to the point: financial regulation | 11/2024

• The European Commission published an article stating that the EU is a global leader in sustainable finance, having issued over EUR 65bln in NextGenerationEU (NGEU) Green Bonds, with a goal to finance 30 % of the NGEU programme through green initiatives. These bonds are funding EUR 264.6bln in investments across sectors like renewable energy, clean transport and energy efficiency, contributing significantly to the EU's climate goals, including an estimated annual reduction of 55 million tons of greenhouse gas emissions. For obliged persons and stakeholders, this represents a robust and transparent framework aligned with the highest international standards, ensuring investor confidence. Obliged entities should leverage tools like the EU's Green Bond Dashboard, which provides real-time tracking of investments, and annual reports detailing fund allocations and climate impacts.

• The Council of the EU has adopted a new regulation governing environmental, social, and governance (ESG) rating activities, introducing significant obligations for relevant entities, including ESG rating providers and market participants relying on these ratings. Key changes include mandatory authorisation and supervision by the European Securities and Markets Authority (ESMA) for ESG rating providers established in the EU. These providers must meet strict transparency requirements, particularly regarding their methodologies and data sources, to ensure consistency, reliability and comparability of ESG ratings. For non-EU ESG rating providers wishing to operate in the EU, their ratings must either be endorsed by an EU-authorised provider, recognised based on quantitative criteria, or included in an EU registry following an equivalence decision. The regulation also enforces the separation of business activities to prevent conflicts of interest, requiring rating providers to adapt their governance structures and operational practices accordingly. Entities relying on ESG ratings should prepare for increased scrutiny of the ratings' transparency and methodologies under the new framework.

• ESAs (ESMA, EBA, EIOPA) have introduced Joint Guidelines on the use of the ESAs F&P Information System, aiming to enhance the exchange of information between supervisory authorities across the EU. These guidelines are designed to harmonise fitness and propriety (F&P) assessments of board members, key function holders, and owners of qualifying holdings, ensuring consistent supervisory practices across the financial sector. For obliged entities such as financial institutions, this means increased scrutiny of governance structures, with supervisory authorities using the centralised system to assess and share data on the competence and integrity of individuals in key roles.

• The EBA has issued final Guidelines establishing common EU standards for governance arrangements, policies, procedures and controls that financial institutions must implement to comply with Union and national restrictive measures. For financial institutions, the first set of Guidelines mandates sound governance and risk management systems to address the risks of breaching or circumventing restrictive measures. This applies broadly across all institutions under EBA supervision and requires robust internal controls to align with EU sanctions frameworks. The second set of Guidelines focuses on payment service providers (PSPs) and crypto-asset service providers (CASPs). These entities must ensure that their systems enable compliance with restrictive measures when executing transfers of funds or crypto-assets. This includes verifying the adequacy of information accompanying such transfers, in line with Regulation (EU) 2023/1113, which takes effect on 30 December 2024. For obliged entities, compliance with these Guidelines means revising and potentially overhauling existing governance structures, risk assessments and control systems. Institutions must embed sanctions compliance into their broader anti-money laundering (AML) and countering the financing of terrorism (CFT) frameworks. PSPs and CASPs must implement specific measures to address the unique risks associated with digital and cross-border transactions.

• The Council of the EU has adopted revised rules under the European Market Infrastructure Regulation (EMIR) to enhance the attractiveness and resilience of the EU clearing system, with significant implications for obliged entities such as financial institutions and central counterparties (CCPs). The updated rules require relevant market participants to establish active accounts at EU CCPs and clear a significant portion of certain systemic derivative contracts within the EU. This aims to reduce over-reliance on non-EU systemic CCPs, ensuring compliance with EU financial stability objectives and supporting the EU's open strategic autonomy. Obliged entities must adapt their operations to meet these new clearing requirements, which will demand updates to their risk management, account structures, and compliance processes. Additionally, the reforms streamline procedures, improve consistency in clearing rules and enhance CCP supervision, placing greater emphasis on transparency and operational resilience.

• The ESMA has finalised its Final Report on the Technical Advice on the CSDR Penalty Mechanism, providing recommendations to improve settlement efficiency and prepare for potential changes, such as a transition to T+1 settlement in the EU. For obliged entities in the securities settlement chain, these updates will require close attention to several changes:
  • Calculation Parameters: Adjustments to how penalties are calculated for settlement fails due to lack of cash, ensuring consistency even when central bank interest rates are unavailable;
  • Historical Reference Prices: Refined treatment of historical reference prices for late matching fail penalties, which impacts how penalties are determined; and
  • Penalty Rates: A moderate increase in penalty rates across most asset classes, aimed at further improving settlement efficiency without altering the core design of the penalty mechanism.

Since its implementation in 2022, the CSDR penalty mechanism has successfully incentivised timely settlement. Obliged entities must now prepare for potentially higher financial penalties for settlement failures and ensure robust operational processes to avoid delays.

• The EBA has reported significant improvements in the supervisory practices of competent authorities regarding non-performing exposures (NPEs). Following a 2022 Peer Review report, the EBA's follow-up assessment indicates that all relevant authorities now fully or largely comply with its Guidelines on the management of non-performing and forborne exposures. This progress reflects intensified efforts to align supervisory practices with EBA standards, enhancing oversight and risk management for NPEs. For obliged entities, such as credit institutions, these developments emphasise the need for continued vigilance in managing NPEs. Institutions should ensure robust practices for identifying, monitoring and addressing non-performing exposures in line with the EBA Guidelines, as supervisory authorities are now better equipped to scrutinise these areas effectively. With NPE ratios rising, as highlighted in the EBA's 2024 Risk Assessment Report, banks must prioritise early intervention strategies to mitigate risks associated with deteriorating credit quality. The EBA's findings underscore the importance of compliance with established NPE management standards and maintaining proactive engagement with supervisory authorities. For credit institutions, this translates into a heightened focus on maintaining sound credit risk frameworks, ensuring resilience against potential increases in non-performing exposures, and aligning with the evolving expectations of enhanced supervisory practices.

• The Council of the EU has adopted new rules amending the Solvency II directive and introducing the Insurance Recovery and Resolution Directive (IRRD), introducing significant changes for the insurance sector and relevant stakeholders. For obliged entities in the insurance and reinsurance sector, the amended Solvency II rules emphasise the sector's role in long-term private investments, particularly supporting the EU's green and digital transitions. These changes will require insurers to enhance their resilience to protect policyholders while contributing to economic growth and the deepening of the capital markets union. The IRRD introduces measures to prepare insurers and authorities for financial distress, enabling early and effective interventions, including in cross-border scenarios. This framework ensures better protection for policyholders, limits economic disruption, and reduces the risk of relying on taxpayer funds for bailouts.

• The Financial Analytical Office (FAO) issued a revised opinion on the application of the AML Act to the identification of minors, which takes into account the current legislation and was consulted with the Czech National Bank. Obliged persons are to apply a risk-based approach to the identification of minors, with the key being how the minor is involved in commercial activities. If the minor uses the account only passively, i.e. does not have dispositive power or shares it with a legal guardian, the identification is based on the data provided by the legal guardian. The latter is obliged to provide both their authorisation to act for the minor (e.g. birth certificate) and the child's identification data. The minor client does not have to be physically present in this case. In cases where the minor has sole dispositive power over the account, they must be identified in person according to the rules applicable to natural persons, for example by means of an identity card or passport. The FAO also recommends introducing measures to reduce the risk of misuse of minors' accounts, such as setting low transaction limits or limiting the scope of services provided. These steps reflect not only the legal capacity of minors but also their limited experience with financial transactions. Obliged persons should continuously monitor the business relationships of minor clients, where both the minor and their legal representative are involved in the transactions.

• The EU Commission published its long-awaited guidance on the best efforts obligation that has been incorporated into the economic sanctions against Russia and the economic/financial sanctions against Belarus mid this year. As a reminder, EU operators breach EU sanctions if they fail to undertake best efforts so that non-EU persons they own or control do not participate in activities that undermine restrictive measures.
  
  After a first read, the EU Commission's views are far-reaching and disappointing.
  
  
• As to far-reaching:
  • Being aware of activities of at least jointly controlled or at least 50% owned non-EU entities, even those in Russia, that engage in activities that are subject to EU sanctions, and not preventing those, may amount to a breach. In short, what the guidance implies is that even erecting firewalls, enacting recusal policies for non-EU subsidiaries and ensuring that such foreign subsidiaries are run stand-alone will not suffice. This is even stricter than under US Russia sanctions. And it applies to non-EU corporates (for e.g. producing or exporting goods or technology) and financial institutions (for e.g. providing financial assistance) alike.
  • Not being aware of a non-EU subsidiary's sanctioned activities can also lead to liability, as expected due diligence includes ensuring awareness.
  • The continued use of IP for sanctioned products that had been transferred to a non-EU subsidiary before EU sanctions entered into force will trigger liability if the EU operator has the possibility to block further use thereof and fails to act.
  • And even if there is inability to prevent activities of non-EU subsidiaries because of legal steps by the country of residence (such as Russia's counter-sanctions), this can lead to liability if the inability is the result of "inadequate risk assessment and management, coupled with risk-prone decisions of the EU entity".
    
    

• As to disappointing:
  • The notions of "best efforts" and "undermining" have been clarified by mere reference to recitals in the EU sanctions. Not much guidance on what best efforts entail and why the "best efforts to prevent undermining" EU sanctions seems to be interpreted as a failure to act offense.
  • Further guidance has been announced after the "Commission will engage with Member States". It has taken five months to come up with the first guidance, and companies are left in the dark as to the expectations by regulators on the scope of diligence obligations. Unclear concepts have been clarified by use of another unclear concept ("Acceptance" of activities of non-EU subsidiaries).
  • The latest guidance is also in contradiction to views of some Western EU member state authorities.
    
    
• Knowing that enforcers in CEE jurisdictions tend to see EU Commission guidance as binding interpretation of EU sanctions (which they are not), companies need to prepare for the reality that regulators expect companies to comply with the expectations set out in the guidance. As to next steps, our recommendation for each company is at least to do the following:
  • Stocktaking as to activities (including imports and exports) of non-EU subsidiaries and assessing them against applicable financial and economic sanctions.
  • Assessment of limits under local law. The EU Commission has mentioned explicitly that negative consequences under local law should be factored into an educated decision as to whether it is feasible to prevent sanctioned activities of the respective subsidiary.
  • Taking a decision how to deal with any eventual activities.
  • Establishing a system of continued awareness, training and action.