CRD 6: Tightening the rules

      Five years on from Brexit, global banks continue having to restructure their European business. The latest EU Capital Requirements Directive (CRD 6) tightened the rules for cross-border banking. Under CRD 6 Article 21c, from 2027 international banks may only provide ‘core banking services’ in the EU through authorized local entities, either branches or subsidiaries. ‘Core banking services’ are defined as:
      • Taking deposits,
      • Lending, or
      • Issuing commitments or guarantees.

      There are exceptions for interbank or intra-group transactions, cases of reverse solicitation and for services that are ancillary to investment services regulated under the Markets in Financial Instruments Directive (MiFID 2). Business written before July 2026 will be grandfathered and allowed to run to maturity.

      ECB Scrutiny

      The European Central Bank (ECB) is closely watching how banks adapt their business to comply with the new CRD 6 requirements. Since the start of this year, the ECB has asked non-EU headquartered banks to report each quarter on the extent of business that will be affected and their plans for compliance.  Where supervisors are not satisfied with banks’ arrangements, they can impose requirements for these to be changed.

      This ECB scrutiny is reminiscent of the Desk Mapping Reviews it conducted at many of the EU subsidiaries of global banks following Brexit. These consisted of deep dives into their business and booking models, focusing on their securities trading business. The Desk Mapping Reviews resulted in supervisory requirements for these banks to strengthen their local governance and risk management, including by transferring more (and more senior) staff to their EU entities.

      No "empty shells"

      In both the Desk Mapping Review and the latest CRD 6 scrutiny, the ECB’s guiding principle is not to allow EU subsidiaries to be ‘empty shells’. Local entities must actually run, and be accountable for, the business that is on their European balance sheets, and must have adequate local risk management. Simply being a booking entity or execution vehicle for transactions approved and directed from outside the EU, or simply transferring local risks to non-EU group entities via back-to-back trades, is not acceptable to the ECB.

      So as with the Desk Mapping Review, the ECB’s current investigation of banks’ CRD 6 adaptation could lead to supervisors requiring banks to shift more responsibility and people to their EU subsidiaries along with business that must now be conducted locally.

      Legal ambiguity

      The legal basis for the ECB’s scrutiny of banks’ cross-border business, however, may not be as clear as supervisors might like. First, as a Directive, CRD 6 must be transposed into national law before it can be binding for banks. The deadline for transposition is not until January 2026 (and it is not yet clear whether all EU countries will hit this deadline). Some banks may feel that ECB action is premature until the directive is transposed and the legal framework formally changed.

      Even once CRD 6 has fully taken effect, there remains uncertainty about its precise effect. The legislation contains no explicit definition of ‘in’ the EU, creating some ambiguity about exactly what business is no longer permitted on a cross-border basis. For example, banking relationships with investment funds whose management has been delegated outside the EU, or with securitization vehicles that are EU-incorporated but contain non-EU assets, could arguably be considered as either EU or non-EU business. A court ruling may be needed to definitively settle the question: but this could take some years to arrive. In the mean time, the ECB is likely to take a maximalist approach, considering that all business with a European touchpoint will have to be conducted from an EU entity.

      Strategic review

      Global banks should expect no letup in ECB wariness of cross-border activities, or scrutiny of their international business. It is important they conduct a thorough review of their European booking models (if they are not already doing so), and to ensure that their internal systems are set up to make the relevant data readily accessible.

      Banks should also bear in mind that the impact of the new cross-border rules may go beyond the ‘core banking services’ as defined in CRD 6. In many cases banks provide advisory or other services to clients alongside core banking services. Revenues from these could also be affected by CRD 6: so to protect these banks may need to consider shifting entire client relationships from one group entity to another. That could bring costs, but also potentially business opportunities: for example to rationalise legal entity structures and overhead costs, or to expand the range of services they provide. There may prove to be ‘silver lining’ business benefits to the CRD 6 ‘cloud’.

      Related content

      KPMG ECB Office offers you information and solutions for dealing with the ECB supervisory approach under the Single Supervisory Mechanism (SSM).

      Our people

      Dr. Henning Dankenbring

      Partner, Head of KPMG ECB Office

      KPMG in Germany

      Benedict Wagner-Rundell

      Senior Manager

      KPMG in Germany