The Banking Regulation Review: Denmark
The Danish banking industry has seen an increasing concentration in the financial market since the late 1980s, even though Denmark is still characterised by its significant number of small and medium-sized banks compared with other European countries. The market share of these small and medium-sized banks is, however, of a size that still indicates a Danish banking sector dominated by a few very large financial conglomerates.
The regulatory regime applicable to banks
Under Danish law, banks are defined as undertakings that receive deposits or other funds from the public, which are to be repaid, and grant loans at their own expense. The general regulation of banking activities is set out in the Danish Financial Business Act (FBA) and executive orders and guidelines issued pursuant thereto.
Responsibility for the authorisation, regulation2 and supervision of banks and other financial undertakings, as well as the interpretation of rules set out in the FBA and other rules applicable to banks, has been placed on the Danish Financial Supervisory Authority (FSA), which is a government agency under the Ministry of Industry, Business and Financial Affairs. Other main objectives of the FSA are market supervision; an independent obligation to ensure compliance with regulations on insider trading, price manipulation, conduct of business rules and good marketing practice; and collecting and publishing information about the financial sector. The FSA has announced that its current primary focus is to ensure continued financial stability and confidence in financial undertakings and markets. In recent years, this has meant increased attention to compliance with the fit and proper requirements applicable to the management of banks and, more frequently, visits to banks to ensure compliance with, inter alia, capital requirements. Since the financial crisis of 2008, the FSA has continuously emphasised that it applies a risk-based approach to the supervision of Danish financial institutions.
The FSA is supervised by a board of directors appointed by the Ministry of Industry, Business and Financial Affairs. The board has an active role in deciding the policies and focus of the FSA as well as a general oversight function.
i Banking and credit institution activities
Pursuant to Section 7 of the FBA, banks in Denmark are required to be licensed. This requirement is triggered by deposit-taking activity from the public. Licensed banks are entitled to carry out the banking activities listed in Annexes 1 and 4A to the FBA and activities that are ancillary thereto. The act of commercial lending on a stand-alone basis to non-consumers is not subject to a licensing requirement.
ii Securities activities
Undertakings that offer securities trading services commercially to third parties are required to hold a licence as a securities dealer, as stipulated in Section 9 of the FBA. Licensed activities are listed in Annex 4 of the FBA. As part of its banking licence, a licensed bank can carry out the same activities as a securities dealer without a separate licence as a securities dealer.
iii Regulated activities in Denmark by non-Danish entities
Credit institutions duly licensed in other European Economic Area (EEA) Member States may, in accordance with the passport notification procedures laid down in the Credit Institutions Directive, passport their licence into Denmark and offer activities included in their home state licence to customers in Denmark on a cross-border basis or through the establishment of a branch in Denmark.
In line with the foregoing, credit institutions and other undertakings that are duly licensed in other EEA Member States may also passport a licence to carry out investment service activities in Denmark and offer such activities to Danish customers on a cross-border basis or through the establishment of a branch in accordance with the passport notification procedure laid down in the Markets in Financial Instruments Directives (MiFID and MiFID II).3
Finally, credit institutions and investment firms that have been authorised in a country outside the EEA can obtain a licence from the FSA pursuant to Section 33 of the FBA to carry out investment service activities in Denmark. If investment services are to be provided to retail clients, the institution in question must establish a Danish branch office. The establishment of a branch office is subject to a separate approval regime pursuant to Section 33a of the FBA.
The provisions governing the public offer of securities in Denmark are laid down in Chapter 3 of the Danish Act on Capital Markets and executive orders issued pursuant thereto, implementing the Prospectus Directive.
i Relationship with the prudential regulator
The FSA's supervision of banks is primarily carried out through inspection visits to a bank, its branches and other undertakings that may hold relevant information on behalf of the bank (such as parties to outsourcing arrangements with the bank). In addition, banks are under a general obligation to provide the FSA with adequate information for effective supervision, and the ability to ask for such information and conduct supervision on that basis is a tool frequently used by the FSA. The FSA prepares and publishes a report on its website after an inspection visit. The bank that is the subject of the report is also required to make it publicly available.
The FSA may also obtain information from foreign banks conducting business in Denmark on a cross-border basis to assist financial supervisory authorities in other countries.
The FSA is authorised to impose various sanctions on banks if supervision shows non-compliance with the applicable legislation. Available sanctions include payment of administrative fines; withdrawal of a banking licence; or an order to a bank to dismiss a managing director or to order a member of the board of directors to resign. Breaches of financial regulation are also subject to criminal sanctions. Generally, breaches of the FBA are punishable with fines and, in more serious cases, by imprisonment for up to four months. A new regulation was introduced in late 2016 with the intended purpose of generally increasing the level of fines imposed on Danish financial institutions, as the previous regime was considered too lenient when compared with those under international trends. As this new legislation has not had any significant impact on the level of fines actually imposed for breaches of the FBA, the Danish political environment continues to focus the sanctions (or the lack of the same) being imposed on financial institutions. The highest fines imposed for breaches of financial regulation are still related to anti-money laundering (AML) compliance, not compliance with the FBA.
As a direct consequence of the financial crisis, the powers of the FSA have been extended in an attempt to try to reduce the number of distressed banks in Denmark. The FSA has therefore been granted the authority to assess the business models of financial entities to ensure that such entities will not become distressed. The FSA has also been vested with powers to intervene at an early stage if there is a risk that a financial undertaking will become distressed: for example, in the event of a large increase in a bank's lending activities or where a bank has heavy exposure to the real estate sector. Intervention could be by way of ordering a cut in loans to a specific branch or by way of requiring an increase in own funds.
Finally, the FSA is subject to an obligation to advise the Danish Consumer Ombudsman about cases of breaches of the conduct of business rules, and particularly when customers may have suffered a financial loss. The Consumer Ombudsman has the power to sue banks that have breached the conduct of business rules and may be appointed as group representative in group litigations (class actions). There has so far been only a limited number of examples in practice where this right to pursue class actions has been used by the Consumer Ombudsman.
The financial undertakings subject to supervision pay an annual fee to the FSA, as the costs of the FSA are intended to be covered by the financial undertakings subject to supervision. Danish banks pay the most significant part of these costs.
ii Management of banks
Rules on the management of banks are set out in Chapter 8 of the FBA and an executive order issued pursuant thereto by the FSA.
Danish banks must be established as public limited liability companies, and are managed by one or more managing directors and a board of directors. A person cannot be a managing director and board member at the same time. Larger banks are required to employ an internal auditor to assist the external auditors. Managing directors and board members are required to comply with the FSA's fit-and-proper requirements.
As part of the post-financial crisis regulatory reforms, extended fit and proper requirements have been introduced, including a requirement to use the time needed to fulfil the job undertaken. In addition, banks whose shares are traded on a regulated market or that have had an average of 1,000 employees during the past two years are required to establish a nomination committee with the responsibility, inter alia, to evaluate the board on an ongoing basis, suggest new board members, and ensure that the board has adequate diversity in terms of gender, competences and qualifications.
The board of directors must define the major areas of activity of the bank and determine a risk profile for the bank stating, inter alia, possible substantial risks and how to deal with them. Banks that must have a committee as mentioned above should also have a risk committee, whose primary tasks would be to assist the board when determining the risk profile, and to ensure that remuneration policies and the daily business comply with the determined risk profile. Further, the board of directors is required to prepare policies on the most substantial activities of the bank, including policies on credit risk and liquidity. Written guidelines to management are prepared by the board on the basis of these policies. These guidelines determine the situations in which decision-making powers lie with management, when management is required to report to the board and when the prior approval of the board is required before a final decision is made.
Each bank is required to have in place an effective risk-management strategy, including written procedures for all significant areas of activity, and effective procedures to identify, manage, monitor and report the risks to which the bank is or may be exposed. The FBA and the above-mentioned executive order describe in detail the minimum requirements applicable to banks in relation to, inter alia, their organisation, internal controls, accounting practices, board meetings, credit organisation, credit risks, market risks and conduct of business.
The frequency of board meetings is not explicitly determined, but the FBA requires that the board of directors meet when it is considered necessary, and all members are required to be summoned. The external auditor and the chief internal auditor have a right to be present at board meetings when issues relevant to auditing or financial reporting are being addressed.
A bank is subject to an obligation to immediately inform the FSA of matters that are of material significance to the continued operations of the bank. Board members, managing directors and the responsible actuary may all be held individually responsible in the event of non-compliance, and they are required to immediately inform the FSA if they have cause to believe that the bank does not comply with the applicable capital and solvency requirements.
Prior approval of the parent company
Certain decisions may be made subject to the prior approval of the parent company of a bank, but a general delegation of decision-making by the board of directors is not possible. Nor can the board of directors delegate its liability. It is not permissible for employees of a bank's parent company to participate in board meetings on a permanent basis. In addition, Danish bank secrecy rules prevent the disclosure of information about private customers to a parent company.
Restrictions on bonus payments
Another direct consequence of the financial crisis was the implementation of new restrictions on remuneration in financial undertakings. Many of these derive from EU legislation, including the European Capital Requirements Directive, which introduced new rules on remuneration in the financial sector. These have been implemented in the FBA, pursuant to which banks are required to have remuneration policies and practices satisfying the effective level of risk management. Remuneration policies are subject to a say on pay principle, meaning that they must be approved by the general meeting.
Variable remuneration in banks, including bonus payments, has been significantly restricted, and the variable part of the remuneration of managing directors and members of the board of directors may not exceed 50 per cent of the fixed basic remuneration, including pension. In addition, management is required to determine a suitable limit on variable remuneration of employees with a significant influence on the risk profile of a bank: the variable remuneration of those employees is set at a maximum of 100 per cent of the fixed remuneration, including pension, with a possible increase to 200 per cent if so decided by the general meeting and if certain additional requirements are complied with. At least half of the variable remuneration is required to be granted in shares, share-linked instruments or other instruments reflecting the creditworthiness of the bank. Stock option programmes may not constitute more than 12.5 per cent of the variable and fixed remuneration paid to the managing directors and the board of directors. At least 40 per cent of a variable remuneration must be paid to employees over a period of at least three years (four years if the recipient is a managing director or a board member). This requirement increases to 60 per cent if the variable remuneration is particularly high. In addition, payment of variable remuneration may only be effected if a bank's financial situation has not significantly worsened since the variable remuneration was granted.
iii Regulatory capital and liquidity
The experiences of the financial crisis have also led to an update of the rules on capital and liquidity requirements.
The final versions of the Capital Requirements Regulation (CRR)4 and the Capital Requirements Directive IV (CRD IV),5 adopted in June 2013, entered into force on 1 January 2014. The CRD IV was implemented into Danish law with effect from 1 April 2014. The phasing-in of the capital requirements follow the path as set out in the CRR and CRD IV, the latter by implementation through the FBA.
The Danish implementation of the CRD IV has resulted, inter alia, in the previous requirements on base capital applicable to banks being replaced by a separate own funds requirement, which is defined in accordance with the CRR. The requirement now is to calculate an individual solvency need, calculated as the adequate amount of separate own funds as a percentage of the total risk exposure, but never less than the own funds requirements and the initial capital requirement, as set out in the CRR. The FSA may determine that an individual bank should comply with a higher own funds requirement. Further, the new additional capital buffer requirements set out in the CRD IV have been implemented into Danish law. Both the capital conservation buffer and countercyclical buffer rate, used to determine the institution-specific countercyclical capital buffer, were gradually phased in, reaching full effect on 1 January 2019.
All in all, the Danish implementation of the CRD IV, in general, mirrors the Directive, which means that requirements on the appointment of a systemically important financial institution (SIFI) have also been implemented in line with the Directive. The appointed SIFIs are currently Danske Bank A/S, Nykredit Realkredit A/S, Nordea Kredit Realkreditaktieselskab, Jyske Bank A/S, Sydbank A/S, SparNord Bank A/S and DLR Kredit A/S. The appointed SIFIs will also have to fulfil a systemic risk buffer, which will be between 1 and 3 per cent of the amount of the SIFIs' total risk exposure. The systemic risk buffer will be determined individually for each SIFI.
The FSA exercises consolidated home state supervision in respect of Danske Bank, and established collective supervision of Danske Bank in 2009. Further, the FSA participates in the collective supervision of Nordea, SEB, Svenska Handelsbanken, TrygVesta and NASDAQ OMX.
Danish banks are required to have appropriate liquidity at all times according to Section 152 of the FBA.
With effect from 1 October 2015, new liquidity coverage requirements entered into force via the liquidity coverage requirement (LCR) ratio. The LCR ratio is a requirement that credit institutions should have enough high-quality liquid assets in their liquidity buffer to cover the difference between the expected cash outflows and the expected cash inflows over a 30-day stressed period. Subject to the CRR, the LCR ratio has been implemented progressively and was fully phased in on 1 January 2018. Further, the FSA has imposed specific liquidity requirements on each Danish SIFI based on their individual business model.
The FSA has also laid down requirements on, inter alia, the rules of procedure relating to the preparation of stress tests. These requirements apply to, inter alia, Danish banks and branches thereof, and branches of banks incorporated outside the EEA area and the European Union.
iv Recovery and resolution
The international financial crises materially affected the Danish banking industry: no less than five bank packages have been introduced by the government with the overall aim of securing the financial stability of the Danish banking sector. Whereas the first bank packages were mainly focused on supporting the liquidity and regulatory capital positions of the banks, the subsequent focus has been on the resolution of failed banks in an orderly manner to ensure financial stability and confidence in the Danish banking industry.
As part of these bank packages, procedures have been introduced to facilitate the controlled winding up of stressed Danish banks to ensure that it is possible to transfer and continue their day-to-day banking operations in the event that emergency procedures are required to be implemented. As part of this procedure, banks are required to maintain policies and procedures to ensure that, in the event of distress, they are able, within no more than 24 hours, to provide the required overviews of customers and accounts, among other things, to facilitate an expedient transfer. Danish banks are thus required to maintain detailed recovery and resolution plans to facilitate a transfer.
The recovery and resolution regime set out in the Bank Recovery and Resolution Directive (BRRD)6 was implemented into Danish law with effect from 1 June 2015 through the enactment of a new act on the recovery and resolution of Danish banks, mortgage credit institutions and certain investment firms. The appointed Danish resolution authority is Financial Stability, which, as part of the introduction of the new regime, was converted from a private limited liability company to a public authority. At the same time, responsibility for Danish deposits and investor guarantee schemes was transferred to Financial Stability. The Danish implementation of the BRRD, as was the case with CRD IV, in general mirrors the requirements of the Directive.
Conduct of business
i Conduct of business rules
Pursuant to Section 43 of the FBA, Danish banks and foreign banks offering cross-border services in Denmark are required to comply with applicable good business conduct rules within the relevant field of activity. The Executive Order on Good Business Conduct (the Conduct of Business Order), issued pursuant to Section 43 of the FBA, sets out detailed requirements in this respect. The majority of the provisions therein apply only when dealing with private customers.
The Conduct of Business Order contains a general requirement for banks to act fairly and loyally to their customers, and sets out information requirements applicable to the marketing of financial services. Prior to offering any services to private customers, banks are required to assess to what extent specific advice to each client is required, and banks are always required to inform clients of the most important features of a specific product or service. Documentation of all material agreements with clients is a prerequisite, and customer agreements must describe the important rights and obligations of the parties and the financial services covered by the agreement. A bank is required to inform customers of commission received by the bank or individual employees.
The Danish Marketing Act imposes a general standard of good marketing practice, according to which all marketing must be fair and clear, and must not contain any untrue or misleading statements or omissions. Written or oral statements that are deliberately incorrect or negligently made may result in criminal or civil sanctions (or both). Restrictions apply to cold calling by telephone as well as to unsolicited marketing approaches by email, fax and post. Breaches of the Conduct of Business Order and the Marketing Act are punishable with fines.
ii Danish bank secrecy rules
The Danish bank secrecy rules are set out in Sections 117 to 123 of the FBA.
Pursuant to Section 117 of the FBA, employees of a bank may not, without due cause, disclose or use confidential information obtained during the performance of their duties. This duty of confidentiality applies to any person receiving confidential information during the course of his or her business. A bank is allowed to disclose usual information on customer matters to entities that need such information for administrative purposes (e.g., information to a group company assisting with advice on pension schemes), but information on purely private matters can generally not be disclosed without the customer's consent. Usual information on customer matters includes names, addresses, social security numbers and email addresses. Administrative purposes do not encompass sales and marketing activities.
It is possible for a bank to disclose information about a customer (excluding information on purely private matters) to its parent company for the purposes of risk management within the group, provided that the parent company is a financial undertaking or a financial holding company. Irrespective of this, information about private customers can only be disclosed for the purpose of risk management if the information relates to exposures that are or may become significant.
A bank is required to prepare publicly available guidelines describing the extent to which it may disclose information.
Traditionally, the funding of Danish banks has been based on customer deposits, but from 2004 until the beginning of the financial crisis there was materially stronger growth in lending compared with the growth in deposits from the non-financial sector. The collapse of Roskilde Bank in the summer of 2008 resulted in negative attention from foreign banks and a noticeable decline in lending from foreign banks by the end of 2008. During 2009, the deficit in the balances of Danish banks between deposits and lending was markedly reduced, and in recent years, an increase in deposits from the non-financial sector and from private individuals wishing to consolidate themselves has once again provided the funding of Danish banks, which to a large extent is based on customer deposits. As a consequence of the continued low-interest environment, Danish banks generally do not have funding issues.
Control of banks and transfers of banking business
i Control regime
Requirements applicable to large shareholdings of Danish banks are set out in Sections 61 to 63 of the FBA and an executive order issued pursuant thereto, both of which implement the Acquisitions Directive into Danish law.
The acquisition of a qualifying interest in a Danish bank is subject to the prior approval of the FSA. A qualifying interest is a direct or indirect ownership of 10 per cent or more of the capital or the voting rights, or ownership of an interest that provides the opportunity to exercise significant influence on the management of the bank. Prior approval is also required in the event that an additional acquisition results in a qualifying interest that equals or exceeds a threshold of 20, 33 or 50 per cent, respectively, of the share capital or voting rights, or results in the bank becoming a subsidiary undertaking.
The approval procedure under Danish law is similar to that set out in the Acquisitions Directive, except that the FSA is required to provide an answer to an applicant within a total of 80 business days (60 business days plus an additional 10 business days plus another additional 10 business days, the latter two only if additional information is required).
The FSA may withdraw the acquired voting rights if the requirements for prior notification and approval are not complied with by the person or entity acquiring the qualifying interest. Similarly, the FSA may withdraw the acquired voting rights and is authorised to impose administrative sanctions if a qualifying interest has been acquired without approval from the FSA.
Disposal of interests in a Danish bank that have the result of the owner no longer reaching the above-mentioned thresholds requires advance notification of the FSA.
In addition to the investor notification requirement, banks are subject to a notification requirement when an investor acquires an interest in a bank and, as a result, meets the above-mentioned thresholds. Banks are also required to submit a list to the FSA every February, showing holders of qualified interests and the percentage they hold.
ii Transfers of banking business
A transfer of all or parts of a bank's business requires the prior approval of the FSA. Pursuant to Section 204 of the FBA, a bank may not amalgamate with another financial undertaking or a specific business function of another financial undertaking without prior approval. The transferring bank is the entity required to file the application to the FSA, and the applicant must be notified of the FSA's decision no more than two months after receipt of an application that holds the required information. Whether customer consent is required for a transfer depends on the general principles of Danish law. If a transfer involves only the substitution of the creditor, customer consent is generally not required, but if the transfer involves a substitution of the debtor, customer consent is generally required. Customer consent may also be required prior to a transfer of confidential customer information.
The year in review
The past year has yet again been, and the foreseeable future will be, generally characterised by an increasing number of amendments to the financial regulations, mostly based on EU initiatives. The Danish implementation is still in progress, and the new requirements have not finally been settled in the banking sector.
The general view is that financial institutions in Denmark have landed on their feet after some extremely difficult years, and that the additional requirements imposed (and to be imposed) on banks will provide for a stable financial sector that should be better prepared for any new challenges the future might bring. The Danish banking sector performed very well financially in 2019 and the solvency and liquidity issues it faced during and after the financial crisis are now a thing of the past. Even so, it is being heavily debated whether the business model of Danish banks is under threat by the combination of a low or negative interest environment and the impact of fintech solutions on the conduct of banking business. However, fintech solutions have not yet had any significant impact on the Danish banking sector.
Furthermore, in 2019, the sector was dominated by a significant focus on AML compliance. In particular, Danske Bank A/S has attracted significant attention from both the FSA and the Danish media due to AML compliance issues, in particular in its Estonian branch office. It is, however, the entire Danish banking sector that continues to attract attention in respect of AML compliance and compliance in general.
Outlook and conclusions
Following the collapse of several Danish banks, litigation in various forms was initiated against former members of management or the auditors of some of these. Examinations are being carried out by the prosecution service to assess whether there is a basis for initiating criminal proceedings against them.
The main cases have now been decided by the Danish courts in the first instance. In general, it has continued to prove very difficult to impose liability for general mismanagement of a bank. Any liability has thus been based on negligence related to specific credit cases. As a consequence of these decisions, the majority of the cases have been appealed to the Danish Supreme Court. The final results for these court cases will, therefore, not be available until 2021 at the earliest.
As a consequence of the significant focus on compliance issues in respect of Danish AML regulation, AML and compliance in general continues to attract significant attention from both the Danish regulatory authorities and the government. The ongoing cases in relation to Danish banks' non-compliance with the AML regulations are also expected to result in some of the largest, if not the largest, fines imposed on Danish financial institutions.
1 Morten Nybom Bethe is a partner at Gorrissen Federspiel.
2 Almost all guidelines and executive orders issued under the FBA have been issued by the Danish Financial Supervisory Authority.
3 Directive 2004/39/EC and Directive 2014/65/EU.
4 Regulation (EU) No. 575/2013 of the European Parliament and of the Council on prudential requirements for credit institutions and investment firms.
5 Directive 2013/36/EU of the European Parliament and of the Council on prudential requirements for credit institutions and investment firms.
6 Directive 2014/59/EU.