Banking Regulation 2025 Comparisons

Principal Laws and Regulations

France benefits from a comprehensive legal and regulatory framework that applies to the banking sector. The main laws and regulations in France that apply to the banking sector are set out in the French Monetary and Financial Code (Code monétaire et financier), as well as in the French Civil Code (Code civil), the French Commercial Code (Code de commerce) and the French Consumer Code (Code de la consommation). Such legal framework is supplemented by regulators’ guidelines and instructions and French Decrees and Orders (Arrêtés) adopted by the French government or the French Minister of Economy (as the case may be).

The main law which modernised the regulation of the French banking sector was Law No 84-46 of 24 January 1984 on the activity and supervision of credit institutions. Since then, French banking sector has known many other laws and regulations reinforcing the regulation of actors and activities.

For instance:

• Law No 2010-1249 of 22 October 2010 on banking and financial regulation, which instituted the French banking regulator (Autorité de Contrôle Prudentiel, now the Autorité de Contrôle Prudentiel et de Résolution – ACPR); and
• Law No 2013-672 of 26 July 2013 on the separation and regulation of banking activities, which aimed to separate speculative activities from commercial activities that benefit the wider economy.

In addition, the French banking sector is subject to the European Union regulations, including the following EU Directives and Regulations:

• Directive No 2008/48/EC of 23 April 2008 on credit agreements for consumers and Directive No 2023/2225 of 18 October 2023 applicable from 20 November 2026 repealing Directive No 2008/48/EC;
• Directive No 2013/36/EU of 26 June 2013 on the prudential supervision of credit institutions and investment firms (the “Capital Requirements Directive” – CRD) and Directive No 2024/1619 of 31 May 2024 amending CRD (CRD VI) applicable from 11 January 2026;
• Regulation No 575/2013 of 26 June 2013 on prudential requirements for credit institutions (the “Capital Requirements Regulation” – CRR) and Regulation No 2024/1623 of 31 May 2024 amending CRR (CRR III) applicable from 1 January 2025; and
• Directive No 2014/59/EU of 15 May 2014 on the recovery and resolution of credit institutions (the “Bank Recovery and Resolution Directive” – BRRD).

Banking Regulators

Under French law, the banking sector is supervised by the ACPR.

The ACPR is competent for:

• monitoring the application of prudential rules;
• maintaining financial stability;
• monitoring compliance with rules on anti-money laundering and countering the financing of terrorism (AML/CFT); and
• ensuring the protection of credit institutions’ customers.

The ACPR also has the power to take administrative and disciplinary sanctions against regulated institutions in case of breach of applicable laws and regulations.

In addition, the French Financial Markets Authority (Autorité des marchés financiers – AMF) is also competent for monitoring French credit institutions which are authorised to provide investment services.

Local Particularities

One of the particularities of the French banking sector is the existence of what the ACPR terms “cooperative banking groups”, which are specifically governed by legal provisions of the French Monetary and Financial Code. Such legal framework includes provisions on conditions regarding the membership of cooperative networks, the missions of regional credit institutions, the composition of their capital, and the governance and organisation of each network.

In addition, it should be noted that besides credit institutions, specific regulated institutions may carry out banking activities in France:

• financing companies (sociétés de financement), which are able to provide credit services but are not authorised to receive funds from the public;
• payment institutions (établissements de paiement), which can only provide payment services;
• electronic money institutions (établissements de monnaie électronique), which can issue, manage and provide electronic money and provide payment services in that context; and
• some public institutions (the Trésor public, the Banque de France, La Poste, the Caisse des Dépôts et Consignations, etc).

Authorisation Requirements

In order to obtain a credit institution licence in France, the applicant must meet the following conditions:

• having a legal form adapted to the contemplated activities;
• having its central administration located in France;
• being managed by at least two conducting officers (dirigeants effectifs) who meet conditions regarding their knowledge, professional experience and skills, and comply with fit and proper requirements; and
• having a minimum paid-up initial capital of EUR5 million.

Although the legislation does not impose a specific legal form, in practice licensed credit institutions generally take the form of a société anonyme or a société en commandite par actions. In addition, specific requirements on governance and organisation apply when a credit institution adopts the legal form of a société par actions simplifiée.

Licensing Process

The application for a licence is filed with the ACPR, which then forwards the file and a draft decision to the European Central Bank (ECB). The decision to grant the licence is made by the ECB, based on the ACPR’s draft decision.

The application process generally begins with a “kick-off meeting” with the ACPR. This meeting aims to introduce the contemplated activities, outline the expected timeline and receive the ACPR’s preliminary comments on the project. Following this meeting, the applicant must prepare an application file that includes all required documents.

As a matter of principle, the licensing decision is taken within six months from the date of receipt of a complete application file. However, since the ACPR often asks for additional information and documents, the review period is always extended. In practice, the authorisation process generally lasts twelve months.

Once the licence is granted, the credit institution will be subject to various fees and charges including:

• contributions for control costs due to the ACPR;
• contribution to the national deposit guarantee scheme (see 6.1 Deposit Guarantee Scheme (DGS)); and
• contribution to the national resolution fund and the single resolution fund.

Activities and Services

The banking licence enables credit institutions to provide banking activities in France, which include:

• receiving funds from the public;
• granting credits; and
• providing bank payment services.

Note that banking activities are covered by the rules on French banking monopoly, and any breach of the banking monopoly regulations constitutes a criminal offence.

Additionally, duly authorised credit institutions can provide ancillary banking activities related to their business, such as:

• conducting foreign exchange transactions;
• conducting transactions relating to gold, precious metals and coins;
• investing in, subscribing to, buying, managing, providing custody for and selling securities and any other financial product;
• providing payment services;
• issuing and managing electronic money; and
• providing investment services (subject to an investment service provider’s licence).

Moreover, credit institutions can carry out non-banking activities provided that they are not conducted on a regular basis. That being said, specific non-banking activities could be carried out by a credit institution on a regular basis, such as:

• acting as an agent, a broker or a commission agent, in particular on behalf of a subsidiary;
• managing real estate assets that it owns, and which are not dedicated to its operations;
• offering services which constitute the ancillary use of resources mainly dedicated to banking operations; and
• providing services to customers which constitute an extension of banking transactions.

Non-banking activities must remain of limited importance in relation to the institution’s usual activities and must not prevent, restrict or distort competition in the relevant market.

In addition to its banking activities, a credit institution may also apply for further authorisations to conduct regulated activities which are covered by other licences, such as the investment service provider (ISP) or digital asset service provider (DASP) licences.

EU Passport

Pursuant to the principle of mutual recognition of banking licences inside the EU, a credit institution duly authorised in France may conduct banking activities in another EU member state, on the basis of the principles of freedom of establishment (ie, establishing a local branch) and/or freedom to provide services (ie, providing banking services to clients located in another EU member states on a cross-border basis). Such ability is subject to a notification process with the ACPR, which includes a form to be filled out containing information on the future branch and/or the types of business contemplated in the relevant EU member state.

Qualifying Holding

Any natural or legal person, acting individually or in concert, who plans to acquire a qualifying holding in a credit institution, either directly or indirectly, or to further increase their holding by crossing a relevant threshold, must notify the ACPR prior to the operation.

A qualifying holding refers to a direct or indirect holding in a credit institution that represents 10% or more of the capital or of the voting rights of that credit institution or that allows for the exercise of significant influence over the management of that credit institution.

The Joint Committee of the European Supervising Authorities established a non-exhaustive list of criteria that may be used to determine whether acquiring a holding in a credit institution is expected to involve the exercise of significant influence (JC/GL/2016/01).

Notification Thresholds

The thresholds triggering the application of the notification requirement are as follows:

• the portion of the capital or voting rights of the credit institution which would be held by the acquirer(s) exceeds 10%, 20%, 33% or 50%;
• the credit institution would become the subsidiary of the acquirer(s); or
• the operation would give the acquirer(s) significant influence over the management of the credit institution.

Authorisation Process

The notification file must be sent to the ACPR, which will assess the acquisition project and then forward the draft decision to approve or reject the acquisition project to the ECB. The ECB will decide either to approve or reject the acquisition project based on the ACPR’s assessment.

In particular, the ACPR verifies the soundness of the credit institution’s management, the appropriateness of the potential acquirer and the financial strength of the acquisition project. This assessment is based on the following criteria:

• the potential acquirer’s good reputation, which covers integrity and professional competence;
• the ongoing compliance by the credit institution’s conducing officers and members of the supervisory body with fit and proper requirements, following the acquisition project;
• the potential acquirer’s financial soundness, taking into account the credit institution’s activities;
• the ongoing compliance with the applicable prudential requirements; and
• the absence of suspicion or risk of money laundering or financing of terrorism.

Decreasing Control Over a Credit Institution

When a qualifying holding in a credit institution falls below the aforementioned thresholds or no longer constitutes a qualifying holding, such operation must also be disclosed beforehand to the ACPR. The ACPR has exclusive competence over the decision to approve or reject such an operation.

Regulatory Requirements

Overall, corporate governance rules applicable to credit institutions aim to strengthen the responsibility of the management body, prevent any situation of conflicts of interests and avoid any kind of misconduct (such as fraud or bribery), by promoting a compliance culture and internal transparency (for instance, by facilitating internal alerts).

Management functions

Credit institutions must have a management body with a clear distinction between the individuals responsible for the management functions (ie, conducting officers) and those responsible for the supervisory functions.

Accordingly, a French credit institution must put in place, in addition to the management body responsible for its management functions, one or more supervisory bodies in charge of supervisory functions within that credit institution.

The members of these management bodies are (depending on the credit institution’s legal form):

• the members of the board of directors, the supervisory board and the executive board;
• the chief executive officer (CEO);
• the deputy chief executive officers; and
• any other person or member of a body exercising equivalent functions.

The ACPR specified that in sociétés anonymes à conseil d’administration, the CEO and the deputy CEO(s) are the conducting officers (as defined below), whereas in sociétés anonyme à conseil de surveillance, all the members of the executive board (directoire) are the conducting officers.

Conducting officers are defined as senior managers (either legal representatives or not) who effectively direct the business of the credit institution and are empowered to set the institution’s strategy, objectives and overall direction.

Furthermore, the positions of chairman of the board of directors and CEO of a credit institution cannot be held by the same person.

Governance arrangements

In addition, credit institutions are required to have robust governance arrangements. These include:

• a clear organisational structure with well-defined, transparent, and consistent lines of responsibility;
• effective processes to identify, manage, monitor, and report the risks to which they are or might be exposed;
• adequate internal control mechanisms; and
• practices that are consistent with and promote sound and effective risk management.

The corporate governance rules are also set out in the French Order of 3 November 2014 on internal control applicable to entities in the banking, payment services, and investment services sectors. The French Order outlines, inter alia, the key functions of credit institutions and the rules applicable to their appointment, responsibilities, and the compliance and control requirements.

The main requirements related to corporate governance of a credit institution are:

• the management body must have the ultimate and overall responsibility for the credit institution’s activities;
• a clear distinction between the executive and non-executive functions must be defined;
• the management body must take decisions on a sound and well-informed basis;
• the management body in its supervisory functions must include independent members;
• the management body must adhere to and promote high ethical and professional standards;
• the management body in its supervisory functions should periodically monitor the effectiveness of the governance arrangements and ensure that appropriate measures are put in place in case of any deficiencies; and
• when applicable (eg, for significant credit institutions), the setting up of a risk committee, a nomination committee and a remuneration committee.

Diversity

Although French law does not contain any such provision, the European Banking Authority (EBA) recommends, in its guidelines on the assessment of the suitability of the management body and key function-holders, implementing a diversity criterion regarding the composition of credit institutions’ management bodies, for instance by taking into account characteristics such as educational and professional background, age and gender. The EBA considers that while the diversity of the management body is not a criterion for the assessment of the members’ individual suitability, diversity should also be taken into account when selecting and assessing members of management bodies. Thus, a more diverse management body, in its supervisory and management functions, can reduce the phenomenon of “groupthink” and facilitate the expression of independent opinions and constructive challenges during the decision-making process.

Regarding the remuneration policy which must be put in place by credit institutions, French law states that it must be gender-neutral and comply with the principle of equal pay for male and female workers for work of equal value.

Voluntary Codes and Industry Initiatives

On a national level, the Association Française des Entreprises Privées (AFEP) and Mouvement des Entreprises de France (MEDEF), which are the principal French business confederations, have developed a set of recommendations on corporate governance for listed companies.

The AFEP-MEDEF Code defines the principles of good corporate governance by introducing rules on communication between the board and shareholders, diversity in governance bodies and outlining the ethical standards to be observed by senior management.

While all French listed credit institutions comply with the requirements set out in this Code, unlisted institutions are also encouraged to adhere to it.

Bankers’ Oath

Unlike some other EU countries, France does not implement a bankers’ oath. However, all employees of a credit institution are bound by professional secrecy (secret bancaire), and any breach of this obligation constitutes a criminal offence.

Fitness and Propriety Requirements

Pursuant to French law, members of the management body (including conducting officers and members of the supervisory bodies) and staff holding key functions within credit institutions must comply with fitness and propriety requirements.

In order to ensure sound governance arrangements within the institution, those individuals must demonstrate integrity, knowledge, skills and relevant experience in relation to their functions.

According to French law, key function holders are individuals responsible for control functions, including risk management, compliance and internal audit.

Suitability Assessment Requirements

The appointment or renewal of any member of a credit institution’s management body (ie, conducting officers and members of the supervisory body) must be notified to the supervisory authorities within 15 days from the date of their appointment. The notification forms must be filled out on the ECB online portal for institutions under the direct supervision of the ECB and on the ACPR online portal for other institutions. The Authorities have two months to review the forms and approve or reject the appointment.

Regarding the appointment or renewal of conducting officers, both the ECB and ACPR assessments are based on the following criteria:

• fitness and propriety;
• knowledge;
• experience; and
• availability.

Regarding the members of the management body in its supervisory functions:

• independence from the credit institution’s management functions;
• fitness, propriety, knowledge, experience; and
• availability.

To perform their assessment of newly appointed or renewed individuals, supervisory authorities require detailed information such as:

• diplomas and certificates;
• practical and professional experience gained in previous positions;
• availability in days per year; and
• previous criminal, civil or administrative proceedings.

Staff Subject to the Remuneration Requirements

French law implementing the CRD and CRR imposes specific rules regarding the remuneration of identified staff for credit institutions licensed in France.

A remuneration policy must be applied to those categories of staff whose professional activities have a significant impact on the risk profile of the credit institution or group. These individuals are generally referred to as “material risk takers” (MRTs).

According to French law, MRTs are:

• all members of the board of directors, supervisory board or any other body exercising equivalent functions, as well as the conducting officers;
• the members of staff responsible for the control functions or the members of the material business units and who report directly to any person above-mentioned; and
• members of staff who were entitled to significant remuneration during the previous financial year, if the following two conditions are met:
1. this remuneration is greater than or equal to EUR500,000 and is greater or equal to the average remuneration granted to any person above-mentioned; and
2. they carry out their professional activities in a material business unit and these activities are likely to have a material impact on the risk profile of the business unit in question.

Remuneration Principles

The management body in its supervisory functions must adopt and regularly review the remuneration policy and monitor its implementation.

The shareholders must be consulted at least once a year in a general meeting regarding the MRT’s remuneration policy.

The remuneration policy must include the following principles:

• Ratio between fixed and variable remuneration: A clear distinction must be established between the fixed and variable components of remuneration. The variable component of the remuneration for MRTs must not exceed 100% of the fixed component of their remuneration. The shareholders of the credit institution, in general meeting, may decide to increase the variable portion of the MRTs’ remuneration to a maximum of 200% of the fixed remuneration.
• Instrument payment requirements: At least 50% of the variable component of the remuneration for MRTs must be paid in instruments (eg, shares or equivalent property rights). A retention period may be established by the credit institution to ensure the long-term commitment of relevant MRTs. In this regard, French law does not provide for a particular minimum retention period.
• Deferred payment requirements: At least 40% of the variable component of MRT’s remuneration must be deferred over a period of no less than four years. For particularly high variable remuneration, at least 60% of the variable component of the remuneration must be deferred.
• Malus and claw-back: The remuneration policy can include the possibility of reducing (malus) or returning (claw-back) the variable component of the remuneration in the event of a misconduct of the MRTs.

It should be noted that the ACPR’s policies only partially comply with the EBA Guidelines on sound remuneration policies (EBA/GL/2021/04). This can be explained by the fact that the EBA Guidelines include several measures that exceed standards provided for in the French laws implementing CRD’s requirements on remuneration in France, such as the inclusion of all credit institutions’ staff within the scope of the remuneration requirements.

As other regulated entities in the banking and financial sector, credit institutions are subject to the French legal framework on AML/CFT. Lately, French legislation implemented the Fifth EU Anti-Money Laundering Directive (2018/843/EU).

According to this framework, credit institutions must comply with the following main requirements (inter alia):

Customer Due Diligence

Customer due diligence obligations are mandatory before any entry into business relationship between a credit institution and its client (Know Your Customer – KYC). In addition, such requirements on customer due diligence must also be implemented on an ongoing basis during all the business relationship (ongoing customer due diligence).

In order to comply with its due diligence requirements, credit institutions must:

• identify the customer and, where applicable, the customer’s ultimate beneficial owner(s) (UBO);
• verify the customer’s identity based on reliable and independent sources and, where applicable, verify the UBO’s identity; and
• assess the purpose and intended nature of the business relationship.

These due diligence obligations must be proportionate and linked to a risk-based approach. Thus, where the AML/CFT risk associated with a business relationship is likely to be low, credit institutions can apply simplified customer due diligence measures and where the AML/CFT risk is likely to be higher, enhanced customer due diligence measures must be applied.

Risk level can be assessed based on the following risk factors (among others):

• the customer’s (and where applicable the UBO’s) type of business or professional activity;
• the customer (and where applicable its UBO) is a politically exposed person (or a member of a politically exposed person’s family or a person known to be closely associated with a politically exposed person);
• the customer’s (and where applicable the UBO’s) transaction might favour anonymity;
• the customer’s (and where applicable the UBO’s) residence is located in a geographical area of higher risk;
• the customer’s (and where applicable the UBO’s) reputation; and
• the customer’s (and where applicable the UBO’s) nature and behaviour.

In addition, credit institutions must put in place policies and procedures that enable them to identify persons targeted by financial or economic sanctions taken by French authorities, EU institutions, United Nations or other relevant international authorities. Where applicable, assets belonging to targeted individuals or legal persons must be frozen in order to prevent any move, transfer, alteration, use of or dealing with potentially criminal funds.

Reporting Requirements

Credit institutions must report any suspicious transaction or any customer’s ownership and control structure that raises suspicion to the French financial intelligence unit: TRACFIN.

Credit institutions must appoint a reporting officer and a correspondent officer, who will be responsible for submitting suspicious transaction reports and be the TRACFIN’s contact point within the credit institution.

Internal Control Requirements

To comply with AML/CFT requirements, credit institutions must implement sound internal policies, procedures and controls to ensure the adequate monitoring of AML/CFT risks. This involves having three distinct and independent levels of control composed of an operational controls line, an efficient risk management and compliance function, as well as an independent internal audit function.

Such controls are designed to:

• identify emerging risks factors;
• review AML/CFT measures; and
• define specific criteria and thresholds for AML/CFT deficiencies.

Credit institutions must have sufficient human resources to analyse the deficiencies identified and ensure that the staff assigned to AML/CFT monitoring have the appropriate experience, qualifications, training and hierarchical position to carry out their duties.

To organise the AML/CFT monitoring function, an AML/CFT manager must be appointed. The AML/CFT manager must report to the management body any deficiencies and actions related to AML/CFT.

The credit institution’s ultimate responsibility for the implementation and effectiveness of policies and controls regarding AML/CFT must fall within the management body’s competence.

The French Deposit Insurance and Resolution Fund (Fonds de Garantie des Dépôts et de Résolution – FGDR) is the body responsible for the protection of customers’ deposits and the management of the French deposit guarantee scheme.

FGDR Organisation

The FGDR is managed by an executive board and a supervisory board. The executive board defines the FGDR’s organisation and manages its activities. The supervisory Board has the power to appoint and remove members of the executive board, approve the year-end financial statements, draft the FGDR’s internal regulations, etc.

FGDR Funding

The FGDR is funded by its members through their contributions. All companies licensed by the ACPR as credit institutions, investment firms, financing companies, as well as financial holding companies and mixed financial holding companies must be members of the FGDR for the deposit guarantee scheme.

Contributions are calculated using a method established by the ACPR after consulting the FGDR’s supervisory board. However, the total amount of contributions is determined by the FGDR’s supervisory board, based on a proposal from the executive board and following the assent of the ACPR.

Four types of instruments can be used by FGDR’s members as contribution to the scheme:

• premiums;
• member’s certificates;
• certificates of membership; and
• collateralised payment commitments.

Covered Depositors and Deposits

The French deposit guarantee scheme covers all credit institution customers, including individuals, whether minors or adults, individual entrepreneurs, associations and companies.

Note that financial institutions’ own deposits are not covered by the French deposit guarantee scheme. That being said, where such deposits represent the deposits of the financial institution’s customers (eg, deposits in segregated accounts) they still benefit from the guarantee scheme.

The covered deposits are all funds denominated in euros, or in the currency of any other state, held in deposit accounts, current accounts, regulated and unregulated savings accounts, cash accounts linked to a stock savings plan, bank cheques issued and not cashed, etc.

Limits of coverage

The French deposit guarantee scheme limit of coverage is EUR100,000 per covered individual and per credit institution.

This limit may be increased up to an additional amount of EUR500,000 per event in order to cover various cases of large deposits made within the three months preceding the credit institution’s failure (eg, sale of real estate property, payment of a succession, etc).

Other guarantee schemes

In addition to the deposit guarantee scheme, the FGDR is also responsible for the investor compensation scheme (for securities), the performance bonds guarantee (for regulated performance bonds) and the portfolio management services guarantee.

Basel III Standards Implementation

Although Basel III standards do not directly bind credit institutions, such standards have been implemented in EU legislation in recent years. Thus, prudential requirements that derived from the Basel III standards are now mainly applicable to French credit institutions.

The Basel III standards were implemented in the EU legal framework in three main steps:

• June 2013 with the adoption of CRR and CRD IV;
• May 2019 with the adoption of CRR II and CRD V; and
• May 2024 with the adoption of CRR III and CRD VI.

CRR III and CRD VI are aimed at finalising the implementation of Basel III standards in EU law by introducing, among other measures, an output floor on the capital requirements and the fundamental review of the trading book rules regarding market risk calculation.

In France, Basel III standards (as implemented via the EU legislation) were fully adopted through the implementation of CRD V and the direct applicability of CRR II.

Risk Management Rules

The risk management function within credit institutions is responsible for monitoring risks exposure of credit institutions, such as:

• non-compliance risk;
• credit and counterparty risk;
• market risk;
• operational risk;
• interest rate risk; and
• liquidity risk.

This involves establishing and updating a risk map; reporting to the executive management, to the supervisory board and, where appropriate, to the risk committee; and implementing policies and procedures for managing and preventing the various risks to which the credit institution is exposed.

Risk monitoring also involves overseeing the regulatory own funds requirements taking into account the risks faced by the credit institution.

Information and data on prudential requirements (ie, own funds, liquidity, leverage, etc) must be regularly reported to the ACPR (i) on a consolidated basis through the reporting of financial information (FINREP) and common solvency ratio reporting (COREP), and (ii) on an individual basis through the unified reporting system for banks and equivalents (RUBA).

Credit institutions are also required to report to the ACPR on an annual basis information on their internal control systems, which includes information on its risk management.

Capital and Liquidity Requirements

Credit institutions are required to have a minimum paid-up initial capital of EUR5 million.

Regarding the solvency ratio, credit institutions must have a total amount of own funds equal to at least 8% of risk-weighted assets, including 4.5% in Common Equity Tier 1 (CET1). Credit institutions qualified as global systemically important institutions (G-SIIs) are subject to an increased solvency ratio representing 18% of risk weighted assets.

Credit institutions must also comply with liquidity coverage ratio (LCR) and net stable funding ratio (NSFR) requirements. The LCR aims to ensure that credit institutions hold a sufficient reserve of high-quality liquid assets, which can be liquidated quickly if needed, to allow them to survive a period of significant liquidity stress lasting 30 calendar days. The NSFR requires credit institutions to maintain a stable funding profile in relation to their off-balance sheet assets and activities, to strengthen their resilience over a longer time horizon.

In addition, credit institutions must also satisfy additional capital requirements made up of capital buffers: the capital conservation buffer and the counter-cyclical buffer. G-SIIs are also subject to additional capital buffer requirements.

Insolvency

The French legal framework governing insolvency proceedings applicable to French commercial companies is mostly codified in Book VI of the French Commercial Code, which establishes the three main types of proceedings: safeguard, judicial reorganisation and judicial liquidation.

As common insolvency law is not appropriate to the situation of a credit institution’s failure, French law has set up a special framework in Book VI of the French Monetary and Financial Code. This specific regime aims to ensure the protection of the public interest and restore confidence in the failing institution.

This dedicated framework includes a specific definition, applicable to credit institutions, of “payment failure situation” (cessation des paiements). Under common French insolvency law, a company is in a payment failure situation if it finds itself unable to meet its current liabilities out of its disposable assets. Whereas, regarding credit institutions, a payment failure situation results from the inability of the credit institution of immediately (or soon) pay its debts – this is the situation where credit institutions cannot refund depositors’ funds.

The opening of an insolvency proceeding for a credit institution is also subject to a prior approval of the ACPR and, unlike in common insolvency proceedings, the judicial administrator or the liquidator must be appointed by the ACPR.

Recovery

In addition to the insolvency proceedings rules, the French Monetary and Financial Code provides for crisis prevention and management measures. These rules come from the implementation in French law of the BRRD.

In order to prevent and manage crisis situations, credit institutions must draw up and maintain a recovery plan providing for measures to be taken following a significant deterioration of its financial situation.

The recovery plan must be submitted to the competent resolution authority for assessment, and must include the following provisions:

• various recovery measures to deal with a significant deterioration of the institution’s financial situation;
• several scenarios of major macroeconomic and financial crises; and
• identification of indicators used to decide on the implementation of recovery measures.

The competent resolution authorities can also take early actions to avoid the deterioration of a credit institution’s financial situation, such as the suspension of any payment, delivery, and use of termination rights by its co-contractor.

The French national resolution authority is the ACPR. However, for credit institutions under the ECB’s direct supervision, the competent resolution authority is the Single Resolution Board (SRB).

Resolution

The banking resolution regime is designed to ensure the continuity of credit institution’s critical functions, while protecting financial stability and public funds.

The competent resolution authority can place the credit institution under a resolution proceeding where the following conditions are met:

• the credit institution is failing or likely to fail;
• there is no reasonable measure that would prevent its failure within a reasonable timeframe other than by implementing a resolution plan; and
• a resolution plan is deemed necessary in view of the objectives of the resolution and a judicial liquidation proceeding would not enable these objectives to be achieved to the same extent.

A credit institution is deemed failing or likely to fail if one of the following conditions are met or are likely to be met in a near future:

• it no longer complies with the requirements for its licence;
• it is unable to pay its debts or other liabilities as they fall due;
• an extraordinary level of public financial support is required; or
• the amount of its assets is lower than the amount of its liabilities.

The ACPR can apply a combination of resolution tools to restore the viability of the relevant credit institution or transfer part or whole of the credit institution’s business to another institution. Such tools include:

• a bail-in of the capital instruments and eligible liabilities (“bail-in”);
• a transfer of the credit institution’s business to a buyer (“sale of business”);
• a transfer of impaired assets (eg, non-performing loans) to an asset management vehicle (“asset separation”); and
• a transfer of suitable parts of the credit institution’s business to a temporary entity (“bridge institution”) pending acquisition by a third-party.

On 12 December 2015, the Paris Agreement signed at COP21 established the first legally binding international treaty on climate change. In particular, it affirms the importance of aligning financial flows with a development profile that is low in greenhouse gas emissions and resilient to climate change, which implies the active participation of credit institutions in this common effort.

National Requirements

In France, Paris Agreement’s objectives were implemented by Law No 2015-992 of 17 August 2015 on energy transition for green growth, which contains provisions regarding the financing of the energy transition.

The Law No 2019-1147 of 8 November 2019 on energy and climate requires each credit institution to make publicly available a document setting out their policy for integrating environmental, social and governance criteria into their investment strategy, as well as the resources, means and strategy to contribute to the energy transition.

More generally, the Law No 2019-486 of 22 May 2019 on the growth and transformation of companies (the Plan d’Action pour la Croissance et la Transformation des Entreprises – the “PACTE Law”) amended Article 1833 of the French Civil Code regarding corporate interest by adding the following provision: “[The company is managed in its corporate interest] while taking into consideration the social and environmental issues related to its activity”.

The PACTE Law also supplemented Article 1835 of the French Civil Code on companies’ by-laws by adding the following provision: “The by-laws may specify a “raison d’être” (a rationale of existence), which is composed of the principles adopted by the company and for which the company will allocate resources in the conduct of its business”.

When a company specifies in its by-laws a raison d’être, along with social and environmental objectives, and implements means to monitor the achievement of such objectives, it can be recognised as a “société à mission” (company with a mission). Several leading French credit institutions have adopted this société à mission status.

EU Requirements

Within the EU, the EU action plan on sustainable finance, released on 8 March 2018, aimed at proposing an EU strategy on sustainable finance in order to meet the Paris Agreement’s requirements. Such action plan has led to the following regulations applicable to credit institutions:

• Regulation No 2019/2088 of 27 November 2019 on sustainability‐related disclosures in the financial services sector (the “Sustainable Finance Disclosure Regulation” – SFDR);
• Regulation No 2020/852 of 18 June 2020 on the establishment of a framework to facilitate sustainable investment (the “Taxonomy”); and
• Directive No 2022/2464 of 14 December 2022 on corporate sustainability reporting (the “Corporate Sustainability Reporting Directive” – CSRD).

EU legislation requires financial institutions to publish an annual extra-financial performance statement and to take into account their clients’ objectives regarding sustainability while providing investment advice to such clients.

International Banking Industry’s Initiatives

From an international perspective, leading French credit institutions are members of the Net-Zero Banking Alliance, an international initiative that brings together many credit institutions committed to aligning their lending, investment, and capital markets activities with net-zero greenhouse gas emissions by 2050.

In the conduct of their activities, credit institutions usually deal with a large quantity of sensitive data, mainly concerning their customers, but also their employees, service providers, as well as suppliers, and are more and more dependent on information and communication technologies (ICT).

For those reasons, credit institutions are highly exposed to the risk of cyber-attacks.

EU Requirements

In order to mitigate such risks, EU Regulation No 2022/2554 and EU Directive No 2022/2556 of 14 December 2022 on digital operational resilience for the financial sector (the “Digital Operational Resilience Act” – DORA) aims to establish a harmonised framework for managing ICT risks.

DORA’s framework is based on five pillars:

• ICT risk management;
• ICT-related incident management, classification and reporting;
• digital operational resilience testing;
• managing of ICT third-party risks; and
• information-sharing arrangements.

The entry into application of DORA will obviously have a massive impact on credit institutions, as it would require a global redesign of their contracts entered into with ICT service providers in order to ensure their compliance with the contractual obligations set out by DORA, as well as the implementation of digital operational resilience tests.

EU Regulation 2022/2554 comes into application on 17 January 2025 and Directive 2022/2556 must be implemented by the member states by 17 January 2025.

National Requirements

National requirements on ICT risk management are currently provided for in the Order of 3 November 2014 regarding internal control. In addition, the ACPR implemented the EBA’s Guidelines on ICT and security risk management (EBA/GL/2019/04).

Pursuant to French regulatory provisions, French credit institutions must:

• put in place adequate internal governance and internal control systems on ICT and security risks;
• have qualified staff to support their ICT and security risk management; and
• have risk-mitigating measures in place related to the outsourcing of ICT services.

Regarding DORA, the implementation works of the Directive has already started, which namely involve the ACPR and the AMF, as well as the French Cybersecurity Agency (Agence nationale de la sécurité des systèmes d’information – ANSSI) and the French Data Protection Authority (Commission nationale de l’informatique et des libertés – CNIL).

The AMF has already issued several publications since 2019 on cybersecurity focused on portfolio management companies as part of its thematic controls (“SPOT” controls). As specified in a press release published in February 2024, the AMF recommends that financial institutions, such as credit institutions, take cognisance of the recommendations set out in these publications in order to anticipate the implementation of DORA.

Additionally, the ACPR has already added an appendix dedicated to ICT-related risks to its annual internal control report’s template. Credit institutions are expected to send to the ACPR this appendix for the first time by 30 June 2025.

National Developments

The main upcoming regulatory developments expected to have an impact on banks operating in France are the following.

• French Law No 2024-537 of 13 June 2024 aiming to increase the financing of companies and the attractiveness of France as a place in which to do business introduced a provision allowing the limitation of termination indemnities for traders qualified as MRTs. In practice, for all terminations occurring after 15 June 2024, the monthly remuneration taken into account for calculating compensation and indemnities for the termination of a contract of employment without real and serious cause may not exceed a maximum amount set by law.
• On 8 April 2024, a law proposal was submitted to the French Senate to prevent abusive bank account closures. Currently, a credit institution is free to close a customer’s deposit account if it has been established for an indefinite period. The legislation only requires two months’ notice before the effective closure. Since a credit institution does not have to justify the closure, the customer is exposed to the risk of having their account arbitrarily closed. The initial proposal states that the credit institution must provide the customer, upon its request and free of charge, with the reasons for such termination.
• Regarding the ACPR, a new online portal will soon be introduced by the end of 2024 enabling communication between the regulator and supervised entities. This new tool aims to centralise all requests and exchanges with the ACPR within a single portal, such as requests for authorisations or communication regarding internal control.

EU Developments

Regarding the EU framework, many regulations and directives are expected to affect credit institutions in the coming years.

CRR III & CRD VI

CRR III and CRD VI will gradually come into application from 1 January 2025 to 11 January 2026.

These amendments to the capital requirements framework finalise the transposition of the Basel III standards into EU law, aiming at strengthening the resilience of EU credit institutions.

AML/CFT package

The new EU AML/CFT package was published in the Official Journal of the EU on 19 June 2024 and consists of one Directive and two Regulations:

• Directive No 2024/1640 of 31 May 2024 on the mechanisms to be implemented by member states to prevent the use of the financial system for the purposes of money laundering or terrorist financing (AMLD VI) which is to be implemented gradually, with a first implementation date on 10 July 2025;
• Regulation No 2024/1624 of 31 May 2024 on preventing the use of the financial system for the purposes of money laundering or terrorist financing (AMLR), which will gradually come into application starting from 10 July 2027; and
• Regulation No 2024/1620 of 31 May 2024 establishing the Authority for AML/CFT (AMLA) which will gradually come into application starting from 26 July 2024.

The AMLD VI provides, for instance, for the establishment of registers of information on bank accounts. The ALMR sets out provisions relating to AML policies, procedures and internal controls. Regarding the AMLA, it is planned that this new authority will have powers of regulations, oversight and enforcement.

Consumer credit Directive

The Directive No 2023/2225 of 18 October 2023 on credit agreements for consumers, which repeals Directive 2008/48/EC, must be implemented by 20 November 2025 and will be applicable on 20 November 2026.

The Directive contains numerous provisions that will have an impact on credit institutions granting consumer credit, particularly regarding pre-contractual information, advertising and information requirements regarding the cost of credits.

MiCA Regulation

The Regulation No 2023/1114 of 31 May 2023 on markets in crypto assets (MiCAR) has been fully applicable since 30 December 2024.

MiCAR includes various provisions concerning credit institutions, particularly by providing for a simplified regime for credit institutions contemplating providing crypto-asset services or offering asset-referenced tokens to the public and applying for their admission to trading.