Response to eBA and ESMA launch consultation to revise joint guidelines for assessing the suitability of members of the management body and key function holders
Go back
• has been used for ML/TF purposes,
• has breached its AML/CFT obligations or
• has materially changed its business activity or business model in a manner that indicates that its exposure to ML/TF risk has significantly increased.
Worded in this manner, these requirements are not implementable. For example, it is intrinsic to money laundering that credit institutions are used for this purpose, because without the use of payment services, illicitly obtained money cannot be channelled into the legal money cycle. In order to counter this risk, credit institutions monitor all payment transactions and, if an illegality suspected, report this to the authorities. Since institutions fulfil their obligations in this regard, there is therefore no reason for a reassessment of the management body’s suitability.
The second requirement also misses the point. For not every (slight) violation of the extensive catalogue of legal and supervisory regulations for money laundering prevention means that the institution has generally not instituted appropriate risk management in this area. Only in such a case, however, would it be appropriate to subject the management body to a suitability reassessment.
The third requirement generally lacks practical relevance, since it implies that an increase in the risk of being misused for money laundering or terrorist financing is being taken lightly by the institution in order to push through a change in its business model. Given the large number of regulations to be observed, however, particularly from the 4th and 5th AMLD, this cannot happen. Institutions are obliged to address every identified risk with appropriate measures or refrain from doing such business.
In accordance with para. 30, institutions should ensure that the overall composition of the management body has a wide range of experience. It must be borne in mind that some institutions have no influence on the composition of the supervisory body and therefore cannot ensure a wide range of experience. In the case of public-law savings banks, the selection of the members of the management body in its supervisory function is the sole responsibility of the municipalities (which are the trustees of the savings banks).
Public-law savings banks in Germany operate under ‘municipal trusteeship’. The management body in its supervisory function is democratically legitimized. Only the municipal trustee (town, city, districts or special-purpose associations) has the sovereignty to choose the representatives for the manage-ment body in its supervisory function and therefore can safeguard that the savings bank fulfils its pub-lic mandate for the population of the municipality. The savings banks do not have any influence on the decision of the municipality. They can ensure sufficient knowledge through training, but they cannot ensure a broad range of experience. Such situations should be taken into account.
The possibility provided for in para. 88 to decline appointing an independent member of the management body to its supervisory function should apply to significant banks too that are owned by only one undertaking and are not system-relevant. This should, moreover, apply not only to institutions whose parent undertaking is itself an CRD institution but also to other parent undertakings if they are sole owners of the institution.
According to the consultation paper of 28 October 2016 on these EBA guidelines (cf. para. 36 of the consultation paper at the time), the requirements for the independence of the members of the su-pervisory board are based on the recommendations of the EU Commission of 15 February 2005 “on the role of non-executive or supervisory directors of listed companies and on the committees of the (supervisory) board”. The aim is to address conflicts of interest that may negatively affect judgment. According to recital 7 of this recommendation, companies with widespread ownership are primarily concerned with how management can be made to account to shareholders who are in a relatively weak position. In companies with majority shareholders having a controlling stake, the reasoning in recital 7 of this recommendation focuses more on how to ensure that the company is managed in such a way that the interests of minority shareholders are sufficiently taken into account. In both cases, it is a question of ensuring adequate protection of third parties in order to address conflicts of interest. However, these conflicts of interest do not exist in the case of parent/subsidiary constella-tions with only one shareholder. A one-to-one implementation of the EU Commission’s recommenda-tion is not appropriate for such constellations and was not intended by the EU Commission, since the recommendation refers to listed companies. In the case of parent/subsidiary constellations with only one shareholder, however, it is important that the parent company is able to effectively perform its supervisory and control function through the supervisory board. This is also very important because the parent company has an interest in protecting assets and, in the case of a German public limited company, is responsible under Section 91(2) of the German Stock Corporation Act (AktG) for taking appropriate measures within the group to ensure that the continued existence of the subsidiary and, in the case of contagion effects, also developments detrimental to the parent company are recog-nised at an early stage. Violations of duty by executive board members of the controlling company may constitute claims for damages. Here, in case of doubt, the executive board of the joint-stock company bears the burden of proof (cf. Section 93 (2) sentence 2 AktG). It is therefore important that this responsibility is not diluted by the need to appoint independent members of the management body in its supervisory role.
Sentence 2 of para. 89 b. should therefore be separated into a new para. after para. 89 and worded as follows: “However, Competent authorities may not require any independent directors within: i. CRD-institutions that are wholly owned by a CRD-institution or another enterprise, in particular when the sub-sidiary is located in the same Member State as the parent company CRD-institution; ii. non-significant CRD-institutions that are investment firms.”
According to para. 108, institutions should have anti-discrimination policies. Here, the EBA invokes Art. 21 of the EU’s Charter of Fundamental Rights, which includes the general principle of non-discrimination. Neither the Charter of Fundamental Rights nor banking supervisory law (CRD V) provide a legal basis for comprehensive antidiscrimination guidelines. In Germany, European non-discrimination regulations have already been transposed into national law (e.g., the Allgemeine Gleichbehandlungsgesetz, AGG = General Equal Treatment Act). As part of a proportional implementation, institutions must have leeway for ensuring freedom from discrimination. It is not necessary for credit institutions to have their own antidiscrimination policies.
It should be taken into account that in Germany there are already numerous regulations re antidis-crimination and women’s advancement. In filling management body positions, for example, the North Rhine-Westphalian savings banks must observe the provisions of the Landesgleichstellungsgesetzes (LGG = State Equality Act) and section 19(3) of the North Rhine-Westphalian Savings Banks Act. The LGG obliges them to draw up an equality plan and to “audit” the targets laid down in it. In view of this, additional regulations at European level are not necessary.
It should at least be clarified that gender-equality policies already instituted and based on other regu-lations will be regarded as policies within the meaning of these guidelines. This would obviate the need for institutions to draw up further internal rules in addition to those required by national and possibly regional law.
According to para. 146 (c), a part of the assessment of the suitability of individual members of the management body is to gather information on the independence of mind of the assessed individual. It is difficult for us to imagine how this para. should be implemented in practice. We ask for clarification that this can refer only to information that can justify serious doubts on the “independence of mind”. In this regard, it is our understanding that the same approach must be applied as for the as-sessment of trustworthiness/reliability, i.e., so long as there is no information that can justify serious doubts on the “independence of mind”, one can assume an “independence of mind”.
According to para. 151, institutions should assess whether the collective suitability of the management body reflects a broad range of experience. Here, it should be taken into account that some institutions have no influence on the composition of the supervisory body and a broad range of experi-ence can therefore not always be guaranteed. In the case of public-law savings banks, the selection of the members of the board of directors is the sole responsibility of the municipalities, which are at the same time the bodies responsible for the savings banks. Hence, the institutions cannot them-selves work to a balanced breadth of experience. Such situations should be taken into account.
It is our understanding that the term „management body” encompasses the „management body in its management function” and the „management body in its supervisory function”. The revised para. 152 demands that institutions should assess whether the management body through its decisions has demonstrated a sufficient understanding of ML/TF risks and how these affect the institution’s ac-tivities, and has demonstrated appropriate management of these risks, including corrective measures where necessary. Despite the fact that a definition of the term „institution” is given in the document, we ask for a clarification of the term in this specific context. The background to this is that we consid-er an assessment of the management body in its management function and the management body in its supervisory function by the institute itself as critical. Our understanding is that it should be only the management body in its supervisory function that supervises the management body in its man-agement function and thereby evaluates the management measures applied.
In any case, there should be an appropriate addendum that key functions have to be identified only by significant institutions and thus para 182 does not apply to non-significant institutions. The re-quirement for this restriction derives from para. 37 “Relevant institutions should monitor on an ongoing basis…”
According to paras. 196 ff., when assessing executive and supervisory board members, authorities should in future obtain additional information from the “AML/CTF-Supervisor” (?). With enhanced risk, further investigations should be made at the FIU and law enforcement authorities. The implementation is unclear as the superordinate authority does not (yet) exist.
Question 1: Are subject matter, scope of application, definitions and date of application appropriate and sufficiently clear?
According to paras. 7 ff. also subsidiaries that themselves are not subject to the suitability assessment regime, must apply the guidelines if the parent undertaking has to apply them. Here, we understand the regulation to mean that it applies only to subsidiaries that are themselves financial holding companies or mixed financial holding companies. Other subsidiaries are not included. This should be clearly stated.Question 2: Are the changes made in Title II appropriate and sufficiently clear?
According to paras. 27c, 32c and 37 c, a suitability reassessment should be conducted if there are reasonable grounds to suspect that money laundering or terrorism financing has been committed or attempted. This is the case particularly if the institution• has been used for ML/TF purposes,
• has breached its AML/CFT obligations or
• has materially changed its business activity or business model in a manner that indicates that its exposure to ML/TF risk has significantly increased.
Worded in this manner, these requirements are not implementable. For example, it is intrinsic to money laundering that credit institutions are used for this purpose, because without the use of payment services, illicitly obtained money cannot be channelled into the legal money cycle. In order to counter this risk, credit institutions monitor all payment transactions and, if an illegality suspected, report this to the authorities. Since institutions fulfil their obligations in this regard, there is therefore no reason for a reassessment of the management body’s suitability.
The second requirement also misses the point. For not every (slight) violation of the extensive catalogue of legal and supervisory regulations for money laundering prevention means that the institution has generally not instituted appropriate risk management in this area. Only in such a case, however, would it be appropriate to subject the management body to a suitability reassessment.
The third requirement generally lacks practical relevance, since it implies that an increase in the risk of being misused for money laundering or terrorist financing is being taken lightly by the institution in order to push through a change in its business model. Given the large number of regulations to be observed, however, particularly from the 4th and 5th AMLD, this cannot happen. Institutions are obliged to address every identified risk with appropriate measures or refrain from doing such business.
In accordance with para. 30, institutions should ensure that the overall composition of the management body has a wide range of experience. It must be borne in mind that some institutions have no influence on the composition of the supervisory body and therefore cannot ensure a wide range of experience. In the case of public-law savings banks, the selection of the members of the management body in its supervisory function is the sole responsibility of the municipalities (which are the trustees of the savings banks).
Public-law savings banks in Germany operate under ‘municipal trusteeship’. The management body in its supervisory function is democratically legitimized. Only the municipal trustee (town, city, districts or special-purpose associations) has the sovereignty to choose the representatives for the manage-ment body in its supervisory function and therefore can safeguard that the savings bank fulfils its pub-lic mandate for the population of the municipality. The savings banks do not have any influence on the decision of the municipality. They can ensure sufficient knowledge through training, but they cannot ensure a broad range of experience. Such situations should be taken into account.
Question 3: Are the changes made in Title III appropriate and sufficiently clear?
Para. 86 clarifies that even membership of affiliated companies or affiliated entities is not in itself an obstacle for a member of the management body to act without independence of mind. The general stigmatisation of political supervisory body members, particularly in the case of public-law institutions, should come to an end. We therefore request that as part of the new rules on independence of mind an appropriate clarification be included for these representatives delegated by the trustees too, since the situation is comparable with the stockholder representatives/shareholders and therefore equal treatment should be exercised.The possibility provided for in para. 88 to decline appointing an independent member of the management body to its supervisory function should apply to significant banks too that are owned by only one undertaking and are not system-relevant. This should, moreover, apply not only to institutions whose parent undertaking is itself an CRD institution but also to other parent undertakings if they are sole owners of the institution.
According to the consultation paper of 28 October 2016 on these EBA guidelines (cf. para. 36 of the consultation paper at the time), the requirements for the independence of the members of the su-pervisory board are based on the recommendations of the EU Commission of 15 February 2005 “on the role of non-executive or supervisory directors of listed companies and on the committees of the (supervisory) board”. The aim is to address conflicts of interest that may negatively affect judgment. According to recital 7 of this recommendation, companies with widespread ownership are primarily concerned with how management can be made to account to shareholders who are in a relatively weak position. In companies with majority shareholders having a controlling stake, the reasoning in recital 7 of this recommendation focuses more on how to ensure that the company is managed in such a way that the interests of minority shareholders are sufficiently taken into account. In both cases, it is a question of ensuring adequate protection of third parties in order to address conflicts of interest. However, these conflicts of interest do not exist in the case of parent/subsidiary constella-tions with only one shareholder. A one-to-one implementation of the EU Commission’s recommenda-tion is not appropriate for such constellations and was not intended by the EU Commission, since the recommendation refers to listed companies. In the case of parent/subsidiary constellations with only one shareholder, however, it is important that the parent company is able to effectively perform its supervisory and control function through the supervisory board. This is also very important because the parent company has an interest in protecting assets and, in the case of a German public limited company, is responsible under Section 91(2) of the German Stock Corporation Act (AktG) for taking appropriate measures within the group to ensure that the continued existence of the subsidiary and, in the case of contagion effects, also developments detrimental to the parent company are recog-nised at an early stage. Violations of duty by executive board members of the controlling company may constitute claims for damages. Here, in case of doubt, the executive board of the joint-stock company bears the burden of proof (cf. Section 93 (2) sentence 2 AktG). It is therefore important that this responsibility is not diluted by the need to appoint independent members of the management body in its supervisory role.
Sentence 2 of para. 89 b. should therefore be separated into a new para. after para. 89 and worded as follows: “However, Competent authorities may not require any independent directors within: i. CRD-institutions that are wholly owned by a CRD-institution or another enterprise, in particular when the sub-sidiary is located in the same Member State as the parent company CRD-institution; ii. non-significant CRD-institutions that are investment firms.”
Question 4: Are the requirements in section 12 sufficiently clear; are there additional measures that should be required to ensure that diversity is appropriately taken into account by institutions and that the principle of equal opportunities for all genders is appropriately reflected?
Paras. 102 and 107, call for aiming at a gender-balanced composition of the management body and management positions. Appropriate measures should be taken and guidelines formulated. It is not unusual for smaller institutions to have management bodies comprising only two members. A gender-balanced composition would mean that one board member would always have to be a woman. Recent application procedures, however, have shown that women do not always apply for positions on the management body. For purely factual reasons, this goal is not always achievable. In general, care should be taken that requirements are not rendered impractical from the outset because of formal legal hurdles or social reality.According to para. 108, institutions should have anti-discrimination policies. Here, the EBA invokes Art. 21 of the EU’s Charter of Fundamental Rights, which includes the general principle of non-discrimination. Neither the Charter of Fundamental Rights nor banking supervisory law (CRD V) provide a legal basis for comprehensive antidiscrimination guidelines. In Germany, European non-discrimination regulations have already been transposed into national law (e.g., the Allgemeine Gleichbehandlungsgesetz, AGG = General Equal Treatment Act). As part of a proportional implementation, institutions must have leeway for ensuring freedom from discrimination. It is not necessary for credit institutions to have their own antidiscrimination policies.
It should be taken into account that in Germany there are already numerous regulations re antidis-crimination and women’s advancement. In filling management body positions, for example, the North Rhine-Westphalian savings banks must observe the provisions of the Landesgleichstellungsgesetzes (LGG = State Equality Act) and section 19(3) of the North Rhine-Westphalian Savings Banks Act. The LGG obliges them to draw up an equality plan and to “audit” the targets laid down in it. In view of this, additional regulations at European level are not necessary.
It should at least be clarified that gender-equality policies already instituted and based on other regu-lations will be regarded as policies within the meaning of these guidelines. This would obviate the need for institutions to draw up further internal rules in addition to those required by national and possibly regional law.
Question 5: Are the changes made in Title VI appropriate and sufficiently clear?
NAQuestion 6: Are the changes made in Title VII appropriate and sufficiently clear?
In future, banks and supervisory authorities should, according to paras. 146 ff., assess the suitability of members of the management body if there are grounds to suspect ML/TF activity in connection with the institution. In this regard, the guidelines require clarification that a reassessment of suitability is to be conducted only if there are grounds for serious omissions by the bank regarding money laun-dering prevention – but not when merely clients of the bank are involved.According to para. 146 (c), a part of the assessment of the suitability of individual members of the management body is to gather information on the independence of mind of the assessed individual. It is difficult for us to imagine how this para. should be implemented in practice. We ask for clarification that this can refer only to information that can justify serious doubts on the “independence of mind”. In this regard, it is our understanding that the same approach must be applied as for the as-sessment of trustworthiness/reliability, i.e., so long as there is no information that can justify serious doubts on the “independence of mind”, one can assume an “independence of mind”.
According to para. 151, institutions should assess whether the collective suitability of the management body reflects a broad range of experience. Here, it should be taken into account that some institutions have no influence on the composition of the supervisory body and a broad range of experi-ence can therefore not always be guaranteed. In the case of public-law savings banks, the selection of the members of the board of directors is the sole responsibility of the municipalities, which are at the same time the bodies responsible for the savings banks. Hence, the institutions cannot them-selves work to a balanced breadth of experience. Such situations should be taken into account.
It is our understanding that the term „management body” encompasses the „management body in its management function” and the „management body in its supervisory function”. The revised para. 152 demands that institutions should assess whether the management body through its decisions has demonstrated a sufficient understanding of ML/TF risks and how these affect the institution’s ac-tivities, and has demonstrated appropriate management of these risks, including corrective measures where necessary. Despite the fact that a definition of the term „institution” is given in the document, we ask for a clarification of the term in this specific context. The background to this is that we consid-er an assessment of the management body in its management function and the management body in its supervisory function by the institute itself as critical. Our understanding is that it should be only the management body in its supervisory function that supervises the management body in its man-agement function and thereby evaluates the management measures applied.
Question 7: Are the changes made in Title VIII appropriate and sufficiently clear?
According to para. 182, an addition regarding key function holders should be included. Art. 91 CRD V refers solely to members of the management body and precisely not to other staff of the institution. There is no legal basis for the introduction of a supervisory assessment process via key function holders too. This already applied to the existing guidelines, which is why we already criticised this at the last revision. Also, with the revision of the CRV V, the was no change made at this point, so that a legal basis is still lacking. In future, there should not only be a first assessment, but in addition a re-peated, ongoing assessment of the key-function holders by the supervisory authorities. We reject this for the reasons mentioned.In any case, there should be an appropriate addendum that key functions have to be identified only by significant institutions and thus para 182 does not apply to non-significant institutions. The re-quirement for this restriction derives from para. 37 “Relevant institutions should monitor on an ongoing basis…”
According to paras. 196 ff., when assessing executive and supervisory board members, authorities should in future obtain additional information from the “AML/CTF-Supervisor” (?). With enhanced risk, further investigations should be made at the FIU and law enforcement authorities. The implementation is unclear as the superordinate authority does not (yet) exist.