Regulatory trends in EU banking sector affecting SEE: Compliance, innovation, costs and consolidation

By Rebeka Kleytman,
Attorney-at-law, Ernst & Young Law Partnership

2018 and 2019 have been marked by major compliance changes on EU level such as the entry into force of the EU General Data Protection Regulation (GDPR) in May 2018 and the continuing implementation into national laws of the Fourth Anti-Money Laundering Directive (AML). The second payment services directive (PSD2) is another important milestone leading to the need for all EU member states to introduce legislative changes to address the new requirements including the new strong customer authentication (SCA) rules. Each of the above regulations has increased the banks’ costs for compliance considerably. In short, the new regulations aim at secure, easy, innovative, open and efficient environment which also prevents the risks of personal data breaches, money laundering and terrorist financing but at the same time fosters innovation and ensures safe and sound banking system – a task which is very challenging and even more costly. A number of additional challenges were placed on banks under the new IFRS 9 and are yet to come with the anticipated implementation of the Basel III framework – both affecting bank capital. Consolidation remained a solution to most of the above issues with a lot of acquisitions and exits taking place and more expected to take place in the future. The sale of old NPLs will unblock capital that is highly likely to be needed for compliance with the new capital requirements. Thus, further NPL sales are expected to take place.

GDPR after its first anniversary

GDPR which entered into force in 2018 required a complete review of the policies of all companies controlling personal data. Banks control a large amount of personal data concerning their employees, but also all retail clients and individuals representing corporate clients. They had to introduce promptly new data processing procedures and tools. In order to comply with the general principles laid down by the GDPR such as data minimisation, data accuracy and storage limitation, banks had to introduce the
rules but also the means for compliance with principles. In general, the new regulation requires constant review of the personal data, timely deletion, and capacity to amend, delete or provide copies of the information upon request by the data subjects. Considering the huge amount of information to be handled by banks, the optimal solution for them is to implement automated processes – developed on their own or licensed for use by the banks. Additional to the cost of compliance, GDPR introduced fines of up to 20 million euro (or 4% of the global turnover – whichever is higher) and some of the supervising authorities started imposing fines accounting for millions. Thus, being compliant will be an expensive, but still a much cheaper option than being fined.

AML – fighting moneylaundering and terrorist financing but also slowing down business

The AML derective put additional requirements on banks and prevented them from starting work with new clients before having completed successfully all identification procedures prescribed by the AML. In order to keep clients happy, banks should also have constant access to up-to-date reliable data bases. Additional trainings of personnel and introduction of multiple internal procedures had to be put in place, leading to additional costs and slowing down considerably client onboarding procedures. The identification of the ultimate beneficial owners of large corporations has turned out to be a huge practical problem. Many corporations opted for the possibility under the directive to disclose senior managing officials as beneficial owners. It remains to be seen whether this really serves the purpose of the directive.

PSD2 – promotion of FinTech and request for additional safety measures

FinTech has been booming in the past years, usually under the title of enhanced customer experience. This boom led to the necessity for a detailed regulation. Customers nowadays expect fast, user friendly, secure, offering full-scope service, accessible from anywhere, fancy payment solutions. One of the main purposes of PSD2 was to regulate all the innovations and new services. On the other hand, the directive was intended to promote innovative solutions in the payment industry and to regulate access to the providers of such solutions to the market. FinTech companies started entering the payment sector and becoming major competitors of banks, thus endangering the banks’ revenues from standard payment services.

Amongst other issues regulated by the PSD2, the strong customer authentication (SCA) seems to be one of the hottest topics. The European Banking Authority (EBA) published recently its opinion with respect to the strong customer authentication rules under the PSD2 and, in particular, regulatory technical standards which will apply as of September 14, 2019.1 Under the SCA rules any payment service will be accessible by the users based on at least two elements categorised as knowledge (something only the user knows – PIN), possession (something only the user possesses – e.g. mobile phone) and inherence (something the user is – biometric data). The EBA has put a stress on the necessity for the market players to introduce customers to the new changes so that customers can continue making online payments. The implementation of the new SCA rules, as well as the time and expertise investment to educate consumers how to use the updated services would naturally also be related to additional costs for banks.

Aiming to remain competitive and retain the payment services business, banks have reacted differently. Some of them opted for internal development of FinTech. However, the majority decided to acquire or partner with FinTech companies and to support FinTech start-ups.

On the other hand, unlike AML and GDPR which primarily increase the costs for banks, FinTech enables them to develop smart solutions, optimize and automate processes and eventually reduce their day-to-day operational costs. A benefit that is extremely valuable in the current banking environment.

Further capital requirements expected

On August 5, 2019 the EBA released its report to the European Commission on the implementation of the final Basel III framework. As per the press release of EBA, under conservative assumptions, the full implementation of the Basel III framework will increase the minimum capital requirement by 24.4% on average. This increase in capital requirements implies an aggregate shortfall in total capital of about 135.1 billion euro (91.1 billion euro in terms of common equity tier 1, CET1).2

More NPL portfolios to be sold

The non-performing loan (NPL) levels are still high and take a considerable part of the banks’ resources for provisions. Banks have been working to actively fight NPLs and as a general trend – the NPL levels are indeed falling. Aiming to avoid old mistakes and having learned from them, banks are now much more cautious and risk averse when granting loans compared to 12 years ago. In order to continue the low NPL trend, banks need to implement sound procedures for credit risk rating when originating, granting and monitoring loans. Aiming to address these issues, the EBA has released draft guidelines on loan origination and monitoring which are still under review.3 However, since the sector was not emerging at a fast pace, banks were not pressed to get rid of the NPLs. Therefore, in a number of countries transfers of NPLs started slowly and are still to take place. Purchasers of NPLs have reported they face similar difficulties when preparing for acquisition of NPL portfolios. Reports indicate certain reluctance by banks to invest additionally in NPLs by preparing them for sale as they would do for an operating asset, which makes the due diligence and valuations very difficult. Selling the NPL portfolios may become more urgent in the light of the new capital requirements and the general expectation is that the banking sector will become more and more active as the NPL sales would free some additional capital.


M&A activity. Consolidation.

The low interest rates, the increased costs for compliance, the new capital requirements and the new competition are major drivers for M&A in the banking sector. Consolidation is a tool to fight the increased cost and reduced revenue issues but it also contributes to stability and better resilience to crisis.

Greek banks are still selling their foreign subsidiaries. Societe Generale is selling some of its foreign subsidiaries and is apparently refocusing on its home market. In Bulgaria in recent years KBC acquired United Bulgarian Bank, Eurobank acquired the local business of Piraeus. A number of countries in the region are dominated by the presence of large European banking groups including Croatia, the Czech Republic and Slovakia, however, additional M&A is still expected in the whole region.

UniCredit, Erste Bank and Raiffeisen are ranked among the biggest players on the regional market. KBC and OTP are expanding. The presence of Austrian banks on the CEE market is considered to be a risk increasing factor for them, thus contributing for higher NPL rates. At the end of 2018 Erste Group was ranked among the ten worst performers in the banking sector in a Europe-wide stress test, meaning that it had to improve its capital adequacy.

Political landscape

Another major factor to impact the banking market is the political situation. Political uncertainty, naturally, has an adverse impact on investments.

As a general trend in the banking sector, reported for Austria, Bulgaria, the Czech Republic, Hungary, Poland, Serbia, Slovakia and Slovenia,4 the growing household and consumer lending stands out. In this respect, M&A activity in the banking sector represents an actual purchase of consumers who would otherwise be hesitant or even reluctant to change their bank. Reportedly, many European countries are still resolving issues related to foreign currency loans granted to consumers (e.g. Swiss franc loans, whereby the issues related to them partially date back from 2009) and floor rate clauses. To achieve lower default levels when dealing with consumers, banks should further improve their procedures in order to educate consumers financially and be able to support them in assessing their own capacities and limitations.

Vanilla financing is still the main source of revenue for banks and of financing for companies. Capital markets are staying behind despite some regulatory and legislative efforts such as the introduction of simplified stock exchange access rules for small and medium sized enterprises in countries such as Austria and Bulgaria.

It is also worth mentioning that Chinese presence in the region is still growing. However, the implications of the China – US trade war are still to be reviewed and assessed. BREXIT is also expected to cause additional changes in the banking sector as UK banks would most probably seek entries back to the EU. This would naturally depend on the exact arrangements between the UK and the EU with respect to BREXIT which have become even more uncertain recently.

4 The information is based on the FitchSolutions Q3 2019 Banking & Financial Services Reports country by country

The identification of the ultimate beneficial owners of large corporations has turned out to be a huge practical problem
NPL portfolios sale may become more urgent in the light of the new capital requirements

Low interest rates, higher costs for compliance -major drivers of M&A. Presence of Austrian banks in CEE seen as risk increasing factor for them

* * *

Rebeka Kleytman is a manager in Ernst & Young Law Partnership with over 14 years of experience and focus on the banking and finance industry.  Repeatedly noted by the Legal 500, she has assisted a number of clients in respect of financing agreements, structuring of the security package, non-banking financial institutions, consumer credits, banking regulatory and capital markets issues. She has also worked extensively on M&A and employment engagements.


Tags: No tags

Comments are closed.