Response to consultation on draft Joint ESMA and EBA Guidelines on the assessment of the suitability of members of the management body and key function holders
Question 1: Are subject matter, scope of application, definitions and date of application appropriate and sufficiently clear?
- For general comments, see the attached file.
For specific comments:
Draft Joint ESMA and EBA Guidelines - Executive summary
We would like to keep the following sentence that has been deleted since it is key to keep the principle of prevalence of national laws on the EBA Guidelines: “The terms ‘management body in its management function’ and ‘management body in its supervisory function’ should be interpreted throughout the Guidelines in accordance with the applicable law within each Member State”.
The executive summary and following points of the draft revised guidelines (ie § 64) suggest that competent authorities may unilaterally assess “other KFH on request”, than the heads of the internal control functions and the CFO; these provisions are without any legal basis in CRD VI (see article 91bis, par. 5, CRD VI) and so they should be deleted.
Background and rationale
Paragraph 13: this paragraph refers to the “cooling-off (period” that the draft revised Guidelines on internal governance recommend applying when a former CEO or an executive director becomes chair or a member of the management body in its supervisory function (paragraph 107(b) of the draft revised Guidelines on internal governance) and to the mitigating measures to be taken in the absence thereof.
As we indicated in our response to the consultation on the draft revised Guidelines on internal governance, we consider that by providing a “cooling-off period” to (i) all members of the management body in its supervisory function (including the chair) and to (ii) all members of the management body (in its executive function), the EBA goes far beyond the requirements of the CRD and the existing national legal frameworks based on it.
Furthermore, company law already provides mechanisms to address conflicts of interest (for example, the obligation to recuse oneself or the possibility of excluding certain individuals from discussions).
It was highlighted that such a situation may indeed be relevant for the purposes of the formal independence requirement applicable only to some directors, but not for the independence of mind requirement applicable to all directors.
In fact, having previously held an executive position does not, per se, create a “divergence” of interests from that of the company; rather, such interests are fully aligned.
Conversely, the relationships maintained with the bank by virtue of the executive office could lead to the conclusion that an executive Director could not be deemed to meet formal independence requirements.
In place of the proposal included in the consultation document, it is therefore requested that it be clarified that an executive director, a senior manager of the bank, or a member of an executive committee, who at the end of their mandate takes up the position of Chair of the management body in its supervisory functions or of non‑executive director, may not be qualified as an “independent director” unless at least the period provided for under national legislation on independence requirements for fit & proper assessments of directors has elapsed.
General safeguards for the management of specific conflicts of interest would in any case remain applicable, pursuant to the ordinary rules on disclosure and abstention, which are already extensively governed by national corporate law.
By introducing a three-year “cooling-off period”, the EBA would exceed the mandate conferred on it by Article 74(3) of the CRD, read in conjunction with Article 16(1) of the EBA Regulation, which allows it to fill gaps in the requirements set out in the CRD, but not to establish rules that go beyond it.
In this respect, it is requested that the text of the Guidelines be amended as set out below.
Delete the entire Par. 13: Because independence of members of the management body in its supervisory function is crucial and as appointing a former CEO or, where applicable, another executive director or former executive director as a Chair or as member of the management body in its supervisory function can lead to conflicts of interest, it is appropriate to apply a cooling-off period to manage such conflicts. The new Chair may face challenges overseeing decisions made during their previous CEO role. Where a cooling-off period is not always possible to implement, entities should take other steps to manage such situations effectively as further specified in the EBA Guidelines on internal governance.
Paragraph 27 (Background and rationale): the last sentence states that members of the management body and the key function holders should have knowledge regarding climate risks. The requirement referred to the key function holders is not provided in the CRD that only refers to management body (article 91, par. 2ter). Moreover, for the management body this requirement should not apply individually to each member but to the management body as a whole.
Paragraph 64 (Background and rationale): the executive summary and § 64 suggest that competent authorities may unilaterally assess “other KFH on request” than the heads of the internal control functions and the CFO, without any legal basis in CRD VI (see article 91bis, par. 5, CRD VI); these provisions should be deleted.
Paragraph 65 (Background and rationale): under this paragraph, the RTS on the minimum information to be submitted to the supervisor in the context of an ex-ante assessment request would apply to the assessments of the suitability of all entities. We consider that the EBA cannot rely on the mandate concerning the file relating to ex-ante suitability applications, which was granted to it by Article 91(10) of CRD VI, to frame the content of all suitability applications of all entities.
Paragraphs 5-20 – Subject matter, Scope of application, Definitions, Date of application: we consider that certain aspects of the Draft Guidelines, particularly regarding their subject matter, scope and definitions, would benefit from further refinement to ensure alignment with the Level 1 framework, proportionality and consistency with national corporate law.
First, the Draft Guidelines contain multiple references to the revised EBA Guidelines on Internal Governance, whose final wording has not yet been adopted. From a legal certainty perspective, it is problematic to anchor supervisory expectations in instruments that remain under development. This creates uncertainty and may lead to sequencing inconsistencies.
Paragraph 10 (Scope of application): [NEW] "i. These Guidelines are also addressed to the central body as referred to in Article 10 of Regulation {EU) No 575/2013, or, where waivers referred to in Article 21 of Directive 2013/36/EU apply, to the whole as constituted by the central body together with its affiliated institutions."
The proposed clarification of the scope of application is necessary to ensure legal certainty, consistency with Union law and effective supervisory application of the Guidelines in article 10 CRR central body structures specifically recognised under EU banking legislation.
Article 10 of Regulation (EU) No 575/2013 establishes a specific prudential framework for central body arrangements, under which affiliated institutions are permanently linked to a central body that exercises binding powers in key areas of prudential regulation, incl. internal governance, risk management and control. Where no waiver under Article 21 of Directive 2013/36/EU applies, supervisory responsibilities and accountability for internal governance, including suitability-related matters, it is appropriate and legally accurate that these Guidelines are explicitly addressed also directly to the central body, in addition to the affiliated institutions.
At the same time, where waivers under Article 21 of Directive 2013/36/EU are granted, Union law explicitly recognises that the central body and its affiliated institutions operate, for prudential purposes, as a single economic whole. In those circumstances, internal governance requirements, including fit and proper arrangements, are designed, implemented and overseen at the level of the central body and affiliated institutions as a whole rather than at the level of individual affiliated institutions on a standalone basis. Explicitly addressing the Guidelines, in such cases, to the whole constituted by the central body together with its affiliated institutions reflects the legal effects of the Article 21 CRD waiver and avoids an artificial fragmentation of governance responsibilities.
This clarification also supports supervisory convergence. In the absence of an explicit reference to Article 10 CRR structures and the interaction with Article 21 CRD waivers, competent authorities may apply the Guidelines inconsistently, either by focusing solely on the central body or by duplicating requirements at the level of affiliated institutions despite the existence of a waiver. Such divergent practices would undermine the objective of the Guidelines to promote a harmonised approach to suitability assessments across the Union.
Finally, the proposed wording does not extend the material scope of the Guidelines or introduce additional obligations. It merely clarifies the appropriate addressee of existing requirements in light of governance structures expressly recognised by Union law. As such, it enhances legal clarity, proportionality and effective implementation while remaining fully aligned with the CRR/CRD framework and established supervisory practice.
Paragraph 15 and Definitions: it appears appropriate to clarify throughout the document that the management body may be a single-person (for example, a CEO and/or a General Manager) and not necessarily a collegial body.
In this respect, it is requested that the text of the Guidelines be amended as set out below.
Par. 15: In Member States, where the management body appoints a person or persons that effectively direct the business of the institutions, (those persons- deleted) they belong in accordance with Article 3(1)(8a) of Directive 2013/36/EU to the management function of the management body and are therefore be assessed for their suitability in line with Article 91 of this Directive.
Or:
Definitions: Chief executive officer (CEO) means the person who is responsible for managing and steering the overall business activities of an entity and is part of the management body in its management function or may coincide with it.
Paragraph 19 - Definitions: the definition of “significant influence over the direction of the entity” goes beyond the requirements and lacks a legal basis. Institutions are already facing an excessive burden involving Key Function Holders in the FAP Assessment. This should not be extended to include individuals below senior management level.
The definition of “Large entities” precising “means institutions defined in Article 4(1), point (3) of Regulation (EU) N° 575/2013” needs to be reviewed or clarified. When checking this reference, Article 4(1), point (3) seems to refer to the following definition: “institution means a credit institution or an investment firm”. There is no link to the notion of large entities. The definition of “Large entities” should be adjusted to refer to Article 4(1), point (146) of Regulation (EU) N° 575/2013.
Paragraph 20 - Date of application - The Guidelines under consultation will apply six months after the publication of the translations and, in any event, no later than 31 December 2026.
Considering that the consultation will close at the end of May 2026, the deadline appears rather challenging, given that, after the publication of the translations, it will still be necessary to take into account the “comply or explain” process to be carried out by the Supervisory Authorities of the various Member States and thereafter the potential amendments to national secondary legislation.
It is therefore proposed to postpone the application of the Guidelines, in order to provide supervised entities with sufficient time to implement the necessary implementing measures.
Moreover, the date of application of the final Guidelines be calibrated to the transposition timelines of CRD VI at national level. In Member States where the Directive has not yet been transposed at the time the Guidelines enter into force, the immediate application of supervisory expectations that are closely linked to CRD VI amendments may create inconsistencies with binding national legislation still in force.
So, to avoid legal uncertainty the date of application should be postponed to December 2027. Such an approach would ensure coherence within the legal hierarchy and facilitate orderly implementation by institutions and competent authorities alike.
Please find below the proposed amendments.
20. These Guidelines apply 6 months after the publication of all translations of the GL, but not later than 31.12. (2026 deleted) 2027.
Title I - Application of the proportionality principle - We support the proportionality principle in the draft Guidelines and acknowledges its importance in ensuring that governance requirements are applied in a manner appropriate to the size, nature and complexity of institutions.
However, we would like to highlight that, in practice, the increasing level of detail and formalisation required across the Guidelines may limit the effective application of proportionality, particularly for smaller institutions and subsidiaries within a banking group.
In particular, smaller entities, including certain subsidiaries within a group, often rely to a significant extent on group-level governance frameworks, policies and processes, and operate with limited resources and simplified organisational structures.
In this context, applying the same level of expectations in terms of documentation, formalised processes, and governance arrangements as for larger or more complex institutions may not be proportionate. Proportionality should therefore result in simpler and less burdensome suitability processes, rather than requiring the same level of formality and documentation in all cases.
So, the principle of proportionality should allow a simplified implementation of suitability processes for smaller entities and on group-level (this could include flexibility in the composition of the management body, taking into account the size and complexity of the entity; limiting the need for additional local documentation where equivalent governance arrangement are already in place at group level).
Question 2: Are the changes made in Title II appropriate and sufficiently clear?
Paragraph 28 - The reference to the mapping of duties in Art. 88(3) CRD should be deleted, or at the very least it should be made clear that this does not apply to members of the management body in its supervisory function. Article 88(3) CRD does not refer to the members of the management body in its supervisory function.
Paragraph 29 - This paragraph specifies that institutions are required to use individual statements in the assessment of the suitability of members of the management body in its management function, whereas the CRD VI Directive does not provide for the use of this tool for that purpose, as it is primarily intended for competent authorities when assessing governance arrangements (Recital 54 of the CRD VI Directive). Furthermore, this paragraph appears to require that the statement of responsibilities be established prior to taking up office, although such a requirement is not provided for by the CRD VI Directive.
Consequently, we request that all references to the aforementioned documents be deleted.
The content of this document (together with “the mapping of duties”) was object of attention during last year’s consultation on the EBA Guidelines on internal governance. At that time, we called for significant changes to the proposed regulation, simplifying the obligations imposed on banks. So, it is therefore necessary, also for the purposes of this consultation, to take into account the comments already submitted during the previous consultation and, in particular, the request to eliminate the obligation to prepare a “mapping of duties” document for the body in its supervisory function, given that the roles and responsibilities of the governing bodies are already extensively described in other internal regulatory documents.
The proposed revisions to the text are set forth below.
Delete the entire par.29: "Entities should use the individual statements, established under Article 88(3) of Directive 2013/36/EU and the EBA Guidelines on internal governance, setting out the roles and duties of the members of the management body in its management function for assessment and re assessment of the individual suitability of the respective members."
In any case, without prejudice to the foregoing considerations, if the paragraph 29 is not deleted, it should be opportune add that the institutions have discretion in the implementation. The way entities consider the individual statements should be in relation to how the implementation of individual statements has been carried out within the institution.
See also the proposed consequent revisions to the paragraphs 34/173 and 174.
Paragraph 31 – Additional duties: The Draft Guidelines propose that the time commitment of members of the management body should be reassessed not only when they take on additional directorships or activities, but also when they assume “additional duties”.
This new reference to “additional duties” should be deleted, as it cannot extend to any additional duty assumed in the context of an existing executive role. Executive roles, by their very nature, are dynamic and evolving. The scope of responsibilities of executive directors, or the responsibilities associated to other executive roles undertaken by non-executive directors, may change frequently in response to business needs, organisational adjustments or regulatory developments. Introducing an obligation to reassess time commitment every time an executive assumes undefined “additional duties” would create significant operational burden. It would be extremely difficult to determine which additional duty should trigger a formal reassessment and which should not.
Moreover, such a broad and open-ended requirement risks leading to excessive formalism and continuous reassessment exercises, without necessarily improving the substantive assessment of time commitment. The current framework, which already requires reassessment when additional directorships or relevant external activities are assumed, provides a sufficiently objective and measurable trigger.
For these reasons, the reference to “additional duties” should be removed in the interest of legal certainty, proportionality and effective governance.
Paragraphs 34/173 and 174 – Mapping of duties and individual statements: see comments to Paragraph 29.
The proposed revisions to the text are set forth below.
Delete the entire par. 34: "Entities should use the individual statements, established under Article 88(3) of Directive 2013/36/EU and the EBA Guidelines on internal governance, setting out the roles and duties of the members of the management body in its management function for assessment and re-assessment of the collective suitability of the management body in its management function. To assess the collective suitability, entities should assess the mapping of duties of the members of the management body and ensure that all the relevant duties within the entity are covered".
173. When re-assessing the individual or collective performance of the members of the management body, the members of the management body in its supervisory function or, where established, the nomination committee, should consider in particular:
[…] (delete the letter c): "c) the performance of the roles and duties set out in the individual statements by the members of the management body; "[…]
174. When a re-assessment is triggered, due consideration should be given to:
a. the assigned duties and reporting lines within the institution, (delete "taking into account the individual statements and mapping of roles and duties under Article 88 of Directive 2013/36/EU,") including where applicable within the group, in order to establish whether any material fact or finding should be allocated to one or more responsible members of the management body. In this context, assigned duties should be determined taking into account all relevant documentation, including but not limited to governance charters and codes, internal organigrams and other forms of designating areas of responsibility, internal policies, assessments of the suitability available and additional information provided in this context, letters of appointment or job descriptions, and minutes of meetings of the management body; […]
Paragraph 40 - See comments to Paragraphs 29.
Paragraph 42 - Assessment of the suitability of key function holders: it should be appropriate to provide for the possibility for less significant banks to apply the principles on assessment of the suitability of key function holders in accordance with the principle of proportionality, e.g. focusing on knowledge, skills and experience, while limiting the assessment of reputation, honesty and integrity to the moment of appointment, combined with an obligation for key function holders to disclose any subsequent relevant events.
Do you have any views on the provisions regarding these independence criteria? Please explain any aspects that may influence the effectiveness, clarity, or implementation of these independence criteria across different business models/types of institutions.
We fully support the objective of ensuring that members of the management body, including independent non-executive directors, contribute effectively to sound governance, constructive challenge and robust oversight. However, we consider that certain elements of the independence framework set out in the Draft Guidelines warrant further reflection to ensure proportionality, legal coherence and practical workability across different governance models and business structures.
Second, with respect to “independence of mind”, we agree that the ability to form and express independent views is a core attribute of any non-executive director. However, the practical assessment of this attribute is inherently behavioural and context-specific. While past conduct and experience may provide useful indicators, the effective exercise of independence of mind can ultimately only be observed in practice within the dynamics of management body deliberations. Imposing detailed ex ante documentation or predictive assessments of behavioural independence risks turning a qualitative and experiential characteristic into a formal compliance exercise. The Guidelines should therefore acknowledge the inherent limits of ex ante evaluation and avoid placing unrealistic burdens on institutions in this respect.
Third, the provisions relating to AML-related independence considerations appear excessively granular (paragraph 86). The identification of certain sectors (such as energy or cash-generating activities) or geographical connections as risk factors may inadvertently create broad presumptions of concern that could encompass a wide range of legitimate business activities. While it is appropriate to ensure that there are no reasonable grounds to suspect ML/TF risks, the primary responsibility for assessing such risks lies with competent public authorities, including AMLA and national AML supervisors. The suitability framework should not implicitly transfer or duplicate that supervisory function at the level of individual board assessments, nor should it introduce sectoral biases that could unduly stigmatize otherwise legitimate professional backgrounds.
Finally, we have concerns regarding the proposed cooling-off expectations applicable to former executive directors. While we fully share the overarching objective of CRD VI to ensure sound governance arrangements within institutions, including effective oversight, appropriate checks and balances and the capacity of the management body to exercise independent judgment, we observe that the Level 1 text (CRD VI) does not introduce a mandatory cooling-off requirement, nor does it establish temporal restrictions on the appointment of former executives to supervisory or chairmanship roles. Introducing such a rigid three-year expectation through Guidelines risks going beyond the requirements set by the legislator and effectively adding a substantive condition not contained in CRD VI. Furthermore, such a restriction may unnecessarily limit the flexibility of institutions to design strategic succession plans and effectively promote high-level internal talent.
CRD VI’s governance objectives can be effectively achieved through well-established governance mechanisms such as the presence of independent directors, the functioning of specialized board committees, robust internal policies and clear allocation of responsibilities, which ensure independent challenge without the need for formal temporal limitations. Where adequate internal safeguards and structural checks and balances are in place to ensure independent challenge and proper oversight, a rigid cooling-off approach is not necessary and may unduly restrict governance flexibility. The focus should therefore remain on the effectiveness of the governance framework, rather than on formal temporal limitations that are not explicitly provided for in CRD VI. Accordingly, we would propose that the cooling-off expectation be removed from the final texts since, had the EU legislators intended to include these requirements, they would have been included in the Level 1 texts.
Moreover, without prejudice to the foregoing considerations, and with reference also to less significant banks, it is essential to duly apply the principle of proportionality.
In this context, imposing a cooling-off period indiscriminately may lead to disproportionate and potentially counterproductive outcomes, especially for banks characterized by a more concentrated ownership structure. In particular, in privately owned banks where the chairperson also holds a shareholding, the alignment between ownership and governance functions is often intrinsic to the business model.
Considering the above, we would encourage EBA and ESMA to recalibrate the independence criteria to ensure that they remain principle-based, proportionate and adaptable to different business models and governance structures across the Union, while preserving the core objective of effective oversight and independent judgment.
Question 4: Are the changes made in Title III appropriate and sufficiently clear?
Paragraphs 50 – Monitoring of time commitment: the new requirement to not only monitor but also to record if members of the management body commit sufficient time to performing their duties by assessing preparation for meetings, attendance and active involvement has no legal basis in the CRD VI and should be deleted as it adds unnecessary bureaucratic requirements next to the already existing periodic assessment of suitability (e.g. paragraph n. 160) that also includes time-commitment elements such as amounts of other mandates.
Paragraphs 62 and 77 – Appropriate understanding of specific areas: the draft adds the requirement for all board members to have an appropriate understanding of all the areas listed in paragraph 77.
This addition should be removed. The current drafting already ensures that the management body collectively understands these areas. This requirement should not be imposed at an individual level for the same reasons explained in the comments to paragraph 69 below.
More broadly, the requirements in paragraph 77 should be removed or only applicable to executive directors. For non-executive directors, knowledge in specific areas should only be requested to the extent compatible with the diversity of profiles that truly enhances decision-making processes.
Paragraphs 68 and 69 – AML/CFT and Data Protection as specific knowledge areas: the draft adds AML/CFT and data protection to the list of required areas of theoretical knowledge and practical experience.
These additions should be deleted. Both AML/CFT and data protection are already embedded within the broader categories of “legal requirements and regulatory framework” and, where relevant, “risk management”.
Moreover, it should not be required that each individual member of the management possesses specialised theoretical or practical experience in specific regulatory sub-domains. Requiring explicit expertise in AML/CFT and data protection at the individual level risks transforming the suitability assessment into a checklist of specialised competencies, which is neither consistent with the collective responsibility of the board nor with the principle of proportionality. These areas are typically supported by dedicated control functions and subject-matter experts within the institution.
The current drafting already ensures that the management body collectively understands regulatory and risk frameworks, which adequately covers AML/CFT and data protection considerations. Therefore, the additional explicit references should be removed. So does the current version of the Guidelines on AML/CFT compliance officers, which sets out that the management body should collectively possess adequate knowledge, skills and experience to be able to understand the ML/FT risks related to the credit or financial institution’s activities and business model, including the knowledge of the national legal and regulatory framework relating to the prevention of ML/TF (paragraph 11).
More broadly, the entire list in paragraph 69 should be reviewed as it is excessively focused on the banking sector, which is incompatible with fostering diversity of profiles to enrich the debate with diverse perspectives. And par. 68 should make it clear that experience may be much more relevant than education to assess the knowledge and skills of a member of the management body.
Paragraph 84 - The Guidelines identify a number of situations that the entity must consider when assessing the potential impact on the fulfilment of the reputation requirement. For this purpose, both current and past situations concerning the Director are taken into consideration, including civil decisions and administrative proceedings (par. 84, letter d). It’s requested that administrative proceedings and any civil judgments should not be considered relevant for the assessment of reputation requirements.
It is therefore requested that letter (d) of par. 84 be deleted.
Paragraph 86, 87 and Section 26 – The paragraph assigns to the Competent Authority the task of assessing certain situations detailed under letters (a) to (e).
At this regard, it is not clear whether the situations indicated must also be previously assessed by the bank or otherwise included in the application submitted by the bank, or whether— as appears more plausible — they require an exclusive assessment by the Competent Authority. This point should in any case be clarified.
Moreover, it should also be noted that the situations considered are excessively broad and generic — and therefore subject to an overly discretionary evaluation — and concern facts and circumstances pertaining to the individual concerned, of which the bank may not be aware.
In particular, about the situations identified as potentially risky, the following should be highlighted:
- under letter (a), in identifying the current and past business sectors in which the individual has operated that may be considered relevant, virtually any economic activity is included (“other cash generating businesses or activities”), thereby excessively expanding the range of relevant sectors. For this reason, the letter a) should be deleted or limited to specific situations other than sectors where the relevant business activities are ordinarily authorized and regulated by national and EU legislation based on strict controls and authorization regimes, especially for companies listed in regulated markets;
- about letters (b) and (c), it should in any case be noted that it is extremely complex to verify the existence of trusts, cooperation arrangements or delegations granted to individuals listed on sanctions lists;
- about letter (d), the situations considered should not be extended to the close family members of the individual (whose scope is, moreover, not defined), since the assessment of the reputation requirement should be carried out exclusively with reference to the conduct of the individual concerned, and not of their relatives. In addition, specification needed for this provision to be proportional. So far, any “past”, even “indirect” business relation or “close family members” could negatively impact the assessment of good repute of the members of the management body and key function holders regarding ML/TF risks. It needs to be clearly defined how far in the past (e.g. 1-2 years?), which kinds of indirect business relations (e.g. directorship? Ownership?) and up to which degree of family relationship (e.g. spouse?) will be considered for this provision to be functional;
- about letter (e), it is requested that the circumstance that the individual is classified as a “PEP” be excluded from the relevant situations, also considering that such classification may simply result from holding a corporate office in a State-owned company. Clear further specification needed for this provision to be proportional. Unclear terms such as “other factors” and mere “suspicion” do not provide any guidance on how evaluation could and would take place.
It is therefore requested that paragraph 86 be reconsidered, considering the considerations set out above.
Paragraphs 91: point (a) provides that, to have independence of mind, a person must be able to independently assess the decisions proposed by the other members of the management body and act independently. However, CRD does not demand formal independence and we consider that independence cannot be defined by formal independence. This is of no practical use and deeply compromises the diversity of organizations that have proven their resilience.
Independence of mind should not be defined as acting independently, as this could lead to confusion between independence of mind and formal independence, whereas paragraphs 89 and 90 distinguish between these two concepts. The terms “independently” and “and act in an independent manner” should therefore be removed.
Paragraphs 93, 95 and paragraph 13 of the background and rationale – Cooling-off period: The draft introduces a recommended three-year cooling-off period for an executive director who becomes a non-executive director or chair of the board, in order to preserve independence of mind. In the absence of such a period, the draft suggests a possible conflict of interest to be mitigated in accordance with Section 11 of the Internal Governance Guidelines.
This proposal should be deleted. Cooling-off periods are already regulated at legislative level in several Member States for the purposes of qualifying as an independent director. Introducing an additional prescriptive requirement at Level 3 risks interfering with national company law and exceeding the mandate of the Guidelines.
Moreover, the automatic presumption that independence of mind is impaired without a three-year cooling-off period does not sufficiently account for the diversity of governance structures across Member States. The assessment of independence of mind should remain case-by-case, based on objective criteria and actual conflicts of interest.
The proposed revisions to the text are set forth below.
Par. 93, h) - 93. When assessing the existence of conflicts of interest referred to in paragraph 91(b), entities should identify actual or potential conflicts of interest in accordance with the institution’s conflict of interest policy and assess their materiality. At least the following situations that could create actual or potential conflicts of interests should be considered: […]
(delete the letter h:h: without prejudice to national law, the former CEO or, where applicable another executive director or former executive director takes on the role of chairperson or as member of the management body in its supervisory function within the same entity within a time period of three years after their position of a member of the management body in its management function ended.)
(delete the entire par.95: A conflict of interest arising from the role change mentioned in paragraph 93 (h) with regard to being a member of the management body in its supervisory function should be mitigated in line with Section 11 of the EBA guidelines on internal governance.)
Question 6: Are the changes made in Title V appropriate and sufficiently clear?
Paragraphs 116 et seq. – Gender balance: at board level, gender balance requirements are already comprehensively regulated by Directive (EU) 2022/2381 and relevant national transposition measures. Introducing parallel and potentially overlapping requirements in Level 3 Guidelines creates duplication and legal uncertainty, unless the concept of “gender balance” referred to herein is the one that applies in accordance with national law.
At nomination committee level (paragraph 123), extending gender balance expectations raises proportionality concerns and is not grounded in Article 91 of CRD VI, which does not extend diversity requirements beyond the management body itself. Nomination committees are often composed of a limited number of members selected based on expertise in governance, people and remuneration matters. Imposing additional gender composition constraints on such small bodies may undermine the ability to appoint members with the most appropriate knowledge and experience.
We therefore recommend that this reference be removed.
In any case, without prejudice to the foregoing consideration, if the reference to gender balance is not deleted, it is necessary to consider the concurrent need for entities to ensure the presence of professional profiles consistent with the Committee’s mandate. To this end, it could be envisaged, where feasible, that at least one member of the committee belongs to the less represented gender.
The proposed revisions to the text are set forth below
123. In order to facilitate an appropriately diverse pool of candidates for management body positions, entities should implement a diversity policy for staff, including career planning aspects and measures to ensure equal treatment and opportunities for staff of different genders. Such measures should include that the aspect of appropriate gender representation is also taken into account when selecting staff for management positions or when providing management training. Where the entity established a nomination committee their composition should, where possible, (delete: be gender balanced.) include at least one member of the under‑represented gender.
Paragraph 118: we do not see the added value of this paragraph, under which should be documented the reasons why we supposedly have not met our objective regarding gender balance within the management body, the measures that will be taken, and the timeframe within which these measures should be implemented in order to ensure that the objective is achieved, compared with paragraph 122 which is much broader.
Question 8: Are the changes made in Title VII appropriate and sufficiently clear?
Paragraph 151 - Regarding the exceptional cases, it appears more realistic to require that the competent authority be informed, rather than consulted, as a consultation requirement could suggest that the institution must wait for the authority’s opinion for completing the suitability assessment of the member of the management body after they have taken up their position. This paragraph addresses situations where the vacancy could not be anticipated, and the replacement process should therefore not be unnecessarily delayed.
Paragraphs 160 and 171 – Report of material changes: the draft requires institutions to keep up to date the information on suitability of members of the management body, to review it at least annually and to inform the competent authority of any material change.
It should be clarified that only changes that could affect the individual’s suitability must be reported. A general obligation to report any “material change” is overly broad and may lead to unnecessary supervisory notifications.
Paragraph 161: under this paragraph, the RTS on the minimum information to be submitted to the supervisor in the context of an ex-ante assessment request would apply to the assessments of the suitability of all entities. We consider that the EBA cannot rely on the mandate concerning the file relating to ex-ante suitability applications, which was granted to it by Article 91(10) of CRD VI, to frame the content of all suitability applications or all entities.
This comment also applies to paragraph 162.
Paragraph 166 – Assessment of suitability of individual members of the management body: we are concerned that the amended text goes against the principle of collective responsibility embedded in several Member States’ legal frameworks.
Paragraph 167 – allocation of all material individual roles: the draft adds that entities “should also ensure that all material individual roles and duties of the management body are allocated to a member of the management body”.
This requirement should be deleted. The management body is a collegiate body with collective responsibility. Requiring formal allocation or mapping of duties of all material roles to specific members risks blurring the distinction between collective responsibility and individual executive functions and may be incompatible with certain governance models.
Moreover, the following sentence is not sufficiently clear: “The assessment of collective suitability should provide a comparison between the actual composition of the management body and the management body’s actual adequate collective knowledge, skills and experience, and the required collective suitability.” Is not clear the difference between “actual adequate collective knowledge” and “required collective suitability”.
Paragraph 179 – Notification of re-assessment upon new circumstances becoming known: The draft requires institutions to inform the competent authority each time a re-assessment is triggered because new circumstances “become known”. This requirement should be deleted or limited to cases where suitability could be affected. Triggering a notification obligation merely because information becomes known—without any conclusion that suitability is impacted—creates disproportionate reporting burdens.
If the competent authority desires further information on publicly available matters, it retains the power to request it.
Question 9: Are the changes made in Title VIII appropriate and sufficiently clear?
Sections 23 and 24 - As is well known, CRD VI introduces significant changes to Article 91 of the CRD, generally requiring banks to assess their senior management before they assume their duties (ex-ante assessment).
However, considering the specificities of national governance systems, the Directive has specifically regulated the circumstances in which the assessment may take place after the members have assumed their duties (ex post assessment).
In this regard, it is first required that the text of the Guidelines faithfully reproduce the text of the Directive, specifying that the ex-ante assessment must be conducted prior to the taking up the position - and not prior to the appointment - and consequently aligning the wording across the entire document.
Furthermore, it is necessary to take into account the specific features of the ex-post assessment procedure, ensuring better coordination between paragraph 9.4 (sub paragraphs 103 et seq.) - which is dedicated to the “additional safeguards” applicable in cases of appointments made pursuant to paragraph 14 of Article 91 - and the provisions set out in Title VII and, in particular, Title VIII, which respectively govern the assessment of requirements conducted by the bank and by the Supervisory Authority.
Within the paragraph concerning additional safeguards (paragraph 9.4 and sub paragraphs 103 et seq.), it is unclear whether the assessment process and the measures described also apply in situations where the management body has no competence in the selection and appointment of its members. It should be noted, in this regard, that in Annex 5.1 (Draft cost benefit analysis), the reference to “additional safeguards” is made solely with respect to the appointment of members of bodies elected at regional or local level.
Moreover, within Title VIII and the paragraphs concerning “notifications of new appointments” (para. 201 et seq.) and “notifications in exceptional circumstances” (para. 207) - which relate to situations where an ex-post assessment mechanism is regulated at Member State level - the submission deadlines for applications to the Authority should be aligned and, in any event, set at 30 days following the assessment of the requirements carried out by the Board.
Finally, a particularly important aspect concerns the process and timeline for submitting the application in the case of the appointment of an executive director or the chairman of the board of directors, for which the application must be submitted to the Authority at least 30 days before the candidates take up their functions. On this point it should be noted that the provisions under consultation seem to entail an increased burden in terms of the documentation set to be provided to the competent supervisory authority for the purposes of the suitability assessment.
In this regard, it is first necessary to consider the importance of such positions for bank governance and, therefore, the need for these individuals to immediately perform their functions, to ensure full continuity in those roles.
That said, we request that the requirement set forth in the Directive be deemed satisfied if the bank submits, even prior to the appointment, a simplified set of information that includes the personal data of the candidate proposed by shareholders for the position and, for example, the curriculum vitae. Based on this information, dialogue with the Supervisory Authority could then be initiated.
Alternatively, it is proposed to refer directly to national regulations for the transposition of the provision in question and regulating only the modalities of dialogue with the Authority (referred to in paragraph 24, subparagraphs 217 et seq.), in accordance with the requirements of the Directive.
The proposed wording amendments are set out below.
56. (Background and rationale). Where the competent authority carries out suitability assessments after the member takes up their position (ex post), in line with Article 91(1d) of this Directive, large entities in line with Articles 91(1d) and 91a(5) of the Directive 2013/36/EU should provide (delete: "a suitability application") documentation to the competent authority without undue delay but at the latest 30 working days or within the different timeframe provided for by national legislation before the prospective member takes up their position including personal data of the candidates for the position of member of the management body in its management function or the chair of the management body in its supervisory function and any available information about the candidates at that time.
201. Competent authorities should require entities to notify to competent authorities newly appointed members and provide the required accompanying documents. Notifications of the suitability application and the accompanying documents to the competent authority should include the information and the documentation referred to in Article 91 (1e) Directive 2013/36/EU as well as, to the extend deemed proportionate by the competent authorities in line with paragraph 161 of these Guidelines, in the RTS on the minimum content of information mandate under Article 91 (10). Such notifications include: […] b) notifications to the competent authority assessing the suitability after the appointment or taking up of the position (ex-post jurisdictions) of a member of the management body and, where applicable, a key function holder. Such notifications should be made (delete: "not later than two weeks") in due time and within one month after the (delete: "appointment") assessment by the entity.
201. lett. C): […] notifications to the competent authority (ex-post jurisdictions) assessing the suitability of members of the management body in its management function or the chair of the management body in its supervisory function in large entities, as further specified in paragraph (delete: "203") 202.
202: Competent authorities should require large entities to submit an ex-ante suitability (delete: "application") documentation in accordance with Article 91(1d) of Directive 2013/36/EU. This (delete: "applications") documentation hould be (delete:"made") sent without undue delay and as soon as there is a clear intention to appoint a member of the management body in its management function or the chair of the management body in its supervisory function, or based on the appointment decision and in any case before the person takes up their position. For members of the management body in its management function or the chair of the management body in its supervisory function it should be submitted at the latest 30 working days or within the different timeframe provided for by national legislation before the prospective members take up their position.
204: Notifications should at least include the documentation on the personal data of the candidates for the position of member of the management body in its management function or the chair of the management body in its supervisory function and any available information at that time. (delete: "and information in accordance with Article 91 (1e) of Directive 2013/36/EU for member of the management body in its management function or the chair of the management body in its supervisory function and the RTS on the minimum content of information for such members, the chairperson, the heads of control functions and the CFO".)
(delete the entire "par.206: Competent authorities should start the assessment procedures as soon as the ex-ante suitability application is received as per Article 91(1d). This aims to identify any material concerns regarding the suitability of the individual. Competent authorities should aim to perform an initial assessment of the suitability in a timely manner before the prospective member takes up the position and should start an enhanced dialogue with the entity where material concerns regarding the suitability exist Section 24.")
207. In the duly justified cases referred to in the second subparagraph of Article 91(1a) of the Directive 2013/36/EU, entities should be required to provide the complete documentation and information in RTS on the minimum content of information, together with the notification to the competent authority, within one month after the member has been (delete: "appointed ") assessed by the entity.
Paragraphs 217-226 should be changed accordingly.
Section 26 - While we acknowledge the importance of ensuring robust supervisory assessment procedures, we consider that certain AML-related provisions in Title VIII are excessively prescriptive and risk expanding the scope of suitability assessments beyond what is envisaged in CRD VI. In particular, the fact that an entity may have been subject to supervisory findings or infringements should not automatically give rise to suspicions affecting all current or prospective members of the management body. On the other hand, suitability assessments must remain individualised and based on objective and demonstrable grounds.
In this regard, we believe it is essential that any “reasonable grounds to suspect” (as referenced in Paragraphs 30.d and 233) are consistently supported by objective and substantiated evidence, rather than by unverified external resources such as 'adverse media' or investigative journalism. Relying on such sources could introduce significant subjectivity into the assessment process, potentially undermining the rigorous and fact-based approach that should characterise the suitability framework and the principle of legal certainty.
Furthermore, it is essential that the presumption of innocence be fully respected in the context of suitability reassessments. Supervisory concerns relating to AML/TF risks should not result in indirect or anticipatory consequences for individuals in the absence of concrete evidence of personal involvement or responsibility. The Guidelines should therefore clarify that entity-level deficiencies do not, per se, undermine the suitability of individual candidates and that any reassessment must be grounded in specific, substantiated facts attributable to the individual concerned.
Section 27 - Cooperation between competent authorities - A section of the Guidelines is dedicated to the exchange of information regarding members of the governing bodies or Key Function Holders among supervisory authorities, when such information is already available to the authorities themselves (paras. 238 et seq.) as a result of fit and proper assessments or because it is relevant for the purposes of the suitability evaluation.
In this regard, we considered necessary to specify that, within the European Union, entities already subject to supervision by a Supervisory Authority and to the application of the fit & proper procedure should be exempt from providing additional documents and information concerning suitability requirements, since such information is already available to the Authorities.
Therefore, we suggest outlining a broader exemption regime for credit and financial institutions already under supervision within the European area and within the Single Supervisory Mechanism (SSM). In particular, SSM credit institutions submitting a suitability assessment request should not be required to provide information and documentation for the evaluation of the individual or collective suitability of members — for instance, in the context of procedures relating to the acquisition of qualifying holdings in financial institutions — if such information is already available to the Supervisory Authorities, in full compliance with the regulatory framework both at national and EU level.
Information flows and data exchange should be ensured among the competent Supervisory Authorities within the European Union, or by another competent authority of the same Member State or of another EU Member State.
Paragraph 182 - About the periodic assessment of the requirements for key function holders, the results of the assessment are to be reported to the body that appointed them and to the management body. With a view to streamlining compliance obligations, it is proposed that periodic reporting to the management body be limited to cases where the assessment reveals significant facts that require disclosure. This solution is fully consistent with the provisions of Article 91-bis, paragraph 2, of the Directive.
The proposed revisions to the text are set forth below.
182. The responsible function within an entity should carry out the suitability assessment of Key Function Holders before their appointment and periodically, in line with the Article 91a paragraph (2) of Directive 2013/36/EU, and should report the assessment results to the appointing function and the management body. As for the periodic assessment, a report to the management body is only provided in cases of events that can materially affect the suitability of key function holders.
Paragraph 199(c) - It should be specified that the situations triggering a suitability re-assessment by competent authorities are limited to new facts or circumstances relating to the individual concerned. So, the word “situations” should be replaced with “new facts”. In this context, the regular supervisory procedures carried out by the institution or circumstances related to the institution do not, in themselves, constitutes a trigger for a re-assessment of individual suitability. Where individuals have already been assessed in accordance with the Joint ESMA and EBA Guidelines and continue to be subject to ongoing suitability requirements, the absence of new personal facts or supervisory concerns should not, as a general rule, result in the initiation of a re-assessment.
Paragraph 199(d): should be clarified the maximum period for concluding the suitability assessment and, where applicable, the circumstances under which this time limit may be extended, as well as to the conditions governing such an extension.
Paragraph 201: the assessment of the suitability of “key function holders” by the competent authorities should be limited to the heads of internal control functions and the CFO in large entities (ex Art. 91a(5) of Directive 2013/36/UE). Therefore, we would suggest that paragraph 201 be adjusted accordingly.
Likewise, we would suggest review and align the wording across the entire document where any different scope or enlargement different to subject Key Function Holders, could be mentioned, as for example:
Delete last part of paragraph 193 where it says “Where deemed necessary by competent authorities similar procedures should be specified for other key function holders in large entities. Additionally, competent authorities should consider setting out similar supervisory procedures for assessing the suitability of key function holder in entities other than large entities. “
With the same purpose, delete from paragraph 233 “… and where applicable other key function holders…”
Moreover, the letter (b) should be reworded to be adapted to Member States that have adopted an ex-post regime. In the last sentence, reference should be made to the date on which the individual takes up their position as the starting point of the two‑week time limit, rather than the date of appointment. Applying the two‑week time limit from the date of the appointment decision would, in effect, amount to applying an ex-ante regime to such appointments.
Paragraph 202: the title “Notifications to ex-post jurisdictions of large entities about intended appointments of members of the management body in the executive function or chairperson (ex-ante suitability applications) and appointments of heads of control functions and CFO” is not clear; the scope of application should be better specified.
The request for ex-ante suitability concerns only the members of the management body in its management function and the chairman of the board of large entities. The wording of paragraph 202 may imply that there are other members who would be concerned. See the proposed amendments in the comments above to Sections 23 and 24.
Paragraph 205: it should be reworded on two points to be consistent with the CRD VI Directive:
- it should include the exception provided for under CRD VI where the institution is unable to submit certain documents or information: “unless the competent authority is satisfied that it is not possible for such information to be provided.”;
- it should be specified that, in such circumstances, the institution must be informed that the competent authority may object to the individual taking up their position in the absence of submission of the requested documents and information. The current wording of this paragraph could give the impression that the decision of the competent authority is final, without any prior formal request or notice being addressed to the institution.
Paragraph 206: it should be specified under which circumstances an enhanced dialogue should be initiated. It would appear appropriate for such dialogue to be initiated where the competent authority does not have sufficient information to assess the suitability of the candidate, where the institution has not submitted all the required documents and information (see par. 205).
Paragraph 208 – Maximum period for assessment by competent authorities: the maximum period for assessment of four months by the competent authorities seems too long (paragraph 208), and we would suggest a reduction to two months, considering the following:
- the initial drafts of Directive (EU) 2024/1619 already envisaged a substantial reduction in the maximum timeframe for suitability assessments, reflecting a clear intention to simplify and expedite these procedures;
- the current level of cooperation and information exchange between the competent supervisory authorities has improved significantly, enabling more efficient coordination and reducing procedural delays;
- the increasing integration of digital and AI-based tools into supervisory processes would likely significantly improve the efficiency of reviewing and assessing suitability applications, making shorter timeframes feasible and appropriate.
Paragraph 217: it should be specified in this paragraph that the competent authority’s concerns regarding the suitability of the candidate may stem from the absence of the requested documents or information.
Paragraph 221: this paragraph suggests that the institution is not expected to engage with the candidate to address the competent authority’s potential concerns in the context of the enhanced dialogue. However, it appears necessary to allow institutions to share such information with the candidate where this is relevant to enable institutions to respond as effectively as possible to those concerns.
Paragraph 234(c): the conduct described constitutes a serious breach by the obliged entity of its AML/CFT obligations. As such, it should fall within the scope of point (b), rather than being presented as a separate category. Indeed, the competent authority responsible for assessing the suitability of members of the management body and key function holders does not have greater access to information concerning such conduct than it would have in relation to other breaches.
Paragraph 234(d): the situation referred to in paragraph (d) does not appear to differ from that described in paragraph (a). If this paragraph is nevertheless maintained as a separate provision, the consideration of allegations should be made conditional upon the existence of sufficiently reliable sources.
Paragraph 235(f): the possibility of relying on such sources should be subject to the existence of ongoing proceedings or decisions relating to the facts reported therein.
Paragraph 237: “Where the person themselves committed or attempted ML/TF”: a finding by the competent authority that a member of the management body or a key function holder has committed or attempted money laundering should be considered immediately disqualifying, provided that such conduct has been established by a final judicial decision...or the person is, or has become, a designated person under EU sanctions lists”: the link established between designation on an EU sanctions list and unsuitability introduces political considerations into the assessment of suitability.
Question 11: Are the changes made to Annex 1 and Annex II appropriate and sufficiently clear?
Template for a matrix to assess the collective competence of members of the management body
The Guidelines under consultation provide indications for the procedure to assess the collective competence of the Board, setting out in a specific annex (Annex I) a template that entities may use for this purpose. In the introductory notes to the annex, it is specified that the matrix is a tool designed to support the entity’s assessment activity and may be used by banks on a voluntary basis.
It should be noted, however, that the indications regarding the skills and competence profiles of board members are excessively detailed. It is therefore proposed to simplify the entire template through a comprehensive review of its structure, in order to enable its effective and practical use by banks.
The updated Annex I appropriately reflects the expanded scope of collective knowledge expectations, notably by explicitly incorporating ESG risks, ICT risks and artificial intelligence related considerations, in line with the revised requirements for management bodies.
The continued use of a flexible template, allowing entities to adapt the matrix to their size, complexity and governance structure, supports the proportionality principle and is therefore appropriate.