The main principles of French law governing the banking sector are set out in the French Monetary and Financial Code (Code monétaire et financier). Its provisions include the main European legal texts, as transposed in France. These include the texts relating to the Single Supervisory Mechanism, which entrusts the European Central Bank (ECB) with the supervision and control of the main credit institutions in their day-to-day activities; the texts relating to the Single Resolution Mechanism, which entrusts a specific authority, the Single Resolution Board, with the task of monitoring systemic institutions and managing the difficulties of credit institutions when they default; or the rules on capital requirements for the banking sector, which transpose the global standards on credit institution capital (commonly known as the Basel III agreement) into the EU legal framework, including Directive 2019/878/EU on capital requirements (CRDV) and Regulation (EU) 2019/876 (CRR2).
In addition to European Union law, the French regulatory panel includes specific provisions relating to national requirements such as provisions on the overall effective rate in credit agreements or in relation to the law on security interests.
Under French law, the Autorité de contrôle prudentiel et de résolution (ACPR) is responsible for supervising the banking system. With a supervisory and control remit, the ACPR has two main objectives: to ensure the stability of the financial system and to protect the customers, policyholders, members and beneficiaries of those it supervises. A third objective was assigned to the ACPR in 2013: preventing and resolving banking insolvency crises.
To achieve these objectives, the ACPR has the power to authorise credit institutions that apply to it, the power to impose disciplinary sanctions and the power to exercise administrative police powers. Under the supervision of the ECB, the ACPR sometimes needs the latter’s agreement to carry out its tasks. For example, the ECB may refuse to grant authorisation to a credit institution if it considers that the conditions set by the ACPR have not been met.
Credit institution authorisation in France can be obtained in two distinct forms: credit institution (within the meaning of CRD IV) or financing company (société de financement). The first type, credit institution, involves receiving repayable funds from the public. The second authorisation, for financing companies, covers entities that carry out credit transactions without receiving funds repayable from the public. The latter is a specific French licence, which is not covered by European law and therefore does not benefit from the European passport.
The two authorisations follow separate procedures, the first of which must be specified to the ACPR, which will notify the ECB, while the second, insofar as it is a procedure under national law, is carried out solely with the ACPR.
Credit institutions, once approved, can carry out all banking operations, namely the receipt of repayable funds from the public, credit operations, as well as payment banking services. They may also carry out operations related to their activities such as foreign exchange operations, placement, subscription, purchase, management, custody and sale of transferable securities and any financial product, advice and assistance in wealth management, payment services.
Financing companies, given that their authorisation is more limited as they are not approved as credit institutions, can only carry out related banking operations in a limited manner (ie, related operations which do not involve the receipt of reimbursable funds from the public).
The criteria for granting authorisation are broadly the same, with the exception of certain adjustments depending on the type of approval applied for:
Regarding the approval proceeding, the applicant must fill in a form through the ACPR’s digital portal and provide supporting documents concerning:
Authorisation as a credit institution is issued by the ECB on the basis of a draft decision transmitted by the ACPR; this authorisation decision having to be taken within six months from receipt of a complete file. When the request is incomplete, additional information may be requested and the processing time extended. The total time limit given to the ECB is 12 months from receipt of the initial request.
For financing company approvals, the processing times are the same. However, the application is only reviewed by the ACPR.
Any transaction enabling a person acting alone or in concert with other persons to acquire, increase, reduce or cease to have, directly or indirectly, a participation in a finance company or in a credit institution must be notified and, in certain situations, authorised by the ACPR or the ECB (as the case may be) before it is carried out.
The thresholds triggering a prior approval requirement are as follows.
The ACPR assesses, among other things, the financial soundness of the proposed acquirer, taking into account in particular the type of activities carried out and envisaged within the reporting institution targeted by the proposed acquisition, and the reputation and experience/competence of any person who, following the proposed acquisition, will effectively manage the activities or hold a corporate office within the management body responsible for supervising the effective management of the reporting institution.
Certain changes in the control exercised over a credit institution must be the subject of a declaration, sometimes as soon as they occur or within a maximum of one month after their completion.
The following must be immediately declared to the ACPR.
The following must, in particular, be the subject of a declaration within a maximum period of one month after its completion.
Very strict rules on corporate governance are required by the French Monetary and Financial Code for an institution to be granted banking authorisation. The aim of these conditions is to ensure the stability of both the institution and the banking system.
The geographical location and corporate form of a credit institution are governed by the French Monetary and Financial Code, requiring that the head office of any credit institution must be located in the same national territory as its registered office. As regards the corporate form of credit institutions, the French Monetary and Financial Code simply requires that the form chosen must be suitable for their activity. In practice, credit institutions usually adopt the corporate form of a société anonyme (SA) because it enables them to meet the legal and regulatory requirements imposed by European and French law, in particular with regard to appel public à l’épargne and the obligation to appoint at least two executive directors. SA with a board of directors can appoint deputy chief executive officers alongside the chief executive officer.
The French Monetary and Financial Code also sets out rigorous conditions for the governance of credit institutions. In particular:
It should be emphasised that pursuant to the French Monetary and Financial Code, the risk management function must be absolutely separated and independent from the organisational functions. To this end, it is specified that each function should have sufficient resources to carry out their missions.
Regarding share capital requirements, the amount of share capital varies between one million and five million euros depending on the type of banking authorisation issued.
Pursuant to Order of 3 November 2014, the French law imposes the implementation of a board of directors and an executive body, with regard to the certain types of risks (for example, credit risk, market risk, global interest rate risk, intermediation risk, liquidity and settlement risk and operational risk, including internal and external fraud risk), for the management of a credit institution.
Also, persons exercising a managing function must be fit and proper, with high competency and integrity, in order to secure the sound and prudent management of the institution. Since Ordinance 2014 158 of 20 February 2014 (which implements the CRD IV package), these requirements are extended to all members of the board of directors or the supervisory board of the credit institution or the financing company. Also, it is prohibited to combine the roles of chairman (of the board of directors or of the supervisory board) and chief executive officer, unless justified by the institution and authorised by the ACPR.
Furthermore, stricter requirements apply to institutions deemed systemically important financial institutions (SIFIs). There are limits on appointments to officer and director positions and there is the requirement to set up a nomination committee, risk committee and compensation committee.
The European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA) published, on 26 September 2017 (in force on 30 June 2018), a first joint guideline on assessing the suitability of members of the management bodies and key function-holders and a second joint guideline on internal governance. The ACPR has since declared its intention to comply with this second guideline and, subject to certain reservations, with the first guideline.
When appointing or renewing a member of the supervisory body of a credit institution, the company shall notify the ACPR of such appointment, accompanied by all the information enabling the ACPR to assess the integrity, knowledge, skills, and experience of the person concerned, as well as their availability.
Moreover, board members must allocate a sufficient amount of time to the performance of their duties within the organisation. The availability of the board members is assessed in light of the activities of the organisation. Nevertheless, for this assessment, the competent authority must have comprehensive information about all mandates and professional functions, including salaried ones, that occupy the majority of the time of the board members.
The last reform regarding remuneration is set out by Order No 2020-1635 of 21 December 2020 and by the Decree No 2020-1637 of 22 December 2020, which both transposed CRD V into French law.
The individuals impacted by this legislation are the members of the board of directors or of an executive body, and the employees responsible for directing the control functions or major business units.
The main relevant remuneration principles are:
The list of persons subject to the AML-CFT requirements is set by Article L. 561-2 of French Monetary and Financial Code: credit institutions, investment services-providers, insurance companies, notaries, etc.
These entities must comply with two main obligations. The first one is a customer due diligence (CDD) obligation. The second one is an information and reporting obligation to TRACFIN. In addition, suspicious transaction should be declared by any person to the prosecutor (procureur de la République).
The due diligence obligation takes the form of a “Know Your Customer” (KYC) and involves identification of the customer, the beneficial owner and the knowledge of the business relationship. The institution in charge of the KYC can have various approaches depending on the situation but they are all based on the proportionality principle, depending on their exact activities. The intensity of the due diligences will vary to ensure transparency based on each client’s risk assessment. The due diligence conducted should be recorded and kept by the credit institutions and be available to French authorities upon request.
In the KYC process, special attention should be paid to:
In addition to these obligations, regulated entities must implement internal organisation and procedures, considering, in particular, risk assessments (ie, the exposure these actors have to money laundering risks based on the services they are offering as well as the country of origin or destination of the funds).
The depositor protection regime in France is structured around a deposit and resolution guarantee fund: the Resolution Guarantee Fund (Fonds de garantie des dépôts et de resolution). This fund is a legal entity created under private law and managed by a supervisory board. The Resolution Guarantee Fund is funded by contributions from its members, the terms of contribution is determined for each member by the ACPR on the basis of the amount of guaranteed deposits of each member, and takes into account the risk profile guaranteed to the members. The ACPR specifies the condition under which the sums paid by the members may be refunded in the case of a decrease of the basis of their contribution. It also specifies the minimal amount due to each member.
The purpose of the regime is to manage and implement the arrangements for the guarantee of deposits and to finance the resolution arrangements for credit institutions. Therefore, the deposit guarantee scheme is implemented upon the request of the ACPR as soon as it finds that a credit institution is no longer able to return, immediately or in the future, the funds protected by that scheme.
Protected deposits are considered to be any deposit of up to EUR100,000 of any holder of certain accounts, such as cash and term-deposit accounts, savings accounts, or certain types of deposits (deposits made to the cash accounts of stock savings plans (plan d’épargne action), and deposits benefiting from the state guarantee made on Livret A.
On the other hand, certain deposits are specifically excluded from the deposit guarantee such as the deposits the existence of which can only be proven by a financial instrument, deposits that have the character of own funds or anonymous deposits, or deposits the holder of which has not been identified.
Some other kinds of deposits are the amounts due in representation of means of payment issued by the member credit institution of which the beneficiary has been identified or the overall net balance of factoring operations, taking into account the compensation and guarantee terms and conditions provided for by these contracts, is made up of the total collections on discounts left in account, minus drawings and commissions due.
It should be noted that deposits are solely covered up to EUR100,000. However, if any sum constitutes an exceptional and temporary deposit, there is a right to an increase in the limit of the guarantee of up to a limit of EUR500,000, for three months from the date on which it was credited to an account entering into the scope of the deposit guarantee.
Banking secrecy refers to a bank’s legal obligation not to disclose customer data to third parties. Under French law, banking secrecy is a professional duty applicable to the managers and employees of a credit institution in respect of information received from its clients, whereby the disclosure of any confidential information collected by the bank regarding its clients is strictly prohibited.
Banking secrecy is governed by Article L. 511-33 of the French Monetary and Financial Code (with a few exceptions). These secrecy requirements have a territorial scope, thus they only apply to information received from clients in France, and to confidential data.
Protected data is that of a confidential nature (ie, the balance of a bank account), data of a sufficiently precise nature to infringe the confidentiality of private life, for example: the content of an accounting document communicated by the customer which has not been published in the registry, and data that comes to the banker’s knowledge in the course of their profession and not in a personal capacity, for example, any confidential information revealed to the bank in the course of a credit application.
French courts have stated that any information obtained by the credit institution within the context of professional activity could qualify as information to be protected. Therefore, this scope includes account balances, account statements, transactions carried out by a client, a list of banking products held by a client, the amount of credit granted to a client, and the identity of the person who has a proxy on the account.
French courts tend to consider that certain precise data relating to persons with whom the credit institution does not have a contractual relationship may be confidential where such information has been collected in the context of contractual relations between the credit institution and its client.
The French Monetary and Financial Code allows credit institutions to communicate confidential information to specified parties in certain circumstances; this is the concept of “shared credit institution secrecy” including rating agencies for the purposes of rating financial products and persons with whom they negotiate, conclude, or execute certain transactions (on a “need-to-know basis”). These transactions include credit transactions carried out, directly or indirectly, by one or more credit institution, and transactions in financial, guarantee or insurance instruments intended to cover a credit risk. This also includes assignments or transfers of receivables or contracts and service contracts concluded with a third party with a view to entrusting it with significant operational functions. The disclosure may also be permitted by the client on a case-by-case basis.
In addition, in a number of cases, banking secrecy cannot be opposed to the rules of the authorities. For instance, in a criminal proceeding (including in the case of preliminary investigations, investigations of flagrancy and letters rogatory), the judge is vested with broad powers and credit institution secrecy may not be used by the credit institution in order not to disclose certain information.
Regarding French banking and financial regulators, both the AMF and the ACPR are granted broad investigative powers by the French legislature. They can verify all the books, registers, documents relating to the situation of the credit institution and to all transactions it carries out.
Violation of credit institution secrecy is punished by criminal sanctions (Article L. 226-13 of the French Criminal Code) of one year imprisonment and a fine of EUR15,000. In respect of civil sanctions, the client may engage the contractual civil liability of the credit institution and disciplinary sanctions the ACPR may impose disciplinary sanctions to the branch and to employees of the branch.
Article L. 571-4 of the French Monetary and Financial Code sanctions the breach of the actors of Article L. 511-33 of the same code. Therefore, the credit institution, which is civilly liable for its employees, may be ordered to pay damages to the victim of the indiscretion, to compensate for the material or moral prejudice suffered.
Although non-binding, the Basel Committee’s recommendations apply in France through the transposition into French law of CRD IV and the direct application of CRR.
Under the aforementioned directives, credit institutions must have minimum capital requirements corresponding to: EUR5 million for credit institutions and mutual or co-operative credit institutions with their head office located in France; and EUR2.2 million for financing companies (or EUR1.1 million for financing companies the sole activity of which is the granting of personal guarantees). It being specified that French SIFIs are subject to additional prudential requirements, which are determined by the ACPR with regard to type of institution in question (global systematically important institutions or other systematically important institutions).
Credit institutions are also subject to risk management rules. Under these rules, the management of a credit institution’s risks are entrusted to its board of directors; and the executive body with regard to certain types of risks (for example, credit risk, market risk, global interest rate risk, etc). Credit institutions must also meet capital ratio requirements, the leverage ratio, the net stable funding ratio and the liquidity coverage ratio to prevent insolvency risk and illiquidity risks.
In terms of capital adequacy requirements, the CRD IV package – transposition of which was completed by Ordinance No 2014-158 of 20 February 2014 – establishes two liquidity buffers:
Finally, for the solvency ratio, credit institutions must at any time comply with an 8% ratio between the amount of their own funds and their overall credit risk exposure according to the Basel Committee recommendation and CRR. Among other things, the CRR has strengthened the capital requirements by increasing the share of own funds that must be in common equity tier 1 (CET1) from 2% to 4.5%.
The French Commercial Code and the French Monetary and Financial Code deal with the bankruptcy of credit institutions. It should be noted at the outset that, like many companies, credit institutions are subject to the procedures set out in Book VI of the French Commercial Code. The latter offers three types of insolvency proceedings, depending on the level of financial distress, namely safeguard proceedings, judicial reorganisation and judicial liquidation.
The French Monetary and Financial Code supplements the provisions of the French Commercial Code by providing rules tailored to credit institutions. These rules stem from the transposition of Directive 2014/59/EU, establishing a framework for the recovery and resolution of credit institutions and investment firms – bank recovery and resolution directive (BRRD) into the French Monetary and Financial Code. This applies to credit institutions and investment firms meeting certain conditions (Articles L. 613-34 et seq of the French Monetary and Financial Code).
ACPR can take early intervention measures against a credit institution where the financial situation or liquidity of the credit institution or investment firm is rapidly deteriorating and may result in the institution not complying with prudential regulations. For example, the ACPR can require the credit institution to take several measures, such as the implementation of a preventive recovery plan or the implementation of an action plan for restructuring its debts with its creditors.
The ECB has similar powers to remedy the difficulties of systemic credit institutions (Article L. 511 41-5 of the French Monetary and Financial Code). For example, it can order the restriction or even the divestment of certain activities or request the adoption of a plan to comply with the prudential requirements applicable to institutions in difficulty. It may also order early intervention measures such as the appointment of a provisional administrator or the removal and replacement of certain senior managers.
Moreover, the ACPR may initiate resolution proceedings if the following conditions are met: (i) the resolution board of the ACPR has determined that the credit institution is failing or likely to fail; (ii) there is no reasonable prospect that the failure of the credit institution may be avoided within a reasonable timeframe, other than by using resolution measures; and (iii) a resolution action is necessary in view of the resolution objectives, and judicial liquidation proceedings provided for by Book VI of the French Commercial Code would not reach these objectives to the same extent.
In the context of its control and supervisory function, the ACPR can take administrative policy measures (mesures de police administrative) against credit institutions under its supervision, such as: making recommendations to a credit institution to take appropriate measures to strengthen its financial condition, and issue injunctions requiring the institution to restore or strengthen its financial condition; warning a credit institution to stop certain practices that may be detrimental to its clients and that contradict the rules of good conduct applicable to credit institutions; or suspend, restrict or temporarily prohibit the free disposal of the credit institution’s assets.
Where credit institutions are classified as systemic institutions, they are placed under the direct supervision of the ECB with regard to resolution, in accordance with the implementation of the European Single Supervisory Mechanism (Article 6, point 4, Regulation 1024/2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions and Article 39, Regulation 468/2014 establishing the framework for co-operation within the Single Supervisory Mechanism between the European Central Bank and national competent authorities and with national designated authorities).
Most of these measures are inspired by the 12 international principles on resolution defined by the Financial Stability Board in November 2011. At a European level, these principles have been transposed mainly by the BRRD Directive, as well as by the Single Resolution Mechanism established by Regulation (EU) 806/2014, establishing uniform rules and a uniform procedure for the resolution of credit institutions and certain investment firms.
Lastly, for the rules applicable to deposits, resolution measures may be financed by the Resolution Guarantee Fund. The Resolution Guarantee Fund may participate in the implementation of an internal bailout measure for the failing person up to a limit of EUR100,000. It may intervene on a preventive or curative basis, upon referral by the ACPR.
Before any insolvency proceedings are initiated, credit institutions may take advantage of the conciliation provided for in Articles L. 611-4 et seq. of the French Commercial Code, after receiving the assent of the ACPR and, where applicable, the ECB (L. 613-27 of the French Monetary and Financial Code).
On a national level, the ACPR updated its position concerning the limited network of acceptors and limited range of goods and services in June 2022, and edited a new annex in July 2023. This position aims to provide guidance on the assessment of the concepts of limited network of acceptors on the one hand, and limited range of goods and services on the other.
The updated position clarifies the criteria for assessing:
On a European level, an updated version payment services directive is currently being discussed by the European authorities, with a possible adoption schedule for mid-2024. The DSP3 should, in its actual discussed version, focus on improving the security of online transactions and introduce new regulations to strengthen the protection of consumer rights in matters of electronic payments.
In a nutshell, the main features of the DSP3 would consist of:
Regarding credit institutions in particular, on 1 March 2021, the EBA published binding standards on Pillar 3 disclosures on ESG risks, especially the Green Asset Ratio (GAR). The GAR is a key performance indicator which determines the ratio of assets considered environmentally sustainable as a percentage of total assets. To calculate this ratio, the numerator must indicate the proportion of assets on the balance sheet of credit institutions that are invested in economic activities that qualifies as environmentally sustainable and the denominator of the GAR indicates the credit institution’s total assets, total loans, total bonds and equities, total collateral covered and the other assets on the balance sheet.
The GAR aims to improve the accuracy, transparency, and comparability of reports made on taxonomy-related data streams, to mitigate the risk of greenwashing and evaluate the environmental performance of credit institutions.
In a broader way, banking regulatory requirements related to ESG matters are being implemented progressively in France, mostly through the direct application or implementation of European provisions such as Sustainable Finance Disclosure Regulation (SFDR), MiFID 2 and NFDR.
The SFDR imposes disclosure obligations on institutional investors and reinforces the requirements regarding the investors’ policy in relation to ESG matters (ie, provisions of Loi relative aux Nouvelles régulations économiques of 2001, the Grenelle Agreements of 2010 and Article 173-VI of Loi de transition énergétique pour la croissance verte of 2015).
SFDR Regulation aims to harmonise the provisions regarding the ESG-related disclosures and creates a binding regulatory framework for sustainable finance for all financial market participants and advisers, as well as investment managers or advisers based outside of the EU who market their products to clients residing in the EU.
SFDR Regulation currently relates to three levels of disclosure for investment products with regards to ESG considerations. It is based on the product’s specificities. For Article 6 financial products (ie, products that do not promote environmental or social characteristics or without a sustainable investment objective), the way sustainability risks are integrated into their investment decisions and the assessment of the possible impact of sustainability risks on the returns of these products must be disclosed. For Article 8 financial products (ie, products that promote environmental or social characteristics), the characteristics of the product(s) must be disclosed in the Key Investor Information Document (KIID), and published. For Article 9 financial products (ie, products that have sustainable investment as their objective and an index has been designated as a reference benchmark), an explanation as to why and how the designated product or index differs from other products or a broad market index and as to the nature of the specific sustainable development objectives must be disclosed to the client.
Finally, according to the “comply or explain” principle, if an institution, subject to the provisions of the SFDR Regulation fails to comply and publish a disclosure required, it must publish a declaration stating the reasons why no such information has been disclosed.
Pursuant to MiFID Regulation, as updated to ESG Regulation, investment firms are required to obtain information on the client’s sustainability preferences in order to assess investment suitability. Three categories of sustainability preferences that need to be considered. Financial instruments that pursue a minimum proportion of sustainable investments, as defined in SFDR, the instruments that pursue a minimum proportion of sustainable investments in economic activities qualified as environmentally sustainable under the EU Taxonomy Regulation, and the financial instruments that consider principal adverse impacts on sustainability factors, where elements demonstrating that consideration are determined by the client or potential client.
Investors will see their investment recommendations be made according to their sustainability preferences. To offer a personalised offer, each distributor must draw up a questionnaire. The European Securities and Markets Authority (ESMA) recently proposed the first details of a prescriptive framework, which should result in harmonised questionnaires.
57 avenue d’Iéna
75116
Paris
France
+33 1 53 57 71 71
+33 1 53 57 71 70
info@de-pardieu.com www.de-pardieu.comPayment Services Directive 3 (PSD3)
The European authorities are currently discussing a revision of the second payment services directive (PSD2), with the aim of a possible adoption in mid-2024. The European Commission published a package of legislative proposals on 28 June 2023. A Payment Services Regulation (PSR) will also be adopted.
The so-called PSD3 will inter alia focus on improving the security of transactions to mitigate payment fraud, introducing new regulations to strengthen the protection of consumer rights in matters of electronic payments, and facilitating open banking.
The PSD3 will indeed improve strong customer authentication (SCA) for electronic transactions, it being specified that the PSD2 already imposed certain requirements. It will also simplify the application of SCA for payment account information services and strengthen it when using digital wallets, as the PSD3 will indeed cover both payment services and electronic money services. In addition, Payment Service Providers (PSPs) will be required to clearly inform users of the charges applied to transactions and the terms and conditions of each payment service, and payment users should also benefit from better protection in the event of a dispute concerning unauthorised payments.
Regarding consumers’ personal data, the PSD3 will strengthen the existing regime and Third-Party Providers (TPPs) will have to comply with stricter rules on privacy and data protection when accessing users’ financial information.
Eventually, the PSD3 would play a key role in open banking, promoting the openness and interoperability of financial services with the possibility for consumers to share their financial data securely with TPP to access a wider range of financial services and products. The main features include (i) provisions aimed at establishing the right of access to payment accounts for TPPs duly authorised by competent authorities (ie, consumers will authorise TPPs to access their bank accounts to view transaction and balance information), (ii) a stronger customer authentication for all financial transactions in order to ensure that consumers securely confirm their identity before any payments or any account access, (iii) provision by the PSPs of a secure and standardised interface (a dashboard) to allow TPPs to access consumers’ payment accounts to facilitate data exchange while ensuring a high level of security, (iv) an extension of the matching of IBAN/name verification services to all transfers and support the sharing of fraud-related information among the service providers.
Sustainable Finance Disclosure Regulation
French legislation has gradually introduced requirements for institutional investors to disclose information and strengthen their policies concerning Environmental Social and Governance (ESG) matters. This progression includes, in particular, provisions from the Loi relative aux Nouvelles régulations économiques of 2001, the Grenelle Agreements of 2010 and Article 173-VI of the Loi de transition énergétique pour la croissance verte of 2015.
The SFDR Regulation was introduced to standardise ESG-related disclosure requirements. It was followed by Article 29 of Law No 2019-1147 on 8 November 2019 (Loi Energie Climat) with the aim of establishing a unified and obligatory regulatory framework for sustainable finance applicable to all participants in financial markets, advisers, as well as investment managers or advisers based outside the EU who market their products to EU clients.
The SFDR Regulation currently outlines three levels of disclosure for investment products concerning ESG considerations:
Under the “comply or explain” principle, institutions subject to the SFDR provisions that fail to meet disclosure requirements must publish a statement detailing the reasons for not providing the required information.
SFDR level 2 also pertains to the provision of periodic reports and pre-contractual documentation in predefined formats for Article 8 and 9 financial products, which will be included as annexes to the pre-contractual documentation.
The competent national authorities are encouraged, as part of the controls requested by the European authorities, to verify the correct application of the regulatory package.
With regard specifically to the binding provisions relating to credit institutions, the latter are now required to present their green asset ratio (GAR), which is a key performance indicator that measures the proportion of a credit institution’s assets that are linked to environment-friendly activities according to the European green taxonomy. To compute this ratio, the numerator should represent the percentage of a credit institution’s balance sheet assets invested in environment-sustainable economic activities. Meanwhile, the denominator of the GAR encompasses the total assets, total loans, total bonds and equities, total collateral covered, and other assets on the balance sheet of the credit institution. Therefore, credit institutions are bound to report their aggregate GAR pursuant to the CRR Regulation.
Digital Operational Resilience Act (DORA)
Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022, on the digital operational resilience of the financial sector, more commonly known as Digital Operational resilience of the financial sector (DORA) strengthens the fight against cyber risk by harmonising the existing body of legislation.
The DORA Regulation sets uniform requirements for the security of the networks and information systems of financial institutions, as well as critical third parties that provide them with information and communication technology (ICT) services, such as cloud computing platforms or data analysis services. It creates a regulatory framework for digital business resilience that requires all businesses to ensure they can withstand, respond to and recover from all types of ICT-related disruptions and threats. These requirements are uniform across all EU member states. The main objective is to prevent and mitigate cyber threats.
DORA regulation applies to a wide range of financial entities and institutions. This scope includes investment firms, payment institutions, electronic money institutions, management companies, insurance and reinsurance undertakings, and insurance and reinsurance intermediaries. This regulation also applies to ICT service providers operating within the European Union in the financial services sector (internet, wireless networks, cell phones).
Digital operational resilience is defined by the DORA regulation as “the ability of a financial entity to develop, guarantee and reassess its operational integrity and reliability by ensuring, directly or indirectly through the use of services provided by third-party information and communication technologies (ICT) service providers, the full range of ICT-related capabilities necessary to guarantee the security of the networks and information systems it uses, and which underpin the continuous provision of financial services and their quality, including in the event of disruptions”. In addition to knowing how to protect themselves, it is imperative for entities to take all preventive measures to ensure the continuity of their financial services in order to ensure the continuity of core activities.
The principal – ie, the financial institution – must ensure that the outsourcer complies with security due diligence. Conversely, the subcontractor must ensure that the verification carried out by the principal is not a source of risk. If the principal causes material damage following a compliance visit, this can increase the risk of cyber-attacks. In addition, the difficulty for principals is heightened by the risk of concentration.
The DORA regulation aims to make information technology (IT) resilience operational in several ways.
Position 2022-P-01 ACPR – Limited Network of Acceptors and Limited Range of Goods and Services
In the context of the transposition of Directive 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, the ACPR provided guidance on the assessment of the concepts of limited network of acceptors on the one hand, and limited range of goods and services on the other. These concepts are used to assess the application for exemption from the approval to be identified as a payment institution or an electronic money institution in order to provide means of payment. Benefiting from this exemption also results in the application of specific provisions in terms of anti-money laundering and combating the financing of terrorism (AML/CFT) due diligence requirements.
Having initially expressed guidance via a position published in 2017, on the concepts of “limited network of acceptors” and “limited range of goods and services”, the ACPR updated this position on the subject in June 2022, in order to take into account market developments, as well as the European Banking Authority’s Guidance on the exclusion relating to “limited networks” under PSD2.
The updated position clarifies the criteria for assessing:
On 20 July 2023, the ACPR published further details in an appendix to its position in order to clarify the criteria for certain players to benefit from an exemption from authorisation for the provision of means of payment in accordance with the provisions of PSD2. The clarifications relate in particular to contract models, information to provide to customers, and operational and financial security for future cases involving the use of multiple instruments on the same means of payment (for example, a card that can be used both to redeem luncheon vouchers and to pay for other in-store purchases).
57 avenue d’Iéna
75116
Paris
France
+33 1 53 57 71 71
+33 1 53 57 71 70
info@de-pardieu.com www.de-pardieu.com