The new rules for cross-border banking business from third countries under CRD VI: What should non-EEA firms do now?

CRD VI: New rules for cross-border lending and core banking business

1. In-scope entities and in-scope cross-border banking business
   The new restriction applies to the following non-EEA entities and banking business:
   
   

   Non-EEA entities that qualify as credit institutions or meet the requirements of Article 4(1), point (1)(b), of CRR2 (as amended by CRR III)3, if the non-EEA entity were established in the European Union

   Lending including, inter alia: consumer credit, credit agreements relating to immovable property, factoring, with or without recourse, financing of commercial transactions (including forfeiting) Guarantees and commitments

   
   Non-EEA entities providing the banking services listed above will need to assess which product lines are in scope of the new requirement and whether they qualify as a non-EEA credit institution or meet the requirements under Article 4(1), point (1)(b), of the Capital Requirements Regulation (CRR).
   
   Article 4(1), point (1)(b), of the CRR (as amended by CRR III) captures large investment firms which deal on own account or underwrite financial instruments above a certain quantitative threshold. This assessment can be quite complex. The definition in Article 4(1), point (1)(b), of the CRR excludes commodity and emission allowance dealers, insurers and (managers of) UCITS/alternative investment funds. 
   
   

   Any non-EEA entity

   Taking deposits and other repayable funds

   
   Non-EEA entities providing custody services to EEA clients will need to consider whether they are in scope of the new restriction. It is currently unclear whether such non-EEA entities will be able to benefit from the licence exemption for MiFID ancillary business. 
   
   Article 47(1) of CRD VI does not define what amounts to the provision of a service “in” a Member State. It remains to be seen how Member States transpose the requirements into national law, and whether some Member States will adopt a narrower interpretation of this provision than others.  

2. Are there any exemptions available? 
   CRD VI contains a limited number of exemptions:
   
   1. Reverse solicitation 
      The new restriction in CRD VI and the requirement to establish a branch in a Member State will not apply where the client or counterparty approaches the non-EEA entity at its own exclusive initiative for the provision of banking services, including their continuation, or banking services closely related to those originally solicited. 
      
      Non-EEA entities cannot rely on this exemption to market other categories of products, activities or services than those that the client or counterparty had initially solicited, or that are closely related. 
      
      The reverse solicitation exemption already exists in relation to investment services (Article 42 of MiFID II) and crypto-asset services (Article 65 of the Markets in Crypto-Assets Regulation – MiCAR) under European law. Some Member States (e.g. Germany) apply this exemption to other regulated activities including, in particular, banking business as well.
      
      As a concept, reverse solicitation has been subject to political debate following the UK’s departure from the EU under Brexit. At the European level, the European Securities and Markets Authority (ESMA) has taken a particularly restrictive view in its recent publications on MiFID II⁴ and MiCAR⁵. ESMA points out that third country entities cannot market new categories or types of products to a client. It has narrowly defined the relevant categories and types; according to ESMA, the defined categories and types should be granular enough to ensure that the reverse solicitation exemption is not used as a way of circumventing national regulatory regimes. Further, ESMA has made a distinction between one-off services and an ongoing relationship in the context of reverse solicitation. According to ESMA, when providing a one-off service to a client, the third country entity may not sell to that client a regulated product or service (even from the same category) unless requested to do so by the client at its own exclusive initiative. Therefore, a key point to note is that the reverse solicitation exemption is very strictly applied to other regulated activities at the European level which may also influence the interpretation of the CRD VI exemption.
      
      In due course, Member States will need to transpose the requirements into national law. Any current administrative practice at the level of the Member States that is more liberal may be subject to change. Non-EEA entities will carefully need to consider whether it will be feasible to rely on this exemption in relation to their business model on an ongoing basis.
      
      Non-EEA entities will carefully need to consider whether it will be feasible to rely on this exemption in relation to their business model on an ongoing basis. Reverse solicitation cannot be used as basis for sustainable market access in the EEA.
      
      In order to monitor reliance on this exemption, Member States will be required to ensure that national competent authorities have the power to require EEA credit institutions and third country branches established in their Member State to provide them with the information they require to monitor services provided by a non-EEA undertaking in the same group to clients or a counterparty in their territory on a reverse solicitation basis.
      
      EEA banks and third country branches will therefore need to ensure that they have the appropriate governance arrangements and organisational requirements in place in order to ensure that such solicitation from clients (or potential clients) is duly tracked and evidence is kept in internal records. 
      
      This obligation is amplified by the reporting requirement under Article 48k(2)(f) of CRD VI, which requires third country branches to report to their national competent authority the services provided by the head office to EEA clients. 
      
      
   2. Interbank business
      The new restriction will not apply to doing business with other EEA banks. This will also cover doing business with investment firms that are captured by the extended definition of credit institution under Article 4(1), point 1(b), of the CRR. 
      
      By 10 July 2025, the European Banking Authority (EBA) will review whether financial sector entities should be added to this exemption. Although the definition of financial sector entity under the CRR covers a range of entities including insurers and financial undertakings, it is unlikely that any amendments to the current exemption in CRD VI would enter into force prior to 11 January 2027. 
        
   3. Intragroup business
      CRD VI contains an exemption for intragroup transactions. Group is defined by reference to the CRR and captures a group of undertakings of which at least one is an institution and which consists of a parent undertaking and its subsidiaries, or of undertakings that are related to each other⁶. 
      
      
   4. MiFID II business and ancillary services
      The requirement to establish a branch in accordance with CRD VI will not apply to banking activities that (also) qualify as MiFID II services or activities⁷ including any accommodating ancillary services⁸, such as the granting of credits or loans the purpose of which is to provide the MiFID II services. 
      
      CRD VI does not provide any further detail on the required level of delineation between the banking activities and the MiFID II activities of a third country entity. Even if the CRD VI exemption applies, the relevant third country entities may be subject to the third country regime under MiFID II described above.
      
      According to the recital, the CRD VI exemption should take into account compliance with anti-money laundering and counter-terrorist financing rules.
      
      
   5. Grandfathering for legacy contracts
      CRD VI requires Member States to take measures to preserve a client’s acquired rights under existing contracts that were entered into before 11 July 2026. 
      
      Although this exemption might be helpful for legacy contracts, it is currently still unclear whether non-EEA entities will be able to rely on this exemption in the event that their contracts are subsequently amended or extended. 
      
      The wording in CRD VI (“acquired rights”) indicates that in the event there is a significant change to the provisions or commercial terms of the legacy contract, such a contract will likely fall outside the scope of this exemption. However, it remains to be seen where different Member States draw the line in this regard. 
      
      According to the recitals of CRD VI, the measures should apply solely for the purpose of facilitating the transition to the implementation of CRD VI and should be narrowly framed to avoid instances of circumvention.   

Reporting obligations

Under CRD VI, third country branches (TCBs) will be subject to a minimum set of harmonised reporting obligations, including information on their parent company. 

Such information to be reported includes the following:

1. The TCB’s assets and liabilities, including those originated by the TCB.
2. Confirmation of regulatory compliance for both the TCB and its parent company with third-country regulations.
3. The parent company's business strategy, recovery plans, and their impact on the TCB.
4. Details on services the parent company provides to EU clients on a reverse solicitation basis.

However, these are minimum standards and Member States may impose stricter regulations, in line with their own rules for credit institutions⁹.

In terms of frequency, those TCBs classified as ‘class 1’ will need to report at least twice a year, and those classified as ‘class 2’ will report at least annually¹⁰. The EBA will develop common reporting templates for both classes.

Idiosyncrasies of individual Member States

Some Member States have certain idiosyncrasies that non-EEA entities will have to consider. 

1. France
   For example, in France credit institutions benefit from a significant banking monopoly. In particular, it is prohibited, without credit institution status, to carry out credit transactions on a regular basis, to receive repayable funds from the public on a regular basis, or to provide banking payment services (Article L. 511-5 of the French Monetary and Financial Code).
   
   Therefore, it is necessary to apply for a banking license from the French banking supervisor (L'Autorité de contrôle prudentiel et de resolution, ACPR) in conjunction with the European Central Bank (Article L. 511-10 of the French Monetary and Financial Code). There are two exceptions to this rule:
   1. Credit institutions established in the EEA can operate in France under a Single Market passport relying on their original banking license.
   2. Entities benefiting from specific exceptions or derogations under French law to the banking monopoly. For example, foreign law-governed institutions may acquire certain professional claims arising from credit operations under specific conditions, as outlined in Article L. 511-6, 4° of the French Monetary and Financial Code, which exempts such operations from the banking monopoly.
   Member State national regimes that have banking monopolies like in France are likely to amend their provisions to consider CRD VI requirements.
2. Germany
   Comparable to the banking monopoly in France, anyone wishing to conduct banking business or to provide financial services in Germany commercially (or on a scale that requires a commercially organised business undertaking) requires an authorisation under the German Banking Act (KWG). This licensing requirement may also be triggered by a third country entity on a cross-border basis.
   
   In principle, the German regulator (BaFin) follows a "solicitation-based" concept in this regard. Any non-German service provider that targets the German market to offer regulated services to German residents will require a German license for the offered cross-border services (unless it can rely on any exemption). This license, however, will only be granted to a German branch or subsidiary of the non-German entity.
   
   However, based on the so-called “freedom to provide requested services”, BaFin has generally recognised an exemption from the licensing requirements for cross-border services of a foreign provider requested at the own exclusive initiative of a German client. This (comparably liberal) administrative practice of BaFin, however, may be subject to change given the restrictive publications on reverse solicitation at the European level described above.
   
   Pursuant to Section 2(5) KWG, BaFin may also grant a non-EEA institution that intends to provide regulated services in Germany on a cross-border basis an exemption from the German licensing requirements on application in the individual case “if the institution does not require additional supervision by BaFin due to the supervision by the competent authority in its home country”. The German regulator has granted such individual exemptions to, in particular, the major US, Canadian and Swiss banks. Following Brexit, it has been reluctant to grant new individual exemptions.
   
   Going forward, within the scope of Article 21c of CRD VI, Germany will have to repeal the possibility to grant exemptions from the licencing requirements to non-EEA entities in the individual case. So far, the national legislator has not published its draft implementation act so that it is unclear whether there will be any form of grandfathering for the affected non-EEA institutions.
3. The Netherlands
   Whilst there is no banking monopoly in the Netherlands it is, in principle, only possible to attract repayable funds without having a banking licence in limited situations. As such this is a hot topic for investment firms that need to safeguard their client’s funds. Often those funds qualify as repayable funds, but under Dutch law an investment firm is not allowed to hold such funds for its clients. This also applies to crypto asset service providers, so there is currently more interest in obtaining a licence as a payment services firm or electronic money institution as under the rules for these types of firms the funds held do not qualify as repayable funds under the CRD IV.

When will the CRD VI take effect?
The new requirements for the authorisation of TCBs will apply from 11 January 2027 onwards.

This means that non-EEA entities will need to be satisfied that they can either rely on one of the exemptions in Article 21c of CRD VI listed above in order to commence and/or continue to provide cross-border banking services in a Member State, or they will need to be authorised on that date. At this point, the new reporting requirements on TCBs and their head offices will already have been in force for one year, starting from 11 January 2026.

What should non-EEA entities do now?

1. Review global cross-border banking business model
   Non-EEA entities will need to review their existing global cross-border banking business model in order to determine which product and business lines are in scope of the new restrictions under CRD VI.
   
   The new rules will have a significant impact on the way non-EEA banks currently operate their cross-border lending and trade finance business, so non-EEA firms will need to understand how those new restrictions will impact their current business lines. Non-EEA firms taking deposits or raising debt finance from EEA creditors should also consider how they may be affected by the new restrictions.  
2. Consider whether it is possible to rely on exemptions
   Non-EEA entities in scope should consider whether it is possible to rely on one of the exemptions under Article 21c of CRD VI to enable them to continue or commence business in the EEA. In particular, non-EEA entities should consider whether it is feasible to use the exemptions in a business-as-usual environment, as well as the governance arrangements required to ensure ongoing compliance. From a governance perspective, this might be a feasible option for certain business lines that can, for example, rely on the interbank business exemption under Article 21c of CRD VI.
   
   However, this approach might be more challenging in other cases and, in particular, in the event that one business line intends to rely on multiple different exemptions.   
3. Review current EEA footprint and impact on current cross-border banking business 
   Non-EEA firms with an existing EEA branch network will need to consider whether it is possible to continue with their current business and operating model. There are a few points to note here.
   
   Non-EEA entities with a branch in one Member State will not be able to benefit from the ability to passport into another Member State in relation to those services that are subject to the new restrictions, even though the activity is currently not regulated in the other Member State. 
   
   CRD VI will introduce a number of additional capital and liquidity requirements, internal governance and risk management requirements and requirements in relation to the branch booking model.
4. Establish a third country branch or subsidiary 
   In the event non-EEA entities do not have a third country branch or a subsidiary in the EEA, they will need to consider whether they can rely on one of the exemptions under Article 21c of CRD VI in order to continue to provide their services.  In the event this is not a feasible option, they will need to decide whether they wish to establish a third country branch or, in order to benefit from the passport regime, a subsidiary instead.
   
   In this case, the non-EEA entities will be subject to the control of national authorities and more broadly to that of the competent EEA authorities, whose role will be strengthened by CRD VI in order to enhance supervision.