The German Banking Industry Committee - Coordinator: National Association of German Cooperative Banks

Art. 2 – Managerial responsibility:
In connection with the existing Regulation (EU) No 604/2014, the EBA clearly communicated that the identification as a risk taker should not depend solely on the organisational/hierarchical position of a function holder. If the function holder only bears the “corporate title” mentioned in the Regu-lation but does not possess the requisite decision-making powers or responsibilities that would have a relevant impact on the institution’s risk profile, this function holder cannot be identified as a risk taker (see the EBA’s explanatory notes on the final draft of the Regulation dated 16 December 2013, EBA/RTS/2013/11, no 4.1 A. 19).
This proviso has also been expressed repeatedly in the present RTS draft. For instance, para-graphs 3 to 6 of Article 6 provide that the identification as a risk taker in accordance with the quali-tative criteria listed in this provision would only be contemplated if the staff member had the rele-vant decision-making powers.

However, the definition of “managerial responsibility” in Article 2 does not include this require-ment. In fact, the case group listed under letter a. fails to clearly state that heading a business unit or exercising a control function must be associated with actual responsibilities and decision-making powers that could potentially have a relevant impact on the institution’s risk profile. This applies even more so to the category of staff members added under Article 2 letter b., who only head a subordinated unit.

The relevant risk taker can only be the person who ultimately decides whether or not a risk will be taken. A different approach would only apply if the decision-maker was unable to form an inde-pendent risk opinion due to a lack of specific professional or methodological competence. In this case, the staff member on the next lower level of the chain of command who has voted in favour of the decision, and who possesses the requisite professional competence, may possibly be deemed to be the risk taker. As a rule, identification as a risk taker always requires, as a precondi-tion, that the staff member is authorised to make risk-relevant decisions to this effect. This is not the case if someone on a higher level in the chain of command (e.g. the management body) is re-sponsible for any such decisions, while the function holder is only tasked with the proper imple-mentation of decisions made by someone else.

Moreover, Article 1 paragraph 1 of the RTS clearly states and prescribes that a material impact on an institution’s risk profile is always a mandatory criterion. No such impact exists if the function holder does not make any relevant independent decisions at all. The explanatory notes for the RTS indicate that the EBA is proceeding on the assumption that a certain hierarchical position as such also comes with a certain set of responsibilities (p. 20, no 12). However, this is often not the case in the professional practice of small and non-complex institutions, as the members of the man-agement body retain ultimate responsibility for risk-relevant decisions. Oftentimes, in small and non-complex institutions, any important decisions, including those with risk relevance, are exclu-sively prepared and taken at management body level. As a consequence of divisional heads in key functions being included, even large institutions often identify staff members who are only respon-sible for the proper implementation of management body decisions but not for the actual underly-ing decision. In these cases, the classification as risk taker is already flawed in substance. To this extent, the EBA’s assumption that, apart from the “members of the management body”, the “sen-ior management” and the “head of control functions” always possess the responsibilities and deci-sion-making powers required to take relevant risks on behalf of the institution (p. 26, no 6) is mis-taken.
Against this backdrop, the definition of “managerial responsibility” in Article 2, which in both case groups only relates to a certain position within the institution, is too broad. This necessitates an amendment that includes the requisite responsibilities and decision-making powers as an addi-tional criterion along with the criterion of being a function holder. This could be effected along the same lines as the requirements for decision-making powers stipulated in Article 6 paragraphs 3 to 6.

Furthermore, the term “subordinated unit” in Article 2 letter b. should be defined in greater detail. It is unclear how many hierarchical levels below the management body level could potentially fall within this case group. Similarly, the relationship between “subordinated unit” and “business unit” as well as “material business unit” appears to require further explanation.

Overall, it is quite apparent that, depending on the viewpoint, the qualitative criteria have markedly increased, compared to the regulatory standards currently in force.
Thus far, Article 3(4) to (8) of Regulation (EU) No 604/2014 required that the heads of material business units and those of control functions, the risk managers of material business units and senior staff who report directly to these heads be identified. As far as special functions are con-cerned, only the heads of the relevant units were defined as risk takers (Article 3(9) of Regulation (EU) No 604/2014). In many institutions, the heads of these units are either part of the manage-ment body or part of senior management (in most cases, the level directly below the management body).
The proposed new definition could also be read to mean that staff members who report to senior management (often two levels below the management body) and staff members who report to those staff members (often three levels below the management body) are also included. This would be the case if they worked in the business units, control units or special functions men-tioned in Article 2 letter b. As the definition of material business units is also being significantly ex-panded (see explanations regarding Article 4), this regularly results in the number of staff mem-bers needing to be identified multiplying. In these cases, however, the lower management level would generally not have any material impact on the risk profile of the relevant institution. This ap-pears to necessitate clarification.
A restriction to the heads of the aforementioned units (provided they report to the management body or a member of the management body, i.e. deletion of any reference to the reporting lines to senior management) and to material business units as well as control units (and perhaps to the subordinated management level) would be more in line with the existing qualitative criteria.

Art. 3 – Control function:
The term “control function” is inherently expanded, compared to the current version, as the risk management function, the compliance function and the internal audit function are no longer the only functions included (“not limited to”). This broad interpretation cannot be inferred from Arti-cle 92 CRD V. Moreover, it results in uncertainties in terms of differentiation and greater uncertain-ty as to the application of the law. To ensure the comparability between the institutions also in fu-ture, the current definition (restriction to the three functions mentioned above, which are also mentioned as such in other EBA Guidelines) of the control function should be retained.

In accordance with the mandate embodied in the CRD V, the EBA has developed definitions for terms such as “managerial responsibility”, “control functions” and “material business unit”. How-ever, in our view, these definitions do not provide for precise differentiation. To this extent, not on-ly do they fail to aid users of the law but they are in fact open to – and even require – interpreta-tion. Occasionally, this will significantly increase the institutions’ input into any review and explana-tory measures. For this reason, it would be advisable to refrain from including the above definitions.

Art. 4 – Material business unit:
The current version fails to clearly specify the standards on which an institution’s assessment un-der Article 4 letter a., second option, should be based. To the extent that internal capital is not al-located, criteria for the determination of responsibility for a “material” business unit must be add-ed in any case, and such criteria must express a comparable effect on the risk profile as the 2% specified in Article 4 letter a, first option. Where banks directly allocate capital to individual busi-ness units, this is in any case a more explicit criterion. The second alternative of Article 4 letter a should therefore be restricted to banks that do not make any such allocation.

Moreover, it remains unclear what exactly constitutes a “business unit”. This results in significant uncertainties in practice. For instance, the German version of the CRR uses the same term (Geschäftsbereich) in both the provisions of Article 142(1) no 3 CRR and Article 450(1) letter g CRR. This would suggest that “retail banking”, “asset management” and “investment banking” would have to be identified as “business units”. Such business units would be material if they reached the capital threshold in accordance with the current RTS. We therefore respectfully request that an appropri-ate definition be included.

For clarification purposes it would be desirable if “material business units” did not have to be iden-tified under both letters a. and b. but solely in accordance with one of the criteria.

With regard to Article 4 letter b., the reference to a core business line as defined in Directive 2014/59/EU is too broad. This applies in particular against the background of Article 7 paragraph 2 letter a., which provides that the actual position and decision-making powers in a core business line as such preclude any rebuttal of an identification based on quantitative criteria under paragraph 2 letter a.
To Articel 5:
It is unclear why the insertion of Article 5 is necessary at all. The introductory sentence suggests that the insertion is intended to assist in the implementation of Article 92(3) letter c (ii) CRD V. However, this is presumably the function of Article 6, whose specific function is to delineate cases that have a material impact. The insertion of the additional and highly discretionary provision of Ar-ticle 5, which also requires interpretation, therefore appears to be unnecessary. This provision would significantly increase the overall complexity for institutions and counteract the original ob-jective of the RTS, i.e. improved comparability between companies. We therefore respectfully request the deletion of Article 5.

To Article 6:
Contrary to what question 4 suggests, nos 1) and 2) at least are no longer comparable to the RTS currently in force. Thus far, the heads had to be identified in accordance with these criteria. Now, however, it is intended that these criteria be expanded to also include staff members with “mana-gerial responsibility”. This expansion appears to be unnecessary.

The responsibilities listed in paragraph 1 letters a to i should only result in an identification as risk taker if the respective staff member is authorised to independently make the relevant decisions. Also, the EBA’s explanations on p. 20 would suggest that the hierarchical position within the institu-tion cannot be viewed without taking the associated responsibilities and reporting lines into con-sideration. As already stated above, the definition of “managerial responsibility” in Article 2 is too broad if this provision does not, at the same time, stipulate the decision-making authority that is necessarily linked to the function as a mandatory requirement for the identification as a risk taker.
As an alternative to amending the definition in Article 2 (see above), the criteria in Article 6 para-graph 1 letters a to i could be expanded by including further requirements regarding the requisite managerial responsibility or decision-making powers that would warrant the identification as a risk taker. This would dovetail the structure of the other qualitative criteria, which focus on the relevant decision-making authority in any case.

Pursuant to Article 94(2) sentence 3 CRD V, the RTS are intended to set forth criteria for the identi-fication of those risk takers who, while not being mentioned in Article 92(3) CRD V, pursue profes-sional activities that have an impact on the institution’s risk profile that is comparable in its materi-ality to the impact of the other categories of staff mentioned therein. To date, Article 3 (Qualitative criteria) of the Delegated Regulation (EU) No 604/2014 makes mention of the members of the management body and the staff members responsible and accountable for material business units, which are now also being mentioned in Article 92(3) letters a and b CRD V. In view of the control functions being mentioned in Article 92(3) letter b CRD V, the new RTS draft focuses on these control functions in its amendment of the qualitative criteria in Article 6. For instance, let-ters e and i of the amended Article 6 paragraph 1 explicitly mention the staff member responsible for the prevention of money laundering and the control function for managing outsourcing ar-rangements.
There is no need to expand the obligation to identify risk takers to these staff categories. With re-gard to the managing of outsourcing arrangements, the probability of unfavourable developments transpiring in the future, and their impact, has already been taken into account to a sufficient de-gree by the existing provisions. In other words: if a staff member has not yet been identified as a risk taker on the basis of the existing provisions containing qualitative or quantitative criteria (e.g. Art. 3(6)-(8) of the Delegated Regulation (EU) No 604/2014), then the impact of that staff member on the risk profile is not material.

The same applies in respect of the anti-money laundering officer. Insofar as the anti-money laun-dering officer is to be classified as a risk taker, this potentially conflicts with national law, at least in Germany. In accordance with section 25a (5a) of the German Banking Act (Kreditwesengesetz, “KWG”), significant institutions (bedeutende Institute) can terminate risk takers more easily, pro-vided that their salary exceeds a certain threshold. In practice, this would conflict with the special protection against dismissal under section 7 (7) of the German Money Laundering Act (Geldwäschegesetz, “GWG”) which the anti-money laundering officer enjoys under national law.

It would appear that, in Article 6 paragraph 2, the word “voting” is missing before “member of a committee”, given the EBA’s reasoning and the associated amendments.

We expressly welcome the deletion of the previous quantitative criterion in Article 4 paragraph 1 let-ter c RTS-MRT. In our view, this criterion had run counter to the upstream identification process, as this criterion would have required that the staff of an institution for the most part, be identified as risk takers. The correction of the effect of the quantitative criterion under Article 4 paragraph 1 letter c RTS-MRT by introducing the option of de-identifying staff members only served to amplify any doubts regarding the expediency of this criterion for the identification of risk takers. Regrettably, the deleted criterion has been replaced by a new criterion that also fails to convince. As per the EBA’s draft, any-one who is paid more than the average remuneration of the “management body in its management function and supervisory function as well as all staff that falls under the definition of senior manage-ment in point (9) of paragraph 1 Article 3 of Directive 2013/36/EU” (Article 8) will be deemed to be a risk taker. However, the remuneration of supervisory board members in countries with a dual-board corporate structure is not a compelling criterion. Many small banks only pay their supervisory board members small attendance fees or expense allowances. Furthermore, at larger banks, the emolu-ments of supervisory board members are generally based on additional criteria, rather than remuner-ation aspects alone. In corporate groups, the activities on the supervisory boards of subsidiaries are often compensated by way of the remuneration paid for the member’s main activity at the group par-ent. For these reasons, the results of the remuneration calculation are likely to be highly distorted. Moreover, it is completely unclear how employee representatives on the supervisory board would have to be treated. It would therefore be advisable to delete “supervisory function” from Article 8.
Small and non-complex institutions should be exempt from the application of the principle of propor-tionality when it comes to the identification of risk takers. After all, if any such banks were facing fi-nancial difficulties, this would not automatically destabilise the financial market or jeopardise financial market stability. More specifically, given the size of these institutions, high-risk decisions would, in the vast majority of cases, be taken by the management body. It is, in particular, the granular division and definition associated with quantitative criteria that would not achieve the desired effect at the level of smaller banks, as they lack applicability. First and foremost, it would be the qualitative criteria that are of relevance to smaller banks. However, this gives rise to the question of whether the risk takers de-fined (such as representatives, staff members, etc.) actually pursue any high-risk activities that could potentially compromise the bank’s risk situation and financial stability overall.
Compliance with the principle of proportionality is also enshrined in the CRD. No 66 of the preamble to this Directive provides that remuneration policies should reflect differences between different types of institutions in a proportionate manner, taking into account their size, internal organisation and the nature, scope and complexity of their activities. In line with no 92 of the preamble, this principle of proportionality also applies to any regulatory technical standards adopted under the Directive.
In this context, it should also be noted that, in the interest of proportionality, not all banks should be requested – across the board – to identify risk takers in subsidiaries. For divisional organisations, for example, the inclusion of subsidiaries appears to be of little use. In these cases, it should be exam-ined in light of the structure of the individual institution or corporate group as to whether, and to what extent, subsidiaries should be included in any risk analysis.
Thorsten Reinicke