This country-specific Q&A provides an overview to banking and finance laws and regulations that may occur in Germany.
This Q&A is part of the global guide to Banking & Finance. For a full list of jurisdictional Q&As visit http://www.inhouselawyer.co.uk/practice-areas/banking-finance-2nd-edition/
What are the national authorities for banking regulation, supervision and resolution in your jurisdiction?
The main authority for banking regulation and supervision in the Federal Republic of Germany
(“Germany”) is the German Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – “BaFin”). Effective 1 January 2018 BaFin also became the German National Resolution Authority (NRA). Further, the German Central Bank (Bundesbank) is cooperating with BaFin on certain elements of banking supervision. In addition, it should be noted that the European Central Bank (“ECB”) is directly responsible for the supervision of “significant banks” resident in Germany. As a result of the Single Supervisory Mechanism (SSM). The ECB also oversees less significant banks indirectly.
Which type of activities trigger the requirement of a banking license?
Pursuant to section 32 (1) sentence 1 of the German Banking Act (Kreditwesengesetz – “KWG”), anyone wishing to conduct banking business or to provide financial services in Germany in a commercial manner or on a scale that requires a commercially organised business undertaking requires a written licence. What constitutes banking business or financial services is set forth in section 1 paras 1 and 1a KWG and comprises, inter alia, (i) the provision of money loans (lending business), (ii) the acceptance of monies from the public (deposit business), (iii) the purchase and sale of financial instruments in the credit institution’s own name for the account of others (principal broking services), (iv) the safe custody and administration of securities for the account of others (safe custody business), (v) the purchase of financial instruments at the credit institution's own risk for placing in the market or the assumption of equivalent guarantees (underwriting business), (vi) the brokering of business involving the purchase and sale of financial instruments (investment broking), (vii) providing customers or their representatives with personal recommendations in respect of transactions relating to certain financial instruments where the recommendation is based on an evaluation of the investor’s personal circumstances or is presented as being suitable for the investor and is not provided exclusively via information distribution channels or for the general public (investment advice), (viii) the purchase and sale of financial instruments on behalf of and for the account of others (contract broking), (ix) the management of individual portfolios of financial instruments for others on a discretionary basis (portfolio management), (x) dealing in foreign notes and coins (foreign currency dealing), (xi) the ongoing purchase of receivables on the basis of standard agreements, with or without recourse (factoring), (xii) the conclusion of financial lease agreements as lessor and the management of asset-leasing vehicles (financial leasing) and (xiii) the purchase and sale of financial instruments separately from the management of a collective investment scheme for a community of investors, who are natural persons, on a discretionary basis with regard to the choice of financial instruments (asset management).
In general, it can be said that the financial services and activities listed in Section A of Annex I to the Markets in Financial Instruments Directive 2014/65/EU and Annex I of Directive on Access to the Activity of Credit Institutions and Investment Firms 2013/36/EU are licensable in Germany.
Further, the provision of payment services is licensable based on the provisions of the German Act on the Supervision of Payment Services (Zahlungsdiensteaufsichtsgesetz - “ZAG”).
Does your regulatory regime know different licenses for different banking services?
The KWG only knows the licence pursuant to section 32 KWG. However, as stated in 7 below, the applicant has to state in the application for a licence which services are contemplated to be conducted. As a consequence, the respective licence will only cover those services that are listed in the licence application. In the event that not all services are listed in the application, this has an impact on the licensing process and, more importantly, after the licence has been granted, on the follow – on duties and the level of supervision. The requirements for own funds for example differ significantly depending on whether lending business is conducted or not. The same applies for risk management processes etc., which have to be appropriate for the actual business and have to be more elaborate the bigger the risks are that the institution takes on.
Does a banking license automatically permit certain other activities, e.g., broker dealer activities, payment services, issuance of e-money?
Pursuant to the German Act on the Supervision of Payment Services (Zahlungsdiensteaufsichtsgesetz – “ZAG”), credit institutions licenced to do business in Germany may provide payment services and conduct e-money business.
Further, the purchase and sale of financial instruments on behalf of and for the account of others qualifies as licensable securities service in the form of contract broking. This activity is covered by a banking licence pursuant to section 32 KWG, if applied for, see 3 above.
Is there a “sandbox” or “license light” for specific activities?
BaFin made it clear in several public statements that it does not apply a “sandbox” model. It rather states that it does not see the need for a sandbox approach as it applies “proportionate supervision”. What BaFin means with proportionate supervision is that the level of supervision is proportionate to the level of risk a market participant is taking on or is posing to the financial system. As a consequence, new and, thus, smaller market participants with a restricted business model will be supervised in a different way than incumbent full-service banks.
In terms of licence requirements there are also no “de minimis” or similar rules. Hence, as a general rule, companies that provide licensable services or undertake licensable activities in Germany require a licence irrespective of the size of their operations. BaFin has, however, indicated that in their administrative practice activities below certain thresholds do not necessarily fulfill the requirement of being on a “commercial scale”. This is only applicable in special circumstances and should be carefully examined prior to establishing a business model on this administrative practice. Further, special rules apply to crowdfunding activities.
It should be noted that BaFin established a specific section on its homepage to assist start-up companies. In particular BaFin offers an online questionnaire based on which it will provide the inquirer with a preliminary opinion on whether the proposed activities are licensable or not.
Are there specific restrictions with respect to the issuance or custody of crypto currencies, such as a regulatory or voluntary moratorium?
BaFin takes a rather pragmatic view vis-à-vis crypto assets. BaFin qualifies crypto assets with a view to their respective features in existing categories such as (debt or equity) securities, vouchers etc. According to such qualification BaFin applies the existing rules and, for example, requires the publication of a securities prospectus for the public offering of crypto assets that are qualified as securities. With respect to the typical “crypto currencies” BaFin holds the view that they qualify as financial instruments in the form of “units of account”. As a consequence, rules relating to financial instruments, including licence requirements, apply to dealings in crypto currencies, including custody. As a general rule BaFin stated in a note that mining of crypto currencies is generally licence-free in Germany, however, dealings in crypto assets could, depending on the actual activity, qualify as investment brokering, investment advice, portfolio advice, safe custody business or the operation of a multilateral trading facility. Further, it should be noted that BaFin apparently started to intervene in token-generating events where it comes to the conclusion that the risks for the market attached to the token-generating event are not acceptable.
On a general note it can be mentioned that legislative initiatives have been started to create a bespoke legal framework for crypto assets.
What is the general application process for bank licenses and what is the average timing?
The application for authorisation is to be made in writing and signed by the appropriate number of legal representatives of the applicant. The application and all the necessary documentation should be submitted to BaFin in triplicate.
The application should state the name of the firm, its legal form, registered office, business purpose, governing bodies and their composition, as well as the date on which business operations are expected to commence. In addition, it should indicate the banking and financial services specified in section 1 paras 1 and 1a KWG for which authorisation is being sought. Furthermore, it should be explicitly stated whether the institution is to be authorised to obtain ownership or possession of funds or securities of customers, whether it is to be trading in financial instruments for its own account, and whether such transactions are to be conducted in the banking book.
The application should be accompanied by certified copies of the formation documents, the partnership agreement or the articles of association, as well as the rules of procedure envisaged for the senior management.
The following information and documentation should also be included with the application:
- Suitable evidence of having the financial resources needed for business operations.
- The names of the senior managers.
- The information required to assess the trustworthiness of the applicants and of the senior managers.
- The information required to assess the professional qualifications of the proprietors and the senior managers and information on the remuneration system.
- A viable business plan explaining the nature of the contemplated business including a well-founded description of its development, markets, target customers, strategy, the relevant risk factors and projected balance sheets and projected profit and loss accounts for the first three full financial years after the commencement of business operations, covering a Base Case Scenario and a Stress Scenario.
- A detailed description of the intended business operations.
- A brief description of the market and competitors.
- Drafts of planned customer contracts, contracts for management services, powers of attorney to operate an account/safe custody account and general terms and conditions — if such documents have already been drawn up.
- A description of the organisational structure of the institution, accompanied by an organizational chart indicating, in particular, the responsibilities of the senior managers; it should be indicated whether branches are to be established, and if so, where, and whether the intention is to provide financial services in another EEA country by way of cross-border services; in addition, it should be stated whether operational units are intended to be outsourced to another undertaking.
- A description of the planned internal monitoring procedures detailing, in particular, how compliance with the obligations pursuant to the KWG and the German Securities Trading Act (Wertpapierhandelsgesetz) is to be safeguarded.
- The organisational arrangements to ensure compliance with anti-money laundering and anti-terrorist financing rules.
- If significant holdings (see also question 18 below) are held in the institution, the application for authorisation should also include the following:
- The names of the holders of the significant holdings;
- The respective amounts of such holdings;
- The information required to assess the trustworthiness of these holders or of the legal representatives or of the general partners;
- If an applicant or a holder of a significant holding belongs to a group, the structure of the group should be described, accompanied by consolidated group accounts.
- Where no significant holdings are held in the institution, the names of the biggest shareholders should be given, up to a maximum of 20.
- Any facts indicating a close link (as defined in Article 4 (1) number 38 of the Regulation (EU) 575/2013, ie Capital Requirements Regulation („CRR”) between the financial services institution and other natural persons or undertakings should be stated.
- The information and documentation under section 2c KWG in conjunction with the Ownership Control Regulation (Inhaberkontrollverordnung).
- In the case of institutions in the legal form of a sole proprietorship, the proprietor should demonstrate the extent to which he/she has taken appropriate measures to protect customers for the event that the institution discontinues its business operations owing to the proprietor’s death or legal incapacity or for other reasons.
With regard to timing it can be said that a time span of eight to twelve months should be planned for until the licence is granted. The timing of such process can be influenced by the requirement to get documents translated by certified translators (if originals are not in English), and originals may need to be notarised and in some cases apostilled.
Is mere cross-border activity permissible? If yes, what are the requirements?
Companies from EEA states may conduct business requiring a licence in Germany not only by establishing a branch in Germany, but also on a cross-border basis - without having a presence in Germany -, subject to the requirements of the so-called “EU Passport”.
Market participants from non-EEA states that wish to market their banking and financial services products in Germany have to establish a subsidiary or a branch in Germany in order to obtain the required licence. As a general rule, this also applies to entities from EEA states that are unable to make use of the EU Passport for banking and/or financial services they offer in Germany. The transactions conducted under the licence must be booked to the German entity; the banking and securities accounts opened in connection with the business relationship must be held by this entity.
Further, there is no restriction on the so-called freedom to provide requested services (passive Dienstleistungsfreiheit), ie the right of persons and entities domiciled in Germany to request the services of a non-German entity on their own initiative. Transactions requested on the client's own initiative (so called “reverse solicitation”) are therefore not subject to German licensing requirements.
It should be noted, however, that non-German entities have alternatives to structure their business activities in order to not trigger a licence requirement in Germany. For example, it is permissible to outsource distribution activities and the settlement of banking transactions and financial services. On the basis of an agency contract concluded with a German counterparty, banking products may be provided by a non-German company, which then conducts the business for the client on behalf and for the account of a German company.
What legal entities can operate as banks? What legal forms are generally used to operate as banks?
The variety of legal entities that operate as banks in Germany is extremely broad and range from public law entities and cooperatives to stock corporations. There are little limitations as to which legal forms can be used to operate a bank and, in principle, even single merchants (Einzelkaufmann), ie natural persons, can operate a bank, if they have received their licence prior to 1976. Today single merchants are excluded from operating a bank, but this is the only explicit exemption with regard to credit institutions and securities trading firms (Wertpapierhandelsunternehmen) can however, in principle, be operated by single merchants. The minimum capital requirements that have to be complied with to obtain a licence safeguard the protection of the customers in situations where legal forms are chosen that do not per se require certain amounts of equity.
What are the organizational requirements for banks, including with respect to corporate governance?
Pursuant to section 25a KWG, a credit institution needs to implement a business organisation that safeguards compliance with all applicable laws. In more detail sentence 3 of section 25a KWG says: A proper business organisation shall comprise, in particular, appropriate and effective risk management on the basis of which an institution shall continuously safeguard its internal capital adequacy. Such risk management shall comprise, in particular:
- The definition of strategies, in particular the definition of a business strategy geared to the institution’s sustainable development and a risk strategy that is consistent therewith, as well as the establishment of processes for planning, implementing, assessing and adjusting the strategies.
- Processes for determining and safeguarding internal capital adequacy, which shall be based on a conservative determination of risks and of the available financial resources to cover these.
- The establishment of control mechanisms consisting of an internal control system and an internal audit function.
- Risk management that is geared to the nature, scope, complexity and riskiness of the institution's business activities.
- A proper business organisation also comprising (i) appropriate rules by means of which the institution’s financial situation can be gauged with sufficient accuracy at all times, and (ii) complete documentation of business operations permitting seamless monitoring by BaFin for its area of responsibility.
- A procedure which enables employees, whilst ensuring that their identity is kept confidential, to report to competent agencies breaches of Regulation (EU) No 575/2013 or of the KWG or of statutory orders issued on the basis of the KWG as well as any criminal actions committed within the undertaking.
- Processes for identifying, assessing, managing as well as monitoring and reporting risks in accordance with the criteria laid down in Title VII, Chapter 2 Section II Sub-Section 2 of Directive 2013/36/EU.
- A risk control function and a compliance function.
- Adequate staffing and technical and organisational resources; and
- the definition of an adequate contingency plan, especially for IT systems.
BaFin has published a detailed catalogue of minimum requirements for the risk management of a credit institution that has to be followed.
Do any restrictions on remuneration policies apply?
Yes. The German Remuneration Regulation for Institutions (Institutsvergütungsverordnung – “InstitutsVergV”) sets forth the statutory requirements for remuneration and is drafted in a way to reflect the European Banking Authority’s guidelines on sound remuneration policies. The main features are:
- All remuneration must be classified as fixed or variable. A third category of remuneration is not permitted.
- Allowances for staff working abroad or in a different position may qualify as fixed remuneration subject to certain conditions (including for the purposes of calculating the applicable bonus cap) and are therefore not subject to the risk adjustment provisions of the InstitutsVergV.
- As an additional ex post risk adjustment instrument, significant institutions must have the following instruments for the purposes of complying with malus criteria:
- The ability to reduce retained bonus components.
- In addition, in cases of serious personal misconduct, the ability for a defined period to demand repayment of variable remuneration components already paid (clawback).
- Explicit rules govern the payment of a portion of the variable remuneration in instruments eligible for bail-in – namely to link part of the remuneration paid to the subsequent performance of the institution.
- Within the prudential scope of consolidation, the provisions of the InstitutsVergV also apply to the remuneration schemes of those employees whose professional activities materially affect the group's risk profile (group risk bearers).
- The principle of proportionality continues to be implemented at institution and employee levels in the form of thresholds (total assets and level of variable annual remuneration, respectively). Where those thresholds are reached or exceeded, the special requirements for the risk adjustment of the variable remuneration of risk bearers must be applied.
Has your jurisdiction implemented the Basel III framework with respect to regulatory capital? Are there any major deviations, e.g., with respect to certain categories of banks?
The CRR is directly applicable in Germany and Directive 2013/36/EU, ie the Capital Requirements Directive (CRD IV) has been implemented in Germany without significant deviation.
Are there any requirements with respect to the leverage ratio?
A credit institution’s leverage ratio and its components have to be reported to the regulatory authorities on a quarterly basis. The calculation of the leverage ratio has to be made in accordance with Art 429 CRR in connection with Delegated Regulation (EU) 2015/62. Currently there is no quantitative element regarding the leverage ratio that has to be met. However, the current drafts of the amended CRR and CRD IV contain maximum leverage ratios.
What liquidity requirements apply? Has your jurisdiction implemented the Basel III liquidity requirements, including regarding LCR and NSFR?
Yes. Germany has implemented the Basel III liquidity requirements, and these apply in Germany.
Do banks have to publish their financial statements? Is there interim reporting and, if so, in which intervals?
Yes. Pursuant to section 340l of the German Commercial Code (Handelsgesetzbuch), credit institutions have to publish their annual reports. In addition, all domestic issuers (Inlandsemittenten) are required to publish annual reports and half-year interim reports pursuant to the rules of sections 114 and 115 of the German Securities Trading Act (Wertpapierhandelsgesetz – “WpHG”).
Does consolidated supervision of a bank exist in your jurisdiction? If so, what are the consequences?
As stated above, the CRR directly applies in Germany. As a consequence, the provisions dealing with regulatory consolidation, ie Art. 11 et seqq CRR, apply. This means that, in principle, capital and liquidity requirements have to be met on a consolidated basis. Further, the competent regulatory authorities shall coordinate their work so that only one authority is the main point of contact and responsible for the group.
What reporting and/or approval requirements apply to the acquisition of shareholdings in, or control of, banks?
Forming the intention to acquire or dispose of a qualifying holding (bedeutende Beteiligung), or to increase an already existing holding, in a credit institution triggers a notification duty. The respective thresholds are 10%, 20%, 30% and 50%.
Does your regulatory regime impose conditions for eligible owners of banks (e.g., with respect to major participations)?
Yes. An acquirer of a qualifying holding needs to be approved by the ECB and needs to file the information mentioned in the Joint Guidelines for the Assessment of Mergers and Acquisitions published by CEBS, CEIOPS and CESR and Articles 22 and 23 of Directive 2013/36/EU. The general assessment criteria are: reputation of the proposed acquirer, reputation and experience of those who will direct the business, financial soundness of the proposed acquirer, compliance with prudential requirements and applicable anti-money laundering and terrorist financing rules.
It should be noted that the voluntary industry deposit protection schemes also conduct ownership control proceedings that are similarly complex to the ones the regulatory authorities conduct.
Are there specific restrictions on foreign shareholdings in banks?
There is no general restriction on investments from countries outside the EU. However, the German Ministry of Economics can veto an investment of 10% or more in an undertaking of the financial sector, if it deems such investment to be a threat for the public order or security.
Is there a special regime for domestic and/or globally systemically important banks?
Yes. Germany is participating country in the EU’s Single Supervisory Mechanism (SSM) and as such, significant banks having their seat in Germany are under direct supervision of the ECB.
What are the sanctions the regulator(s) can order in the case of a violation of banking regulations?
The sanctions vary significantly depending on the rules that are violated and range from up to five years imprisonment for the conduct of banking services without having the appropriate licence to fines of up to five million Euro or 10% of the annual turnover. Further, BaFin can cancel a credit institution’s licence.
What is the resolution regime for banks?
Germany is member state of the so-called Single Resolution Mechanism (SRM), which means that banks have to contribute to the EU Single Resolution Fund. In case of financial difficulties of a bank, the national resolution authorities, ie BaFin in Germany, have a wide-ranging spectrum of measures they can apply which range from bailing in shareholders and creditors to the sale of the bank in part or in whole and the transfer of certain or all assets to a bridge institution. Currently BaFin is consulting the draft of a catalogue of minimum requirements for bail-in. Thus, it can be expected that more detailed guidance from BaFin on bail-in measures will be published in due course.
How are client’s assets and cash deposits protected?
Germany has implemented the European Deposit Protection Directive (2014/49/EU), and consequently a statutory protection of deposits up to an amount of EUR 100,000 applies. In addition, separate voluntary deposit protection schemes exist among private banks, savings banks and cooperative banks, respectively. For example, the voluntary protection scheme of the private banks (Einlagensicherungsfonds) is designed to protect all deposits of private individuals with a specific bank up to an amount of 20% of the equity (haftendes Eigenkapital) of a bank which equals at least EUR 1 million per customer. Different protection levels for professional market participants and public entities apply.
Does your jurisdiction know a bail-in tool in bank resolution and which liabilities are covered?
Yes. Section 90 of the German Reorganisation and Winding-up Law (Sanierungs- und Abwicklungsgesetz – “SAG”) entitles the national resolution authority to either convert certain claims into shares or to write-down their value. All claims against a credit institution are, in principle, eligible for bail-in. However, section 91 SAG carves out certain claims, such as claims deriving from covered deposits, covered claims (including claims deriving from covered bonds), claims deriving from the safekeeping of customers’ monies, claims deriving from a trust relationship, claims against other credit institutions with a maturity of less than seven days, claims vis-à-vis payment systems, clearing and settlement systems resulting from the participation in such system with a maturity of less than seven days, claims vis-à-vis employees deriving from unpaid salaries, pensions or other fixed remunerations (the variable parts of the remuneration are not necessarily excluded), claims of business partners provided they derive from the delivery of goods or services that are material for the operation of the business such as IT applications, premises rent etc., claims deriving from membership fees for deposit protection schemes.
Is there a requirement for banks to hold gone concern capital (“TLAC”)?
Currently there is no specific requirement to hold gone concern capital. However, it is fair to assume that the amendments of the CRR that are currently underway will include also rules on the total loss absorbing capacity (TLAC) of banks. In accordance with the recommendations of the Financial Stability Board it can be expected that certain minimum levels for the total loss absorbing capacity will be introduced.
In your view, what are the recent trends in bank regulation in your jurisdiction?
In our view the banking regulatory innovation in Germany is driven by two major topics. One topic is the regulatory handling of new market participants in the FinTech sector and associated phenomena such as crypto currencies and token-generating events. These innovations by now have the full attention of regulatory and legislative bodies. It is fair to expect that legislation in relation to crypto assets will be enacted in the near to medium term.
The second topic area is Brexit. It appears likely that Germany as a location for the financial industry will gain importance after Brexit. As a consequence, several financial institutions are in the process of establishing or broadening their existing presence in Germany. These movements create a significant challenge for the German regulatory authorities and the ECB and necessitate the allocation of significant resources.
What do you believe to be the biggest threat to the success of the financial sector in your jurisdiction?
In our view there are several challenges that the financial industry will have to face in the short to medium term in Germany. One issue could be the supply of appropriate talent, as the number of graduates will decline and jobs in the financial industry are not necessarily perceived to be the most attractive ones by graduates. Another challenge will be the regulatory environment which has the tendency to get more and more complex and will require the allocation of greater resources to safeguard compliance with all applicable rules. Another challenge for the financial sector could be the adoption of the existing business models to the current and future regulatory and technical environment. Whilst regulatory – in particular regulatory capital – requirements will make certain activities less profitable, certain newcomers are likely to test the incumbent credit institutions in the way that they offer services differently, which may result in higher customer acceptance and/or efficiency.