Section 11 (Loans and other transactions with members of the management body and their related parties) inserted into Title IV should, in our opinion, come into effect from 1 January 2022 onwards. This would give the institutions enough time to implement the provisions and obviate the need for intra-financial year changes.
The requirement in para. 24 to take into account ESG risks when setting, approving and overseeing the implementation of all the aspects listed in para. 23 by the management body to ensure a sustainable business model goes too far.
We consider a singling out of ESG risks problematic. The importance of appropriate consideration of ESG risks to ensure a sustainable business model is indeed undisputed. However, they do not constitute any separate risk category, rather they affect risk categories such as credit risks, operational risks etc. The upcoming discussions on the mandate for the EBA pursuant to Art. 98 (8) CRD V should not be pre-empted here.
Detached from the question whether ESG risks should be treated separately, the requirements with reference to the extensive aspects listed in para. 23, which involve the management body’s respon-sibilities, go too far as well. In implementing the aspects in para. 23, it is important here to explicitly take into account the criteria relevance and materiality. It does not appear expedient if all the aspects listed in para. 23 a. to n. ESG or other risks have to be applied without taking into account their rele-vance and materiality. If this paragraph is kept, the following amendments should be made:
“…the management body should aim at ensuring a sustainable business model that takes into account all material risks, (to be deleted: "including environmental, social and governance risks”)".
According to para. 98, institutions should have anti-discrimination policies. Here, the EBA invokes Art. 21 of the EU’s Charter of Fundamental Rights, which includes the general principle of non-discrimination. Neither the Charter of Fundamental Rights nor banking supervisory law (CRD V) stipu-late a legal basis for comprehensive antidiscrimination guidelines. European non-discrimination regu-lations have already been transposed into national law (e.g., in Germany by means of the Allgemeine Gleichbehandlungsgesetz, AGG = General Equal Treatment Act). As part of a proportional implementation, institutions must have leeway how they ensure non-discrimination. It is not necessary for credit institutions to have separate anti-discrimination policies.
In Germany – and very likely also in other EU states moreover, there are already numerous regula-tions re antidiscrimination and women’s advancement. In filling executive board positions, for example, the North Rhine-Westphalian savings banks must observe the provisions of the Landesgleichstellungsgesetzes (LGG = Federal State Equality Act) and section 19(3) of the North Rhine-Westphalian Savings Banks Act. The LGG obliges them to draw up an equality plan and to “audit” the targets laid down in it. In view of this, additional regulations based on European requirements are not necessary.
Para. 98 should at least clarify that gender-equality policies already instituted and based on other regulations will be regarded as policies within the meaning of these guidelines. This would obviate the need for institutions to draw up further internal rules in addition to those required by national and possibly regional law.
According to para. 99, institutions should pursue gender-neutral policies and implement measures that ensure equal opportunity for all genders, including with regard to career perspectives and improve the position of the underrepresented gender in management positions. These goals are understandable. In federal states with a dual board structure, however, the management body of smaller institutions often consists of only two members, which usually occupy these posts over a long period of time. Gender-balanced staffing would mean that one executive board member would always have to be a woman. Application procedures, however, show that women do not always apply for man-agement body positions. In this regard, we would like to point out that that, for merely practical reasons, this objective cannot always be achieved.
We suggest deleting the global term “other transactions”, since this goes over and above the requirements of the CRD. Art. 88 (1) CRD V states merely “that data on loans to members of the management body and their related parties are properly documented and made available to competent authorities upon request”. In para. 40 under “Background and rationale”, only a very general mention is made that also other transactions likewise have the potential to create conflicts of interests.
With regard to the inclusion of “related parties” in the scope of application of the regulations, there is, in the GBIC’s assessment, an unresolvable conflict with legal data protection requirements. A mandatory notification from a circle of related parties enlarged by parents and grown-up children pre-sumes that there is in fact legal authority for the legally-binding collection of data by a member of the management body, otherwise the management-body member/institution bears the objective risk that relevant data – e.g., from his/her majority-aged children or parents – cannot be obtained in their entirety. From a purely factual standpoint, this then raises the question whether a nearly complete establishment and ongoing updating of the shareholding/ownership structure of each institution is even possible. Reservations arise, moreover, with regard to the principle of data protection proportionality (ability to comply with the principles and conditions of the GDPR), since the enlarged circle for data gathering extends deep into the familial sphere and the right to informational self-determination of the relatives concerned.
There is no legal basis for EBA guidelines to prescribe arm’s length conditions for private agreements on a generalised basis. The wording in para. 107 should be clarified as follows:
“Such a framework should include limits for loans and transactions (e.g. per product type) and ensure that either they are conducted at arm’s length or deviations are made transparent.”
In the draft guidelines it is still unclear where the EUR 200 000 threshold in para. 112 g. and para. 113 comes from and whether the institutions are expected to put this amount on the same level with “material” within the meaning of the other paras. in section 11. From the public hearing on 1 October 2020, we learned that this threshold stems from supervisory practice and should be relevant only in relation to documentation requirements. In the view of the GBIC, however, a fixed threshold is not expedient, since with regard to proportionality criteria, the applicable classifications are made by each institution on an individual basis. We propose deleting this; at least there should be additional explanations or clarifications.
The requirement in para. 115 should be entirely deleted. Neither the CRD nor the CRR include any legal basis for reporting to the shareholders or owners of an institution. The provisions of the Shareholder Rights Directive mentioned in the public Hearing is obligatory only for stock exchange listed companies. Many, if not most, credit institutions in the EU operate under a different legal form, how-ever. A broadening of the requirement to all institutions is not justified. Art. 9c of directive 2007/36/EC, moreover, refers only to significant transactions and allows various exemptions/derogations.
Further, the requirement for such an aggregated reporting is not understandable as regards content, since the extent of such transactions at most institutions is likely to be insignificant, and possible con-flicts of interest are managed in an appropriate manner.
Paras. 106 and 126 require that in an institution, actual and potential conflicts of interest be appropriately assessed and managed. How each conflict of interest is dealt with must be documented. In order to avoid excessive documentation requirements in the future, it is in our opinion necessary to exempt insignificant conflicts of interest here. This could be clarified as follows:
106 “ ...If a notable conflict of interest is identified ...”
126 “When mitigating identified notable conflicts of interests ...”
Risk-mitigation measures in relation to operational and reputational risks arising from ML/TF risks are not necessary for all institutions, since these are strongly predicated by the type and complexity of individual business activities. This should be clarified as follows:
“... and take mitigating measures to reduce those risks as well as, where relevant, their operational and reputational risks linked to them. ...”
Compliance with regulations to prevent money laundering and financing terrorism should be ensured through adequate and effective internal management structures and appropriate control mecha-nisms. For this, banks could also institute an AML/CFT committee. Money laundering risks should be taken into account in new-product processes too.
The provisions are already the subject of European supervisory regulations/circulars and are thus su-perfluous.