct in Germany is covered by the home state licence.

No licence is required for a representative office of a foreign bank in Germany. This representative office must not conduct any regulated business. Prior notice of the establishment of such a representative office to BaFin is necessary.

No licence is required if foreign banks perform ‘requested services’ (also known as ‘reverse solicitation’). German residents and companies domiciled in Germany may request the services of foreign institutions at their own initiative. An institution offering such services following such request does not need a licence in Germany, provided it does not conduct any business on German territory or on a cross-border basis (including by means of telecommunication) directed towards potential customers residing in Germany. BaFin specifies the differences between ‘requested services’ that are not subject to the licensing requirement, and cross-border banking businesses or financial services requiring a licence or an EU passport, in a guidance note.

An exemption of non-EU institutions from the licensing requirement may be granted by BaFin at its discretion, provided that the bank is effectively supervised in its home country by the competent authorities in accordance with internationally recognised standards, and that the competent home country authorities cooperate satisfactorily with BaFin. Additionally, the applicant company must submit a certificate from the competent authorities of its home country confirming to BaFin that it holds a banking or financial services licence, and that the provision of the intended cross-border services in Germany raises no supervisory concerns. As a general rule, an exemption for the conduct of banking businesses and the provision of financial services to private clients will only be granted if the foreign bank uses a German credit institution or an EEA credit institution with an EU passport as an introducing agent.

As a consequence of a bilateral agreement between BaFin and FINMA, the Swiss Financial Market Authority, Swiss banks have the option to apply for a simplified exemption procedure under which they can directly solicit private German clients without a credit institution acting as an introducing agent; however, in such case they would be subject to compliance with strict MiFID and other requirements.

iv Regulation of payment services and e-money business

Germany has implemented the Payment Services Directive5 and the Second E-Money Directive.6 Payment services institutions and e-money institutions (other than CRR credit institutions) are required to hold a payment services or e-money licence and are supervised by BaFin. Licensed payment services and e-money institutions registered in other EEA Member States have the possibility to conduct their business in Germany through a branch or on a cross-border basis without a German licence if they hold an EU passport.


i Relationship with the prudential regulator

The ECB and BaFin may examine institutions on a routine basis or in the case of a special cause. The regulators may enter and inspect an institution’s offices for this purpose during normal business hours. This right generally also applies to an institution’s subsidiaries. Furthermore, BaFin representatives may attend a bank’s general meeting and meetings of the supervisory board. An institution and its managers must provide the ECB, BaFin and the Bundesbank upon request with all relevant information and documentation.

Institutions are subject to numerous ad hoc and regular reporting and notification obligations. Generally, notifications must be sent both to BaFin and the Bundesbank, whereas regular reporting (such as COREP and FINREP) is received by the Bundesbank only. On an annual basis, institutions have to notify BaFin and the Bundesbank of their participating interests in other enterprises, the holder of any qualified participating interests in the reporting institution and the number of domestic branches.

Within the SSM, a slightly different reporting regime applies to CRR credit institutions that qualify as significant and are thus directly supervised by the ECB. Generally, these institutions must submit their notifications to the ECB, with copies to BaFin and the Bundesbank. An exception applies to those notifications by which significant CRR credit institutions notify their intention to appoint a manager, the appointment of a supervisory board member or the end of term of any of these individuals. In relation to these notifications, the NCAs (i.e., BaFin and the Bundesbank) act as the ‘single point of entry’.

ii Management of banks
Typical management structures and the influence of holding companies
Stock corporations

Commercial banks in the legal form of a German stock corporation have a management board consisting of the managers and a supervisory board. This two-tiered structure can be seen as an important element of self-regulation and internal governance of banks. The management board is responsible for both the day-to-day affairs of the bank and the business strategy. It represents the bank when dealing with third parties. In performing their duties, managers must act solely in the bank’s best interests, without being subject to instructions from any third party, including the supervisory board. The supervisory board is responsible for supervising and advising the management board, and it appoints the managers and can dismiss them with reason (a loss of confidence is sufficient to satisfy such requirement). To the extent set out in the bank’s articles of association or the management board’s by-laws, the management board must obtain the prior approval of the supervisory board for certain transactions and other actions of the bank, which may, for example, include the establishment and closure of branches and the purchase and sale of companies. The supervisory board members are elected by the shareholders; therefore, large shareholders are regularly represented on the supervisory board. Legal persons cannot be members of the boards.

Shareholders may communicate recommendations to the management board and the supervisory board, as long as such recommendations are legally and factually non-binding (unless a domination agreement is concluded).

Limited liability companies

Limited liability companies only require a supervisory board if they have more than 500 employees. The shareholders of limited liability companies may generally render binding instructions to the management board, even regarding the day-to-day business. Nevertheless, in limited liability companies the managers are also solely responsible for compliance with all applicable laws and regulations.

Domination agreements

German corporate law allows parent companies to establish the authority to give binding instructions (relating to day-to-day business and business strategy) to the management board of their subsidiaries by concluding a domination agreement with them. In the case of banks, however, this possibility is not unlimited, because domination agreements conflict with the independence of bank managers required by regulatory law. Therefore, a domination agreement with a bank must provide that the controlled bank’s managers must be independent from instructions to the extent necessary to comply with mandatory regulatory requirements.

Regulatory duties of management of banks

A manager of an institution has to comply with several regulatory duties. For example, the manager must report to BaFin and the Bundesbank (as well as to the ECB if the bank is directly supervised by the ECB) the commencement and termination of activities as a manager or member of the supervisory board or administrative board of another enterprise, as well as the acquisition and disposal of a direct participating interest in an enterprise, and any changes in the amount of such a participating interest.

Restrictions on payments to the management of banks
Company law

The compensation of managers of a stock corporation must be appropriate in terms of personal performance and the common level of compensation. For example, to reduce the incentives for managers to focus on short-term profits, stock options are not exercisable in the first four years after they have been granted. These rules do not apply to managers of limited liability companies.

Regulatory law

As required under the CRD IV, the variable component of the total remuneration paid to a manager or an employee generally must not exceed 100 per cent of the fixed component. The institution’s shareholders may approve a higher variable component, but not exceeding 200 per cent of the fixed component for each individual. In addition, restrictions on payments are part of the Regulation on the Remuneration Systems of Institutions. Pursuant to these requirements, remuneration systems should be orientated on the objectives of the bank’s strategy. Incentives to take disproportional risks should be avoided. The remuneration of bank managers has to be adequate to their functions and performance, and should not exceed the common remuneration without particular reason. Remuneration agreements between banks and their managers must be in written form. Banks are obliged to disclose information on their remuneration systems, and on the total amounts of all fixed and variable compensations, on an annual basis.

iii Regulatory capital and liquidity
Regulatory capital requirements

Regulatory capital requirements have been harmonised within the European Union and are part of the Capital Requirements Regulation (CRR).7 The CRR covers regulatory capital requirements in particular with respect to counterparty risk, market risk, operational risk and settlement risk. In addition to the capital requirements laid down in the CRR, banks are required to hold a minimum capital of €5 million in the form of Common Equity Tier 1 capital.

Capital buffers

Germany has also implemented the new CRD IV regime on capital buffers. For 2017, banks must thus maintain a capital conservation buffer of 1.25 per cent of their total risk exposure, as well as an institution-specific countercyclical capital buffer equivalent to the weighted average of the national countercyclical buffer rates of those EU Member States in which relevant credit exposures are located. The current countercyclical buffer rate for Germany has been set at zero per cent. Additional buffer requirements apply to global and other systemically important institutions.

Consolidated supervision

Concerning groups of institutions, (mixed) financial holding groups and financial conglomerates, consolidated supervision is exercised. A group comprises a parent company and subordinated companies. A parent company is an institution or a (mixed) financial holding company that is domiciled in Germany and is not subordinated to other institutions in Germany. Group member institutions taken together must fulfil the capital requirements laid down in the CRR. To determine whether the group has adequate capital, the capital of the group members, on the one hand, and the risk exposure amounts of the group members, on the other, are aggregated. As a general rule, intragroup positions will be eliminated to calculate capital requirements on a group level. If a parent company prepares consolidated accounts under IFRS, such consolidated accounts will be the basis of consolidated supervision.

iv Recovery and resolution

As of 1 January 2015, Germany implemented the European Union’s Bank Recovery and Resolution Directive (BRRD).8 In addition, on 1 January 2016, the SRM Regulation9 came fully into effect establishing a uniform procedure for the resolution of CRR credit institutions established within the eurozone (single resolution mechanism (SRM)). The European and German recovery and resolution framework distinguishes mainly between the following areas of regulation: recovery planning by the banks themselves; resolution planning by the competent resolution authority; and resolution (i.e., the application by a resolution authority of one or more resolution tools to an institution that is in a crisis situation).

CRR credit institutions and their holding companies are required to prepare, and update on a yearly basis, recovery plans describing how their financial stability could be restored in the event of a financial crisis. The recovery plans are to be assessed by the competent prudential supervisory authorities (i.e., the ECB for significant CRR credit institutions, and BaFin for less significant CRR credit institutions), which have also been granted extensive powers when recovery plans are regarded as insufficient.

On the contrary, resolution planning and the application of resolution tools fall within the scope of application of the SRM. Within the SRM, competencies and tasks are shared between the Single Resolution Board (SRB), a special agency of the European Union, and the national resolution authorities of the participating eurozone Member States. The national resolution authority for Germany is the Federal Agency for Financial Market Stabilisation (FMSA). While the SRB is competent and responsible for preparing the resolution plans and adopting all decisions relating to the resolution of those CRR credit institutions and their parent undertakings that are subject to direct supervision within the SSM by the ECB or are part of a cross-border group, the FMSA as the national resolution authority is responsible for resolution planning and the resolution of all other German CRR credit institutions.

When establishing resolution plans, the resolution authority (i.e., the SRB or the FMSA) must identify and, where necessary and proportionate, address and remove any material impediments to resolvability. Similar to the powers of the competent prudential regulator when assessing a bank’s recovery plan, resolution authorities have the power to require a bank to limit its risk exposures or to divest specific assets to restrict or prevent the development of new or existing business lines, or to require changes to legal or operational structures of the institution and the group, respectively.

Resolution tools and powers may be applied by the SRB or the FMSA when an institution is failing or likely to fail, there is no reasonable prospect that any alternative private sector or prudential measure would prevent the failure of the institution, and the resolution action to be applied is necessary and proportionate to ensure the continuity of critical functions of the institution provided this is necessary to protect depositors, client funds or client assets, to avoid a significant adverse effect on the financial system or to protect public funds from being used in a ‘bail-out’ scenario. The resolution tools are:

  • a the sale of business, by which assets, rights or liabilities as well as shares in an institution can be transferred to an acquirer;
  • b the bridge institution, by which assets, rights or liabilities and shares can be transferred to a bridge bank owned and controlled by the resolution authority;
  • c the asset separation, by which assets, rights or liabilities can be transferred to a special purpose vehicle with the purpose of maximising the value of these assets through sale or orderly wind-down; and
  • d a bail-in, by which shareholders and specific creditors may now be required to participate in losses and the recapitalisation of a credit institution or its group entities in a resolution scenario. With the bail-in tool, the SRB and the FMSA have the power to write down equity and liabilities in whole or in part, and to convert liabilities into shares or other Common Equity Tier 1 instruments of the respective institution or group entity or of a bridge institution. The requirements for the application of the bail-in tool, as well as the regime of liabilities that are either statutorily excluded from bail-in or may be excluded by the SRB or the FMSA, are laid down in the SRM Regulation.

To ensure that sufficient own funds and liabilities are available for the application of the bail-in tool, credit institutions and respective groups must maintain a minimum amount of own funds and ‘bail-inable’ liabilities as required by the SRB or the FMSA (minimum requirement of own funds and eligible liabilities).


i German rules concerning banks’ organisation and conduct of business
Proper business organisation, including risk management

An institution must have in place a proper business organisation and suitable arrangements to ensure compliance with legal and regulatory duties. BaFin has specified these requirements in detail in its MaRisk circular (minimum requirements for risk management). Risk management comprises the formulation of an appropriate strategy and the establishment of appropriate internal surveillance procedures. Such procedures include appropriate risk management and controlling procedures, stress tests, an independent risk controlling function, a compliance function and an efficient and independent internal audit function. In addition, BaFin has provided for detailed minimum requirements regarding a bank’s internal organisation and procedures when granting loans (e.g., a relatively strict four-eye principle) or trading in financial instruments.

Investment services

According to MiFID, which was implemented into German law in November 2007, anyone who provides investment services or performs investment activities (such as reception and transmission of orders in relation to financial instruments, dealing on own account, portfolio management or investment advice) must comply with certain rules of conduct with regard to its customers. Investment services enterprises must provide investment services with the requisite degree of expertise, care and prudence in the interests of their customers. These institutions are obligated to enquire about their customers’ experience and knowledge of financial transactions, and to provide certain information to their customers. The specific scope of the obligations depends on whether the customer is a private client, a professional client or an eligible counterparty. Professional clients include authorised or regulated enterprises, large undertakings, national or regional governments, central banks and other institutional investors whose main activity is to invest in financial instruments.

In addition to the rules implementing MiFID, banks are required to ensure that their investment advisers, sales representatives (i.e., persons competent for the definition of sales objectives) and compliance officers have the relevant expertise and necessary trustworthiness for their respective activities. Banks must notify these persons to BaFin prior to the commencement of their activity.

ii Sources of liability in German law
Criminal and administrative liability

Operating without a required licence and doing banking business that is prohibited, as well as violations of the duty to report insolvency or over-indebtedness to BaFin, are causes of criminal liability for bank managers. In addition, non-compliance with certain other regulatory duties is subject to administrative fines. Under German law, a bank itself can be held liable to administrative fines, but not for criminal violations.

Civil law liability

Concerning civil law, three different sources of liability have to be considered: management’s liability to the bank, the bank’s liability to its customers and management’s liability to customers. The managers must apply the diligence of orderly executives in performing their duties, and may be liable to the company for damages if they fail to do so. A business decision taken by the management board is not considered to be a breach of duties if the management acted on the basis of adequate information, and if the management could reasonably assume that the transaction was in the best interests of the company (business judgement rule). A bank’s liability to its customers is, in most cases, a result of the violation of contractual duties. In very exceptional cases, the management may be directly liable to customers.

iii Applicable law on banking secrecy

Except for the statutory confidentiality requirements imposed on officers of the supervisory authorities, there is no special law on banking in Germany. Banking secrecy in Germany is a result of contractual duties between the bank and its customer. More specifically, banking secrecy is provided for in the bank’s general terms and conditions, which are standardised general terms and conditions used by most German banks. Pursuant to these standardised contractual clauses:

[…] the bank has the duty to maintain secrecy about any customer-related facts and evaluations of which it may have knowledge (banking secrecy). The bank may only disclose information concerning the customer if it is legally required to do so, if the customer has consented thereto, or if the bank is authorised to disclose banking affairs.

German data protection law also protects information relating to private individuals. Concerning banking business, data protection concerns can arise, for example, in loan portfolio transactions. The assignor is, on the one hand, obliged to provide the assignee with all the relevant information under German civil law; on the other, however, this may be a violation of data protection law.


Banks’ funding in Germany is typically based on several pillars: deposits from customers, unsecured and secured capital market products (including, for example, covered bonds), deposits from other banks and ECB funding.


i Control regime
Regulation of persons controlling banks and the approval process for a change of control

Based on the German rules that implemented the European Acquisition Directive,10 persons intending to acquire a qualifying holding in an institution have to comply with several requirements.

The term ‘qualifying holding’ is defined in the CRR, and means a direct or indirect holding in an undertaking that represents 10 per cent or more of the capital or voting rights, or that makes it possible to exercise significant influence over the management of that undertaking. According to BaFin, the question of whether an indirect holding representing at least 10 per cent of the capital in a target undertaking exists has to be assessed merely on a calculatory basis (look-through or multiplication approach: e.g., a 40 per cent holding in a 30 per cent shareholder of a bank leads to an indirect holding of 12 per cent of the capital in that bank and would therefore be sufficient, whereas before there had to be a controlling interest in the intermediate shareholder). This approach has also been suggested by the European Supervisory Authorities (ESAs) in their joint Guidelines11 published in this respect in December 2016. The ESAs further propose that any person who directly or indirectly controls another person that has been identified as an acquirer of an indirect qualifying holding pursuant to the application of the multiplication approach also qualifies as an acquirer of an indirect qualifying holding. It remains to be seen whether BaFin and the ECB will follow this further proposal.

A notification must be made once a purchaser has formed the intention to acquire a qualifying holding. Therefore, BaFin may, for example, already have to be notified if and when a letter of intent or an exclusivity agreement is signed. In the notification, the prospective purchaser must state the facts relevant to the amount of the qualifying holding and to the acquisition of the significant influence as well as to assessing its trustworthiness, and must name the seller or sellers of the respective shares. A detailed business plan is required that contains, inter alia, a business strategy for the acquired institution and target figures for the three full business years following the year of acquisition. The intended acquisition may be prohibited within 60 business days if, inter alia, the proposed acquirer or a designated manager is not reliable or financially stable, the institution is at risk of not meeting its regulatory requirements as a consequence of the acquisition, or the transaction is connected to money laundering or the financing of terrorism. Due to the detailed content and form of the notification, it is very important to consider the disclosure requirement in a timely manner in M&A transactions in which banks are involved. If a holder of a qualifying holding intends to increase the amount of the holding to 20, 30 or 50 per cent, or more, BaFin must be notified again. Conversely, if a shareholder of a bank intends to dispose of its qualifying holding or to reduce the shareholding below these thresholds, it must notify the competent authorities accordingly.

Within the SSM, the ECB is responsible for all shareholder control procedures pertaining to CRR credit institutions, including less significant CRR credit institutions. BaFin retains exclusive responsibility only for those institutions that do not qualify as CRR credit institutions (e.g., financial services institutions). The notifications for all institutions (including CRR credit institutions) must be submitted to BaFin and the Bundesbank. In the case of CRR credit institutions, BaFin will assess the proposed acquisition and submit a proposal for a decision to oppose or not oppose the acquisition to the ECB. The ECB will then issue a resolution and communicate it to BaFin and the interested acquirer.

The Foreign Economy Act and a change of control

The Federal Ministry of Economy can prohibit or restrict acquisitions of German enterprises by non-EU residents if the purchase leads to a total takeover or to a stake of at least 25 per cent, and a serious threat to public order or public safety results from the purchase. There is no disclosure requirement concerning purchases, but the Ministry may enter into a formal assessment up to two months after closing of the transaction. Therefore, it may in certain cases be advisable to announce an acquisition voluntarily to obtain transaction security.

ii Transfers of banking business

Concerning the general possibilities of transferring businesses in Germany, there are no special rules for banks. German civil and corporate law provide for the general framework for such transfers.

Under German civil law, it is generally possible to transfer payment claims arising from banking transactions to another bank without the consent of the banking customers concerned. However, the transfer of contractual duties or contracts as a whole generally requires the customers’ consent. Such consent can under certain circumstances be obtained in the form of deemed consent.

A transfer of banking business to another entity is also possible by means of a split-off or hive-down, which are special schemes under German statutory corporate law. As a consequence of the split-off or hive-down becoming effective, legal title to the assets passes to another company by operation of law. Therefore, it is not necessary to transfer each asset individually. A banking licence cannot be transferred by way of split-off or hive-down. A split-off or hive-down under foreign law may also be used in this context: for example, to transfer the assets of a German branch of a foreign credit institution to a newly established German credit institution, it is possible, and has been tested in practice, to hive-down the assets of the German branch to a new subsidiary of that foreign credit institution registered in the same jurisdiction (becoming the German branch of that subsidiary) and, in a second step, to merge the subsidiary cross-border into the newly established German credit institution.

A further possibility to transform banking business is to transfer assets by way of an accrual. First, the seller transfers assets to a new partnership by way of hive-down. The transferee then becomes a partner of such limited partnership, after which the transferor leaves the partnership, which results in the complete transfer of all assets of the partnership to the transferee by operation of law. This model can also be used in cross-border transactions if it is also recognised in the other jurisdiction.


2016 saw changes to the Supervisory Review and Evaluation Process (SREP) as implemented and applied within the SSM. As part of the SREP, supervisors assess and measure the risks for each bank on an annual basis. The supervisors look at a bank’s risk profile from four different angles: business model, governance and risk management, risk to capital and risk to liquidity and funding. Upon completion of its annual SREP cycle for significant institutions, the ECB passed SREP decisions to most institutions by which it set individual capital ratios based on the SREP. In 2016, the ECB further refined its approach and split the individual SREP (or Pillar 2) capital ratio into a ‘Pillar 2 requirement’ and ‘Pillar 2 guidance’. Whereas the Pillar 2 requirement is legally binding and covers risks that are underestimated or not covered by statutory capital requirements, the Pillar 2 guidance is non-binding and designed to indicate to an institution the adequate level of capital to be maintained to withstand stress situations. Notwithstanding its non-binding character, the ECB expects institutions to meet the Pillar 2 guidance, and has announced that it will consider supervisory action if an institution fails to meet its respective guidance ratio. In 2016, BaFin for the first time also rolled out the approach of the ECB by setting SREP-related capital surcharges in relation to a number of less significant institutions; similar to the ECB’s Pillar 2 guidance, BaFin also differentiated between a binding SREP ratio and an additional non-binding capital target ratio.

In 2016, the ECB finalised a good part of its working programme to harmonise the exercise of national options and discretions provided in European Union law throughout the SSM. Whereas harmonisation was already implemented in relation to significant institutions directly supervised by the ECB in the first half-year of 2016, in a second step, the ECB has decided, as part of its oversight responsibility within the SSM, to also harmonise the exercise of national options and discretions for less significant institutions that are under the direct supervision of BaFin and other NCAs; a respective public consultation ended in January 2017.

On the national level, a number of new rules entered into force on 1 January 2017. In particular, since the beginning of 2017, claims under unsecured non-structured debt instruments issued by banks are subordinated to general senior unsecured liabilities, which, according to the legislator, is intended to facilitate the application of the bail-in tool. In addition, BaFin has implemented the guidelines of the European Banking Authority (EBA) on large exposure limitations to the shadow banking sector, which have also been effective since 1 January 2017. BaFin has also recently published an updated version of the circular regarding compliance and conduct of business obligations for institutions when providing securities services (minimum requirements of the compliance function and other obligations).

A further topic much discussed in 2016 was the decision of the United Kingdom to leave the European Union (i.e., Brexit). Once Brexit becomes effective, the UK will most likely become a third country for purposes of access to the single market established within the European Union. As a consequence, UK financial institutions will lose their EU passports under which they established branches or provided services on a cross-border basis in the remaining Member States. Likewise, financial institutions in Germany and other Member States will lose their respective passports for doing business in the UK. To answer the practical questions of institutions in this respect, BaFin has published a list of frequently asked questions, and has established a special contact point for institutions wishing to move their registered offices or operations to Germany. As part of the national transposition of MiFID II,12 it is furthermore intended to explicitly include the practice of BaFin to exempt third-country institutions from licensing requirements in Germany (see Section II.ii, supra) in the German Banking Act. This measure will be complemented by the possibility for an exemption from conduct of business rules when providing investment advice, portfolio management and similar securities services.


The regulatory agenda for 2017 will continue to be dominated by the SSM, and by the ECB as the trend setter for banking supervisory matters within Germany and the whole of the eurozone. The ECB has set three focus areas (priorities) for the banking supervision within the SSM in 2017: banks’ business models and profitability, credit risk (with a focus on non-performing loans and risk concentrations) and risk management. Supervisory actions in these fields will include thematic reviews of:

  • a banks’ business models and profitability drivers (e.g., the negative interest rates introduced by the ECB, which create significant challenges for banks, but also the repercussions of Brexit);
  • b the potential impact of IFRS 9 on banks and their degree of preparation;
  • c banks’ compliance with the Basel Committee’s principles for effective risk data aggregation and risk reporting (BCBS 239);
  • d the use of internal models; and
  • e outsourcing risks.

A number of working products are also to be expected from BaFin on the national level. BaFin is currently preparing a fifth revised version of its MaRisk circular, which will address and strengthen topics such as risk data aggregation and risk reporting, risk culture and outsourcing rules. In addition, new remuneration rules had originally been announced for March 2017, but will most likely be published and enter into force within the next few weeks. These rules are intended to implement the EBA’s new guidelines on sound remuneration policies.

1 Thomas Paul and Sven H Schneider are partners and Jan L Steffen is a senior associate at Hengeler Mueller Partnerschaft von Rechtsanwälten mbB.

2 Deutsche Bundesbank, Statistisches Beiheft 1 zum Monatsbericht Februar 2017, p. 106. The five largest banks by assets are Deutsche Bank, Commerzbank, KfW, DZ Bank and Unicredit Bank (HypoVereinsbank).

3 2013/36/EU.

4 2004/39/EC.

5 2007/64/EC.

6 2009/110/EC.

7 575/2013.

8 2014/59/EU.

9 806/2014.

10 2007/44/EC.

11 See the Joint Guidelines on the prudential assessment of acquisitions and increases of qualifying holdings in the financial sector (JC/GL/2016/01) dated 20 December 2016. The Guidelines shall apply as of 1 October 2017.

12 2014/65/EU.