Response to consultation on draft Joint ESMA and EBA Guidelines on the assessment of the suitability of members of the management body and key function holders
Question 1: Are subject matter, scope of application, definitions and date of application appropriate and sufficiently clear?
P. 10, Paragraph 4 and Paragraph 31, Paragraph 13
The GL and AR are to be interpreted in accordance with national law – why remove this?
Reasoning: The terms “management body in its management function” and “management body in its supervisory function” as of now are defined in accordance with “Directive 2013/36/EU and its implementation in national law”.
In our view, this proposed deletion rather introduces uncertainty to the defined terms then benefit the GL, as the referred definitions of those terms have already long been implemented in national law.
Consequently, we suggest to rethink removing the wording “in accordance with national law” as it also contradicts the already existing and unchanged intended interpretation of the terms, which are explicitly intended to be in line with national (company) law (para 4).
P. 12, Paragraph 13
Cooling-off – while in general supported, must be based on a legal 1 text and must not contradict national company law (e.g. Banking Code Austria)
Reasoning: para 13 in the proposed GL stipulates that a cooling-off period is required, unless it is not possible to enforce one. There are already national regulations in place – certainly not only in Austrian law. Since EBA and the CAs applying the GL must comply with national law, and not the other way around, we see neither the need nor the scope for imposing a specific timeframe for a cooling-off period.
P. 21, Paragraph 56
Providing the application to the CA at latest 30 working days before the prospective member takes up their position is not always possible or reasonable in practice
Reasoning: Providing a suitability application to the CA without undue delay but at latest 30 working days before the prospective member takes up their position might in some cases be unjustifiably strict and cannot be met in cases where there are several prospective candidates, in particular regarding the chair of the management body in its supervisory function. It is necessary to await the election at the Annual General Meeting; it would be unreasonably burdensome to be required to give 30 days’ notice in advance for each and every candidate. Given its inflexibility and the absence of provisions for exceptions, although in line with CRD VI, EBA must be aware that this might not be practical in all cases.
Suggested change:
Where the competent authority carries out suitability assessments after the member takes up their position (ex post), in line with Article 91 (1d) of this Directive, large entities in line with Articles 91 (1d) and 91a (5) of the Directive 2013/36/EU should provide a suitability application to the competent authority without undue delay but at the latest 30 working days before the prospective member takes up their position unless such requirement proves impracticable in duly justified circumstances, in particular where multiple candidates are subject to election processes, including for the position of chair of the management body in its supervisory function; in such cases, the application shall be submitted without undue delay following the election or nomination decision.
P. 33, definitions:
‘significant’ entities should not be used; ‘systemically important’ is preferable
Reasoning: The strict and consistent distinction between the terms “significant” and “systemically important” is indispensable in the context of financial regulations. Other Systemically Important Institutions (O-SIIs) and Globally Systemically Important Institutions (G-SIIs) should be distinguished from Significant Institutions (SIs) for the sake of clarity.
While SIs categorizes institutions, which are supervised by the ECB, the categories O-SIIs and G-SIIs have been established to differentiate between institutions, which are globally or nationally systemically important to the economy. O-SIIs and G-SIIs are necessary in order to be able to clearly see whose failure might trigger a financial crisis and are categorized by degree of influence they hold in global and/or domestic financial markets, they are categorized by very different criteria than SIs. The terms “significant” and “systemically important” therefore describe different concepts and areas of application.
By establishing a new category and definition regarding significance – namely significant entities – EBA is blurring the lines between the terms “significant” and “systemically important” institutions.
We therefore strongly urge EBA to change to the already established definitions and not to create further implementation difficulties.
Suggested change:
(remove: Significant) systemically important entities
Means institutions referred to in Article 131 of Directive
2013/36/EU (global systemically important institutions
(G-SIIs), and other systemically important institutions (OSIIs), and, as appropriate, other CRD institutions
determined by the competent authority or national law,
based on an assessment of the institutions’ size and
internal organisation, and the nature, scope and
complexity of their activities, and in accordance with
Article 3(3) of this Directive financial holding companies
and mixed financial holding companies that have been
granted approval in accordance with Article 21a of this
Directive and meet one of the aforementioned conditions.
P. 36, Paragraph 20
Application not later than 31.12.2026 without respecting national transposition and the Guideline procedure
Reasoning: Art 16 para 3 of Regulation 1093/2010 states clearly that within two months of the publication of a GL, each CA shall confirm whether it complies with, or intends to comply with, that GL. If a CA does not comply with, or does not intend to comply with GLs, it shall inform EBA of this, stating the reasons. This requirement therefore contradicts EBA’s approach of setting a specific deadline, as this is not in line with the law. We therefore object this decision to impose a firm timeline and refer to the existing provisions on national implementation, which have always proven to be fully effective.
Furthermore, there are MS which have not yet transposed the CRD VI – therefore the GL would be applied without a level 1 legal basis.
Suggested change:
Date of application
20. These Guidelines apply 6 months after the publication of all translations of the GL, (remove: but not later than 31.12.2026)
Question 2: Are the changes made in Title II appropriate and sufficiently clear?
P.42, para 34
The Guidelines must clearly state that mapping of duties is required for members of the “management body in its management function” and not for “management body in its supervisory function”
Reasoning: Reflecting the collective responsibility of the supervisory body in a two-tier-system, both Recital 54 and Article 88(3) of CRD VI explicitly stipulate that mapping of duties applies solely to members of the management body in its management function.
Therefore, in order to avoid any possibility of confusion and prevent any risk of legal uncertainty within the supervision of dualistic governance models, it is crucial for EBA to align the Guidelines with the level 1 requirements by stating clearly that mapping of duties is required for members of the “management body in its management function” and not for “management body in its supervisory function”.
Suggested change:
34. Institutions Entities should use the individual statements, established under Article 88(3) of Directive 2013/36/EU and the EBA Guidelines on internal governance, setting out the roles and duties of the members of the management body in its management function for assessment and re-assessment of the collective suitability of the management body in its management function. To assess the collective suitability, entities should assess the mapping of duties of the members of the management body in its management function and ensure that all the relevant duties within the entity are covered.
Do you have any views on the provisions regarding these independence criteria? Please explain any aspects that may influence the effectiveness, clarity, or implementation of these independence criteria across different business models/types of institutions.
Paragraph 86:
Relying solely on the mere presence of increased ML/TF risk cannot, per se, call into question the good repute of the member of the management body and key function holder. Rather, the focus should be on whether there were concrete suspicion cases of money laundering or terrorist financing that led to corresponding investigations and sanctions by state authorities. It is also important to consider the role played by the person being evaluated in this context. In particular, it is viewed critically that previous activities in certain sectors with elevated money laundering risks, as well as certain business relations, alone should lead to the conclusion of a lack of good repute. This can also create tensions with national regulations, such as the presumption of innocence. Especially the inclusion of close family members is very far-reaching and, from our perspective, excessive for assessing the reputation of the person being evaluated. Furthermore, no detailed explanations are provided regarding the definition of close family members. Likewise, there is no clarification concerning the relevant time period for past business relations. In our view, business relations from the distant past do not constitute meaningful grounds for doubts about repute.
The points outlined above also apply analogously to the statements in paragraphs 233 and following.
Question 5: Are the changes made in Title IV appropriate and sufficiently clear?
P. 68, Paragraph 123
Nomination Committee gender balance should not be stipulated in the GL
In eventu: need for a Grandfathering clause
Reasoning: We do not see the required legal basis in the CRD for EBA to establish such an obligation. While we do not have an issue with gender-balancing the nomination committee, we cannot support the sudden focus on highlighting a new, legally baseless requirement.
Generally, the appropriate place for such a requirement would be the EBA GL on Internal Governance, specifically section 5.2 “Composition of Committees”.
It should also be highlighted that even Article 91para 8 CRD VI does not require a mandatory gender balance, therefore implying a total lack of a legal basis to establish an obligation in this regard.
If EBA stands by this requirement, then ”gender-balanced” shall refer to the fixed quota for the under-represented gender in the supervisory body, not 50%.
Furthermore, a grandfathering clause is needed for this provision in eventu as forced dismissals would be unjustified and uneconomical. As we do not wish to attribute this intention to EBA the introduction of a grandfathering clause is indispensable.
Suggested change:
123. […] (remove: Where the entity established a nomination committee their composition should, where possible, be gender balanced.)
Question 7: Are the changes made in Title VI appropriate and sufficiently clear?
Overall responsibility for the management body as a whole must be possible
P. 77, Paragraph 167
Reasoning: According to the Guidelines, "entities should also ensure that all material individual roles and duties of the management body are allocated to a member of the management body."
We understand this requirement to mean that no material role or duty should remain unallocated within the management body. However, certain responsibilities—such as Internal Audit or Compliance—are, by their nature, assigned to the management body collectively rather than to an individual member.
To avoid ambiguity, we suggest clarifying the wording to explicitly allow for such cases, for example by adding: “or to the management body as a whole.”
Suggested change:
167. When assessing the collective suitability of the management body, entities should assess the composition of the management body in its management and supervisory functions separately. The assessment of collective suitability should provide a comparison between the actual composition of the management body and the management body’s actual adequate collective knowledge, skills and experience, and the required collective suitability pursuant to Article 91(2b) of Directive 2013/36/EU . Entities should also ensure that all material individual roles and duties of the management body are allocated to a member of the management body or to the management body as a whole.
P. 81, Paragraph 182 ff
Reevaluating KFH was not necessary until now, and the overwhelming burden outweighs the benefits and limitation to specific instances
Reasoning: This requirement in CRD VI must be limited to a reasonable frequency and to ICF roles. We therefore call on EBA to provide clarification on this matter, specifically to state:
- Periodic re-evaluations impose high administrative burden and resource costs on institutions without evidence of added value for stable KFH roles;
- Provided that KFH regularly attend relevant professional development courses or seminars, or take part in ongoing training, reevaluation of KFH may be limited to specific cases (significant changes or events that necessitate a reassessment in any case). Furthermore, the ‘internal suitability guidelines’ element is missing from CRD VI (Art 91a para 2) is missing and should be incorporated.
Suggested change:
182. The responsible function within an entity should carry out the suitability assessment (remove: of key function holders Internal Control Functions) before their appointment and periodically, in line with Article 91a paragraph (2) CRD, and should report the assessment results to the appointing function and the management body. Periodic in this regard should be “risk-based” and subject to the principle of proportionality rather than calendar-based, however, entities might decide to choose a frequency based on the specifics of the entity (e.g. every 3 years).
Where key function holders regularly participate in relevant professional development, training programmes or seminars, internal reassessments of their professional competence may be limited to Internal Control Functions and specific instances, where significant changes or events occur that necessitate reassessment. In this context, institutions shall ensure that internal suitability guidelines are established, maintained and applied, clearly defining the circumstances triggering such reassessments.
Question 8: Are the changes made in Title VII appropriate and sufficiently clear?
Any additional disclosure should be in line with Art 87a CRD and Art 435 para 2 CRR
P. 84, Paragraph 199
Reasoning: Everything requested in paragraph 199 should be allowed to be disclosed in line with the well established disclosure formats set out in Article 87a of Directive 2013/36/EU (CRD) and Article 435(2) of Regulation (EU) No 575/2013 (CRR).
For example, by adding a footnote:
“This may be disclosed in accordance with the disclosures under Article 87a CRD and Article 435(2) CRR: ‘
Suggested change:
Footnote added to para 199: “This may be disclosed in accordance with the disclosures under Article 87a of Directive 2013/36/EU and Article 435(2) of Regulation (EU) No 575/2013.”
Question 9: Are the changes made in Title VIII appropriate and sufficiently clear?
Section 23 / Paragraph 205
According to our understanding the appropriate and current applicable process in a fit and proper procedure is that the initial information is provided by the institutions together with the notification. In case that this information is deemed by the competent authority as insufficient, the institutions are requested first to submit the missing information. The proposed text of par. 205 doesn´t seem to take this intermediary but important step into consideration since it states that in case that the institution fails to provide sufficient information (without specifying whether after the notification or after an information request by the competent authority) the competent authority can decide that the assessed person is not appointed or the decision is negative. We strongly recommend specifying that a negative decision can be taken only after the respective notification was submitted and in case of missing information the respective institution repeatedly did not provide the requested information.
Title VIII Section 23 para. 208: “Extensions of the assessment period of four month in the case of large entities should only be made under exceptional circumstances.”
Since an ex-ante notification requirement for large entities is now introduced, specifying in par. 202 that the suitability application has to be submitted to the competent authorities 30 working days before taking up the respective position we are against any extension of the assessment period for competent authorities, even if this is only in exceptional circumstances.
Section 23 / Paragraph 202:
Objections to the Requirement of an Ex-Ante Suitability Notification No Later Than 30 Business Days Prior to Taking Office for Members of the Management Body
Background
- The Draft Guidelines require "Large Entities" in ex-post jurisdictions to submit a suitability notification (ex-ante suitability application) for new members of the management body in its management function, or for the chair of the management body in its supervisory function, to the competent authority no later than 30 business days before taking office.
- This requirement is legally incompatible with Austrian corporate and supervisory law (Austrian Banking Act, ‘BWG’) due to the following reasons:
Unpredictability of the General Meeting's Voting Outcome
Legal framework: The chair of the supervisory board of credit institutions is elected by the general meeting. The outcome of the general meeting — particularly where multiple candidates are standing or several alternative candidates have been nominated — cannot be predicted with certainty until the moment the vote is cast.
A 30-business-day deadline presupposes that the institution knows, with sufficient certainty before the actual election, which person will be elected. This is actually impossible because:
- Shareholders may change their voting intention up to the last moment;
- Counter-candidacies may be put forward at short notice;
- Unexpected interim resignations, removals, or resolutions not to re-elect are possible;
- A nomination by the nomination committee is not binding on the general meeting.
A notification submitted 30 business days before the general meeting would therefore be based on a hypothetical election outcome that has no legal certainty. If the general meeting produces a different result than expected, the notification would be without object and would have to be repeated for the actually elected candidate — with the practical consequence that a valid assumption of office would be impossible.
Immediate Assumption of Office Following Election under Corporate Law
Legal framework: Under Austrian corporate law, a supervisory board member is appointed upon the resolution of the general meeting. The appointment takes effect immediately upon acceptance by the elected member. There is no statutory suspensive condition linking the assumption of office to prior regulatory approval.
The suitability assessment by the supervisory authorities takes place after the assumption of office. This system has been deliberately designed to ensure the functional capacity of the supervisory board under corporate law. The introduction of a de facto prior approval requirement through a 30-day deadline would:
- introduce de facto an ex-ante suitability assessment that the Austrian legislation has deliberately not provided for;
- overlay the immediately effective legal consequences of the election under corporate law with a supervisory condition, without a sufficient statutory basis in Austrian law for doing so;
- conflict with the Directive itself, since Art. 91(1d) CRD VI leaves Member States discretion in designing the ex-post system.
Incompatibility with the Austrian Banking Act (BWG) Provisions on Notification upon Appointment of the Chair of the Supervisory Board (§ 73(1)(3) BWG)
Credit institutions are required to notify the ECB or FMA without delay following the appointment. A mandatory prior notification before assumption of office is not provided for in the BWG for supervisory board members — including the chair — and would constitute a requirement going beyond the BWG that would require a statutory basis.
The Draft Guidelines would go beyond the national transposition of CRD VI and effectively create a new legal obligation that:
- is not covered by the Austrian Banking Act (BWG);
- is not mandatorily required by Art. 91(1d) CRD VI, as that provision leaves Member States discretion in designing the ex-post regime;
- violates the hierarchy of norms, since guidelines cannot create obligations that go beyond primary EU law and national law.
The Fit-and-Proper Assessment Is Not a Condition for the Validity of Assumption of Office
Under Austrian law, the suitability assessment by the supervisory authority is not a constitutive element for the validity of the appointment of a supervisory board chair. The appointment under corporate law is effective; the supervisory authority may take subsequent measures if the suitability requirements are not met.
The introduction of a 30-day prior notification period would — even if not formally structured as a prior approval requirement — have the practical effect of a suspensive condition, because:
- institutions would de facto be unable to allow a person to take office before the authority has had the opportunity to raise concerns or express its view;
- the Enhanced Dialogue Procedure (Section 24 of the Guidelines) is designed to be concluded prior to assumption of office;
- an institution that fails to meet the deadline would be exposed to supervisory risks, without Austrian law providing a clear legal consequence for such a failure.
This constitutes a covert transformation of the Austrian ex-post system into an ex-ante system, which is covered neither by CRD VI nor by the Austrian Banking Act (BWG).
Disproportionality and Breach of the Principle of Proportionality
Legal framework: Art. 5 TEU and Title I of the Draft Guidelines themselves require the application of the principle of proportionality. Section 21 of the Guidelines emphasises that governance requirements must correspond to the individual risk profile and business model of the entity.
The blanket 30-day deadline is disproportionate because it:
- makes no distinction between the appointment of management board members (management function, where prior notification is practicable) and supervisory board members (supervisory function, where the general meeting election process structurally precludes prior notification);
- fails to take into account that in ex-post jurisdictions with functioning post-hoc review procedures, the regulatory objective — preventing unsuitable persons from serving on the management body — can be achieved without a rigid prior notification deadline.
Contradiction with the Express Provision of Art. 91(14) CRD VI
Legal framework: Art. 91(14) CRD VI expressly recognises that there are constellations in which the management body has no competence in the appointment process (e.g. where the general meeting elects without being bound by nomination proposals). For such cases, the Directive provides for safeguard measures in lieu of prior notification.
The Draft Guidelines correctly address this in Section 9.4 (paragraphs 103 et seq.), but do not apply it consistently to the general 30-day rule. It would be systemically coherent to extend the exception under Art. 91(14) CRD VI to cases where the election is conducted by a general meeting whose outcome is not determined prior to the vote. In such cases — by analogy with Section 9.4 — subsequent safeguard measures (rapid suitability assessment after assumption of office, training measures, monitoring) should be recognised as an equivalent substitute.
Summary
The requirement to submit a suitability notification no later than 30 business days before assumption of office must be rejected for supervisory board members of Austrian credit institutions appointed by resolution of the general meeting, for the following reasons: the election outcome is not predictable; assumption of office takes effect immediately under corporate law; the fit-and-proper assessment is not a validity requirement under Austrian law; the Austrian Banking Act (BWG) does not provide for any prior notification obligation; the requirement is disproportionate; and there is a risk of creating a precedent for all supervisory board members in the future. It is requested that the Guidelines be amended accordingly and that, for members of governing bodies appointed by general meetings, the established and practically workable ex-post notification regime be retained.