The Banking Regulation Review: Germany


Germany is one of the biggest and most important markets for banking business in the world. Its banking system is based on three pillars: commercial banks, public law banks (including savings and loan associations and state banks) and cooperative banks. Commercial banks are private companies governed by private law; usually they are listed or unlisted stock corporations, or unlisted limited liability companies. Savings and loan associations are public law entities owned by municipalities or counties. They usually focus on local or regional business. Cooperative banks are customer-owned entities; their members democratically control, govern and own these banks (following the one person, one vote principle).

The number of banks in Germany as at the end of December 2021 was as follows: 251 commercial banks with assets of around €3.81 trillion; 773 cooperative banks with assets of around €1.14 trillion; and 377 public law banks with assets worth around €2.35 trillion.2 The five largest banks in terms of assets are Deutsche Bank, DZ Bank, KfW, Commerzbank and Unicredit Bank (HypoVereinsbank).

The regulatory regime applicable to banks

i Basic structure of banking regulation

Banking regulation in Germany comprises two basic elements: a licence system to prevent untrustworthy institutions from doing business, and provisions regulating the way licensed institutions should operate, including a bank's minimum capital and liquidity, risk management and general conduct of business.

Germany participates in the Single Supervisory Mechanism (SSM) established within the eurozone. The SSM covers the main aspects of prudential regulation of institutions that conduct at least deposit and lending business (Capital Requirements Regulation (CRR)3 credit institutions). Within the SSM, responsibilities are shared between the European Central Bank (ECB) and national competent authorities (NCAs): the ECB is generally responsible for the direct supervision of significant CRR credit institutions and, since 26 June 2021, also for the direct supervision of systemic investment firms, with NCAs having only an assisting role. With regard to less significant CRR credit institutions, the NCAs are in charge of their direct supervision, with the ECB being generally limited to indirect supervision, but nevertheless having the final word on the granting and withdrawal of authorisations and the assessment of qualifying holdings in CRR credit institutions (common procedures).

The role of NCA is carried out by the Federal Financial Services Supervisory Authority (BaFin). BaFin is also responsible for all tasks of prudential supervision that have not been conferred on the ECB, and the supervision of financial services institutions, non-systemic investment firms (investment institutions), insurance undertakings and asset management companies. The Bundesbank, the German central bank, is responsible for assisting BaFin and the ECB in the supervision of CRR credit institutions, financial services institutions and investment institutions. The tasks of the Bundesbank include the gathering of prudential and statistical information reported by German banks, and the analysis of their compliance with capital adequacy and risk management requirements. The Bundesbank may not issue administrative instructions to individual institutions.

ii Regulatory regime: selected licensing requirements

As a Member State of the European Union, Germany has fully implemented the Capital Requirements Directive (CRD IV)4 and the second Markets in Financial Instruments Directive (MiFID II).5 Therefore, the regulatory regime is quite similar to those of other EU Member States.

Anyone wishing to conduct a banking business (credit institutions) or to provide financial services (financial services institutions) commercially in Germany, or on a scale that requires a commercially organised business undertaking, generally requires a licence or an EU passport.

Banking businesses include, inter alia, the acceptance of deposits or other repayable funds from the public (deposit business), the granting of loans (lending business), safe custody services, and the purchase and sale of financial instruments in one's own name for the accounts of clients (principal broking service). Financial services include, inter alia, the purchase and sale of financial instruments for one's own account as a service for clients, high-frequency trading, portfolio management and investment advice.

Regulated activities are performed in Germany if they are offered to customers in Germany repeatedly and in a commercial manner. This includes services offered from other countries to customers in Germany by mail, telephone, fax or email. Concerning internet activities, an institution is assumed to offer regulated services in Germany if it advertises its products actively through the internet to customers in Germany. Further indications are the adaptation of offers to German law and to the expectations of German customers, as well as a German internet address or cooperation with German institutions.

Institutions are only eligible for a licence if they have a head office in Germany. Foreign entities must therefore set up a German subsidiary or branch. Generally, no particular legal form is required. However, entities carrying out banking businesses must not be operated as a sole proprietorship. Furthermore, to obtain a licence, sufficient initial capital is needed and must be available in Germany. The exact amount of the required initial capital depends on the business conducted.

An institution must employ at least one qualified manager. Credit institutions, and financial services or investment institutions that are authorised to own or possess funds or securities of customers, must have at least two managers. All managers must be fit and proper; that is to say, sufficiently qualified and trustworthy. Concerning professional qualifications, designated managers must have sufficient theoretical and practical knowledge (i.e., experience) in the business concerned. A person with three years' experience at a bank of similar size and type of business in a leading position is normally deemed to be sufficiently experienced. Trustworthiness could be excluded where the designated manager has committed certain crimes (such as fraud or breach of trust), violated regulatory provisions, or shown bad personal or business behaviour. Supervisory board members must also be trustworthy and sufficiently qualified.

The number of mandates per person is limited for both managers and supervisory board members. Managers and supervisory board members of CRR credit institutions that are of significant importance (this includes, inter alia, all CRR credit institutions with total assets of more than €15 billion) are subject to the following restrictions: one manager position and two supervisory board memberships, or four supervisory board memberships. Directorships held within the same group (which applies to groups of institutions, financial holding groups, mixed financial holding groups and mixed holding groups) are counted as one directorship. With regard to other institutions, supervisory board members are not permitted to hold more than five supervisory board mandates within undertakings supervised by BaFin.

In individual cases, BaFin may exempt entities other than CRR credit institutions from specific regulatory duties (including the licensing requirement) if supervision is not deemed to be necessary. An equivalent exemption can be used by non-EU institutions wishing to provide cross-border services into Germany (see Section II.iii).

If a banking business is conducted or financial services are provided without the required licence, BaFin may order the immediate cessation of that business. Managers may be subject to criminal liability in these cases.

iii Regulation of branches of foreign banks, representative offices and the cross-border activities of foreign banks

Like German banks, subsidiaries of foreign banks established to conduct regulated business in Germany are subject to licensing procedures and monitoring. Likewise, dependent branches of foreign banks conducting banking business or providing financial services in Germany generally require a licence.

Foreign banks domiciled in another European Economic Area (EEA) Member State may conduct certain regulated business either through a branch or on a cross-border basis without a German licence if they hold an EU passport. An EU passport requires that the entity is licensed and supervised by the competent authorities of its home state, and that the business the entity intends to conduct in Germany is covered by the home state licence.

No licence is required for a representative office of a foreign bank in Germany. The representative office must not conduct any regulated business. Prior notice of the establishment of such a representative office must be given to BaFin.

No licence is required if foreign banks perform requested services (also known as reverse solicitation). German residents and companies domiciled in Germany may request the services of foreign institutions at their own initiative. An institution offering these services following such a request does not need a licence in Germany, provided it does not conduct any business on German territory or on a cross-border basis (including by means of telecommunication) directed towards potential customers residing in Germany. BaFin specifies, in a guidance note, the differences between requested services that are not subject to the licensing requirement, and cross-border banking businesses or financial services requiring a licence or an EU passport.

An exemption of non-EU institutions from the licensing requirement may be granted by BaFin at its discretion, provided that the bank in question is effectively supervised in its home country by the competent authorities in accordance with internationally recognised standards, and that the competent home country authorities cooperate satisfactorily with BaFin. Additionally, the applicant company must submit a certificate from the competent authorities of its home country confirming to BaFin that it holds a banking or financial services licence, and that the provision of the intended cross-border services in Germany raises no supervisory concerns. As a general rule, an exemption for the conduct of banking businesses and the provision of financial services to private clients will only be granted if a foreign bank uses a German credit institution or an EEA credit institution with an EU passport as an introducing agent.

As a consequence of a bilateral agreement between BaFin and the Swiss Financial Market Authority, Swiss banks have the option of applying for a simplified exemption procedure under which they can directly solicit private German clients without a credit institution acting as an introducing agent; however, in such a case they would be subject to compliance with strict MiFID II and other requirements.

As part of its EU banking package published in October 2021, the European Commission has proposed to amend the CRD IV so as to introduce a mandatory licensing requirement for EU branches of non-EU institutions. If implemented, this proposal would most likely put an end to the German exemption regime.

iv Regulation of payment services and e-money business

Germany has implemented the second Payment Services Directive6 and the second E-Money Directive.7 Payment services institutions and e-money institutions (other than CRR credit institutions) are required to hold a payment services or e-money licence and are supervised by BaFin. It is possible for licensed payment services and e-money institutions registered in other EEA Member States to conduct their business in Germany through a branch or on a cross-border basis without a German licence if they hold an EU passport.

Prudential regulation

i Relationship with the prudential regulator

The ECB and BaFin may examine institutions routinely or in the event of a special cause. The regulators may enter and inspect an institution's offices for this purpose during normal business hours. This right generally also applies to an institution's subsidiaries. Furthermore, BaFin representatives may attend a bank's general meeting and meetings of the supervisory board. An institution and its managers must provide the ECB, BaFin and the Bundesbank upon request with all relevant information and documentation.

Institutions are subject to numerous ad hoc and regular reporting and notification obligations. Generally, notifications must be sent to both BaFin and the Bundesbank, whereas regular reporting (such as common reporting (COREP) and financial reporting (FINREP)) is received by the Bundesbank only. Institutions have to notify BaFin and the Bundesbank annually of their participating interests in other enterprises, any qualifying holdings held in the reporting institution and the number of domestic branches.

Within the SSM, a slightly different reporting regime applies to CRR credit institutions that qualify as significant and are thus directly supervised by the ECB. Generally, these institutions must submit their notifications to the ECB, with copies going to BaFin and the Bundesbank. An exception applies to those notifications by which significant CRR credit institutions notify their intention to appoint a manager, the appointment of a supervisory board member or the end of term of any of these individuals. In relation to these notifications, the NCAs (i.e., BaFin and the Bundesbank) act as the single point of entry.

ii Management of banks

Typical management structures and the influence of holding companies

Stock corporations

Commercial banks in the legal form of a German stock corporation have a management board consisting of the managers and a supervisory board. This two-tiered structure can be seen as an important element of self-regulation and internal governance of banks. The management board is responsible for both the day-to-day affairs of the bank and the business strategy. It represents the bank when dealing with third parties. In performing their duties, managers must act solely in the bank's best interests, without being subject to instructions from any third party, including the supervisory board. The supervisory board is responsible for supervising and advising the management board, and it appoints managers and can dismiss them with reason (a loss of confidence is sufficient to satisfy that requirement). To the extent set out in the bank's articles of association or the management board's by-laws, the management board must obtain the prior approval of the supervisory board for certain transactions and other actions of the bank, which may, for example, include the establishment and closure of branches and the purchase and sale of companies. Supervisory board members are elected by the shareholders; therefore, large shareholders are regularly represented on the supervisory board. Legal persons cannot be members of the boards.

Shareholders may communicate recommendations to the management board and the supervisory board, as long as those recommendations are legally and factually non-binding (unless a domination agreement is concluded).

Limited liability companies

Limited liability companies only require a supervisory board if they have more than 500 employees. The shareholders of limited liability companies may generally render binding instructions to the management board, even regarding the day-to-day business. Nevertheless, the managers in limited liability companies remain solely responsible for compliance with all applicable laws and regulations.

Domination agreements

German corporate law allows parent companies to establish the authority to give binding instructions (relating to day-to-day business and business strategy) to the management boards of their subsidiaries by concluding a domination agreement with them. In the case of institutions, however, this possibility is not unlimited, because domination agreements conflict with the independence of managing directors required by regulatory law. Therefore, a domination agreement with a licensed institution must provide that the controlled institution's managers must be independent from instructions to the extent necessary to comply with mandatory regulatory requirements. Additional regulatory requirements apply to profit and loss transfer agreements with licensed institutions.

Regulatory duties of management of banks

A manager of an institution is required to carry out several regulatory duties. For example, he or she must report to BaFin and the Bundesbank (as well as to the ECB if the bank is directly supervised by the ECB) the commencement and termination of activities as a manager or member of the supervisory board or administrative board of another enterprise, as well as the acquisition and disposal of a direct participating interest in an enterprise, and any changes in the scale of such a participating interest.

Restrictions on payments to the management of banks

Company law

The compensation of managers of a stock corporation must be appropriate in terms of personal performance and the common level of compensation. For example, to reduce the incentives for managers to focus on short-term profits, stock options are not exercisable in the first four years after they have been granted. These rules do not apply to managers of limited liability companies.

Regulatory law

As required under the CRD IV, the variable component of the total remuneration paid to a manager or an employee generally must not exceed 100 per cent of the fixed component. The institution's shareholders may approve a higher variable component, but not exceeding 200 per cent of the fixed component for each individual. In addition, restrictions on payments are part of the Regulation on the Remuneration Systems of Institutions. Pursuant to these requirements, remuneration systems should be orientated around the objectives of the bank's strategy. Incentives to take disproportional risks should be avoided. The remuneration of bank managers should adequately reflect their functions and performance, and should not exceed the common remuneration without particular reason. Remuneration agreements between banks and their managers must be in written form. Banks are obliged to disclose information annually about their remuneration systems, and the total amounts of all fixed and variable compensations.

iii Regulatory capital and liquidity

Regulatory capital requirements

Regulatory capital requirements for banks have been harmonised within the European Union and are part of the CRR. The CRR covers regulatory capital requirements in particular with respect to counterparty risk, market risk, operational risk and settlement risk. In addition to the capital requirements laid down in the CRR, banks are required to hold a minimum capital of €5 million in the form of Common Equity Tier 1 (CET1) capital. For investment institutions, capital requirements are now set out in the Investment Firms Regulation.8

Capital buffers

Germany has also implemented the CRD IV regime on capital buffers. For 2022, banks must thus maintain a capital conservation buffer of 2.5 per cent of their total risk exposure as well as an institution-specific countercyclical capital buffer equivalent to the weighted average of the national countercyclical buffer rates of those EU Member States in which relevant credit exposures are located. The current countercyclical buffer rate for Germany has been set at zero per cent, but will be raised to 0.75 per cent as from 1 February 2023. At the same time, a supplemental 2 per cent buffer for residential mortgage exposures in Germany will be introduced. Additional buffer requirements apply to global and other systemically important institutions.

Consolidated supervision

Concerning groups of institutions, (mixed) financial holding groups and financial conglomerates, consolidated supervision is exercised. A group comprises a parent company and subordinated companies. A parent company is an institution or a (mixed) financial holding company that is domiciled in Germany and is not subordinated to other institutions in Germany. Group member institutions taken together must fulfil the capital requirements laid down in the CRR. To determine whether a group has adequate capital, the capital of the group members, on the one hand, and the risk exposure amounts of the group members, on the other, are aggregated. As a general rule, intra-group positions will be eliminated to calculate capital requirements on a group level. If a parent company prepares consolidated accounts under International Financial Reporting Standards,9 such consolidated accounts will be the basis of consolidated supervision.

iv Recovery and resolution

On 1 January 2015, Germany implemented the Bank Recovery and Resolution Directive (BRRD).10 In addition, on 1 January 2016, the Single Resolution Mechanism (SRM) Regulation11 came fully into effect, establishing a uniform procedure for the resolution of CRR credit institutions established within the eurozone (SRM). The European and German recovery and resolution framework distinguishes mainly between the following areas of regulation: recovery planning by the banks themselves; resolution planning by the competent resolution authority; and resolution (i.e., the application by a resolution authority of one or more resolution tools to an institution that is in a crisis situation).

CRR credit institutions and their holding companies are required to prepare, and update annually, recovery plans describing how their financial stability could be restored in the event of a financial crisis. The recovery plans are to be assessed by the competent prudential supervisory authorities (i.e., the ECB for significant CRR credit institutions, and BaFin for less significant CRR credit institutions), which have also been granted extensive powers when recovery plans are regarded as insufficient.

On the other hand, resolution planning and the application of resolution tools fall within the scope of application of the SRM. Within the SRM, competencies and tasks are shared between the Single Resolution Board (SRB), a special agency of the European Union, and the national resolution authorities of the participating EU Member States. The national resolution authority for Germany was, until 31 December 2017, the Federal Agency for Financial Market Stabilisation; its role has since been taken over by BaFin. While the SRB is competent and responsible for preparing resolution plans and adopting all decisions relating to the resolution of those CRR credit institutions and their parent undertakings that are subject to direct supervision within the SSM by the ECB or are part of a cross-border group, BaFin as the national resolution authority is responsible for resolution planning and the resolution of all other German CRR credit institutions.

When establishing resolution plans, the resolution authority (i.e., the SRB or BaFin) must identify and, where necessary and proportionate, address and remove any material impediments to resolvability. Similar to the powers of the competent prudential regulator when assessing a bank's recovery plan, resolution authorities have the power to require a bank to limit its risk exposures or to divest specific assets, to restrict or prevent the development of new or existing business lines, or to require changes to legal or operational structures of the institution and the group, respectively.

Resolution tools and powers may be applied by the SRB or BaFin when: an institution is failing or likely to fail; there is no reasonable prospect that any alternative private sector or prudential measure would prevent the failure of the institution; and the resolution action to be applied is necessary and proportionate to ensure the continuity of critical functions of the institution, provided this is necessary to protect depositors, client funds or client assets, to avoid a significant adverse effect on the financial system or to protect public funds from being used in a bail-out scenario. The resolution tools are:

  1. a sale of business, by which assets, rights or liabilities as well as shares in an institution can be transferred to an acquirer;
  2. a bridge institution, by which assets, rights or liabilities and shares can be transferred to a bridge bank owned and controlled by the resolution authority;
  3. an asset separation, by which assets, rights or liabilities can be transferred to a special purpose vehicle with the purpose of maximising the value of these assets through a sale or orderly wind-down; and
  4. a bail-in, by which shareholders and specific creditors may be required to participate in losses and the recapitalisation of a credit institution or its group entities in a resolution scenario. With the bail-in tool, the SRB and BaFin have the power to write down equity and liabilities in whole or in part, and to convert liabilities into shares or other CET1 instruments of the respective institution or group entity or of a bridge institution. The requirements for the application of the bail-in tool, as well as the regime of liabilities that are either statutorily excluded from bail-in or may be excluded by the SRB or BaFin, are laid down in the SRM Regulation.

To ensure that sufficient own funds and liabilities are available for the application of the bail-in tool, credit institutions and respective groups must maintain a minimum amount of own funds and 'bail-inable' liabilities as required by the SRB or BaFin (minimum requirement of own funds and eligible liabilities (MREL)).

Conduct of business

i German rules concerning banks' organisation and conduct of business

Proper business organisation, including risk management

An institution must have in place a proper business organisation and suitable arrangements to ensure compliance with legal and regulatory duties. BaFin has specified these requirements in detail in its MaRisk (minimum requirements for risk management) circular, which is complemented by BaFin's BAIT (bank supervisory requirements for the IT) circular for the management of IT risks. Risk management comprises the formulation of an appropriate strategy and the establishment of appropriate internal surveillance procedures. These procedures include appropriate risk management and controlling procedures, stress tests, an independent risk controlling function, a compliance function, and an efficient and independent internal audit function. In addition, BaFin has provided for detailed minimum requirements regarding a bank's internal organisation and procedures when granting loans (e.g., a relatively strict four-eyes principle) or trading in financial instruments.

Investment services

According to MiFID II, anyone who provides investment services or performs investment activities (such as reception and transmission of orders in relation to financial instruments, dealing on own account, portfolio management or investment advice) must comply with certain rules of conduct with regard to customers. Investment services enterprises must provide investment services with the requisite degree of expertise, care and prudence in the interests of their customers. These institutions are obligated to enquire about their customers' experience and knowledge of financial transactions, and to provide certain information to their customers. The specific scope of the obligations depends on whether the customer is a private client, a professional client or an eligible counterparty. Professional clients include authorised or regulated enterprises, large undertakings, national or regional governments, central banks and other institutional investors whose main activity is to invest in financial instruments.

In addition to the rules implementing MiFID II, banks are required to ensure that their investment advisers, sales representatives (i.e., persons competent for the definition of sales objectives) and compliance officers have the relevant expertise and necessary trustworthiness for their respective activities. Banks must notify these persons to BaFin prior to the commencement of their activity.

ii Sources of liability in German law

Criminal and administrative liability

Operating without a required licence and doing banking business that is prohibited, as well as violations of the duty to report insolvency or over-indebtedness to BaFin, are causes of criminal liability for bank managers. In addition, non-compliance with certain other regulatory duties is subject to administrative fines. Under German law, a bank itself can be held liable for administrative fines, but not criminal violations.

Civil law liability

Concerning civil law, three sources of liability have to be considered: management's liability to the bank, a bank's liability to its customers and management's liability to customers. Managers must apply the diligence of orderly executives in performing their duties, and may be liable to the company for damages if they fail to do so. A business decision taken by the management board is not considered to be a breach of duties if the management acted on the basis of adequate information, and if the management could reasonably assume that the transaction was in the best interests of the company (business judgement rule). A bank's liability to its customers is, in most cases, a result of the violation of contractual duties. In very exceptional cases, the management may be directly liable to customers.

iii Applicable law on banking secrecy

Except for the statutory confidentiality requirements imposed on officers of the supervisory authorities, there is no special law on banking secrecy in Germany. Banking secrecy in Germany is a result of contractual duties between a bank and its customers. More specifically, banking secrecy is provided for in the bank's general terms and conditions, which are standardised general terms and conditions used by most German banks. Pursuant to these standardised contractual clauses:

the bank has the duty to maintain secrecy about any customer-related facts and evaluations of which it may have knowledge (banking secrecy). The bank may only disclose information concerning the customer if it is legally required to do so, if the customer has consented thereto, or if the bank is authorised to disclose banking affairs.

German data protection law also protects information relating to private individuals. Concerning banking business, data protection concerns can arise, for example, in loan portfolio transactions. The assignor is, on the one hand, obliged to provide the assignee with all the relevant information under German civil law; on the other hand, however, this may be a violation of data protection law.


The funding of banks in Germany is typically based on several pillars: deposits from customers, unsecured and secured capital market products (including, for example, covered bonds), deposits from other banks and ECB funding.

Control of banks and transfers of banking business

i Control regime

Regulation of persons controlling banks and the approval process for a change of control

Based on the German rules that implemented the European Acquisitions Directive,12 persons intending to acquire a qualifying holding in an institution have to comply with several requirements.

The term 'qualifying holding' is defined in the CRR, and means a direct or indirect holding in an undertaking that represents 10 per cent or more of the capital or the voting rights, or that makes it possible to exercise significant influence over the management, of that undertaking. According to BaFin, the question of whether an indirect holding representing at least 10 per cent of the capital in a target undertaking exists has to be assessed on a calculation basis (look-through or multiplication approach: for example, a 40 per cent holding in a 30 per cent shareholder of a bank leads to an indirect holding of 12 per cent of the capital in that bank and would therefore be sufficient).

This approach has also been taken by the European supervisory authorities (ESAs) in their joint Guidelines,13 published in this respect in December 2016. The ESAs are further of the view that any person who directly or indirectly controls another person that has been identified as an acquirer of an indirect qualifying holding pursuant to the application of the multiplication approach also qualifies as an acquirer of an indirect qualifying holding even if the controlling person does not indirectly hold at least 10 per cent of the target bank's capital. BaFin and the ECB have in the meantime changed their administrative practice and also follow this approach.

A notification must be made once a purchaser has formed the intention to acquire a qualifying holding. Therefore, BaFin may, for example, already have to be notified if and when a letter of intent or an exclusivity agreement is signed. In the notification, the prospective purchaser must state the facts relevant to the amount of the qualifying holding as well as to assessing its trustworthiness and financial soundness, and must name the seller or sellers of the respective shares. A detailed business plan is required that contains, inter alia, a business strategy for the acquired institution and target figures for the three full business years following the year of acquisition. The intended acquisition may be prohibited within 60 business days if, inter alia, the proposed acquirer or a designated manager is not reliable or financially stable, the institution is at risk of not meeting its regulatory requirements as a consequence of the acquisition, or the transaction is connected to money laundering or the financing of terrorism. In view of the detailed content and form of the notification, it is very important to consider the disclosure requirement in a timely manner in merger and acquisition transactions in which banks are involved. If a holder of a qualifying holding intends to increase the amount of the holding to 20 per cent, 30 per cent or 50 per cent, or more, BaFin must be notified again. Conversely, if a shareholder of a bank intends to dispose of its qualifying holding or to reduce the shareholding below these thresholds, it must notify the competent authorities accordingly.

Within the SSM, the ECB is responsible for all shareholder control procedures pertaining to CRR credit institutions, including less significant CRR credit institutions and systemic investment firms. BaFin retains exclusive responsibility only for those institutions that do not qualify as CRR credit institutions (e.g., financial services institutions or investment institutions). The notifications for all institutions (including CRR credit institutions) must be submitted to BaFin and the Bundesbank. In the case of CRR credit institutions, BaFin will assess the proposed acquisition and submit a proposal for a decision to oppose or not oppose the acquisition to the ECB. The ECB will then issue a resolution and communicate it to BaFin and the interested acquirer.

Foreign Economy Act and change of control

The Federal Ministry of Economic Affairs and Energy (BMWi) can prohibit or restrict acquisitions of German enterprises by non-EU residents if the purchase leads to a total takeover or to a stake of at least 10 per cent of the voting rights (with respect to operators of critical infrastructures) or 25 per cent of the voting rights (in other cases). In such a case, any share purchase agreement must be notified to the BMWi in writing, and the BMWi has a two-month period to review the acquisition and decide on the opening of formal examination proceedings. The examination proceedings can result in a decision by the BMWi to prohibit the acquisition or take corrective action, to ensure that Germany's public policy and public security are guaranteed, provided that the prohibition or other action is ordered within four months of the BMWi receiving the complete set of relevant documentation from the proposed acquirer. In exceptional cases, the BMWi may extend the four-month period by up to three months.

ii Transfers of banking business

Concerning the general possibilities of transferring businesses in Germany, there are no special rules for banks. German civil and corporate law provide for the general framework for such transfers.

Under German civil law, it is generally possible to transfer payment claims arising from banking transactions to another bank without the consent of the banking customers concerned. However, the transfer of contractual duties or contracts as a whole generally requires customers' consent. Under certain circumstances, consent can be obtained in the form of deemed consent.

A transfer of banking business to another entity is also possible by means of a split-off or hive-down, which are special schemes under German statutory corporate law. As a consequence of the split-off or hive-down becoming effective, legal title to the assets passes to another company by operation of law. Therefore, it is not necessary to transfer each asset individually. A banking licence cannot be transferred by way of split-off or hive-down. A split-off or hive-down under foreign law may also be used in this context; for example, to transfer the assets of a German branch of a foreign credit institution to a newly established German credit institution, it is possible, and has been tested in practice, to hive-down the assets of the German branch to a new subsidiary of that foreign credit institution registered in the same jurisdiction (becoming the German branch of that subsidiary) and, in a second step, to merge the subsidiary cross-border into the newly established German credit institution.

A further possibility for transforming banking business is to transfer assets by way of an accrual. First, the seller transfers assets to a new partnership by way of a hive-down. The transferee then becomes a partner of the limited partnership, after which the transferor leaves the partnership, which results in the complete transfer of all assets of the partnership to the transferee by operation of law. This model can also be used in cross-border transactions if it is also recognised in the other jurisdiction.

As part of the EU banking package published in October 2021, the European Commission has proposed to amend the CRD IV so as to introduce a notification and supervisory assessment procedure for the acquisition of qualifying holdings, the transfer of material assets or liabilities and mergers or divisions by or of banks. The procedure is similar to the shareholder control procedure applicable in the case of acquisition of a qualifying holding in a bank (see Section VI.i).

The year in review

Most elements of the EU banking package, adopted in 2019 and entailing a major overhaul of the EU regulatory framework, as well as the EU's reform of the prudential regime for investment firms, have been applied since 29 December 2020 and 26 June 2021, respectively. Specifically, capital requirements have become more risk-sensitive, particularly with regard to market risk. Furthermore, banks have to observe a binding leverage ratio and a binding net stable funding ratio. Third-country institutions with significant activities in the EU are now required to establish an EU intermediate parent undertaking, and (mixed) financial holding companies at the top of a group are now subject to an approval requirement.

Although, as in 2020, the persisting pandemic encouraged some EU regulators and supervisors to soften their regulatory grip, in some areas the competent authorities upheld (increased) regulatory requirements or, at least, expectations. Specifically, the ECB called on banks to refrain from or limit dividends until 30 September 2021 to 15 per cent of combined 2019 and 2020 profits and not higher than 20 basis points of their CET1 ratio, and expects them to exercise extreme moderation on variable remuneration. BaFin followed the ECB's course and extended these recommendations to less significant banks. However, on 30 September 2021, these ECB and BaFin recommendations expired.

Fitting in the broader agenda of European lawmakers and institutions, banking regulators increasingly shifted their focus to ESG matters in 2021 and will continue to do so in the coming years. For example, as part of a new banking package published in October 2021, the European Commission has proposed specific rules for the management and disclosure of ESG risks in accordance with the EU Sustainable Finance Strategy. Banks will be required to include ESG risk aspects not only in their internal governance, risk measurement and management, but also in their business strategies. Also, the European Banking Authority and the ECB have shown an increased interest in ESG matters. For example, the European Banking Authority (EBA) has announced that it will embed ESG considerations into its regulatory impact assessments, risk analysis and stress testing. The ECB has included knowledge and experience regarding ESG risks as relevant criteria in its revised guide to fit and proper assessments, published in December 2021. These measures are just some of many examples underscoring the significantly enhanced attention and ambition of EU banking regulators to make a noticeable contribution to the broader ESG agenda of EU lawmakers and institutions.

Outlook and conclusions

The regulatory agenda for 2022 will continue to be dominated by the SSM, and by the ECB as the trendsetter for banking supervisory matters within Germany and the whole of the eurozone. The ECB, in cooperation with the NCAs, has performed a thorough assessment of the main risks and vulnerabilities faced by the significant institutions under its direct supervision and has set three strategic priorities for 2022–2024 accordingly. The three priorities identified for 2022–2024 aim to ensure that banks:

  1. emerge from the pandemic healthy (addressing the following key vulnerabilities:
    • deficiencies in the credit risk management framework;
    • exposure to covid-19 vulnerable sectors, including commercial real estate;
    • exposure to leveraged finance; and
    • sensitivities to interest-rate shocks and credit spread);
  2. seize the opportunity to address structural weaknesses via effective digitalisation strategies and enhanced governance to overcome deficiencies in banks' digital transformation strategies and in banks' management bodies' steering capabilities; and
  3. tackle emerging risks, including climate-related and environmental risks, and information technology and cyber risks.


1 Sven H Schneider is a partner and Jan L Steffen is a counsel at Hengeler Mueller Partnerschaft von Rechtsanwälten mbB. The authors wish to acknowledge the valuable support and contribution to this chapter provided by Gerrit Tönningsen, an associate at Hengeler Mueller.

2 Deutsche Bundesbank, Monatsbericht, February 2022, Statistical Part, p. 24.

3 Regulation (EU) No. 575/2013.

4 Directive 2013/36/EU.

5 Directive 2014/65/EU.

6 Directive (EU) 2015/2366.

7 Directive 2009/110/EC.

8 Regulation (EU) 2019/2033.

9 Issued by the International Financial Reporting Standards Foundation to provide a common global language for business affairs.

10 Directive 2014/59/EU.

11 Regulation (EU) No. 806/2014.

12 Directive 2007/44/EC.

13 See the Joint Guidelines on the prudential assessment of acquisitions and increases of qualifying holdings in the financial sector (JC/GL/2016/01) dated 20 December 2016. The Guidelines apply from October 2017.

The Law Reviews content