Banking Regulation 2024

Last Updated December 12, 2023

Austria

Law and Practice

Authors



Fellner Wratzfeld & Partners (fwp) has a team of more than 120 highly qualified legal personnel. The firm’s major fields of specialisation include banking and finance, corporate/M&A, real estate, infrastructure and procurement law, changes of legal form, reorganisation and restructuring. fwp advises renowned credit institutions and financial services providers on financing projects, representing mainly Austrian and international private companies, but also acts for clients from the public sector. The firm’s expertise has proven its worth repeatedly, not only in connection with project and acquisition financing, but also in regard to financing company reorganisations; fwp is also able to draw upon substantial experience gained in the financing of complex consortia in the last few years.

The primary purpose of the Austrian regulatory framework for the banking sector is to maintain a stable financial system, by doing the following:

  • increasing financial stability and the ability of financial institutions to bear losses;
  • ensuring efficient lending to businesses and individuals; and
  • progressing harmonisation in the area of bank supervision within the European Union.

In accordance with its EU membership, Austria has implemented a banking and financial framework that is highly influenced by European rules and regulations. The key Austrian legislation applicable in the banking sector is as follows.

  • The Banking Act (BWG), which provides the fundamental framework applicable to credit institutions and financial institutions in Austria, including the licensing regime, supervision, capital and liquidity requirements, and receivership proceedings and penalties. The BWG implements the Capital Requirements Directive (2013/36/EU) (CRD IV) as amended by CRD V ((EU) 2019/878).
  • The Payment Service Act 2018 (ZaDiG 2018) and the E-Money Act 2010 (E-GeldG), which implement the Payment Service Directive (Directive (EU) 2015/2366) (PSD II)) and the Electronic Money Directive (Directive 2009/110/EC). ZaDiG 2018 and the E-GeldG provide for, among others, the licensing and capital requirements for payment and e-money institutions.
  • The Bank Recovery and Resolution Act (BaSAG) implements the Bank Recovery and Resolution Directive (Directive 2014/59/EU (BRRD)) and provides for the obligation of credit institutions to draw up recovery and resolution plans. The implementation of the Single Resolution Mechanism (SRM) at the EU level required a revision of the BaSAG in 2015 – most of the amendments entered into force in January 2016.
  • The Securities Supervision Act 2007 (WAG 2007), and additional regulations, provide for the licensing of investment service providers, customer protection provisions, disclosure and notification requirements, etc. The Securities Supervision Act 2018 (WAG 2018) entered into force on 3 January 2018 and implements a substantial part of the Markets in Financial Instruments Directive (Directive 2014/65/EU – (MiFID II)). The amended law ensures that Austrian law is in line with the provisions of the Markets in Financial Instruments Regulation (Regulation (EU) No 600/2014 – MiFIR), which has applied since 3 January 2018.
  • The Capital Markets Act (KMG), which primarily implements the Prospectus Directive (Directive 2003/71/EC – PD), provides in particular for the prospectus framework relevant to securities offerings and offerings of investments in Austria.
  • The Stock Exchange Act (BörseG) and the Takeover Act (ÜbG) provide the legal framework relating to the listing and trading of securities as well as public takeover offerings. The amended Stock Exchange Act 2018 (BörseG 2018) came into force on 3 January 2018, implementing certain MiFID II provisions and introducing the possibility for a legal delisting of publicly traded stock companies from the Official Market, which is now the only regulated market in Austria.
  • The Securities Deposit Act (DepotG) regulates the depositing and acquisition of securities.
  • The Financial Market Money Laundering Act (FM-GwG) stipulates statutory due diligence obligations relating to money laundering and terrorism financing.
  • The Financial Market Authority Act (FMABG) regulates the organisation and competencies of the Financial Market Authority (FMA).

In addition to Austrian law, certain EU regulations are directly applicable to Austrian credit institutions, such as the Capital Requirements Regulation (Regulation No 575/2013/EU – CRR), which, to a large extent, is based on the Basel III standards issued by the Basel Committee on Banking Supervision. The CRR includes most of the technical provisions governing the prudential supervision of Austrian credit institutions.

Regulatory Authorities

Austrian Financial Market Authority (FMA)

The FMA is established as an integrated supervisory institution, supervising all financial service providers in Austria. It shares responsibilities with the Oesterreichische Nationalbank (OeNB) in connection with banking supervision. While the OeNB is in charge of fact-finding, including on-site and off-site analysis of banks, the FMA is responsible for the decision-making process and is therefore empowered to act as the competent authority in the areas of banking supervision and banking recovery and resolution.

European Central Bank (ECB)

The ECB is responsible for banking supervision in the European area under the Single Supervisory Mechanism (SSM) and supervises significant entities in Austria, together with the FMA as the National Competent Authority (NCA) and the OeNB. Therefore, the FMA works in close co-operation with the ECB and the OeNB. However, the exclusive responsibility for granting and extending concessions of CRR credit institutions (ie, those credit institutions that receive deposits or other repayable funds from the general public and grant loans on their own account pursuant to Article 4 paragraph 1 no 1 of the CRR) lies with the ECB. For Austrian non-CRR credit institutions and branches of foreign credit institutions, the exclusive responsibility remains with the FMA.

Types of Licence

The ECB licenses CRR credit institutions in SSM member states and those (mixed) financial holding companies for which it is the consolidating supervisor. However, the scope of the licence granted by the ECB also extends to regulated activities under Austrian law.

The FMA licenses the following:

  • all credit institutions that have their registered seat in Austria and are not classified as CRR credit institutions but only as CRR financial institutions; and
  • (mixed) financial holding companies that have their registered seat in Austria and for which the FMA is the consolidating supervisor, provided that at least one group member is a credit institution and more than 50% of the own funds, consolidated turnover, income or other indicators within the group are attributable to CRR credit institutions or CRR financial institutions.

Licences granted can be subject to conditions and requirements, and can cover one or more types of transactions listed in Section 1 of the BWG.

In Austria, licensed credit institutions may also provide banking services in other EU member states by way of using the freedom of establishment or by using the freedom to provide services.

Since 29 May 2021, (mixed) financial holding companies registered in Austria must apply for a special licence as a (mixed) financial holding company upon exceeding specified trigger thresholds relating to the equity, consolidated assets, revenues, personnel or other indicators of a subsidiary qualifying as a credit institution, investment firm or financial institution. The corresponding licensing procedure is basically comparable to that of a banking licence procedure, but its scope is somewhat reduced. Thus, (mixed) financial holding companies are required to provide the FMA with certain information, such as detailing the organisation and allocation of tasks within the group, and whether they are suitable shareholders of credit institutions held as subsidiaries. A (mixed) financial holding company as well as its management needs to be able to ensure regulatory compliance with capital requirements, but also to prevent conflicts within the group and to ensure the enforcement or implementation of group-wide policies and adequate risk management.

Activities and services covered, and any restrictions on licensed banks’ activities

Pursuant to the BWG, an entity requires a credit institution licence issued by the competent supervisory authority to carry out activities listed in Section 1 paragraph 1 of the BWG, particularly when carrying out one or more of the following activities for a commercial purpose:

  • deposit business (Einlagengeschäft);
  • current account business (Girogeschäft);
  • lending business (Kreditgeschäft);
  • discount business (Diskontgeschäft);
  • custody business (Depotgeschäft);
  • the issuing and administration of payment instruments (Ausgabe und Verwaltung von Zahlungsmittel);
  • trading for one’s own account or on behalf of others on specific markets or with certain instruments set out in Section 1 paragraph 1 no 7 lit a-f of the BWG, including trading with futures and equity swaps or financial instruments pursuant to the WAG 2018;
  • guarantee business (Garantiegeschäft);
  • securities issuing business (Wertpapieremissionsgeschäft);
  • building savings and loan business (Bauspargeschäft);
  • investment fund business (Investmentgeschäft);
  • real estate investment fund business (Immobilienfondsgeschäft);
  • capital financing business (Kapitalfinanzierungsgeschäft);
  • factoring business (Factoringgeschäft);
  • money brokerage transactions on the interbank market or the brokerage of transactions in connection with specific banking transactions (Geldmarktgeschäft);
  • severance and retirement fund business (Betriebliches Vorsorgekassengeschäft); and
  • exchange bureau business (Wechselstubengeschäft).

An entity must also be licensed by the competent supervisory authority as a financial institution to carry out additional activities listed in Section 1 paragraph 2 of the BWG, particularly when carrying out one or more of the following activities for a commercial purpose in addition to their activities as a credit institution:

  • leasing business (Leasinggeschäft);
  • consulting companies on capital structure and industrial strategy (Beratung über die Kapitalstruktur);
  • providing trade information (Erteilung von Handelsauskünften);
  • providing safety deposit box management services (Schließfachverwaltung);
  • providing payment services under the Payment Service Act 2018 (ZaDiG); and
  • issuing e-money under the E-GeldG.

The licence for conducting banking activities as a credit institution or additionally as a financial institution may be granted with connected conditions and obligations, and may be restricted to the individual banking activities mentioned above. The scope of the licence(s) granted to each entity is publicly available in the company database of the FMA.

In September 2020, the FMA established an accompanying licensing procedure in the form of a regulatory sandbox. In this sandbox, FinTechs seeking a license, but also existing licensed entities wanting to test financial innovations, are to be prepared for supervision in an intensive dialogue with the FMA so that they can test their business models.

Application Process

In general, the ECB is responsible for granting and extending licences to CRR credit institutions. For Austrian non-CRR credit institutions and branches of foreign credit institutions in Austria, competence remains with the FMA.

Nevertheless, all applications must be submitted to the FMA, regardless of whether the decision is to be taken by the FMA or the ECB.

The following key documents are to be reviewed by the FMA/ECB as part of the licensing process:

  • the application for the authorisation of a credit institution, structured in line with (i) parts of the FMA’s Regulation on Qualifying Holdings 2016; (ii) the Annex of the EBA’s draft RTS and ITS on authorisation of credit institutions; and (iii) the ECB’s revised Guide to assessment of licence application (2019); and
  • the business plan, which reflects the European Banking Authority (EBA) and ECB requirements referred to in the documents mentioned above.

The licensing process for CRR credit institutions, for which the ECB is responsible, is outlined below.

Before the application is submitted to the FMA, there is a preliminary discussion phase in which the receipt of the application is confirmed. After formal confirmation by the FMA, a formal ECB approval decision must be issued within 12 months. The ECB’s experts must be involved by the FMA at an early stage of this process.

The FMA assesses whether the conditions set out in the BWG are met in the application. If the applicant fulfils the conditions, the FMA forwards the application with a draft decision and the relevant documentation to the ECB for the decision-making process. The applicant must provide specific details regarding the business plan, including the nature of the planned transactions, the credit institution’s organisational structure, risk management strategies for banking activities, as well as the identity and the amount contributed by owners, who possess a qualifying holding in the credit institution and information required for the purpose of assessing the reliability of these owners. The ECB conducts its own assessment of the application based on the FMA’s draft decision and makes a final decision, which is then notified to the applicant. The average timing depends on whether or not the application is for a “full” licence and therefore for major banking activities, but the process should be completed within 12 months.

Licensing applications for Austrian non-CRR credit institutions (CRR financial institutions) or Austrian branches of non-EU-based and non-EEA-based (CRR and non-CRR) credit institutions are conducted entirely by the FMA.

Requirements

The licence is issued by the FMA (or the ECB for CRR credit institutions) if the following requirements are fulfilled:

  • the undertaking is a corporation, a co-operative society or a savings bank;
  • the articles of association do not contradict the provisions of the Banking Act that ensure the security of assets and the proper conduct of business;
  • the capital, liquidity and solvency of the institution prospectively are sufficient;
  • internal organisation regarding risk management, compliance and audit is compliant;
  • the persons holding qualifying participations (more than 10% of the share capital or voting rights) meet prudent requirements;
  • any close ties of the institution to other natural persons or legal entities shall not prevent the FMA from fulfilling its supervisory duties;
  • legal or administrative provisions of a third country do not prevent the FMA from fulfilling its supervisory duties;
  • the initial capital shall amount to at least EUR5 million and shall be at the unrestricted and unencumbered disposal of the managers in Austria;
  • the members of the management board or the members of the supervisory board are financially sound;
  • the members of the management board, the head of banking compliance, the AML officer and the head of securities services compliance are sufficiently suitable, and the members of the supervisory board have sufficient professional qualifications and experience;
  • the managing directors commit sufficient time to performing their functions;
  • the centre of at least one managing director’s interests is in Austria;
  • the institute has at least two managing directors and the articles of association exclude individual power of representation; the managing directors may not have another main profession outside the banking industry; and
  • the location of the branch and the head office is in Austria.

Costs

The fee for an FMA licence for the operation of bank transactions amounts to approximately EUR10,000, and the extension fee for a licence amounts to EUR2,000. If the applicants engage a lawyer, further costs for the licence proceedings arise. Annual ongoing costs for the licence are also charged.

The ECB further charges annual supervisory fees to all CRR credit institutions in Austria, whereby significant banks must pay a higher supervisory fee than less significant banks.

Pursuant to Section 20 paragraph 1 of the BWG, the FMA must be informed in advance in writing by any person who has taken a decision to acquire or dispose of (directly or indirectly) a participation of 10%, or to increase or decrease a qualified shareholding by reaching a 20%, 30% or 50% threshold of voting rights or capital in an Austrian credit institution (or in such a way that the credit institution becomes a subsidiary undertaking of that party). This includes investors acting together.

Furthermore, the credit institution shall immediately notify the FMA in writing of any acquisition or relinquishment of qualified shareholdings, and of any reaching, exceeding or falling below the shareholding thresholds as soon as it becomes aware thereof. In addition, credit institutions must notify the FMA in writing at least once a year of the names and addresses of shareholders holding qualified interests.

The FMA has a maximum of 60 working days from the receipt of the notification and all the documents required pursuant to Section 20b paragraph 3 of the BWG to prohibit the proposed acquisition in writing following an assessment according to the assessment criteria set forth in Section 20b of the BWG, provided there are reasonable grounds therefor, or if the information submitted by the proposed acquirer is incomplete. Thus, the FMA shall examine the suitability of the interested buyer and the financial stability of the intended acquisition.

The FMA will review and assess all information provided by the proposed acquirer in connection with the notification, focusing on the criteria set by law.

Specific information to be filed is provided for in the Ownership Control Regulation, including information about:

  • the identity of the proposed acquirer, by-laws, management board, economic beneficiaries, etc;
  • the reliability of the acquirer with regard to criminal or administrative offences, insolvency proceedings, etc;
  • the participations with a group of companies as well as other possible ways to exercise influence;
  • the relevant business relationships, family ties or other relevant relationships, as well as acquisition interests;
  • the financial situation and credit standing of the acquirer;
  • the funding of the intended acquisition, including disclosure of all relevant agreements; and
  • the business plan, including a description of strategic objectives and plans if the acquirer gains control.

If the bank is listed on the Austrian stock exchange, an acquirer must also comply with the provisions of the BörseG and the Takeover Act (eg, filing and notification obligations, mandatory takeover bid, etc).

Similar requirements must be fulfilled if the proposed acquirer intends to acquire a qualified holding in an insurance company, an investment firm, an investment service provider or a payment institution.

The FMA has published a detailed set of guidelines and circular letters (FMA Rundschreiben) on the application and scope of the organisational regulations, which depend on the type of business activities envisaged by the entity. An institution has to implement and continuously monitor a comprehensive set of organisational requirements, such as organisational structure, clear decision-making processes, documentation and reporting obligations, and responsibilities.

The management shall define and oversee the internal principles of proper business management (“fit and proper”), guaranteeing the requisite level of care when managing the institution, and focus particularly on the segregation of duties in the organisation and the prevention of conflicts of interest and, therefore, establish mechanisms to safeguard the security and confidentiality of information, pursuant to Section 38 of the BWG.

The BWG stipulates that management boards of credit institutions whose total assets exceed EUR1 billion or which have transferable securities listed on a regulated market must establish an audit committee. This committee supervises the audit and issuance of financial statements, the internal control system, audit function and risk management system.

Further, the management boards of credit institutions whose total assets exceed EUR5 billion must establish (i) a nomination committee; (ii) a remuneration committee; and (iii) a risk committee.

Banks are required to ensure the suitability of their managing directors, supervisory board members and holders of key functions on an ongoing basis. In addition to an internal guideline for the assessment process, banks are also required to provide ongoing training for their governing bodies and employees.

Sections 5 (1) (6)-(13), 28a and 30 (7a) of the BWG contain requirements for the members of the management and the supervisory board of credit institutions.

Fit and Proper Hearings

The FMA and the ECB apply an increasingly strict assessment procedure when evaluating the professional suitability of functionaries. Newly appointed governing bodies are invited to a hearing, and the theoretical knowledge required for the respective company is tested in an oral examination. The material covered for credit institutions includes financial expertise, the BWG and related ordinances, applicable special laws and European supervisory laws (CRR, EBA Regulatory Technical Standards, EBA Guidelines, etc) as well as the contents of the FMA Minimum Standards and FMA circulars. Basic knowledge of corporate law and knowledge of the institution within the framework of the “know your structure” principle is also required.

Requirements for the remuneration policies and practice of credit institutions licensed in Austria are set out in Sections 39/2 and 39b of the BWG, and in the Annex to Section 39b. These provisions implement the EU Directive governing remuneration policies and practices (CRD IV and CRD V) into Austrian Law. The FMA has to take these regulations into account, according to the European convergence in respect of supervisory tools and supervisory procedures. As a consequence, the guidelines and recommendations (and other measures) that are issued by the EBA must be applied. Therefore, the Annex to Section 39b of the BWG, the circular letter (re-)issued by the FMA in January 2018 (Grundsätze der Vergütungspolitik und –praktiken; Rundschreiben der FMA zu §§ 39 Abs. 2, 39b und 39c BWG) and the guidelines from the EBA considering remuneration policies (eg, guidelines on sound remuneration policies under CRD IV and disclosures under the CRR) contain the main rules for restrictions on remuneration.

Therefore, the remuneration provisions of the BWG shall ensure that credit institutions adopt remuneration policies and practices that encourage their employees to act in a sustainable and long-term manner and align their personal objectives with the long-term interests of the credit institution.

Pursuant to Section 39 paragraph 2 of the BWG, credit institutions and groups of credit institutions need to have administrative, accounting and control procedures for the identification, assessment, management and monitoring of banking business and banking operational risks, as well as risks arising from remuneration policies and practices, that are appropriate to the nature, scale and complexity of the banking business conducted.

The Financial Markets Anti-Money Laundering Act (Finanzmarkt-Geldwäschegesetz – FM-GwG) has been in force since 1 January 2017, transposing the international and European rules for the prevention of money laundering and terrorist financing into national law. Provisions relating to beneficial ownership are now also set out in the Beneficial Owners Register Act (Wirtschaftliche Eigentümer Registergesetz – WiEReG).

The FM-GwG imposes special due diligence requirements and defines special obligations for credit and financial institutions regarding due diligence and reporting in order to prevent money laundering and terrorist finance. Bank business may only be transacted with customers who have been identified – the “know-your-customer” principle.

Before a credit or financial institution begins a business relationship, it must verify the identity of the customer.

The Act on Deposit Guarantee Schemes and Investor Compensation (ESAEG) implements the Directive on Deposit Guarantee Schemes (Directive 2014/49/EU) and regulates the protection of deposits and credit balances, including interest on accounts and savings. The objective of the ESAEG is to ensure the rapid and comprehensive compensation of depositors’ claims in the event of a guarantee. The aim is to ensure that claims arising from security incidents are satisfied by the member institutions of the security schemes within a short period of time, so that financial obligations for the federal government can be avoided. In a guarantee case, deposits of up to EUR100,000 per customer and bank are covered. Every credit institution domiciled in Austria that wishes to accept customer deposits or provide investment services requiring guarantees must belong to a protection scheme.

Since 1 January 2019, the single deposit guarantee and investor compensation scheme limited liability company (Einlagensicherung Austria GesmbH – ESA) has assumed the responsibility for the compensation of all depositors and investors in Austrian credit institutions. Another institutional protection scheme as a limited liability company (Sparkassen-Haftungs-GmbH) is recognised as an alternative deposit guarantee and investor compensation schemes in Austria by the FMA and the ECB. In 2022, a third institutional protection scheme (Österreichische Raiffeisen-Sicherheitseinrichtung eGen) was recognised.

Section 38 paragraph 1 of the BWG stipulates the obligation of a bank, its shareholders, corporate bodies, staff and other persons who are acting on behalf of the bank not to disclose certain information and secrets that have come to their attention based on their relationship with the customers.

Secret in the legal context means a fact that is known only to the keeper of the secret themselves or only to a relatively limited circle of persons. Furthermore, the fact must not be accessible, or can only be accessible with difficulty to persons otherwise interested in such fact. This includes circumstances where disclosure or exploitation is likely to violate a legitimate interest of the customer. Accordingly, banking secrecy includes the name and contact details of the creditor, the amount of the credit volume and the account balance information of the customer.

The concept of a secret is also characterised by the subjective component that the holder of the secret has an interest or desire to treat a fact as a business secret, as the owner of the secret would be at a disadvantage in case of disclosure. However, as this desire to maintain secrecy may not be established in some situations, the negative criterion that the existence of a secret is excluded if the owner of the secret renounces the secrecy has been supported by scholars.

Banking secrecy is intended to protect the legitimate interests of a customer in maintaining the confidentiality of facts that become known to the bank in the course of the business relationship. This includes all secrets that are exclusively entrusted, disclosed or made accessible within the scope of a business relationship; such secrets may not be disclosed or exploited. This is necessary to maintain the basis of trust between credit institutions and customers. Furthermore, the access of third parties to these secret facts – of the federal state in particular, but also of private persons interested in receiving information – is to be excluded or limited to the extent that the customer only has to accept exceptions from banking secrecy under certain conditions.

Exceptions to banking secrecy are stipulated in Section 38 paragraph 2 of the BWG – eg, in criminal proceedings vis-à-vis public prosecutors and criminal courts.

Banking Secrecy and Non-performing Loans

Banking secrecy plays a key role in the sale of non-performing loans. Section 38 paragraph 2 of the BWG does not contain any express exception for the sale of non-performing loans. On the basis of the BWG, only an exception based on the customer’s express consent is possible. However, the Austrian Supreme Court has decided that a breach of banking secrecy is permissible if special requirements are met; in particular if the bank’s interest in a sale outweighs the customer’s interest in confidentiality.

A breach of banking secrecy generally results in the nullity of the legal transaction under civil law and also can lead to administrative and criminal law consequences.

Capital Requirements

Article 92 of the CRR sets out the specific capital requirements for the types of risk to be covered in accordance with Article 92 (3). Article 92 (2) of the CRR defines the capital ratio as a percentage of the total risk amount – the so-called solvency ratio (Solvabilitätskoeffizienten). The total risk amount is the sum of the institutions’ credit risk, operational risk, market price risks and the risk of a credit valuation adjustment. This total risk amount is to be compared to the own funds of the credit institution, resulting in the capital ratio of the institution.

Accordingly, credit institutions must maintain at least the following own funds requirements at all times:

  • a Common Equity Tier 1 capital ratio of 4.5% of RWA;
  • a Tier 1 capital ratio of 6% of RWA; and
  • a total capital ratio of 8% of RWA.

In addition to these minimum capital requirements, an institution must meet certain capital buffer requirements.

As the capital buffers contained in the CRD have been transposed into Austrian law by Sections 23 to 23f of the BWG, the capital conservation buffer of 2.5% of risk-weighted assets (RWA) therefore applies by virtue of Austrian law and is applicable to every credit institution licensed in Austria.

However, the FMA may set additional capital buffers on an individual basis, including:

  • a countercyclical capital buffer of up to 2.5% of RWA generated in the respective EU member state;
  • a systemic risk buffer for 11 Austrian groups of institutions, with five of the group member institutions additionally required to comply on an unconsolidated basis (between 0.5% and 1% of RWA in 2021 with a statutory flexible maximum of 5% of RWA); and
  • a buffer for global systemically important institutions (G-SIIs).

Liquidity Requirements

The CRR (CRR II) requires entities to hold enough liquid assets to deal with any possible imbalance between liquidity inflows and outflows under gravely stressed conditions during a period of 30 days (Liquidity Coverage Ratio – LCR) and to ensure their ongoing ability to meet short-term obligations. The LCR as a short-term liquidity business ratio was fully introduced in 2018; amendments made by the CRR II have applied since June 2021. The new rules impose a binding leverage ratio requiring institutions to maintain Tier 1 capital of at least 3% of their non-risk-weighted assets. An additional leverage ratio buffer will apply to G-SIIs. In addition, the European Commission has proposed that credit institutions should also ensure that their long-term obligations will be adequately met with a diversity of stable funding instruments under both normal and stressed conditions (Net Stable Funding Ratio – NSFR – as a long-term liquidity business ratio). Furthermore, entities are required by the BWG to ensure that they are able to meet their payment obligations at any time – eg, by establishing company-specific financial and liquidity planning based on banking experience pursuant to Section 39 paragraph 3 of the BWG.

According to Section 82 of the BWG, insolvency proceedings cannot be opened in the form of reorganisation proceedings (Sanierungsverfahren); business supervision proceedings (Geschäftsaufsichtsverfahren) or bankruptcy proceedings (Konkursverfahren) can, however, be instituted. In addition, the conclusion of a reorganisation plan is not possible in bankruptcy proceedings.

In addition to the BWG, the BRRD provides central provisions in the area of insolvency, recovery and resolution.

Austria has implemented the BRRD by adopting the BaSAG, thereby creating a national legal framework for dealing with banks that are failing or likely to fail. The BaSAG contains provisions covering the following:

  • prescribing the preparation of recovery plans by banks and by the resolution authorities, including powers to remove obstacles to a resolution (prevention);
  • enabling supervisory authorities to intervene at an early stage, including related additional powers to intervene (early intervention); and
  • forming the basis for the establishment of a national resolution authority and for entrusting the authority with the necessary powers and tools (resolution).

The following resolution tools are at the FMA’s disposal:

  • the sale of business tool;
  • the tool to establish a bridge institution (bridge bank);
  • the asset separation tool; and
  • the tool for the bailing-in of creditors (bail-in).

The bail-in is one of the core elements of the BRRD. It provides the resolution authority with the possibility to write down the eligible liabilities in a cascading contribution to absorb the losses of an institution, or to convert them into equity capital.

If insolvency proceedings are opened over the assets of a credit institution or a legal entity pursuant to Section 1 of the BaSAG, it must continue to provide services or support if the resolution authority has issued a corresponding order.

The amendments made by CRR II and CRD V regarding the capital requirements of credit institutions and investment firms shall strengthen the resilience of the banking sector by introducing more risk-sensitive capital requirements. Challenges arise in particular from the fact that these concepts designed for large institutions (“big players” and G-SIIs) – eg, total loss-absorbing capacity (TLAC) and minimum requirement for own funds and eligible liabilities (MREL) – may not be applied to small institutions without making adaptations, as Austria has a particularly large number of small and medium-sized banks.

The financial sector has faced recent challenges created by new ways of digitalisation and data processing technology within the field of banking operations and investment service providers (fintech). Traditional financial institutions in particular have to be aware of their new digital competitors. Other important issues include the rising standards of regulation, complexity and the increasing costs for the institutes. With regard to the current interest rates, the “compliance tool” proposed by the European Commission aimed at facilitating institutions’ compliance with their Regulations and Directives may enable each institution to rapidly identify the relevant provisions with which they have to comply and improve the cost-to-income ratio.

The EU Sustainability Taxonomy

Regulation (EU) 2020/852 of the European Parliament and of the Council of 18 June 2020 on the establishment of a framework to facilitate sustainable investment, and amending Regulation (EU) 2019/2088, places sustainability at the centre of the financial system. This is intended – in accordance with Regulation (EU) 2020/852 – to direct capital flows into “sustainable” investments. Regulation (EU) 2020/852 is addressed to companies engaged in capital markets and thus also to financial institutions that provide investment advice or portfolio management to retail clients or professionals who are therefore called upon to act responsibly.

Regulation (EU) 2020/852 sets out considerable disclosure obligations for entrepreneurs as of 1 January 2022 in order to provide (potential) investors with “clear and not misleading” information about the respective company and financial instrument. To this end, the regulation contains the criteria for determining whether an economic activity is to be classified as environmentally sustainable in order to be able to determine the degree of environmental sustainability of an investment. For this purpose, the regulation defines the following six environmental objectives:

  • climate change mitigation;
  • climate change adaptation;
  • the sustainable use and protection of water and marine resources;
  • the transition to a circular economy;
  • pollution prevention and control; and
  • the protection and restoration of biodiversity and ecosystems.

For an economic activity to be considered environmentally sustainable under the EU taxonomy, the following conditions must be met:

  • The activity must make a significant contribution to at least one of the six environmental objectives listed above.
  • The activity must not cause significant harm to any of the other environmental objectives (the “do no significant harm” principle).
  • Companies must meet the minimum social standards set by the EU.
  • The technical evaluation criteria, which are or have been set by the Commission, must be met.

Transparency Obligations

The rules for financial market participants and financial advisers on transparency with regard to the integration of sustainability risks and the consideration of adverse sustainability impacts in their processes and the provision of sustainability‐related information with respect to financial products are laid down in Regulation (EU) 2020/852 and Regulation (EU) 2019/2088, which provide for the following transparency obligations:

  • transparency of sustainability risk policies;
  • transparency of adverse sustainability impacts at entity level;
  • transparency of remuneration policies in relation to the integration of sustainability risks;
  • transparency of the integration of sustainability risks;
  • transparency of adverse sustainability impacts at financial product level;
  • transparency of the promotion of environmental or social characteristics in pre‐contractual disclosures;
  • transparency of (environmentally) sustainable investments in pre‐contractual disclosures and in periodic reports;
  • transparency of the promotion of environmental or social characteristics and of sustainable investments on websites and in periodic reports;
  • transparency of financial products that promote environmental characteristics in pre-contractual disclosures and in periodic reports;
  • transparency of other financial products in pre-contractual disclosures and in periodic reports (“[t]he investments underlying this financial product do not take into account the EU criteria for environmentally sustainable economic activities.”); and
  • transparency of undertakings in non-financial statements.
Fellner Wratzfeld and Partners

Schottenring 12
A-1010 Vienna
Austria

+43 1 53770 0

office@fwp.at www.fwp.at
Author Business Card

Trends and Developments


Authors



DLA Piper Weiss-Tessbach is a global law firm with lawyers located in more than 40 countries throughout the Americas, Europe, the Middle East, Africa, and Asia Pacific who share the same systems, procedures, methodologies, and values. The firm’s lawyers track new laws, market conditions, and financial products. The firm balances this with local, legal insight and sector-focused commercial sense to protect the interests of its clients in full. DLA Piper in Vienna combines DLA Piper’s global reach with local know-how. Recognised as one of the top ten Austrian law firms, the firm advises start-ups, local and household name companies, multinationals, financial institutions, public bodies, and governments. DLA Piper in Vienna is the top-tier mid-market law firm in Austria with a global network, leading in banking and finance, M&A, capital markets, tax, antitrust and IP/IT, advising clients across the sectors. DLA Piper in Vienna is currently the fastest-growing law firm in the country.

Key Updates

The banking regulatory landscape in the European Union (EU) is complex and constantly developing towards a secure, harmonised market, fostering financial stability. The Austrian banking law largely aligns with the standards set by the European legislator. Some of the most interesting developments include the forthcoming final implementation of the Basel III framework, which addresses liquidity requirements, capital adequacy, and stress testing standards. Alongside the prudential capital requirements regime, the EU has placed growing emphasis on enhancing the cybersecurity and operational resilience of the banking sector. Initiatives like the Digital Operational Resilience Act (DORA) outline specific requirements for financial institutions to manage their digital operational risks. National regulations have seen minimal changes, including an additional exemption from banking secrecy, for example. This article highlights key trends and developments in banking regulation within the EU and Austria for 2023.

Implementation of the Basel III Reforms

On 26 June 2023, the European Parliament and the Council agreed on the European Commission’s proposal of 2021 on a review of EU banking rules. Thus, the EU is implementing the remaining reforms agreed in the Basel III framework, which aim to strengthen the capital and liquidity requirements for credit institutions. This process is scheduled to commence next year and gradually unfold between 2025 and 2026.

The upcoming reforms will bring about a new way of measuring the risk of bank assets, known as risk-weighted assets (RWA). The asset groups that will be affected most include real estate and corporate loans. For instance, projects seeking funding for commercial real estate will need to have at least 150 percent of their value backed in equity. The banking package will also set an output floor for the internal models used by credit institutions for the assessment of risk and determination of how much capital they require. Credit institutions may deviate from the standard models and use their own (internal) statistical models to calculate their capital requirements. These internal models must be regularly updated and monitored by supervising authorities. According to the new rules, the capital computed through internal models should amount to no less than 50 percent, with a gradual increase to 72.5 percent by 2030, of capital calculated using the standardised approach.

The output floor will limit deviations between different institutions using internal models. The goal is to make sure that different credit institutions do not have wildly different ways of calculating risk. On average, the European Banking Authority (EBA) expects that these changes will require credit institutions to increase their capital by about 15%. Larger credit institutions, which tend to rely more on their customary methods, will be more affected by the projected output floor because they tend to have a greater difference between their internal approach and the standard one.

The banking package will also introduce changes to the way credit institutions can be resolved if they face financial troubles (ie, the resolution regime) by introducing changes to the Capital Requirements Regulation (CRR) to remove inconsistencies with the Bank Recovery and Resolution Directive (BRRD). The changes will adjust the treatment of regulatory treatment of global systematically important institution groups (G-SII – ie, large EU credit institution groups with third-country subsidiaries) with a multiple point of entry resolution strategy. Such G-SII groups are required to hold sufficient amounts of highly loss-absorbing (ie, bail-inable) liabilities in accordance with the Total Loss-Absorbing Capacity (TLAC) standard adopted by the Financial Stability Board. However, the current CRR does not make it clear whether the TLAC standard’s adjustments for these large credit institution groups also apply to their subsidiaries in other countries.

Furthermore, the banking package will introduce a dedicated prudential treatment of the so-called daisy chain approach and incorporate directly into the CRR the indirect subscription of instruments eligible for internal minimum requirement for own funds and eligible liabilities (internal MREL) within resolution groups with several layers of ownership. The deduction regime developed by the EBA envisages that internal MREL-eligible instruments issued by subsidiaries to the entity under resolution via an intermediate parent would have to be fully deducted from the amount of the intermediate parent’s own internal MREL capacity resulting in the application of an appropriate risk weight of zero percent in all the relevant resolution cases. Similar issues were identified in the CRR leverage ratio requirement. This is not yet possible under the CRR, resulting in inconsistencies between the prudential (capital requirement) treatment and resolution framework under the BRRD.

Enhanced EU-side Stress Testing

The EU is developing a new EU-side stress testing framework that is more comprehensive and forward-looking than the current one. Stress tests are used to assess the resilience of the EU banking sector to a range of shocks. In summer 2023, the EBA and the European Central Bank published the results of its 2023 EU-wide stress test, which involved 111 EU-/EEA-credit institutions, covering 75% of the EU banking sector assets. The stress test allowed supervisors to assess the resilience of EU-/EEA-credit institutions over a three-year horizon under both a baseline and an adverse scenario.

The findings demonstrate the enduring strength of EU-/EEA-credit institutions when subjected to a challenging scenario marked by a severe recession in the EU and worldwide, escalating interest rates, and widened credit spreads. The robustness of EU-/EEA-credit institutions can be attributed, in part, to their sound capital positions at the inception of the assessment, boasting an average fully loaded CET1 ratio of 15% (common equity tier 1 – ie, the highest quality of regulatory capital consisting of liquid bank holdings such as cash and stock). This substantial ratio empowers credit institutions to weather the erosion of capital reserves in the face of adverse circumstances. On an EU-wide basis, the Common Equity Tier 1 ratio in the adverse scenario falls by 4.6 percentage points to 10.4%. With the average fall in the capital ratio in the adverse scenario by 3.7 percentage points to 11.1%, Austria falls within the European middle field.

Furthermore, improved earnings and enhanced asset quality at the outset of 2023 serve to mitigate the depletion of capital reserves when confronted with the adverse scenario. Even in the event of combined losses amounting to EUR498 billion in the adverse scenario, EU-/EEA-credit institutions maintain capital adequacy that allows them to continue providing essential financial support to both households and businesses, even during periods of severe economic strain. Nonetheless, the current high level of macroeconomic uncertainty underscores the imperative need for vigilance, requiring both regulatory authorities and financial institutions to prepare for the possibility of a further deterioration in economic conditions.

Banking Secrecy Exemption

Under Section 38 of the Austrian Banking Act (Bankwesengesetz – BWG), credit institutions have a strict rule of keeping customer information confidential. This means they cannot share any information they receive from their customers unless it is required by law. This banking secrecy rule is taken very seriously and covers all the information they learn while doing business with customers.

Payment service providers must provide certain information to their home EU member state or host EU member state to enable the said EU member states to comply with their collection obligations set out in Regulation (EU) No 904/2010 on administrative cooperation and combating fraud in the field of value added tax. These records may include, among others, information subject to banking secrecy, which is why the introduction of a new exemption provision in Section 38(2) of the BWG is also necessary. Because the rule on changing the banking secrecy provision of the Banking Act is a constitutional provision, this amendment required the presence of at least half of the deputies in the National Council, the main legislative body in Austria, and a majority of two-thirds of the votes cast.

Cybersecurity and Operational Resilience

Following the 2008 crisis, the Union has looked to primarily strengthen the financial resilience and safeguard the competitiveness and stability of the financial sector from economic, prudential and market conduct perspectives.

Information and communication technology (ICT) plays a pivotal role in the financial services sector. Financial entities use ICT in almost every aspect of business operations, and the technology has become a core feature in the financial sector. But with great power comes great responsibility. Increased digitalisation and connectivity enhance functionality but also amplify the risk of cyber threats or ICT disruptions.

The following legislative measures regulate the IT security in the EU:

  • Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (NIS-Directive);
  • Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS2 Directive); and
  • Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities, and repealing Council Directive 2008/114/EC (CER Directive).

The NIS-Directive was transposed into Austrian law by means of the Network and Information Systems Act (Netz- und Informationssystemsicherheitsgesetz – NISG) and laid the groundwork for cybersecurity harmonisation in the EU. The NISG designated the responsibility for the strategic agenda to the chancellor’s office and the operational agenda to the Ministry of the Interior. The Republic also set up Computer Emergency Response Teams (CERTs) and adopted national NIS strategies and national NIS co-operation plans. The NIS2 Directive and CER Directive must be adopted into national law by 17 October 2024.

The Austrian financial supervisor, the Austrian Financial Market Authority (FMA), serves as the competent authority for handling serious operational or safety incident reports submitted by payment service providers in accordance with the Austrian Payment Services Act, transposing the Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market (PSD II). PSD II also contains provisions on outsourcing. For credit institutions, except for the EBA guidelines on outsourcing arrangements, a harmonised framework for outsourcing is still missing. Section 25 of BWG is only applicable to the outsourcing of critical and important banking functions. The outsourcing as per the PSD II constitutes a lex specialis and supplements the BWG outsourcing provision.

Furthermore, the EBA has published guidelines on the management of ICT and security risk management and guidelines on internal governance.

Regrettably, the EU’s previous approach to digital operational resilience in the financial sector lacked coherence, and the provisions tackling digital operational resilience were not fully or consistently harmonised to meet the sector’s needs. The EU is increasingly focused on strengthening the cybersecurity and operational resilience of the banking sector. This includes initiatives such as the Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (ie, the Digital Operational Resilience Act (DORA)), which sets out requirements for financial institutions to manage their digital operational risks.

Digital Operational Resilience Act (DORA)

DORA is a new regulation that came into force on 16 January 2023 and sets out requirements for financial institutions to manage their digital operational risks to further bolster the resilience of the financial systems of EU member states and the EU as a whole. The addressees of DORA have a two-year grace period and will be required to fully comply on 17 January 2025. However, as the regulatory and implementing technical standards are expected to be published in early 2024, the period for implementation is effectively shortened to one year.

The regulation provides for a single, no longer fragmented, set of rules for the entire financial sector and is intended to ensure that all participants in the financial system have the necessary safeguards in place to prevent or at least mitigate cyberattacks and other risks. DORA deals with five major topics:

  • ICT risk management;
  • ICT-related incident management, classification, and reporting;
  • digital operational resilience testing;
  • managing ICT third-party risk (outsourcing); and
  • information-sharing arrangements.

The addressees of the regulation are companies and institutions operating in the EU financial and insurance sector (financial entities), such as credit institutions, payment institutions, account information service providers, electronic money institutions, investment firms, crypto-asset service providers and issuers of asset-referenced tokens, central securities depositories and central counterparties, trading venues, securitisation repositories, managers of alternative investment funds and management companies, insurance and reinsurance undertakings and intermediary institutions for occupational retirement provision, credit rating agencies and crowdfunding service providers.

Additionally, DORA applies to companies that are not financial entities themselves but provide IT services to financial entities (ICT third-party service providers) – ie, cloud services providers, software providers, data analysts, and server services providers. Microenterprises (ie, financial entities that employ fewer than ten people and whose annual turnover or balance sheet total does not exceed EUR2 million) are exempted from the scope of many DORA provisions or are only subject to the regulation in a limited manner.

The principle of proportionality plays a decisive role in the application of DORA. While implementing the rules and obligations, financial entities must consider their size, risk level, and the nature of their services. Supervisory authorities should also consider the proportionality principle when assessing compliance. This flexible approach maintains a balance for DORA’s broad application.

DORA is a specific regulation that complements the NIS2 Directive. It ensures co-operation between the EU’s general cybersecurity framework and the security of the financial system. DORA replaces the ICT risk management and reporting requirements of the CER Directive for certain financial entities. Additionally, payment service providers under PSD II will now report all payment-related incidents under DORA, even if they are not ICT-related. This streamlines reporting and avoids duplicate obligations.

ICT Risk Management and Reporting

DORA is designed to help financial institutions manage their digital operational risks that could disrupt or impair their ability to deliver essential services. It sets clear requirements for this ICT risk management framework and for financial entities to identify, assess, and manage their digital operational risks, as well as to develop and implement incident response plans. Financial entities are required to establish and conduct annual assessments (with microenterprises doing so on a “regular” basis) of a comprehensive internal governance and control system to efficiently handle ICT risks.

The management body of the financial entity plays a central role in meeting these requirements. It is responsible for defining, approving, supervising, and executing all arrangements pertaining to ICT risk management. Additionally, financial entities, excluding microenterprises, must also establish an autonomous control function for managing ICT risks.

DORA establishes a robust ICT-related incident reporting regime aiming to enable competent supervisory authorities to fulfil their roles by acquiring a complete overview. Financial entities are required to create protocols and workflows to detect, manage, and report ICT incidents. In cases of severe ICT-related incidents, these must be reported to the relevant regulatory authority. Furthermore, financial entities must promptly inform their clients when they become aware of a significant ICT-related incident that affects their financial interests.

Digital Operational Resilience Testing

DORA will introduce a harmonised framework for ICT testing to reveal vulnerabilities and risks. The co-ordinated testing regime and mutual recognition of the results will require financial entities to conduct tests by independent internal or external parties, which shall occur at least annually for ICT systems or applications that support critical or important functions. Furthermore, some financial entities, among others, system-relevant credit institutions, central counterparties, and trading venues, will be required to carry out advanced testing of ICT tools, systems and processes based on the Threat-Led Penetration Testing (TLPT) method at least every three years.

ICT Third-Party Risk

DORA will further regulate the provision of ICT services through third parties, whether within the same group or externally outsourced. Financial entities will be ultimately responsible for ensuring that ICT third-party providers comply with DORA as a matter of principle.

Financial entities are required to create and periodically assess a strategy for the handling of ICT third-party risk. Prior to every outsourcing arrangement, the financial entity will be required to perform a selection procedure including an ICT risk assessment of the third-party provider and the envisaged arrangement. Additionally, financial entities must maintain an updated record of all contractual agreements involving third-party ICT services and annually report these arrangements to the relevant supervisory authority. Furthermore, they must assess the risk associated with relying on a single third-party ICT provider to prevent overreliance.

Like the EBA guidelines on outsourcing arrangements, DORA contains provisions on the outsourcing agreements. These provisions encompass various aspects and considerations for agreements with ICT third-party providers, such as:

  • a complete description of the outsourced functions, location, and possible subcontracting;
  • data processing and protection specification;
  • service level descriptions, including updates;
  • termination rights of financial entity in case of a significant breach by a third-party provider, material changes affecting the provision of the outsourcing or the supervision itself;
  • appropriate exit strategies provided for in the event of termination of the contractual relationship in the case of critical or important functions; and
  • further specific arrangements required for the provision of ICT services supporting critical or important functions.

The provisions will be applicable to existing agreements as well. Financial entities will need to update their outsourcing arrangements to align with the new regulation.

Apart from the provisions for financial entities, there is a plan for a consistent European monitoring framework aimed at specific ICT third-party service providers classified as “critical” and is intended to ensure that they are adequately and effectively monitored at Union level. The rules, jointly referred to as the Oversight Framework, shall establish the necessary oversight and monitoring entities and processes while remaining complementary to the sectoral law applicable to outsourcing. The Joint Committee of the European Supervisory Authorities shall establish the Oversight Forum and together they appoint a Lead Overseer for each critical ICT third-party services provider.

In the run-up to the oversight regime for such critical ICT third-party service providers, the assessment by the Lead Overseer will include:

  • requirements for critical ICT third-party service providers, including security, availability, continuity, scalability, data integrity, and quality of services;
  • physical security, risk management processes, governance arrangements, incident reporting, data portability, testing, ICT audits, and adherence to relevant standards;
  • the right to request all relevant information and documentation it deems necessary for the performance of its duties;
  • conducting general investigations and (on-site) inspections; and
  • requesting reports upon completion of oversight activities.

Following the assessment, the Lead Overseer will create an individual oversight plan outlining the annual goals and key actions for each critical ICT third-party service provider. The compliance of these providers will be rigorously evaluated from both technical and legal perspectives.

Should the critical ICT third-party service provider decide not to comply with the oversight plan, the competent authority will inform the financial entities concerned and may require them to temporarily suspend the use of the respective ICT third-party service provider services in whole or in part or to terminate the relevant contractual relationship. In cases of non-compliance and infringements, the Lead Overseer can impose a periodic administrative penalty payment of up to 1% of the provider’s average daily global turnover from the previous business year.

Information Sharing

DORA provides rules for sharing intelligence and cyber threat information among financial entities. Previously, concerns about data protection, antitrust, and liability rules (eg, in Austria, the highly relevant banking secrecy rules) limited such communication. Financial entities are encouraged to exchange among themselves, and with non-supervision authorities such as Europol, cyber threat information, and intelligence. Such information sharing is compliant with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) due to the relevant exemptions.

The mechanism of information-sharing between financial entities shall be implemented through an information-sharing arrangement that protects the potentially sensitive nature of the information shared, respects business confidentiality, ensures the protection of personal data and contains guidelines on competition policy. These agreements should define the rights of the parties involved, and participation in the information-sharing arrangements requires notification to the supervisory authority.

Additionally, financial entities can voluntarily report significant cyber threats to the relevant competent authority when they believe these threats are relevant to the financial system, service users, or clients.

Practical Recommendations for Implementation

Gap analysis

Financial entities are already subject to rigorous supervisory scrutiny regarding their IT security. It is crucial for them to conduct a thorough gap analysis to identify what IT security measures are currently in place internally and prioritise the implementation of any necessary measures to close these gaps as soon as possible.

Risk management

Financial entities need to evaluate their existing ICT risk strategies, policies, procedures in light of the new regulation. This evaluation should encompass the entire organisational structure, including risk management, controlling, internal audit, and extending to the competencies and responsibilities of the management. They also need to evaluate the services provided by third-party ICT providers to identify concentration risks and, if necessary, implement additional regulatory and monitoring measures.

Third-party ICT service providers

For existing contracts, a review is necessary to ensure that key contractual provisions meet the new requirements. When engaging new providers (ie, entering new contracts), financial entities should conduct a more detailed pre-contractual risk assessment to ensure compliance. Additionally, they should perform regular audits after the outsourcing arrangement begins.

Conclusion

Market participants need to consider a further set of regulatory rules, and this requires legal assistance. The legal rules underlying these frameworks can be complex and difficult to navigate. It is crucial for credit institutions and other financial entities as well as third-party ICT service providers to seek professional legal assistance to properly interpret and ensure full compliance. By doing so, the parties can mitigate the risk of non-compliance and contribute to the overall stability of the financial system.

DLA PIPER Weiss-Tessbach Rechtsanwälte GmbH

DLA Piper Weiss-Tessbach Rechtsanwälte GmbH
Schottenring 2-6
1010 Vienna
Austria

+43 1 53178 1042

+43 1 53178 52 52

jasna.zwitter-tehovnik@dlapiper.com www.dlapiper.com/en/austria/locations/vienna/
Author Business Card

Law and Practice

Authors



Fellner Wratzfeld & Partners (fwp) has a team of more than 120 highly qualified legal personnel. The firm’s major fields of specialisation include banking and finance, corporate/M&A, real estate, infrastructure and procurement law, changes of legal form, reorganisation and restructuring. fwp advises renowned credit institutions and financial services providers on financing projects, representing mainly Austrian and international private companies, but also acts for clients from the public sector. The firm’s expertise has proven its worth repeatedly, not only in connection with project and acquisition financing, but also in regard to financing company reorganisations; fwp is also able to draw upon substantial experience gained in the financing of complex consortia in the last few years.

Trends and Developments

Authors



DLA Piper Weiss-Tessbach is a global law firm with lawyers located in more than 40 countries throughout the Americas, Europe, the Middle East, Africa, and Asia Pacific who share the same systems, procedures, methodologies, and values. The firm’s lawyers track new laws, market conditions, and financial products. The firm balances this with local, legal insight and sector-focused commercial sense to protect the interests of its clients in full. DLA Piper in Vienna combines DLA Piper’s global reach with local know-how. Recognised as one of the top ten Austrian law firms, the firm advises start-ups, local and household name companies, multinationals, financial institutions, public bodies, and governments. DLA Piper in Vienna is the top-tier mid-market law firm in Austria with a global network, leading in banking and finance, M&A, capital markets, tax, antitrust and IP/IT, advising clients across the sectors. DLA Piper in Vienna is currently the fastest-growing law firm in the country.

Compare law and practice by selecting locations and topic(s)

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.