To print this article, all you need is to be registered or login on Mondaq.com.
EBA publishes report on exemption of third country entities from the requirement to set up a branch for the provision of banking services to EU financial sector entities
On 23 July 2025, the European Banking Authority (EBA), in consultation with the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA), published its long-awaited report mandated by Article 21c(6) of Directive 2013/36/EU (as amended by CRD VI) (the Report) Show Footnote. The Report assesses whether third country undertakings (TCUs) should be exempted from the requirement to establish a branch in the EU when providing “core banking services” to EU financial sector entities (FSEs) other than credit institutions. The analysis draws on available supervisory data and stakeholder input, with a focus on financial stability and EU competitiveness.
It is important to highlight that, for the purposes of this Report, the EBA defines FSEs as including investment firms, asset management companies, insurance and reinsurance undertakings, payment institutions, e-money institutions, issuers of asset-referenced tokens and crypto-asset service providers. Entities such as central counterparties, credit rating agencies, trade repositories, institutional for occupational retirement provisions (IORPs i.e. pension funds) and insurance distributors are not classified as FSEs.
Article 21c CRD VI introduces a general prohibition on the direct provision of “core banking services” — namely deposit-taking Show Footnote, lending Show Footnote and guarantees/commitments — by TCUs into the EU, unless the TCU establishes an authorised (i) EU incoming third country branch (TCB) or (ii) subsidiary in the relevant EU Member State. To put it differently, Article 21c CRD VI clarifies the general prohibition of direct provision of core banking services into the EU directly from third countries – i.e. without a branch or a subsidiary in the EU. This is a significant shift towards a harmonised, explicit authorisation requirement for third country banking services, aiming to ensure regulatory oversight and financial stability within the EU.
Importantly the Article 21c CRD VI regime includes several exemptions and carve outs, notably:
The EBA’s mandate was to assess whether the CRD VI exemption from the branch requirement should be extended to other EU FSEs, including investment firms, asset managers, insurance and reinsurance undertakings, payment and e-money institutions and certain crypto-asset service providers.
This Client Alert summarises the key findings, regulatory context and implications for market participants flowing from the Report. The Report will be expected to be followed by national competent authorities (NCAs) across all EU Member States, including those within and those outside of the EU’s Banking Union, but it is conceivable that the European Central Bank (ECB), acting in its role at the head of the Banking Union’s Single Supervisory Mechanism (SSM) may publish its own further expectations.
In its assessment, the EBA does not recommend that the European Commission (currently) pursue a legislative proposal to broaden the current exemptions under CRD VI, which are presently limited to (i) interbank and intragroup transactions as well as (ii) reverse solicitation. The EBA cites several reasons for this position, including insufficient data regarding the significance of services provided by TCUs and the uncertain impact of introducing further exemptions. The EBA’s analysis reveals that the direct provision of core banking services from third countries to EU FSEs is limited and concentrated in specific Member States (notably Ireland and Luxembourg) and sectors (such as money market funds, alternative investment funds and investment firms).
The data shows in terms of market analysis that:
As the most tangible next step, the EBA suggests providing further guidance through its Q&A tools to support supervisory authorities in clarifying the application of the Article 21c CRD VI regime, particularly in relation to the interaction with other existing sectoral legislation – including but not limited to the types of entities above.
Such guidance would address scenarios in which asset managers or funds may access core banking services — such as placing deposits, opening cash accounts, or delegating safekeeping to sub-custodians — particularly where there is ambiguity about the interaction between Article 21c CRD VI and existing frameworks like the AIFMD, UCITS Directive and the MMF Regulation. This is especially relevant in cases where these frameworks already permit placing deposits with third-country banks or delegating safekeeping to sub-custodians. The Report also examines concerns that credit institutions might have an unfair advantage over other FSEs by having easier access to third country services but finds no substantial evidence to warrant regulatory changes.
Data limitations and methodology
The EBA’s analysis underpinning the findings presented in the Report was, by admission, constrained by the limited availability and granularity of supervisory data, particularly outside the banking sector. Data was available for certain asset managers (money market funds (MMFs) and alternative investment funds (AIFs)), investment firms (Class 2) and insurance/reinsurance companies, but not for UCITS (except MMFs), non-bank payment service providers, or e-money institutions. The EBA supplemented quantitative analysis with qualitative input from industry stakeholders.
Based on what the EBA has collected, the Report found that:
With respect to the use of core banking Services by EU FSEs:
Concerning stakeholder feedback and market impact:
Key concerns
Even if the EBA’s analysis drew on quantitative supervisory data (without ad-hoc data collection) as well as anecdotal qualitative information the Report identified several key concerns:
To recap under EU law:
The Report aims to “clarify” the scope and application of reverse solicitation as an exemption to the Art. 21c CRD VI requirement, by stating what does not fall within permitted reverse solicitation. Accordingly, if a TCU “actively markets to EU clients, uses intermediaries to indirectly promote its services, or offers additional services not initially requested by the client, the exemption does not apply.”
In this context, an “intermediary” is any entity or person that (i) acts on behalf of the TCU or (ii) has close links with the TCU and is involved in the solicitation of the EU client or counterparty. This includes (a) entities acting on their own behalf but in the interest of the TCU; (b) entities with “close links” to the TCU (such as group companies or affiliates); and/or (c) any other person acting on behalf of the TCU (such as agents, representatives, or other intermediaries).
Importantly, the reverse solicitation exemption under Article 21c(2) of CRDVI is considered to be strictly construed due to the explicit limitations and anti-circumvention measures embedded in CRD VI’s legislative text and its interpretation by the EBA. The exemption allows a TCU to provide core banking services directly from a third country to an EU FSE only when the service is provided at the exclusive initiative of the EU client or counterparty. This means:
The issues above are not new. They are however due to the Report, a further narrowing of supervisory principles and expectations that have been consistently communicated since 2017 as an answer to Brexit and since 2022 in light of more tech-powered distribution models by each of the EBA, ESMA, EIOPA, the ECB-SSM and a host of NCAs where reverse solicitation, chaperoning and umbrella usage should be seen to be more the exception rather than the rule of how to conduct business from a third country into the EEA. Accordingly, the interplay of “permitted” reverse solicitation with the scope of Art. 21c CRD VI’s requirements may require a review by TCU’s of their market access strategies using EEA based introducers and/or fronting entity relationships.
Given the strict interpretation and the risk of regulatory challenge, robust documentation is essential for any firm seeking to rely on “permitted” reserve solicitation as well as an exemption to Art. 21c CRD VI’s requirements. The following documentation and procedures are recommended in addition to a formal “Market Access and Permitted Reverse Solicitation Policy”:
The reverse solicitation exemption is narrowly framed to prevent circumvention of Art. 21c CRD VI and is subject to strict regulatory scrutiny. Firms must be able to demonstrate, with clear and contemporaneous documentation, that the client relationship and the provision of services genuinely originated from the exclusive initiative of the EU client and that no prohibited solicitation or intermediation occurred. Failure to maintain such documentation could result in regulatory challenge and enforcement action.
EU FSEs (other than credit institutions) seeking to receive core banking services from TCUs will, as a rule, need to ensure that the TCU has a TCB or subsidiary permitted to act in the relevant Member State. This will require a review of existing and planned cross-border arrangements, particularly for treasury, liquidity and custody operations.
Firms must carefully assess whether their activities fall within the scope of the available exemptions discussed above. In particular, intra-group arrangements should be reviewed to ensure compliance with group definitions and structures. Firms must also consider the following operational implications (along with tax and transfer pricing considerations – not discussed herein):
In light of the above, all firms should monitor regulatory Q&A and guidance for further clarification, especially regarding the eligibility of third country banks for deposit and custody functions but also take note of further sector-specific considerations.
These sectoral specific considerations are important as the new CRD VI regime does not always clearly address how it interacts with sectoral rules that explicitly allow certain cross-border banking relationships.
While the EBA has signalled in the Report that it will effectively “kick the can on uncertainty down the road” and instead use its supervisory tools of Q&As to “further clarify” (i) the CRD VI regime, (ii) the principles presented in its Report and (iii) how it interplays with existing (and indeed possibly future) legislation, a Q&A tool does not enjoy the full force of law nor does it oblige NCAs to always follow it. It also does not guarantee that NCAs will not have divergent interpretations of the “clarity” provided in the Q&A.
In any event, many sectoral regulations — such as the Alternative Investment Fund Managers Directive (AIFMD), the Undertakings for Collective Investment in Transferable Securities Directive (UCITS) and the Money Market Funds Regulation (MMF Regulation) — explicitly permit or even require certain cross-border banking relationships with third country banks under defined conditions.
This creates a complex regulatory landscape where the requirements of CRD VI may not be fully harmonised with sectoral rules, leading to uncertainty for regulated firms about which regime prevails in specific circumstances. For example, while CRD VI may require the establishment of an EU branch for the provision of core banking services, sectoral rules may allow funds to place deposits or open cash accounts with third country banks, provided those banks meet certain prudential standards. It should be noted that presently the precise boundaries and interaction of these exemptions with sectoral regulations are not always clear:
MiFID II carve-out: Article 21c(4) and 47(2) CRD VI exclude investment services and related ancillary services under MiFID II (as supplemented by IFR/IFD) from the new regime. Yet, there is uncertainty about whether core banking services that are connected to, but not strictly ancillary to, MiFID-type services (such as deposit-taking linked to custody as well as certain margin lending transactions/portfolio monetisation transactions in traditional as well as crypto-asset financial instruments that are not covered by the EU’s SFTR) are covered by this carve-out. The EBA notes a lack of clarity, especially when custody services are provided on a standalone basis rather than as an ancillary service. Show Footnote
Worryingly, if NCAs interpret the interaction between CRD VI and sectoral rules inconsistently, the most immediate consequence is increased uncertainty and an unhelpful “unlevelling” of the playing field – i.e. very contrary to what EU sectoral legislation, let alone CRD VI is trying to achieve. This could result in arbitrage as well as obstacles to cross-border activity and thus increases in inadvertent breaches as well as wider legal and compliance risks.
The European Commission is expected to consider the Report’s findings, the EBA’s efforts in Q&A in any future legislative proposals – when that might happen is presently too early to tell. In the interim, EU FSEs should review their reliance on third country banking services and assess the need for adjustments to their operational models in light of the new requirements under CRD VI.
Ultimately the CRD VI regime introduces significant compliance, operational and contractual challenges for regulated firms, particularly those with complex cross-border operations or reliance on non-EU banking partners. The regime will have a number of impacts on institutional relationships and products as well as those with retail clients and well beyond banking sectoral legislation in CRR III/CRD VI.
Given the above, firms should also monitor further guidance and clarifications from EU authorities regarding the interaction of Article 21c CRD VI with other sectoral frameworks. While the EBA, has for now, concluded the European Commission should not pursue legislative action – it remains to be seen whether it will feel bound by that recommendation in the immediate if not longer term. The same applies to the ECB-SSM perhaps expressing its own views in a bid to clarify the CRD VI and the Report’s expectations in a Banking Union context.
In any event, both TCUs and EU FSEs should proactively assess their exposure to the new requirements, engage with counterparties and regulators and prepare for potential changes in market practice and supervisory expectations as the regime is implemented and further clarified. Ongoing monitoring of regulatory developments, especially regarding the interaction with sectoral rules and the practical application of exemptions, will be essential for compliance and business continuity.
Read more on Mondaq Business Briefing
