AML / CFT
Following the publication of the legislative texts underpinning the upcoming new EU AML / CFT framework in the Official Journal on 19 June 2024, transposition / effective dates are as set out in our latest insights here. Notably, while the AMLA Regulation will apply from 1 July 2025, certain provisions have applied since 26 June 2024 (i.e. those which allow for AMLA to be established and resourced prior to it becoming fully operational in mid-2025) so work will be getting underway over the coming weeks.
BANKING PACKAGE (CRR III / CRD VI)
The European Banking Authority's public consultation on draft regulatory technical standards (RTS) on the method for identifying the main risk driver and determining whether a transaction represents a long or a short position closes on 24 July 2024.
These RTS are part of the Phase 1 deliverables of the EBA roadmap on the implementation of the EU banking package in the area of market risk.
At the moment, the Capital Requirements Regulation (CRR) includes some derogations for the calculation of the capital requirements for market and counterparty credit risks. Those relate to small trading book business, the use of simplified methods for calculating the expected value of derivative transactions, and the use of the simplified standardised approach for market risk. Whether those derogations can be accessed depends on the size of the trading book business, the derivative business, or the business subject to market risk. CRR III is introducing additional specifications as to how the size of the business is to be calculated. For example, the size of the business shall be equal to the absolute value of the aggregated long position, added to the absolute value of the aggregated short position. A position can be considered as long or short depending on how movements in its main risk driver affect the market value.
CRR – CONNECTED CLIENTS
Delegated Regulation (EU) 2024/1728 with RTS on the identification of a group of connected clients under the CRR was published in the Official Journal on 18 June 2024 and comes into force on 8 July 2024.
The purpose of the definition of a group of connected clients (in Article 4(1)(39) of the CRR), is to identify two or more natural or legal persons so closely linked by idiosyncratic risk factors that it is prudent to treat them as a single risk. The RTS set out the circumstances in which interconnections between clients by means of a control relationship or economic dependency relationship (or both) lead to a single risk and consequently a requirement to group those clients.
CRR – INTERNAL MODEL APPROACH
Commission Delegated Regulation (EU) 2024/1085 was published in the Official Journal on 17 June 2024. It contains RTS under the CRR on the assessment methodology under which competent authorities verify an institution's compliance with the internal model approach (IMA) under Article 325az(8) of the CRR.
The RTS set out the elements that are to be assessed by a competent authority when granting approval to use an IMA to compute the own funds requirements for market risk.
The Delegated Regulation enters into force on 7 July 2024, with the exception of Article 18(1)(a) (as regards the environmental risk), Article 18(1)(c)(vii) and Article 18(2)(b)(v), which will apply from 1 January 2025, and Article 21(1)(b), which will apply from 1 January 2026.
DEPOSIT GUARANTEE SCHEMES (DGS) DIRECTIVE
The EBA's revised Guidelines on calculating contributions to DGS under the DGS Directive (Directive 2014/49/EU) apply from 3 July 2024.
Under Article 10 of the DGS Directive, EU Member States must ensure that by 3 July 2024, the available financial means of a DGS reaches a minimum target level of 0.8% of the covered deposits of its members. Recent data published by the EBA here indicated that by 31 December 2023, 21 of the 36 EEA DGSs had already reached the minimum target level ahead of the deadline, with a further 6 DGSs within 0.05 percentage points of reaching that level.
DERIVATIVES, TREASURY AND MARKET INFRASTRUCTURE
The European Commission's consultation on a delegated regulation setting out identifying reference data to be used with regard to over-the-counter (OTC) interest rate swaps and OTC credit default swaps for the purposes of the transparency requirements laid down in Article 8a(2), and Articles 10 and 21 of the Markets in Financial Instruments Regulation (MIFIR) closes for responses on 10 July 2024. Once finalised, it will apply from 1 September 2025.
OPERATIONAL RESILIENCE / DORA
The voluntary dry run exercise set-up by the European Supervisory Authorities (ESAs) on the reporting of registers of information in the context of the Digital Operational Resilience Act (DORA) runs from 1 July 2024 to 30 August 2024.
Under DORA, financial entities must maintain and update their registers of information in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers.
Those participating in the voluntary dry-run exercise are expected to submit their registers of information to the ESAs through their competent authorities during July and August.
The ESAs published templates, technical documents and tools for the dry run exercise on the reporting of registers of information – these are available on the dry run exercise webpage. Financial entities can use these materials and tools to prepare and report their registers of information of contractual arrangements on the use of ICT third-party service providers in the context of the dry run exercise, and to understand supervisory expectations for the reporting of such registers from 2025 onwards.
DORA will apply in full from 1 January 2025. Final reports on the second batch of joint policy mandates from the ESAs under DORA are expected mid-July 2024. These comprise:
- draft RTS and draft implementing technical standards (ITS) on major incident reporting,
- draft RTS on subcontracting ICT services supporting critical or important functions,
- draft RTS on the harmonisation of conditions enabling the conduct of the oversight activities,
- draft RTS specifying elements related to threat led penetration tests,
- draft Guidelines on the oversight cooperation and information exchange between the ESAs and the competent authorities, and
- draft Guidelines on estimation of aggregated annual costs and losses caused by major ICT-related incidents.
The ESAs also consulted on RTS on the harmonisation of conditions enabling the conduct of the oversight activities under DORA (with that consultation ending on 18 May 2024). The ESAs plan to submit those RTS to the European Commission for adoption by 17 July 2024. Under Article 40 of DORA, the lead overseer for each critical ICT third-party service provider will be assisted by a joint examination team (JET) composed of staff members from the ESAs and relevant national competent authorities (NCAs). Under Article 41(1)(c), the ESAs are mandated to produce RTS specifying the criteria for determining the composition of the JET as well as the designation, tasks and working arrangements for JET members. The proposed RTS contain provisions relating to, among other matters, the tasks of the members of the JET; the establishment of the JET; working arrangements of JET members; and arrangements between the lead overseer and the nominating authorities.
OUTSOURCING
The public consultation launched by the ECB on its new Guide on outsourcing cloud services to cloud service providers closes on 15 July 2024. The Guide aims to clarify both the ECB's understanding of related legal requirements and its expectations for the banks it supervises. In the consultation, the ECB reiterated that it considers it good practice for banks to explicitly take risks regarding IT security, possible business disruptions, and concentration risk into consideration. It also identified various vulnerabilities in banks' IT outsourcing arrangements during its 2023 Supervisory Review and Evaluation Process. As a result, third-party risk management, including cloud outsourcing, remains high on the list of the ECB's Supervisory priorities for 2024-2026.
SECURITISATION – ESG DISCLOSURES
The RTS setting out ESG disclosures for STS securitisations (both non-ABCP traditional and on-balance sheet) where the underlying exposures are residential loans, auto loans and leases were published in the Official Journal on 18 June 2024 as Commission Delegated Regulation (EU) 2024/1700 and will apply from 8 July 2024.
The RTS give originators the option to disclose the principal adverse impacts (PAI) of underlying assets in certain STS securitisations using SFDR-based reporting (with some PAI indicators (those relating to motor vehicles) drawn from the Climate Delegated Act under the EU Taxonomy Regulation as there is no equivalent in the SFDR). Originators can still decide to continue to comply with the original disclosure requirements from the EU Securitisation Regulation (on environmental performance) instead, rather than opting for PAI disclosure.
For more information, read our insights here: ESG disclosures for STS securitisations of residential loans, auto loans and leases.
SETTLEMENT CYCLE
ESMA has organised a public hearing on the shortening of the settlement cycle on 10 July 2024, at which it will share its preliminary thoughts and get further input on its ongoing assessment on shorter securities settlement cycles in the EU (following the publication in March 2024 of the Feedback Statement on its Call for Evidence on shortening the settlement cycle). For more information, see here:
ESMA: Public hearing on shortening the settlement cycle
Arthur Cox: US moves to T+1 settlement cycle; ESMA recommendation expected in Q3
This article contains a general summary of developments and is not a complete or definitive statement of the law. Specific legal advice should be obtained where appropriate.