ESMA provides implementing rules for MiFID II & MiFIR

On 19 December 2014, the European Securities and Markets
Authority (ESMA) published its final technical advice (TA) and
launched a consultation on its draft regulatory technical and
implementing standards (RTS/ ITS) regarding the implementation of
the Markets in Financial Instruments Directive (MiFID II) and
Regulation (MiFIR).
With a total of 2,069 pages to read and almost 250 questions to
answer, market participants have some work ahead of them in order
to provide feedback to ESMA by 2 March 2015. The current draft
standards are a result of a previous consultation round in 2014 and
show that the regulator has, in part, listened to industry concerns.
What’s next?
The TA is now finalised following extensive consultations with
stakeholders and has been sent to the European Commission.
ESMA’s draft RTS/ITS, already consulted upon, are open for public
comment until 2 March 2015. In addition, an open hearing will be
held in Paris on 19 February 2015.
ESMA will use the input received from the consultations to finalise
its draft RTS, which will be sent for endorsement to the European
Commission by mid-2015, its ITS by January 2016. MiFID II/ MiFIR
and its implementing measures will be applicable from 3 January
ESMA provides implementing rules for MiFID II &
BCBS 261 – Possible timeline revision for margin
requirements for uncleared derivatives
EMIR – Amended draft RTS on the clearing
EMIR – Feedback statement of ESMA on the
clearing obligation for Non-Deliverable Forwards
T2S – CSDs and central banks of migration wave 1
started multilateral interoperability testing
CSDR – ESMA published consultation papers and
provides 18 month respite to CSDR discipline
BCBS consultation on outstanding issues in the
Fundamental Review of the Trading Book (FRTB)
IT-outsourcing, governance and accounting
New IDW exposure draft for accounting principles
for property valuation
Results of the comprehensive assessment in
PROTECTION LAWS – complaints by German
supervisory authorities
Market participants are now required to provide feedback to ESMA
on the ongoing consultation in a very short timeframe. We
recommend that institutions align with other banks (e.g. via existing
banking associations) to get a clear message across to the regulator
and distribute the workload among members of such associations.
Please find ESMA’s Technical Advice (TA) to the Commission on
MiFID II and MiFIR here.
Please find the consultation documents regarding ESMA’s MIFID II
RTS/ITS here.
The size of this newsletter’s means that we can’t detail all the
relevant aspects out of the current RTS/ITS but let’s have a look at a
few highlights:
 On the definition of “independent advice” ESMA has
somewhat watered down its original proposal, that a firm must
advise on a "substantial" number of financial instruments
available in the market before they can claim to be
independent – the new wording is "adequately representative".
 Transaction reporting under MiFID II sees a host of new and
changed fields, e.g. the buy/sell indicator fields and
counterparty and client fields will be replaced by a buyer field
and a seller field and a new "matched principal capacity" field
will be required, alongside principal and agent. Those of our
readers who have been involved in EMIR trade reporting can
imagine the herculean task ahead.
 MiFID II proposes new rules that apply to investment firms to
ensure that remuneration requirements do not create
unnecessary conflict. ESMA proposes that they should apply
to "relevant persons who can have a material impact" on the
"investment and ancillary services" or "corporate behaviour" of
a firm. This will require market participants to overhaul
remuneration schemes as well as firm-wide policies.
 The post-trade transparency requirement for equities is
currently three minutes (and, as part of the MiFID II reviews,
this will be reduced to one minute). For non-equity products,
the proposal is that this period be 15 minutes for the first three
years following the entry into force of MiFID II, and five
minutes thereafter. This will surely put a huge strain on
existing IT systems within banks.
 Third-country access remains a thorny issue with non-EU firms
required to register with ESMA to provide products and
services in the EU, but only if their home regulations are
deemed equivalent to those of MiFID II / MiFIR. Although,
under ESMA’s proposals, only factual information needs to be
provided by the non-EU firm, we think there is a risk of running
into another lengthy cross-jurisdictional substituted
compliance issue.
Overall, we urge market participants to get acquainted with the
consultation papers and start deducing the impact on their
respective organizations and get a programme set up. 700 days to go
and counting…
Steven Maijoor, who chairs the European Securities and Markets
Authority (ESMA), spoke to journalists and stated that they are
hoping to agree to a revised timeline for the adoption of regulations,
which predominantly address the margining processes around
uncleared OTC derivatives. This timeline revision was brought about
by resistance from within the global banking community. ESMA is
the first regulator to break ground by publicly stating that a timeline
revision is possible for Margin Requirements for Uncleared
The current documentation identifies December 2015 as the go live
date for the regulation, which impacts both existing variation
margining and imposes new initial margin requirements.
It has been reported that a number of regulators are in discussions
with IOSCO to agree a new timeline, however, it is unclear what the
implications of this may be. ISDA has previously hinted at a ‘softstart’ approach which builds up to full collateralisation by:
 Moving to an April annual date to navigate year-end code
 Phasing in revised variation margin agreements to cover the
same relationships as those required for initial margin
 A gradual approach to initial margin first by issuing trade
populations, sensitivities and initial margin numbers (SBA
model) on a monthly basis from April 2016, moving to weekly
frequency from November 2016 then to the full margining
process from April 2017 (following the designated tiers for
Whether this suggestion is adopted, a delay to the regulation is
chosen, the regulatory burden is lightened or some other option is
selected, remains to be seen. However, this will be welcomed by
the market given the significant amount of work that is required,
especially within Risk, Operations, IT and Legal departments, in
order to meet the regulation.
Until this view has been ratified, the 1 December 2015 date should
still be the date for delivery of a working solution.
 Category 3: FCs and AIFs not belonging to Category 1 or 2
On 18 December 2014 the European Commission sent a letter to the
European Securities and Markets Authority (ESMA) saying that it
had received the draft Regulatory Technical Standards (RTS) on the
clearing obligation for Interest Rate Swaps (IRS) on the 1st of
October 2014 and that they decided to endorse, with amendments,
these draft RTS.
On 29 January 2015 the ESMA published an opinion on the letter
from the European Commission concerning the draft RTS on the
clearing obligation for IRS. This opinion was submitted within the six
week period after receiving the letter from the European
Commission enabling ESMA to change and amend the draft RTS.
The extension of the initial approach to postpone the start date of
the frontloading obligation is supported by ESMA in order to provide
counterparties with sufficient time to determine whether their
contracts are subject to the frontloading obligation. However,
despite the overall approval of the European Commission’s
objectives, ESMA proposes using a different process to exclude
non-EU intra group transactions from the clearing obligation.
The amended draft RTS differentiates between four categories of
counterparties depending on their activity level in OTC derivatives:
 Category 1: clearing members
 Category 2: financial counterparties (FCs) and alternative
investment funds (AIFs) which belong to a group whose
aggregate month-end average of outstanding gross notional
amount of non-centrally cleared derivatives for three months
after the publication of the RTS in the OJ excluding the month
of publication is above EUR 8 billion
When no objection of the
European Parliament or
Council, publication in OJ
ESMA delivers its formal opinion
with amended draft RTS
18.12.2014: Commission endorses
with amendments
01.10.2014: ESMA sends final Draft RTS to the Commission
Figure 1
 Category 4: non-financial counterparties that do not belong to
Category 1, 2 or 3.
The start of the clearing obligation will be phased-in, based on these
The amended draft RTS further provide that the frontloading
obligation is limited to Category 1 and Category 2. The frontloading
period for Category 1 begins two months after the RTS enter into
force and five months after the entry into force for Category 2.
For Category 1, the clearing obligation for IRS will take effect 6
months after the entry into force of the RTS, i.e. end of 2015. For
Category 2 the effective date will be around mid 2016. However, if
these counterparties intend to avoid the frontloading requirement,
they should start to clear earlier: mid 2015 for Category 1 and end of
Q3 2015 for Category 2.
It is important that counterparties start by analyzing their portfolios
to identify the contracts that are in scope of the clearing obligation.
Based on the results, strategic decisions can be made in regards to
capital optimization, which central clearing counterparties (CCP) to
connect to, how to connect to these CCPs (direct or indirect), how to
handle intragroup transactions, etc.
Please find the opinion of ESMA here.
Please find the letter of the Commission to ESMA here.
Please find the amended technical standard here.
of the first migration wave. With the last software release delivered
for user testing, it is full speed ahead for T2S go–live on 22 June
On 4 February 2015 the European Securities and Markets Authority
(ESMA) published a feedback statement in which it declared not to
propose a clearing obligation on non-deliverable foreign exchange
forwards (NDF) at this stage. This decision was driven by the time
needed to address the comments received on the consultation
paper concerning the clearing obligation for the NDF class issued by
ESMA on 1 October 2014. According to ESMA, the most critical
points of the comments received were:
 The timing for the entry into force of a clearing obligation on
 The fact that only one clearing house offers NDF clearing
 The experience of the counterparties in clearing NDFs
 The international consistency of the implementation schedule
of a clearing obligation on NDFs
This consultation paper was the third on the clearing obligation after
interest rate swaps (IRS) and credit default swaps (CDS) and until
the final deadline of 6 November 2014 38 answers had been
At the end of 2014, ESMA published consultation papers on 1) the
draft technical standards on settlement discipline, CSD
requirements, and internalized settlement; 2) the Draft technical
advice on penalties for settlement fails and on the substantial
importance of a CSD; and 3) the Draft guidelines on the access to
CCPs or trading venues by CSDs
The implementation of a ‘settlement discipline regime’ in Europe is
set to be delayed until the second quarter of 2017.
The industry welcomed ESMA’s announced delay of the
implementation of a settlement discipline regime, as a strict timeline
is creating too many conflicts for the industry in relation to the T2SImplementation running in parallel and additional analysis is still
ESMA is not proposing a clearing obligation for NDFs at this stage;
however this may be the case at a later point in time. Until then, the
counterparties of NDFs clearing may continue to clear these
contracts bilaterally.
Please find the feedback statement of ESMA here.
Early January 2015, the T2S user testing moved one step further: the
central securities depositories (CSDs) and national central banks
(NCBs) of wave 1 started multilateral interoperability testing
activities. Additionally, an important T2S software release was
delivered for user testing in mid-January. As such, the full set of T2S
functionalities foreseen for the go-live date (22 June 2015) is now
Since 1 October 2014 CSDs and NCBs have been involved in bilateral
interoperability testing, where each CSD tests the T2S software in
isolation from the other CSDs and NCBs. In the current phase of
multilateral interoperability testing, each CSD can test settlement
processes in interaction with the other participating CSDs and NCBs
Following the two QIS exercises performed in 2014 on a hypothetical
portfolio and the comprehensive one, the Basel Committee for
Banking Supervision (BCBS) released its last consultative document
to address identified issues in December 2014. Comments are
expected by 20 February 2015. In parallel, another important step is
the follow-up QIS that is conducted over Q1 2015. The final
publication will be made after the analysis of the QIS results.
Implementation details and timelines will still be discussed by the
BCBS and will be communicated prior to the final publication. Major
changes introduced in the current consultation are the following:
Internal Risk Transfer extended to Equity Risk and GIRR
The recognition of Internal Risk Transfers (IRT) as risk mitigators is
extended to Equity Risk and Global Interest Rate Risk (GIRR) (2
options proposed for GIRR). When recognized as hedges, the
internal deal used to transfer risk from the banking book to the
trading book and the external hedge, which must be its exact match,
are not included in the market risk capital requirements.
A revised standardized approach based on sensitivities
Following the unanimous feedbacks from the industry, the
Committee decided to abandon the cash-flow based approach in
favor of a sensitivity-based approach (SBA) for the standardized
method. Tested through the second QIS exercise in 2014, this
method can be implemented at less cost and permits more
granularity in the definition of risk factors. The new method is based
on the simple sum of delta, vega and curvature risk by asset class
plus a requirement for default risk (with specific definitions for nonsecuritizations, securitization non-correlation trading and
correlation trading portfolio). Basis risk has been reconsidered by
changing the 90% disallowance factor method in a correlation
method deemed to be more risk sensitive. It consists of defining a
0.1% basis risk correlation parameter between sensitivities to risk
factors where basis risk is detected. Risk weight and correlations
are provided in the method description.
Incorporating liquidity in the internal model approach
The Expected Shortfall (ES) method using varying liquidity horizons
has been assessed as too costly to implement and its complexity
could lead to a lack of comparability between banks’ models. The
new method introduces approximations based on 10-day shocks
scaled to the prescribed liquidity horizons of risk factors. The
revised framework is comprised of a base ES computation with
shocks over a baseline horizon of T=10 days. Risk factors are then
grouped into subsets of increasing liquidity horizons (LH i) longer
than a certain limit. For each subset, 10-day shock ES is computed
considering shocks to the subset of risk factors only. The ES is then
scaled to the subset liquidity horizon (square root of (LHi - LHi-1)/T).
This is repeated until the largest liquidity horizon is reached. The
final ES is aggregated using the square root of the sum of the square
of all scaled ES and ES computed on all risk factors.
In addition, for the correlated risk factor, a floor liquidity horizon
(minimum of the liquidity horizons) is introduced to cope with
liquidity horizon mismatch for long/short positions on correlated risk
Other technical adjustments
The liquidity horizon for FX rate is reduced for Liquid pairs to 10 days
(20 previously for all rates).
The new consultative documents take into consideration many
comments raised during the second consultative period and
introduces simplifications to both the standard methods and the
internal model. The sensitivity-based approach is deemed less
costly and may leverage existing validated risk infrastructures. The
clarification on the internal model concerning liquidity horizons
scaling aims to reduce model and technical complexity and to cope
with the mismatch of liquidity horizon between long/short correlated
risk factors.
The standard approach remains up to date, despite being mandatory
for all banks and despite the introduction of a floor to the internal
models based on the standard approach. With this simplification, the
FRTB is still a challenging evolution in terms of banks’ risk
management processes and organization.
Please find the BCBS Consultative document here.
Once more the German standard setter for auditing principles, the
Institute of Public Auditors (IDW), has issued a draft for a new
Accounting Principle (ED IDW AcP FAIT 5: “Generally Accepted
Accounting Principles in regard to outsourcing of reporting relevant
services including Cloud Computing”). The scope of this draft is valid
for all industries and frames the requirements for IT-outsourcing and
Cloud Computing for companies (user entities) that are using
accounting relevant sourcing services and for their service
providers. According to the definitions of this draft, IT-outsourcing
includes all accounting-relevant technology aided services,
foremost data center operations, business process outsourcing and
relevant services provided by shared service centers.
Modern business processes of all financial institutions are
nowadays highly dependent on information technology. Therefore a
company’s entire IT-structure has serious direct and indirect
implications for its accounting systems and, due to the nature of its
business, is even more relevant for banks, insurance companies and
leasing firms. To help businesses in the preparation of their financial
statements and to raise awareness of unforeseen risks in that
process, with this draft the IDW clarifiescertain principles and
requirements for the user entity and the service provider to ensure
the reliability and the general validity of the user entity’ss financial
Businesses in general have been trying to achieve competitive
advantages by outsourcing entire business processes as well as
relying on cloud-computing to reduce their IT-costs. Financial
institutions that are suffering from today’s low-interest-rate
environment are focusing on their core competencies and are prone
to outsource non-essential business processes. Banks and leasing
firms commonly outsource IT-functions as well as a wide range of
front-office to back-office functions (i.e. payment processing,
regulatory reporting, workout management) and. more and more
often, entire parts of their financial accounting. Insurance
companies are already picking from a wide array of service
providers for processes as diverse as policy issuance, debit
collections, risk analysis and all the way up to claims management.
All these business processes are technology-aided and fall under
the draft’s definition of IT-outsourcing and therefore its scope of
• Companies are fully liable in all 3 phases of IT-outsourcing (design
stage, implementation stage, operational stage)
• High safety requirements for data and It-systems are a premiss for the
reliability and validity of all information in the financial statements
• Unclear definition of responsibilities
• Interface management
• Change management
• Incomplete or delayed data processing
• Erroneous data transfer
• Compliance with national and international legal requirements
regarding data protection, data exchange and data retention
Implementation provider management function
Clear definition of duties, responsibilities and processes
Interlocking of participants processes
Documentation of all measures in an operations manual
• Compilation of all processes in a comprehensive operations manual
(service provider)
• Access and data protection within the service providers data processes
• Design and implementation of controls
• Input, processing- and output-controls
• Customizing assignments through service provider
• Documentation of all business processes in one central operations
manual for compliance purposes
Figure 2
Every user entity that transfers any IT-supported business process
to a service provider suffers a significant loss of control over the
process as a whole. The draft seeks to minimize this loss of control
and the accompanying exposure to risks.
The ED IDW AcP FAIT 5 demands that all user entities that transfer
any IT-supported business process to a service provider establish a
provider management to monitor the different stages of the IToutsourcing process (design stage, implementation stage and
operational stage), to record all the additional risks contained in the
outsourcing process (security risks, processing risks and
compliance risks) and to gauge its influences on the service
provider’s internal control system.
The design stage of the IT-outsourcing begins with the definition of
the scope of service to be outsourced by the user entity and the
identification and subsequent classification of all associated risks
along the entire workflow. It concludes with a service level
agreement that reflects all of the above.
At the implementation stage of the IT-outsourcing adequate control
mechanisms and appropriate measures are determined between the
user entity and the service provider to ensure the consistency of the
process and the service provider’s adherence to the agreement. The
service provider shall be required to install a service related internal
control system to measure the agreed KPI´s. The user entity, in turn,
expands its internal control system to include these external
controls and determines measures to verify that these controls are
carried out in an effective way. These control measures shall be
carried out on any level of the service provider’s business
infrastructure or IT-Application that is being used for the delivery of
the service. According to ED IDW AcP FAIT 5, all these processes,
interfaces and responsibilities are to be documented in an operating
manual without exception. This operational manual shall further
include all IT-related processes under normal as well as emergency
During the operational stage the user entity needs to monitor and
incorporate the service provider’s internal control system into its
own internal control system. Thereby safeguarding all information
used in the preparation of its financial statements.
The IDW requires all user entities to implement a full scale control
system for its IT-Outsourcing that covers, in all detail, every
interface, every process step and all transferred responsibilities and
to document all these measures without any gap in a stand-alone
operating manual. These requirements once more emphasize the
importance of an integrated control system for banks, leasing firms
and insurance companies that are using sourcing services.
As cited by the market researcher Gartner in its study “Cloud Heat
Map in Banking, 2015“, the global Banking industry has been
ramping up its investment in the development of digital products and
services which rely more and more on cloud-applications. Apart
from these applications, IT-outsourcing in general falls in the scope
of the new ED IDW AcP FAIT 5 on IT-outsourcing and requires that
banks do not take the risks involved in cloud-computing lightly,
better they start a diligent assessment of the wide-ranging
implications for their accountancy’s compliance sooner than later.
The final challenge for the banks will be to write the requested
operating manual in an audit-proof way.
The above mentioned challenges might sound familiar to banks that
are already struggling to comply with the demands of BCBS 239 by
the Basel Committee on Banking Supervision. Its 14 principles for
effective risk data aggregation and reporting are also applicable to
processes that have been outsourced to third parties.
Insurance companies that have already been outsourcing many
processes will also need to heed the IDW´s draft and meet its
regulatory requirements by overhauling existing SLA´s and crafting
new operating manuals. Furthermore, insurers are currently
discussing several issues regarding outsourcing in the context of
the transformation of the European Solvency II directive into
national law. The new IDW standard will surely help this
implementation process along by answering a lot of the open
questions about the scope and definition of outsourcing and their
answers. To ensure their ability to meet their long-term obligations
in the current macroeconomic environment of low interest rates,
insurance companies increasingly invest in property.
• Land and buildings are measured and accounted for as separate assets
in financial statements
• The purchase-price of property is split into land and bulding in
proportion of their open market value
• At each balance sheet date, land and buildings are to be checked
seperately for impairment
• Buildings for permant use
• Buildings for demolition
• Buildings for sale
On 7 July 2014 the Institute of Public Auditors in Germany (IDW)
published a draft for a new Accounting Principle (ED IDW AcP IFA 2:
“Valuation of properties (fixed assets) in financial statements”). The
draft’s objective is to establish how the principles of valuation for
property (IDW S 10) are reflected in the valuation for the annual
financial statement in accordance with the German accounting
principles (Handelsgesetzbuch; HGB). Moreover, this draft also has
an impact on financial statements published in accordance with
IFRS. The current European Accounting Directive that forms the
basis for the German accounting principles has been in an ongoing
process of harmonization with the IFRS. Thus, the new standards
laid out by IDW ERS IFA 2 are important for all European banks,
insurance companies and leasing firms that prepare their financial
statements in accordance with IFRS.
According to the German accounting principles, assets have to be
valued at every balance sheet date. In respect of fixed assets (such
as property), impairments shall be made, so that they are valued at
the lower figure to be attributed to them at the balance sheet date
(“attributable value”) if it is expected that the reduction in their
value will be permanent.
In practice, the following questions usually arise: How is the
“attributable value” for fixed asset property defined? Are land and
buildings valued separately? How to calculate this impairment?
Answers to these questions are provided by the draft under
discussion, the ED IDW AcP IFA 2.
Accounting for risks and losses due to property holdings is
important for the financial statements of banks as well as insurance
companies and leasing firms. Banks, who own property on their
proper accounts as well as due to salvage acquisitions, tend to be
exposed to these uncertainties only for a confined period of time
whereas the business model of insurance companies covers a much
greater time span and thereby highlights the importance of the
• Intersubjecitve verifiable value
• Subjective value
• Separately measured from land
• Measured according to the subjective value
• ‘Attributable value’ for rented buildings corresponds to the ‘capitalised
earnings value’
• Separately measured from land
• Measured according to the intersubjective verifiable value
• Buildings and land are measured and accounted for as one unit
• Measured according to the intersubjective verifiable value
• ‘Attributable value’ is derived from the seller‘s market
Figure 3
The current ED IDW AcP IFA 2 summarizes and emphasizes certain
principles regarding property valuation already published in other
IDW Accounting Principles. In particular, the draft clarifies the
statement expressed in the IDW AcP WFA 1, that for the purpose of
financial reporting and subsequent valuation, land and buildings
have to be recorded and measured as two separate assets.
Consequently, increases in land value are not allowed to be set off
against depreciations of buildings.
Moreover, the ED IDW AcP IFA 2 points out that for the purpose of
financial reporting the “attributable value” for property shall be
defined according to the guidelines published in the standard IDW S
10 “Principles for the Valuation of Property”. IDW S 10 distinguishes
two definitions for the “attributable value” - an intersubjective value
(owner-perspective or potential buyer-perspective) and a subjective
value (concrete buyer-perspective).
In this framework, the ED IDW AcP IFA 2 defines three categories of
buildings and their valuation approaches (not applicable to land):
buildings for permanent use, buildings which are subject to
demolition and those that are held for sale. The “attributable value”
for buildings for permanent use shall be determined according to the
subjective approach. In this case, ED IDW AcP IFA 2 clarifies that
the “attributed value” for rented buildings, is the subjective value
and shall be calculated according to the “capitalized earnings
value” approach. In case of owner-occupied buildings, the
calculation of the “attributable value” can be made using a
replacement costs- approach. For the second and third category of
buildings (demolition-buildings and buildings for sale), the
“attributable value” is determined according to the intersubjective
verifiable value. Except for buildings held for sale, the “attributable
value” for buildings and land is always determined separately.
Apart from the above-mentioned clarifications, ED IDW AcP IFA 2
only needs to be taken into account when property is permanently
reduced in value. According to the draft a permanent reduction in
value exists when at the balance sheet date the “attributed value” is
significantly below its book value and when this decline in value is
considered not to be of temporary nature (i.e. three to five years).
For property with a remaining life of more than 50 years, the draft
extends this period up to ten years.
Information about impairments for property determined in
accordance with the guidelines in the ED IDW AcP IFA 2 has to
correspond with associated information about property published in
the financial reporting. This applies in particular to insurance
companies. Due to industry-specific accounting and reporting
standards, insurance companies have to provide further information
about investments in property such as the market value (published
in the disclosures) and imputed rent expenses or imputed rent
income for owner-occupied property (published in the p&l).
Information about the imputed rent income and expenses are only
for informational purposes because both figures correspond to each
other (i.e. there is no net effect) and the information facilitates a
comparison of imputed rent income/expenses across the insurance
External auditors and therefore banks, insurance companies and
leasing firms will have to comply with the requirements of the draft
during the preparation of the annual financial statements.
Furthermore, banks, insurance companies and leasing firms will
have to analyze the impact of ED IDW AcP IFA 2 on the valuation of
their fixed asset property. They will have to ensure that the valuation
of rented property at the balance sheet date is based on a
“capitalized earnings value”-approach.
Additionally, banks, insurance companies and leasing firms will
have to assess if the new principles will lead to differences between
the carrying amounts for property according to German accounting
principles and IFRS. In this case, these differences have to be
separately considered in all reconciliation or reports. In case of
differing carrying amounts for property according to the German
accounting principles/IFRS and tax law entities will have to
calculate deferred taxes.
In preparation for assuming banking supervision tasks in November
2014, the European Central Bank (ECB) conducted a comprehensive
assessment to check the financial health of 130 banks in the euro
area, including 25 banks from Germany. This exercise combined an
Asset Quality Review (AQR) with a macroeconomic stress test. In
the first step, the accuracy of the carrying value of banks’ assets as
of December 31 2013 was reviewed on a point-in-time assessment.
For this task banks were required to have a minimum Common
Equity Tier 1 (CET 1) ratio of 8%, due to the Capital Requirements
Regulation and Directive (CRR/CRD IV). In the second step, the
resilience of banks’ solvency to adverse economic conditions was
assessed, taking into account the findings of the AQR. The required
minimum CET 1 ratio was 8% for the baseline scenario and 5.5% for
the adverse scenario.
The Comprehensive Assessment revealed that German banks are
healthy with respect to capital endowment and accounting rules.
The AQR resulted in a reduction in aggregated CET1 ratio of only
0.27 percentage points to 12.86%. This decline was primarily driven
by supervisory assumptions that were much stricter than national
accounting rules. After considering the AQR results, the stress test
led to a decline of the average CET 1 ratio in the baseline scenario
by 0.36 percentage points to 12,50% and in the adverse scenario by
3.76 percentage points to 9,10%. Both ratios are well above the
corresponding thresholds of 5.5% for the adverse scenario and 8%
for the baseline scenario, respectively, showing the good financial
situation of German systemically important banks. Only a German
mortgage bank revealed CET 1 capital gap of €229 million. The
graphic below illustrates these results. However, because the
reference date for the assessment was 31 December 2013 and that
mortgage bank carried out a capital increase of €408 million during
January and September 2014, all 25 German banks passed the stress
test. After considering all capital increases of the German banks
during 2014, the average CET 1 ratio for the adverse scenario raises
to 9.94% showing that these banks are well capitalized even under
tough economic conditions.
Although the average and median values of CET 1 capital ratios are
well above the thresholds, they show a wide spread. In the baseline
scenario, CET 1 ratios range from 5.81% to 33.76%. For the adverse
scenario the ratios range from 2.93% to 31.47%. Furthermore, the
exercise showed that 20 of 25 participating German banks are
already able to meet forthcoming Basel III targets. These targets
cover an adjustment in the calculation of CET 1 capital ratio (“fully
loaded Basel III ratio”), which has to be applied from 2024 on, as
well as a leverage ratio of at least 3%, applying in 2018.
Although the Comprehensive Assessment revealed that German
banks are well endowed with capital to withstand even severe
economic turmoil, they are only average compared with other
participating European banks. According to the Assessment,
German banks are required to make an effort to improve their capital
position as well as their profitability to keep up with their
competitors across the European Union and the rest of the world.
The evaluation of operating profits under the different scenarios
compared with other participating institutions in particular shows
that German banks fall behind their competitors. So, German banks
will have to focus on both, meeting regulatory targets and trying to
keep up with their competitors.
The company itself is responsible for verifying that the conditions
cited to justify processing in each case are fulfilled. Banks are
subject to even more stringent verification requirements, since they
must comply with banking secrecy law. This requires them to
maintain secrecy regarding any circumstances that relate to
existing business relationships with customers in case they have
become privy to those data. Interests of the financial institution that
are to be protected rarely legitimise a breach of the banking secrecy
obligation. Customers' interests in maintaining the confidentiality of
their data is deemed to be more important than the commercial
interests of the bank.
Supervision of data processing
Efficient data protection cannot be ensured merely by the imposition
on companies of a legal obligation to comply with the prescribed
prohibitions and laws. This is why both internal and external, state
supervisory authorities monitor the data processing activities and
work toward ensuring their legality. The scope of the powers of
these institutions varies. The state authorities have strong
intervention rights and sanctioning options at their disposal in the
event of data privacy breaches.
To reach these two goals, German banks should adapt to the
potential risks arising from the stress test and be able to react to
possible shortfalls induced by severe economic turbulence.
Furthermore, these institutions should keep on improving their risk
situation as well as their risk management framework to meet
regulatory requirements, on the one hand, and operate more
efficiently on the other.
Please find all values for the German banks here, and the
European-wide values here.
Limiting corporate data processing by means of data protection laws
Like other companies, when dealing with personal customer data,
financial service providers must comply with the rules of applicable
data protection legislation. These rules are found in numerous
general and specialised laws, among which the German Federal
Data Protection Act (Bundesdatenschutzgesetz BDSG) plays a
central role. All of the aforementioned rules and regulations are
based on the principle of “prohibition with reservation of
authorisation”. Pursuant to this, the processing and use of personal
data is strictly prohibited and permitted only if the company can
invoke an authorising provision. Such legitimising circumstances
primarily include the data subject's consent to the processing of his
data, and – alternatively – the necessity of the processing in order to
safeguard business interests that are worthy of protection.
Data Protection
Ensuring compliance with data
protection provisions; right to
complain and report directly to
the Board of Directors; no
instruction authority
Compliance Officer
General obligation to notify the
Board of Directors in the event
of irregularities (not restricted
to data protection)
Data Protection
Supervisory Autorities
of the Federal States
of Germany
Comprehensive investigation
powers; right of access to the
premises at any time; power of
injunction – including to
impose fines; power to prohibit
data processing operations
Figure 4
Complaints by supervisory authorities - 3 current case studies
Case 1: Unauthorised use of account transaction data by a bank
The case: Before addressing customers of a bank in order to sell
them certain financial products, the consultants of a subsidiary of
the bank were asked to “prepare” these customers. There was a
checklist indicating the data of the subsidiary’s employees that was
to be retrieved from the bank's database for this purpose. This
included current account transactions for the last 100 days,
particularly credit items, insurance contributions, tax refunds and
transfers to other banks.
Reaction of the supervisory authority (a State Commissioner for Data
Protection): The bank was fined € 120,000. Reason: Current account
transaction data is not permitted to be used for marketing purposes
– neither by the financial institution itself, nor by marketing
companies or freelance sales representatives.
of savings deposit – had already been entered. The financial adviser
had received the bank customer’s account information from a
financial advisory firm for which he was working. The financial
advisory firm, in turn, was a subsidiary of the bank holding the
account and had taken on the task of financial marketing.
Reaction of the supervisory authority (a Data Protection Officer): A
fine was imposed on the bank. Reason: Breach of the banking
secrecy obligation and, thus, also of the admissibility provisions of
the Data Protection Act. There was no legal basis for the use of the
account data for marketing purposes by the independent financial
Case 2: Transfer of data to an external management consultant
The case: : A credit institution had commissioned an external
management consultant to investigate ways of optimizing business
structures and processes in private and business customer sales.
To this end, the institute set up a special drive in its IT system for the
consultant and accorded him access rights to it. Thus, he was able
to access at any time the data of a large number of customers over
a period of several months. This included information on credit
limits, credit utilization, overdraft amount and duration, credit
balance and asset amounts and security account transactions. The
consultant had, however, not used this facility because he did not
need the data for his work.
Reaction of the supervisory authority (a State Office for Data
Protection Supervision): A fine was imposed on the bank. Reason:
When calling in a management consultant, it must be ensured that
he will be able to access the company’s personal data only to the
extent absolutely necessary for the fulfilment of his mandate. The
concession of further data access rights is inadmissible –
regardless of whether such data was actually accessed by the
management consultant.
Case 3: Disclosure of account information to independent financial
The case: An independent financial adviser wrote to the customer of
a bank in order to sell him a product. The letter included a
completed “termination of a savings deposit” form in which all the
data – name, address, date of birth, bank account number, amount
If you would like to find out more about Capco’s Regulatory expertise around the subject areas discussed within this article or if you have any other questions
related to our Regulatory Monitoring Newsletter, please contact the Regulatory Monitoring team: [email protected]
© 2015 The Capital Markets Company NV. All rights reserved
The information conveyed in this message is the personal conviction of the author only. Whilst effort is applied to source timely and accurate information it cannot be warranted to always
be correct or complete and should not be construed as any form of advice for financial trading decisions or as any form of tax or legal advice, nor should it be interpreted as representing
any official opinion of the Capco group. Readers may not publish, license, sell, transfer, modify, copy, display or distribute any portion of the material in this document