Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC Text with EEA relevance
Modified by
Directive 2014/17/EU of the European Parliament and of the Councilof 4 February 2014on credit agreements for consumers relating to residential immovable property and amending Directives 2008/48/EC and 2013/36/EU and Regulation (EU) No 1093/2010(Text with EEA relevance), 32014L0017, February 28, 2014
Corrected by
Corrigendum to Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC, 32013L0036R(01), August 2, 2013
Directive 2013/36/EU of the European Parliament and of the Councilof 26 June 2013on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC(Text with EEA relevance)THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,Having regard to the Treaty on the Functioning of the European Union, and in particular Article 53(1) thereof,Having regard to the proposal from the European Commission,After transmission of the draft legislative act to the national parliaments,Having regard to the opinion of the European Central BankOJ C 105, 11.4.2012, p. 1.,Acting in accordance with the ordinary legislative procedure,Whereas:(1)Directive 2006/48/EC of the European Parliament and of the Council of 14 June 2006 relating to the taking up and pursuit of the business of credit institutionsOJ L 177, 30.6.2006, p. 1. and Directive 2006/49/EC of the European Parliament and of the Council of 14 June 2006 on the capital adequacy of investment firms and credit institutionsOJ L 177, 30.6.2006, p. 201. have been significantly amended on several occasions. Many provisions of Directives 2006/48/EC and 2006/49/EC are applicable to both credit institutions and investment firms. For the sake of clarity and in order to ensure a coherent application of those provisions, they should be merged into new legislative acts that are applicable to both credit institutions and investment firms, namely this Directive and Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013See page 1 of this Official Journal.. For greater accessibility, the provisions of the Annexes to Directives 2006/48/EC and 2006/49/EC should be integrated into the enacting terms of this Directive and of that Regulation.(2)This Directive should, inter alia, contain the provisions governing the authorisation of the business, the acquisition of qualifying holdings, the exercise of the freedom of establishment and of the freedom to provide services, the powers of supervisory authorities of home and host Member States in this regard and the provisions governing the initial capital and the supervisory review of credit institutions and investment firms. The main objective and subject-matter of this Directive is to coordinate national provisions concerning access to the activity of credit institutions and investment firms, the modalities for their governance, and their supervisory framework. Directives 2006/48/EC and 2006/49/EC also contained prudential requirements for credit institutions and investment firms. Those requirements should be provided for in Regulation (EU) No 575/2013, which establishes uniform and directly applicable prudential requirements for credit institutions and investment firms, since such requirements are closely related to the functioning of financial markets in respect of a number of assets held by credit institutions and investment firms. This Directive should therefore be read together with Regulation (EU) No 575/2013 and should, together with that Regulation, form the legal framework governing banking activities, the supervisory framework and the prudential rules for credit institutions and investment firms.(3)The general prudential requirements laid down in Regulation (EU) No 575/2013 are supplemented by individual arrangements to be decided by the competent authorities as a result of their ongoing supervisory review of each individual credit institution and investment firm. The range of such supervisory arrangements should, inter alia, be set out in this Directive and the competent authorities should be able to exercise their judgment as to which arrangements should be imposed. With regard to such individual arrangements concerning liquidity, the competent authorities should, inter alia, take into account the principles set out in the Committee of European Banking Supervisors' Guidelines on Liquidity Cost Benefit Allocation of 27 October 2010.(4)Directive 2004/39/EC of the European Parliament and of the Council of 21 April 2004 on markets in financial instrumentsOJ L 145, 30.4.2004, p. 1. allows investment firms authorised by the competent authorities of their home Member State and supervised by the same authorities to establish branches and provide services freely in other Member States. That Directive accordingly provides for the coordination of the rules governing the authorisation and pursuit of the business of investment firms. It does not, however, establish the amounts of the initial capital of such firms or a common framework for monitoring the risks incurred by them, which should be provided by this Directive.(5)This Directive should constitute the essential instrument for the achievement of the internal market from the point of view of both the freedom of establishment and the freedom to provide financial services in the field of credit institutions.(6)The smooth operation of the internal market requires not only legal rules but also close and regular cooperation and significantly enhanced convergence of regulatory and supervisory practices between the competent authorities of the Member States.(7)Regulation (EU) No 1093/2010 of the European Parliament and of the CouncilOJ L 331, 15.12.2010, p. 12. established the European Supervisory Authority (European Banking Authority) ("EBA"). This Directive should take into account the role and function of EBA set out in that Regulation and the procedures to be followed when conferring tasks on EBA.(8)Given the increase of tasks conferred on EBA by this Directive and by Regulation (EU) No 575/2013, the European Parliament, the Council and the Commission should ensure that adequate human and financial resources are made available.(9)As a first step towards a banking union, a single supervisory mechanism (SSM) should ensure that the Union's policy relating to the prudential supervision of credit institutions is implemented in a coherent and effective manner, that the single rulebook for financial services is applied in the same manner to credit institutions in all Member States concerned, and that those credit institutions are subject to supervision of the highest quality, unfettered by other, non-prudential considerations. An SSM is the basis for the next steps towards a banking union. This reflects the principle that any introduction of common intervention mechanisms in the event of a crisis should be preceded by common controls to reduce the likelihood that such intervention mechanisms will have to be used. The European Council noted in its conclusions of 14 December 2012 that "the Commission will submit in the course of 2013 a proposal for a single resolution mechanism for Member States participating in the SSM, to be examined by co-legislators as a matter of priority with the intention of adopting it during the current parliamentary cycle.". The integration of the financial framework could be further enhanced through the setting up of a single resolution mechanism, including appropriate and effective backstop arrangements to ensure that bank resolution decisions are taken swiftly, impartially and in the best interests of all concerned.(10)The conferral of supervisory tasks on the European Central Bank (ECB) for some of the Member States should be consistent with the framework of the European System of Financial Supervision set up in 2010 and its underlying objective to develop the single rulebook and enhance convergence of supervisory practices across the Union as a whole. The ECB should carry out its tasks subject to and in compliance with any relevant primary and secondary Union law, Commission decisions in the areas of State aid, competition rules and merger control and the single rulebook applying to all Member States. EBA is entrusted with developing draft technical standards and guidelines and recommendations to ensure supervisory convergence and consistency of supervisory outcomes within the Union. The ECB should not carry out those tasks, but should exercise powers to adopt regulations under Article 132 of the Treaty on the Functioning of the European Union (TFEU) in accordance with acts adopted by the Commission on the basis of drafts developed by EBA and with guidelines and recommendation under Article 16 of Regulation (EU) No 1093/2010.(11)EBA's legally binding mediation role is a key element of the promotion of coordination, supervisory consistency and convergence of supervisory practices. Mediation by EBA can be initiated either on its own initiative where specifically provided for, or upon request by one or more competent authorities in the event of a disagreement. This Directive and Regulation (EU) No 575/2013 should extend the range of situations in which EBA can initiate its legally binding mediation role with a view to contributing to consistency in supervisory practices. EBA has no own-initiative mediation role with regard to the designation of significant branches and the determination of institution-specific prudential requirements under this Directive. However, in order to promote coordination and enhance consistent supervisory practices in those sensitive areas, competent authorities should have recourse to EBA mediation at an early stage of the process in the event of a disagreement. Such early EBA mediation should facilitate finding a resolution to the disagreement.(12)In order to protect savings and to create equal conditions of competition between credit institutions, measures to coordinate the supervision of credit institutions should apply to all of them. Due regard should, however, be had to the objective differences in their statutes and aims as laid down in national law.(13)In order to ensure a well-functioning internal market, transparent, predictable and harmonised supervisory practices and decisions are necessary for conducting business and steering cross-border groups of credit institutions. EBA should therefore enhance harmonisation of supervisory practices. Supervisory processes and decisions should not hamper the functioning of the internal market with regard to the free flow of capital. Supervisory colleges should ensure a common and aligned work programme and harmonised supervisory decisions. Cooperation between the competent authorities of the home and host Member States should be strengthened through a higher degree of transparency and information sharing.(14)The scope of measures should therefore be as broad as possible, covering all institutions whose business is to receive repayable funds from the public, whether in the form of deposits or in other forms such as the continuing issue of bonds and other comparable securities and to grant credits for their own account. Exceptions should be provided for in the case of certain credit institutions to which this Directive does not apply. This Directive should not affect the application of national laws which provide for special supplementary authorisations permitting credit institutions to carry out specific activities or undertake specific kinds of operations.(15)It is appropriate to effect harmonisation which is necessary and sufficient to secure the mutual recognition of authorisation and of prudential supervision systems, making possible the granting of a single licence recognised throughout the Union and the application of the principle of home Member State prudential supervision.(16)The principles of mutual recognition and home Member State supervision require that Member States' competent authorities should refuse or withdraw authorisation where factors such as the content of the activities programme, the geographical distribution of activities or the activities actually carried out indicate clearly that a credit institution has opted for the legal system of one Member State for the purpose of evading the stricter standards in force in another Member State within whose territory it carries out or intends to carry out the greater part of its activities. Where there is no such clear indication, but the majority of the total assets of the entities in a banking group is located in another Member State, the competent authorities of which are responsible for exercising supervision on a consolidated basis, responsibility for exercising supervision on a consolidated basis should be changed only with the agreement of those competent authorities.(17)The competent authorities should not authorise or continue to authorise a credit institution where they are liable to be prevented from effectively exercising their supervisory functions by the close links between that institution and other natural or legal persons. Credit institutions already authorised should also satisfy the competent authorities in respect of such close links.(18)The reference to the supervisory authorities' effective exercise of their supervisory functions covers supervision on a consolidated basis which should be exercised over a credit institution or investment firm where Union law so provides. In such cases, the authorities applied to for authorisation should be able to identify the authorities competent to exercise supervision on a consolidated basis over that credit institution or investment firm.(19)Credit institutions authorised in their home Member States should be allowed to carry out throughout the Union any or all of the activities referred to in the list of activities subject to mutual recognition by establishing branches or by providing services.(20)It is appropriate to extend mutual recognition to those activities where they are carried out by financial institutions which are subsidiaries of credit institutions, provided that such subsidiaries are covered by the consolidated supervision of their parent undertakings and meet certain strict conditions.(21)The host Member State should be able, in connection with the exercise of the right of establishment and the freedom to provide services, to require compliance with specific provisions of its own national laws or regulations on the part of entities not authorised as credit institutions in their home Member States and with regard to activities not referred to in the list of activities subject to mutual recognition, provided that, on the one hand, such provisions are not already provided for in Regulation (EU) No 575/2013, are compatible with Union law and are intended to protect the general good and that, on the other, such entities or such activities are not subject to equivalent rules under the laws or regulations of their home Member States.(22)In addition to Regulation (EU) No 575/2013 which establishes directly applicable prudential requirements for credit institutions and investment firms, Member States should ensure that there are no obstacles to carrying out activities receiving mutual recognition in the same manner as in the home Member State, provided that the latter do not conflict with legal provisions protecting the general good in the host Member State.(23)The rules governing branches of credit institutions having their head office in a third country should be analogous in all Member States. It is important to provide that such rules are not more favourable than those applicable to branches of credit institutions from another Member State. The Union should be able to conclude agreements with third countries providing for the application of rules which accord such branches the same treatment throughout its territory. Branches of credit institutions authorised in third countries should not enjoy the freedom to provide services or the freedom of establishment in Member States other than those in which they are established.(24)Agreement should be reached between the Union and third countries with a view to allowing the practical exercise of consolidated supervision over the largest possible geographical area.(25)Responsibility for supervising the financial soundness of a credit institution and in particular its solvency on a consolidated basis should lie with its home Member State. The supervision of Union banking groups should be the subject of close cooperation between the competent authorities of the home and host Member States.(26)The competent authorities of host Member States should have the power to carry out, on a case-by-case basis, on-the-spot checks and inspections of the activities of branches of institutions on their territory and require information from a branch about its activities and for statistical, informational, or supervisory purposes, where the host Member States consider it relevant for reasons of stability of the financial system.(27)The competent authorities of the host Member States should obtain information about activities carried out in their territories. Supervisory measures should be taken by the competent authorities of the home Member State unless the competent authorities of the host Member States have to take precautionary emergency measures.(28)The smooth operation of the internal banking market requires not only legal rules but also close and regular cooperation and significantly enhanced convergence of regulatory and supervisory practices between the competent authorities of the Member States. To that end, consideration of problems concerning individual credit institutions and the mutual exchange of information should take place through EBA. That mutual information procedure should not replace bilateral cooperation. Competent authorities of the host Member States should always be able, in an emergency, on their own initiative or on the initiative of the competent authorities of the home Member State, to check that the activities of a credit institution established within their territories comply with the relevant laws and with the principles of sound administrative and accounting procedures and adequate internal control.(29)It is appropriate to allow the exchange of information between the competent authorities and authorities or bodies which, by virtue of their function, help to strengthen the stability of the financial system. In order to preserve the confidential nature of the information forwarded, the list of addressees should be strictly limited.(30)Certain behaviour, such as fraud or insider dealing, is liable to affect the stability and the integrity of the financial system. It is necessary to specify the conditions under which exchange of information in such cases is authorised.(31)Where it is stipulated that information may be disclosed only with the express agreement of the competent authorities, the competent authorities should be able to make their agreement subject to compliance with strict conditions.(32)Exchanges of information should be authorised between the competent authorities and central banks and other bodies with a similar function in their capacity as monetary authorities and, where necessary for reasons of prudential supervision, prevention and resolution of failing institutions and in emergency situations, if relevant, other public authorities and departments of central government administrations responsible for drawing up legislation on the supervision of credit institutions, financial institutions, investment services and insurance companies, and public authorities responsible for supervising payment systems.(33)For the purposes of strengthening the prudential supervision of institutions and the protection of clients of institutions, auditors should have a duty to report promptly to the competent authorities, wherever, during the performance of their tasks, they become aware of certain facts which are liable to have a serious effect on the financial situation or the administrative and accounting organisation of an institution. For the same reason Member States should also provide that such a duty applies in all circumstances where such facts are discovered by an auditor during the performance of his tasks in an undertaking which has close links with an institution. The duty of auditors to communicate, where appropriate, to the competent authorities certain facts and decisions concerning an institution which they discover during the performance of their tasks in a non-financial undertaking should not in itself change the nature of their tasks in that undertaking nor the manner in which they should perform those tasks in that undertaking.(34)This Directive and Regulation (EU) No 575/2013 aim to ensure the solvency of institutions. If, notwithstanding the solvency requirements, a crisis occurs, it is necessary to ensure that institutions can be resolved in an orderly manner, limiting the negative impact on the real economy and avoiding the need for taxpayers to step in. For that purpose, pending further coordination at Union level, EBA should assess and coordinate initiatives, in accordance with Regulation (EU) No 1093/2010, on recovery and resolution plans with a view to promoting convergence in that area. To that end, EBA should be fully informed in advance of the organisation of meetings on recovery and resolution plans and should be entitled to participate in such meetings. Some Member States' authorities have already introduced obligations for institutions and authorities to prepare recovery and resolution plans. It is therefore appropriate that institutions be required to cooperate with authorities in that regard. Where a recovery or resolution plan is being drafted, EBA should contribute to and participate actively in the development and coordination of effective and consistent recovery and resolution plans in accordance with Regulation (EU) No 1093/2010. Priority should be given where such plans involve systemically important institutions.(35)In order to ensure compliance with the obligations deriving from this Directive and from Regulation (EU) No 575/2013 by institutions, by those who effectively control the business of an institution and by the members of an institution's management body, and to ensure similar treatment across the Union, Member States should be required to provide for administrative penalties and other administrative measures which are effective, proportionate and dissuasive. Therefore, administrative penalties and other administrative measures laid down by Member States should satisfy certain essential requirements in relation to addressees, the criteria to be taken into account in their application, their publication, key powers to impose penalties and levels of administrative pecuniary penalties.(36)In particular, competent authorities should be empowered to impose administrative pecuniary penalties which are sufficiently high to offset the benefits that can be expected and to be dissuasive even to larger institutions and their managers.(37)In order to ensure a consistent application of administrative penalties or other administrative measures across Member States, when determining the type of administrative penalties or other administrative measures and the level of administrative pecuniary penalties Member States should be required to ensure that the competent authorities take into account all relevant circumstances.(38)In order to ensure that administrative penalties have a dissuasive effect, they should normally be published except in certain well-defined circumstances.(39)For the purposes of assessing the good repute of directors and members of a management body, an efficient system of exchange of information is required where EBA, subject to professional secrecy and data protection requirements, should be entitled to maintain a central database containing details of administrative penalties, including any appeals in relation thereto, which is accessible to competent authorities only. In any event, information about criminal convictions should be exchanged in accordance with Framework Decision 2009/315/JHACouncil Framework Decision 2009/315/JHA of 26 February 2009 on the organisation and content of the exchange of information extracted from the criminal record between Member States (OJ L 93, 7.4.2009, p. 23). and Decision 2009/316/JHACouncil Decision 2009/316/JHA of 6 April 2009 on the establishment of the European Criminal Records Information System (ECRIS) in application of Article 11 of Framework Decision 2009/315/JHA (OJ L 93, 7.4.2009, p. 33)., as transposed into national law, and with other relevant provisions of national law.(40)In order to detect potential breaches of national provisions transposing this Directive and of Regulation (EU) No 575/2013, competent authorities should have the necessary investigatory powers and should establish effective mechanisms to encourage reporting of potential or actual breaches. Those mechanisms should be without prejudice to the rights of the defence of anyone who has been charged.(41)This Directive should provide for administrative penalties and other administrative measures in order to ensure the greatest possible scope for action following a breach and to help prevent further breaches, irrespective of their qualification as an administrative penalty or other administrative measure under national law. Member States should be able to provide for additional penalties to, and higher level of administrative pecuniary penalties than, those provided for in this Directive.(42)This Directive should be without prejudice to any provisions in the law of Member States relating to criminal penalties.(43)Member States should ensure that credit institutions and investment firms have internal capital that, having regard to the risks to which they are or may be exposed, is adequate in quantity, quality and distribution. Accordingly, Member States should ensure that credit institutions and investment firms have strategies and processes in place for assessing and maintaining the adequacy of their internal capital.(44)Competent authorities should be entrusted with ensuring that institutions have a good organisation and adequate own funds, having regard to the risks to which the institutions are or might be exposed.(45)To ensure that institutions which are active in several Member States are not disproportionately burdened as a result of the continued responsibilities of individual Member State competent authorities as regards authorisation and supervision, it is essential to significantly enhance the cooperation between competent authorities. EBA should facilitate and enhance such cooperation.(46)In order to ensure comprehensive market discipline across the Union, it is appropriate that competent authorities publish information concerning the carrying out of the business of credit institutions and investment firms. Such information should be sufficient to enable a comparison of the approaches adopted by the different competent authorities of the Member States and complement requirements found in Regulation (EU) No 575/2013 regarding disclosure of technical information by institutions.(47)Supervision of institutions on a consolidated basis aims to protect the interests of depositors and investors of institutions and to ensure the stability of the financial system. In order to be effective, supervision on a consolidated basis should therefore be applied to all banking groups, including those the parent undertakings of which are not credit institutions or investment firms. Member States should provide competent authorities with the necessary legal instruments to enable them to exercise such supervision.(48)In the case of groups with diversified activities where parent undertakings control at least one subsidiary, the competent authorities should be able to assess the financial situation of each credit institution or investment firm in such a group. The competent authorities should at least have the means of obtaining from all undertakings within a group the information necessary for the performance of their function. Cooperation between the authorities responsible for the supervision of different financial sectors should be established in the case of groups of undertakings carrying out a range of financial activities.(49)Member States should be able to refuse or withdraw a credit institution's authorisation in the case of certain group structures considered inappropriate for carrying out banking activities, because such structures cannot be supervised effectively. In that respect the competent authorities should have the necessary powers to ensure the sound and prudent management of credit institutions. In order to secure a sustainable and diverse Union banking culture which primarily serves the interest of the citizens of the Union, small-scale banking activities, such as those of credit unions and cooperative banks, should be encouraged.(50)The mandates of competent authorities should take into account, in an appropriate manner, the Union dimension. Competent authorities should therefore duly consider the effect of their decisions not only on the stability of the financial system in their jurisdiction but also in all other Member States concerned. Subject to national law, that principle should serve to promote financial stability across the Union and should not legally bind competent authorities to achieve a specific result.(51)The financial crisis demonstrated links between the banking sector and so-called 'shadow banking'. Some shadow banking usefully keeps risks separate from the banking sector and hence avoids potential negative effects on taxpayers and systemic impact. Nevertheless, a fuller understanding of shadow banking operations and their links to financial sector entities, and tighter regulation to provide transparency, a reduction of systemic risk and the elimination of any improper practices are necessary for the stability of the financial system. Additional reporting from institutions can establish some of this but specific new regulation is also necessary.(52)Increased transparency regarding the activities of institutions, and in particular regarding profits made, taxes paid and subsidies received, is essential for regaining the trust of citizens of the Union in the financial sector. Mandatory reporting in that area can therefore be seen as an important element of the corporate responsibility of institutions towards stakeholders and society.(53)Weaknesses in corporate governance in a number of institutions have contributed to excessive and imprudent risk-taking in the banking sector which has led to the failure of individual institutions and systemic problems in Member States and globally. The very general provisions on governance of institutions and the non-binding nature of a substantial part of the corporate governance framework, based essentially on voluntary codes of conduct, did not sufficiently facilitate the effective implementation of sound corporate governance practices by institutions. In some cases, the absence of effective checks and balances within institutions resulted in a lack of effective oversight of management decision-making, which exacerbated short-term and excessively risky management strategies. The unclear role of the competent authorities in overseeing corporate governance systems in institutions did not allow for sufficient supervision of the effectiveness of the internal governance processes.(54)In order to address the potentially detrimental effect of poorly designed corporate governance arrangements on the sound management of risk, Member States should introduce principles and standards to ensure effective oversight by the management body, promote a sound risk culture at all levels of credit institutions and investment firms and enable competent authorities to monitor the adequacy of internal governance arrangements. Those principles and standards should apply taking into account the nature, scale and complexity of institutions' activities. Member States should be able to impose corporate governance principles and standards additional to those required by this Directive.(55)Different governance structures are used across Member States. In most cases a unitary or a dual board structure is used. The definitions used in this Directive are intended to embrace all existing structures without advocating any particular structure. They are purely functional for the purpose of setting out rules aimed at a particular outcome irrespective of the national company law applicable to an institution in each Member State. The definitions should therefore not interfere with the general allocation of competences in accordance with national company law.(56)A management body should be understood to have executive and supervisory functions. The competence and structure of management bodies differ across Member States. In Member States where management bodies have a one-tier structure, a single board usually performs management and supervisory tasks. In Member States with a two-tier system, the supervisory function is performed by a separate supervisory board which has no executive functions and the executive function is performed by a separate management board which is responsible and accountable for the day-to-day management of the undertaking. Accordingly, separate tasks are assigned to the different entities within the management body.(57)The role of non-executive members of the management body within an institution should include constructively challenging the strategy of the institution and thereby contributing to its development, scrutinising the performance of management in achieving agreed objectives, satisfying themselves that financial information is accurate and that financial controls and systems of risk management are robust and defensible, scrutinising the design and implementation of the institution's remuneration policy and providing objective views on resources, appointments and standards of conduct.(58)In order to monitor management actions and decisions effectively, the management body of an institution should commit sufficient time to allow it to perform its functions and to be able to understand the business of the institution, its main risk exposures and the implications of the business and the risk strategy. Combining too high a number of directorships would preclude a member of the management body from spending adequate time on the performance of that oversight role. Therefore, it is necessary to limit the number of directorships a member of the management body of an institution may hold at the same time in different entities. However, directorships in organisations which do not pursue predominantly commercial objectives, such as non-profit-making or charitable organisations, should not be taken into account for the purposes of applying such a limit.(59)When appointing members of the management body, the shareholders or members of an institution should consider whether the candidates have the knowledge, qualifications and skills necessary to safeguard proper and prudent management of the institution. Those principles should be exercised and manifested through transparent and open appointment procedures, with regard to members of the management body.(60)The lack of monitoring by management bodies of management decisions is partly due to the phenomenon of 'groupthink'. This phenomenon is, inter alia, caused by a lack of diversity in the composition of management bodies. To facilitate independent opinions and critical challenge, management bodies of institutions should therefore be sufficiently diverse as regards age, gender, geographical provenance and educational and professional background to present a variety of views and experiences. Gender balance is of particular importance to ensure adequate representation of population. In particular, institutions not meeting a threshold for representation of the underrepresented gender should take appropriate action as a matter of priority. Employee representation in management bodies could also, by adding a key perspective and genuine knowledge of the internal workings of institutions, be seen as a positive way of enhancing diversity. More diverse management bodies should more effectively monitor management and therefore contribute to improved risk oversight and resilience of institutions. Therefore, diversity should be one of the criteria for the composition of management bodies. Diversity should also be addressed in institutions' recruitment policy more generally. Such a policy should, for instance, encourage institutions to select candidates from shortlists including both genders.(61)In order to strengthen legal compliance and corporate governance, Member States should establish effective and reliable mechanisms to encourage reporting to competent authorities of potential or actual breaches of national provisions transposing this Directive and of Regulation (EU) No 575/2013. Employees reporting breaches committed within their own institutions should be fully protected.(62)Remuneration policies which encourage excessive risk-taking behaviour can undermine sound and effective risk management of credit institutions and investment firms. Members of the G-20 committed themselves to implementing the Financial Stability Board (FSB) Principles for Sound Compensation Practices and Implementing Standards, which address the potentially detrimental effect of poorly designed remuneration structures on the sound management of risk and control of risk-taking behaviour by individuals. This Directive aims to implement international principles and standards at Union level by introducing an express obligation for credit institutions and investment firms to establish and maintain, for categories of staff whose professional activities have a material impact on the risk profile of credit institutions and investment firms, remuneration policies and practices that are consistent with effective risk management.(63)In order to ensure that institutions have in place sound remuneration policies, it is appropriate to specify clear principles on governance and on the structure of remuneration policies. In particular, remuneration policies should be aligned with the risk appetite, values and long-term interests of the credit institution or investment firm. For that purpose, the assessment of the performance-based component of remuneration should be based on long-term performance and take into account the current and future risks associated with that performance.(64)When considering the policy on variable remuneration a distinction should be made between fixed remuneration, which includes payments, proportionate regular pension contributions, or benefits (where such benefits are without consideration of any performance criteria), and variable remuneration, which includes additional payments, or benefits depending on performance or, in exceptional circumstances, other contractual elements but not those which form part of routine employment packages (such as healthcare, child care facilities or proportionate regular pension contributions). Both monetary and non-monetary benefits should be included.(65)In any event, in order to avoid excessive risk taking, a maximum ratio between the fixed and the variable component of the total remuneration should be set. It is appropriate to provide for a certain role for the shareholders, owners or members of institutions in that respect. Member States should be able to set stricter requirements as regards the relationship between the fixed and the variable components of the total remuneration. With a view to encouraging the use of equity or debt instruments which are payable under long-term deferral arrangements as a component of variable remuneration, Member States should be able, within certain limits, to allow institutions to apply a notional discount rate when calculating the value of such instruments for the purposes of applying the maximum ratio. However, Member States should not be obliged to provide for such a facility and should be able to provide for it to apply to a lower maximum percentage of total variable remuneration than set out in this Directive. With a view to ensuring a harmonised and coherent approach which guarantees a level playing field across the internal market, EBA should provide appropriate guidance on the applicable notional discount rate to be used.(66)In order to ensure that the design of remuneration policies is integrated in the risk management of the institution, the management body should adopt and periodically review the remuneration policies in place. The provisions of this Directive on remuneration should reflect differences between different types of institutions in a proportionate manner, taking into account their size, internal organisation and the nature, scope and complexity of their activities. In particular it would not be proportionate to require certain types of investment firms to comply with all of those principles.(67)In order to protect and foster financial stability within the Union and to address any possible avoidance of the requirements laid down in this Directive, competent authorities should ensure compliance with the principles and rules on remuneration for institutions on a consolidated basis, that is at the level of the group, parent undertakings and subsidiaries, including the branches and subsidiaries established in third countries.(68)Since poorly designed remuneration policies and incentive schemes are capable of increasing to an unacceptable extent the risks to which credit institutions and investment firms are exposed, prompt remedial action and, if necessary, appropriate corrective measures should be taken. Consequently, it is appropriate to ensure that competent authorities have the power to impose qualitative or quantitative measures on the relevant institutions that are designed to address problems that have been identified in relation to remuneration policies in the supervisory review.(69)The provisions on remuneration should be without prejudice to the full exercise of fundamental rights guaranteed by Article 153(5) TFEU, general principles of national contract and labour law, Union and national law regarding shareholders' rights and involvement and the general responsibilities of the management bodies of the institution concerned, and the rights, where applicable, of the social partners to conclude and enforce collective agreements, in accordance with national law and customs.(70)Own funds requirements for credit risk and market risk should be based on external credit ratings only to the extent necessary. Where credit risk is material, institutions should therefore generally seek to implement internal ratings-based approaches or internal models. However, standardised approaches that rely on external credit ratings could be used where credit risk is less material, which is typically the case for less sophisticated institutions, for insignificant exposure classes, or in situations where using internal approaches would be overly burdensome.(71)Directives 2006/48/EC and 2006/49/EC are one of the pillars upon which the overreliance on external credit ratings was built. This Directive should take into account the G-20 conclusions and the FSB principles for Reducing Reliance on external credit ratings. Institutions should therefore be encouraged to use internal ratings rather than external credit ratings even for the purpose of calculating own funds requirements.(72)Overreliance on external credit ratings should be reduced and the automatic effects deriving from them should be gradually eliminated. Institutions should therefore be required to put in place sound credit-granting criteria and credit decision-making processes. Institutions should be able to use external credit ratings as one of several factors in that process but they should not rely solely or mechanistically on them.(73)The recognition of a credit rating agency as an external credit assessment institution (ECAI) should not increase the foreclosure of a market already dominated by three undertakings. EBA, the Member States' central banks and the ECB, without making the process easier or less demanding, should provide for the recognition of more credit rating agencies as ECAIs in order to open the market to other undertakings.(74)Given the wide range of approaches adopted by institutions using internal modelling approaches, it is important that competent authorities and EBA have a clear view of the range of values for risk-weighted assets and own funds requirements that arise for similar exposures under such approaches. To that end, institutions should be required to provide competent authorities with the results of internal models applied to EBA-developed benchmark portfolios covering a wide range of exposures. Based on the information received, competent authorities should take appropriate steps to ensure that similarities or differences in results for the same exposure are justifiable in terms of the risks incurred. More generally, the competent authorities and EBA should ensure that the choice between an internal modelling approach and a standardised approach does not result in the under-estimation of own funds requirements. While own funds requirements for operational risk are more difficult to allocate at individual exposure level and it is therefore appropriate to exclude this risk category from the benchmarking process, competent authorities should nevertheless keep abreast of developments in internal modelling approaches to operational risk, with the aim of monitoring the range of practices employed and improving supervisory approaches.(75)The development of relationship-based lending should be encouraged where information gleaned from a continuing business relationship with clients is used to get a better quality of due diligence and risk assessment than is available purely from standardised information and credit scores.(76)With respect to the supervision of liquidity, responsibility should lie with home Member States as soon as detailed criteria for the liquidity coverage requirement apply. It is therefore necessary to accomplish the coordination of supervision in this field in order to introduce supervision by the home Member State by that time. In order to ensure effective supervision, the competent authorities of the home and host Member States should further cooperate in the field of liquidity.(77)Where within a group liquid assets in one institution will under stress circumstances match liquidity needs of another member of that group, competent authorities should be able to exempt an institution from liquidity coverage requirements and apply those requirements on a consolidated basis instead.(78)Measures taken on the basis of this Directive should be without prejudice to measures taken in accordance with Directive 2001/24/EC of the European Parliament and of the Council of 4 April 2001 on the reorganisation and winding up of credit institutionsOJ L 125, 5.5.2001, p. 15.. Supervisory measures should not lead to discrimination among creditors from different Member States.(79)In the light of the financial crisis and the pro-cyclical mechanisms that contributed to its origin and aggravated its effect, the FSB, the Basel Committee on Banking Supervision (BCBS), and the G-20 made recommendations to mitigate the pro-cyclical effects of financial regulation. In December 2010, the BCBS issued new global regulatory standards on bank capital adequacy (the Basel III rules), including rules requiring the maintenance of capital conservation and countercyclical capital buffers.(80)It is therefore appropriate to require credit institutions and relevant investment firms to hold, in addition to other own fund requirements, a capital conservation buffer and a countercyclical capital buffer to ensure that they accumulate, during periods of economic growth, a sufficient capital base to absorb losses in stressed periods. The countercyclical capital buffer should be built up when aggregate growth in credit and other asset classes with a significant impact on the risk profile of such credit institutions and investment firms are judged to be associated with a build-up of system-wide risk, and drawn down during stressed periods.(81)In order to ensure that countercyclical capital buffers properly reflect the risk to the banking sector of excessive credit growth, credit institutions and investment firms should calculate their institution-specific buffers as a weighted average of the countercyclical buffer rates that apply in the countries where their credit exposures are located. Every Member State should therefore designate an authority responsible for the quarterly setting of the countercyclical buffer rate for exposures located in that Member State. That buffer rate should take into account the growth of credit levels and changes to the ratio of credit to GDP in that Member State, and any other variables relevant to the risks to the stability of the financial system.(82)In order to promote international consistency in setting countercyclical buffer rates, the BCBS has developed a methodology on the basis of the ratio between credit and GDP. This should serve as a common starting point for decisions on buffer rates by the relevant national authorities, but should not give rise to an automatic buffer setting or bind the designated authority. The buffer rate should reflect, in a meaningful way, the credit cycle and the risks due to excess credit growth in the Member State and should duly take into account specificities of the national economy.(83)Restrictions on variable remuneration are an important element in ensuring that credit institutions and investment firms rebuild their capital levels when operating within the buffer range. Credit institutions and investment firms are already subject to the principle that awards and discretionary payments of variable remuneration to those categories of staff whose professional activities have a material impact on the risk profile of the institution have to be sustainable, having regard to the financial situation of the institution. In order to ensure that an institution restores its levels of own funds in a timely manner, it is appropriate to align the award of variable remuneration and discretionary pension benefits with the profit situation of the institution during any period in which the combined buffer requirement is not met, taking into account the long-term health of the institution.(84)Institutions should address and control all concentration risks by means of written policies and procedures. Given the nature of public sector exposures, controlling concentration risks is more effective than risk weighting those exposures, given their size and the difficulties in calibrating own funds requirements. The Commission should, at an appropriate time, submit a report to the European Parliament and the Council about any desirable changes to the prudential treatment of concentration risk.(85)Member States should be able to require certain institutions to hold, in addition to a capital conservation buffer and a countercyclical capital buffer, a systemic risk buffer in order to prevent and mitigate long-term non-cyclical systemic or macroprudential risks not covered by Regulation (EU) No 575/2013, where there is a risk of disruption in the financial system with the potential to have serious negative consequences for the financial system and the real economy in a specific Member State. The systemic risk buffer rate should apply to all institutions, or to one or more subsets of those institutions, where the institutions exhibit similar risk profiles in their business activities.(86)In order to ensure consistent macroprudential oversight across the Union, it is appropriate that the European Systemic Risk Board (ESRB) develop principles tailored to the Union economy and be responsible for monitoring their application. This Directive should not prevent the ESRB from taking any actions that it considers necessary under Regulation (EU) No 1092/2010 of the European Parliament and of the Council of 24 November 2010 on European Union macroprudential oversight of the financial system and establishing a European Systemic Risk BoardOJ L 331, 15.12.2010, p. 1..(87)Member States should be able to recognise the systemic risk buffer rate set by another Member State and apply that buffer rate to domestically authorised institutions for the exposures located in the Member State setting the buffer rate. The Member State setting the buffer rate should also be able to ask the ESRB to issue a recommendation as referred to in Article 16 of Regulation (EU) No 1092/2010, addressed to one or more Member States which are in a position to recognise the systemic risk buffer rate recommending that they do so. Such a recommendation is subject to the "comply or explain" rule set out in Article 3(2) and Article 17 of that Regulation.(88)It is appropriate that decisions of Member States on countercyclical buffer rates are coordinated as far as possible. In that regard, the ESRB, if requested to do so by competent or designated authorities, could facilitate discussions between those authorities about setting proposed buffer rates, including relevant variables.(89)Where a credit institution or investment firm fails to meet in full the combined buffer requirement, it should be subject to measures designed to ensure that it restores its levels of own funds in a timely manner. In order to conserve capital, it is appropriate to impose proportionate restrictions on discretionary distributions of profits, including dividend payments and payments of variable remuneration. So as to ensure that such institutions or firms have a credible strategy to restore levels of own funds, they should be required to draw up and agree with the competent authorities a capital conservation plan that sets out how the restrictions on distributions will be applied and other measures that the institution or firm intends to take to ensure compliance with the full buffer requirements.(90)Authorities are expected to impose higher own funds requirements on global systemically important institutions (G-SIIs) in order to compensate for the higher risk that G-SIIs represent for the financial system and the potential impact of their failure on taxpayers. Where an authority imposes the systemic risk buffer and the G-SII buffer is applicable, the higher of the two should apply. Where the systemic risk buffer only applies to domestic exposures, it should be cumulative with the G-SII buffer or the buffer relating to other systemically important institutions (O-SIIs) which is applied in accordance with this Directive.(91)Technical standards in financial services should ensure consistent harmonisation and adequate protection of depositors, investors and consumers across the Union. As a body with highly specialised expertise, it would be efficient and appropriate to entrust EBA with the elaboration of draft regulatory and implementing technical standards which do not involve policy choices, for submission to the Commission. EBA should ensure efficient administrative and reporting processes when drafting technical standards.(92)The Commission should adopt regulatory technical standards developed by EBA in the areas of authorisations and acquisitions of significant holdings in credit institutions, information exchanges between competent authorities, the exercise of the freedom of establishment and the freedom to provide services, supervisory collaboration, remuneration policies of credit institutions and investment firms and the supervision of mixed financial holding companies by means of delegated acts pursuant to Article 290 TFEU and in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010. The Commission and EBA should ensure that those standards can be applied by all institutions concerned in a manner that is proportionate to the nature, scale and complexity of those institutions and their activities.(93)Given the detail and number of regulatory technical standards that are to be adopted pursuant to this Directive, where the Commission adopts a regulatory technical standard which is the same as the draft regulatory technical standard submitted by EBA, the period within which the European Parliament or the Council may object to a regulatory technical standard should, where appropriate, be further extended by one month. Moreover, the Commission should aim to adopt the regulatory technical standards in good time to permit the European Parliament and the Council to exercise full scrutiny, taking account of the volume and complexity of regulatory technical standards and the details of the European Parliament's and the Council's rules of procedure, calendar of work and composition.(94)The Commission should also be empowered to adopt implementing technical standards developed by EBA in the areas of authorisation of and acquisitions of significant holdings in credit institutions, information exchange between competent authorities, supervisory collaboration, specific prudential requirements and disclosure of information by supervisory authorities by means of implementing acts pursuant to Article 291 TFEU and in accordance with Article 15 of Regulation (EU) No 1093/2010.(95)In order to ensure uniform conditions for the implementation of this Directive, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 on laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission's exercise of implementing powersOJ L 55, 28.2.2011, p. 13..(96)In order to specify the requirements set out in this Directive, the power to adopt acts in accordance with Article 290 TFEU should be delegated to the Commission in respect of clarifying the definitions and the terminology used in this Directive, expanding the list of activities subject to mutual recognition and improving the exchange of information concerning branches of credit institutions. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level. The Commission, when preparing and drawing up delegated acts, should ensure a simultaneous, timely and appropriate transmission of relevant documents to the European Parliament and to the Council.(97)References to Directives 2006/48/EC and 2006/49/EC should be construed as references to this Directive and to Regulation (EU) No 575/2013.(98)Directive 2002/87/EC of the European Parliament and of the Council of 16 December 2002 on the supplementary supervision of credit institutions, insurance undertakings and investment firms in a financial conglomerateOJ L 35, 11.2.2003, p. 1., Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007 on payment services in the internal marketOJ L 319, 5.12.2007, p. 1, Directive 2009/65/EC of the European Parliament and of the Council of 13 July 2009 on the coordination of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities (UCITS)OJ L 302, 17.11.2009, p. 32., Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutionsOJ L 267, 10.10.2009, p. 7. and Directive 2011/61/EU of the European Parliament and of the Council of 8 June 2011 on Alternative Investment Fund ManagersOJ L 174, 1.7.2011, p. 1. refer to provisions of Directives 2006/48/EC and 2006/49/EC concerning own funds requirements which should be set out in this Directive and in Regulation (EU) No 575/2013. Consequently, references in those Directives to Directives 2006/48/EC and 2006/49/EC should be construed as references to the provisions governing own funds requirements in this Directive and in Regulation (EU) No 575/2013.(99)In order to allow for technical standards to be developed so that institutions that are part of a financial conglomerate apply the appropriate calculation methods for the determination of required capital on a consolidated basis, Directive 2002/87/EC should be amended accordingly.(100)In order for the internal banking market to operate with increasing effectiveness and for citizens of the Union to be afforded adequate levels of transparency, it is necessary that competent authorities publish, in a manner which allows for meaningful comparison, information on the manner in which this Directive is implemented.(101)With respect to the supervision of liquidity, there should be a period of time within which Member States effect transition towards the regulatory regime under which detailed criteria for the liquidity coverage requirement apply.(102)In order to ensure a stable, smooth and progressive transition by institutions to new liquidity and stable funding requirements at Union level, competent authorities should make full use of their supervisory powers under this Directive and under any applicable national law. In particular, competent authorities should assess whether there is a need to apply administrative penalties or other administrative measures, including prudential charges, the level of which should broadly relate to the disparity between the actual liquidity position of an institution and the liquidity and stable funding requirements. In making this assessment, competent authorities should have due regard to market conditions. Such administrative penalties or other administrative measures should apply until detailed legal acts on liquidity and stable funding requirements are implemented at Union level.(103)Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such dataOJ L 281, 23.11.1995, p. 31. and Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such dataOJ L 8, 12.1.2001, p. 1., should be fully applicable to the processing of personal data for the purposes of this Directive.(104)Since the objectives of this Directive, namely the introduction of rules concerning access to the activity of institutions, and the prudential supervision of institutions, cannot be sufficiently achieved by the Member States and can therefore, by reason of the scale and the effects of the proposed action, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Directive does not go beyond what is necessary in order to achieve those objectives.(105)In accordance with the Joint Political Declaration of Member States and the Commission on explanatory documents of 28 September 2011, Member States have undertaken to accompany, in justified cases, the notification of their transposition measures with one or more documents explaining the relationship between the components of a directive and the corresponding parts of national transposition instruments. With regard to this Directive, the legislator considers the transmission of such documents to be justified.(106)The European Data Protection Supervisor has been consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 and has adopted an opinionOJ C 175, 19.6.2012, p. 1..(107)Directive 2002/87/EC should be amended accordingly and Directives 2006/48/EC and 2006/49/EC should be repealed,HAVE ADOPTED THIS DIRECTIVE: