Skip to main content
European Banking Authority logo
  • Extranet
  • Log in
  • About us
    Back

    About us

    The EBA is an independent EU Authority.  We play a key role in safeguarding the integrity and robustness of the EU banking sector to support financial stability in the EU.

    Learn more
      • Mission, values and tasks
      • Organisation and governance
        • Governance structure and decision making
        • EBA within the EU institutional framework
        • Internal organisation
        • Accountability
      • Legal and policy framework
        • EBA regulation and institutional framework
        • Compliance with EBA regulatory products
      • Sustainable EBA
      • Diversity and inclusion
      • Careers
        • Vacancies
        • Meet our team
      • Budget
      • Procurement
    Close menu panel
  • Activities
    Back

    Activities

    To contribute to the stability and effectiveness of the European financial system, the EBA develops harmonised rules for financial institutions, promotes convergence of supervisory practices, monitors, and advises on the impact of financial innovation and the transition to sustainable finance.

    Start here
      • Single Rulebook
      • Implementing Basel III in Europe
      • Supervisory convergence
        • Supervisory convergence
        • Supervisory disclosure
        • Peer Reviews
        • Mediation
        • Breach of Union Law
        • Colleges
        • Training
      • Direct supervision and oversight
        • Markets in Crypto-assets
        • Digital operational resilience Act
      • Information for consumers
        • National competent authorities for consumer protection
        • How to complain
        • Personal finance at the EU level
        • Warnings
        • Financial education
        • National registers and national authorities responsible for handling complaints related to credit servicers
        • Frauds and scams
      • Research Workshops
      • Ad hoc activities
        • Our response to Covid-19
        • Brexit
    Close menu panel
  • Risk and data analysis
    Back

    Risk and data analysis

    To ensure the orderly functioning and stability of the financial system in the European Union, we monitor and analyse risks and vulnerabilities relevant for the regulation of banks and investment firms. We also facilitate information sharing among authorities and institutions through supervisory reporting and data disclosure.

    Learn more
      • Risk analysis
        • 2024 EU wide transparency exercise
        • EU-wide stress testing
        • Risk monitoring
        • Thematic analysis
      • Remuneration and diversity analysis
      • Reporting frameworks
        • Reporting Time Traveller
        • DPM data dictionary
      • Data
        • Registers and other list of institutions
        • Guides on data
        • Aggregate statistical data
        • Secondary reporting: data from Competent Authorities to the EBA
        • Data analytics tools
    Close menu panel
  • Publications and media
    Back

    Publications and media

    Communicating to all our audiences in the most effective way and using the most appropriate channels is crucial for us. Through our publications, announcements, and participation in external events, we are committed to reaching out to all our stakeholders to report about our policies, activities, and initiatives.

    Learn more
      • Publications
        • Guidelines
        • Regulatory Technical Standards
        • Implementing Technical Standards
        • Reports
        • Consultation papers
        • Opinions
        • Decisions
        • Staff papers
        • Annual reports
      • Press releases
      • Speeches
      • Interviews
      • Events
      • Media centre
        • Media gallery
        • Media resources
    Close menu panel

Breadcrumb

  1. Home
  2. Single Rulebook Q&A
  3. 2013_228 Requirement to establish a risk/audit committee
Question ID
2013_228
Legal act
Directive 2013/36/EU (CRD)
Topic
Internal governance
Article
76
Paragraph
3
Subparagraph
4
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations
Not applicable
Article/Paragraph
Not applicable
Name of institution / submitter
CSSF
Country of incorporation / residence
Luxembourg
Type of submitter
Competent authority
Subject matter
Requirement to establish a risk/audit committee
Question

Article 76(3), first paragraph, requires significant institutions to establish a risk committee. According to the fourth subparagraph, "competent authorities may allow an institution which is not considered significant as referred to in the first subparagraph to combine the risk committee with the audit committee as referred to in Article 41 of Directive 2006/43/EC." Does this mean that all institutions in the EU are required to establish at least a joint risk and audit committee?

Background on the question

Taken literally, the requirement would mean that, at odds with the proportionality principle, all institutions in the EU would be required to establish at least a joint risk and audit committee.

Submission date
10/09/2013
Final answer

Article 74(2) of Directive 2013/36/EU (CRD) establishes that an institution's governance arrangements "shall be comprehensive and proportionate to the nature, scale and complexity of the risk inherent in the business model and the institution's activities", taking into account the technical criteria in Articles 76 to 95 of the CRD. Therefore, an institution, while not deemed 'significant', may be deemed to have sufficient risks relative to its nature, scale and complexity to require the establishment of a risk committee, while smaller and less complex institutions are not required to establish such a committee under proportionality considerations.

Where the first paragraph of Article 76(3) of the CRD does not apply, but a risk committee is required to be established on the basis of proportionality under Article 74(2), the fourth subparagraph of Article 76(3) may then apply. This enables competent authorities to allow a non-significant institution to combine its audit committee, referred to in Article 41 of Directive 2006/43/EC, with this risk committee. This is subject to the members of the joint committee having the knowledge, skills and experience required of both competences. Competent authorities may allow the establishment of a joint risk/audit committee following individual or peer assessments, or make their establishment available to defined categories of institutions with a similar risk profile and degree of complexity. This should be done on the basis of objective criteria.

For the smallest or least complex non-significant institutions, it is likely that neither a dedicated risk committee nor a joint risk/audit committee will be required.

While there is no definition of 'significant' in Regulation (EU) No. 575/2013 (CRR), Directive 2013/36/EU (CRD), or in existing EBA Guidelines, the EBA Guidelines on Internal Governance state, under point 14.6 and in particular 14.12, that institutions should establish a risk committee subject to the proportionality principle. Pending the development of guidelines setting out the definition of 'significant' in this context, Member States should apply their own criteria in making this determination.

Regardless of the establishment of a dedicated risk committee, a joint risk and audit committee, or neither of these, the management body shall, pursuant to the second sub-paragraph of Article 76(3) of the CRD, always retain ultimate responsibility for the risk management within the institution.

Status
Archive
Answer prepared by
Answer prepared by the EBA.
Note to Q&A

Update 26.03.2021: This Q&A has been archived as the issue it deals with has been clarified in Section 5 of the Guidelines on Internal Governance (EBA/GL/2017/11).

Footer

EUROPEAN BANKING AUTHORITY

Our mission is to contribute to the stability and effectiveness of the European financial system through simple, consistent, transparent, fair regulation and supervision that benefits all EU citizens.


UE logoAn agency of the EU

EU Agencies Network logoEU Agencies Network

EMAS logoSustainable EBA

Contact us

  • Contacts
  • Ask a general question
  • Send a press query
  • Ask a regulatory question
  • File a complaint
  • Whistleblower reports

Stay up to date with our work

  • Subscribe to our email alerts
  • News & press RSS feed

Follow us on Social media

  • Bluesky
  • LinkedIn
  • X
  • YouTube

Find out about us

  • The EBA at a glance
  • Vacancies
  • Privacy policy
  • Legal notice
  • Cookies policy
  • Frauds and scams

Explore related sites

  • EIOPA
  • ESMA
  • ESRB
  • CEBS archive