1. Over the last 20 years, the IMF’s Legal Department has made a significant contribution to the development of banking laws in the Fund’s membership. A “back of the envelope” exercise suggests that lawyers of the Fund have been involved in the banking laws of approximately 50 countries. This involvement ranges from comments on surgical amendments to assistance in redrafting entirely new banking laws. (In some countries, the banking law is a stand-alone type of legislation whereas in others, it is part of the central bank law, which is often also enhanced with support of Fund staff.) This law reform support takes place within the context of financial sector surveillance (including through the Financial Sector Assessment Program or FSAP), the implementation of financial sector-related conditionality as part of Fund-supported programs, or voluntary technical assistance outside such programs. Surveillance, financial support to address balance of payments problems and technical assistance are the three core functions of the IMF.
2. Summarizing the authors’ experience in this field, this paper highlights common weaknesses in banking legislation and suggests solutions.1 In discussions with country officials in the context of law reform, the argument is often made that one or more specific problems with the local banking law are due to the local circumstances of that jurisdiction. However, our experience has shown that most weaknesses to banking laws are hardly idiosyncratic to individual countries. On the contrary, many countries share similar problems, and these are thus really part of a more global pattern. In fact, the shared problems are caused more by inherent challenges in designing and drafting banking laws than by local circumstances. This paper will seek to illustrate those common issues, and why the “but we are different” argument does not always carry weight. Hence the title. To facilitate the reader’s access to practical examples of the general points made below, the paper will make manifold references to current banking laws of countries.2
3. This paper aims at complementing the existing financial policy standards with specific legal recommendations for drafters of banking laws. Banking regulation is one field of economic policy-making with a firm international standard: the Basel Committee on Banking Supervision’s Core Principles for Effective Banking Supervision (September 2012) (“BCP”) have evolved into the de facto global minimum standard for sound prudential regulation and supervision of banks and banking systems.3 As the legal framework is an important instrument for implementing banking regulatory policy—the policy preferences established by the international soft law of the BCP must often be implemented through national legislation—the BCP include many references to banking laws and regulations. The problem is that the BCP do not always offer sufficiently granular guidance to drafters of such laws. This is not a criticism, for it is explained by the very nature of the standard, which is focused on supervisory policy and practice, and not on the law per se. It is also explained by the fact that the BCP are the result of decision-making in an intergovernmental committee structure, which entails decision making by consensus, and at times sacrifices clarity for compromise. Hence there is a need for more specific legal guidance as to what constitutes good legal practice in drafting banking laws. This paper intends to make a meaningful contribution to this. This being said, at times the paper will also make suggestions (in footnotes) as to how the pronouncements of the BCP on banking law itself can also be strengthened, so as to ensure that policy and law are bound in a mutually enforcing virtuous circle.
4. The paper is, however, not intended to advocate any particular “one size fits all” approach. The paper aims merely to give a flavor of a number of selected, commonly encountered, legal issues that should be addressed in the legislative framework for banks and raise inherent legal complexities. Thus, the list below is by no means exhaustive in covering all legal issues pertaining to banking law—e.g. it does not address legal issues relating to the liability protection of the banking supervisor and their staff, resolution framework or anti-money laundering—and is not intended to be so. To design a complete legal framework for banking legislation would entail issues that go beyond the list set out below. Last not but least, this paper does not enter too much in the pure, detailed technique for legislative drafting, even though it touches occasionally upon general drafting principles.4
5. The paper will cover the following twelve selected issues: (i) scope and definitions, (ii) the supervisory mandate, (iii) the legal nature of secondary regulatory instruments, (iv) licensing requirements, (v) the distinction and relationship between licensing criteria and ongoing requirements, (vi) corporate governance, (vii) the power to control changes in ownership, (vii) the difference between branches and subsidiaries, (viii) consolidated supervision, (ix) sharing of information and inter-agency coordination, (x) related-party transactions and large exposure limits, and (xii) the legal distinction between enforcement, early intervention and resolution.
II. Scope and Definitions
6. The scope of application of the banking law must be clear and appropriate. Naturally, banking laws apply first and foremost to “banks”—or “credit institutions” as they are sometimes referred to—and below we will discuss the importance of defining this concept adequately. In addition to banks, countries have submitted credit unions, deposit-taking micro-finance institutions, and lending-only institutions to the personal scope of application of their banking laws. Recently, policy makers have been considering subjecting institutions that finance their lending activities through short term financing distinct from deposits also to the banking law with the aim to address the so-called “shadow-banking” problem. The exact determination of which types of non-bank financial institutions should (partly or in whole) be covered by the banking law is a matter of policy. To discuss the legal ramifications of the possible approaches would require a separate working paper. What matters here from a legal perspective is that all entities providing banking activities in the pure sense of the word—lending financed by taking deposits from the public—must be adequately covered by the banking law.
7. To that end, the design of banking laws needs to distinguish between two related, but distinct, legal concepts, namely (i) the activities subject to licensing and (ii) the permissible activities of banks. Many banking laws tend to conflate those two concepts, which complicates their application.5 What matters for the scope of the law is the first concept, and not the second.
- Activities subject to licensing—The banking law should require that any person or entity that carries on a “banking business” obtains a license to do so. Breach of this requirement should be punished by criminal sanctions. In this context, the question arises whether the mere taking of deposits from the public should also be subject to licensing. The answer is affirmative, for with very few exceptions (central banks, postal check services, and under strict conditions brokers-dealers), only licensed banks should have the “monopoly” of taking deposits from the public.
- Permissible Activities of banks—The banking law should set out what activities a duly licensed bank is by law allowed to undertake.6 These activities are additional to what constitutes the core of banking business (see below), and are as such not otherwise subject to licensing. Examples of typical permissible activities for banks are the provision of payment services, the issuance of electronic money, foreign exchange transactions, safekeeping and vaults, etc.
8. Definitions are critical to determine the personal and material scope of application of the banking law. To achieve an appropriate scope, the banking law needs to define with utmost precision who is required to obtain a license to exercise which activities. Definitions are less important for the permissible activities. What matters is that the activities which a duly authorized bank is permitted to exercise are clearly listed. It is less important to define those activities.7 However, another aspect of banking laws for which definitions are also important are the main regulatory provisions of the law, such as those on governance, lending restrictions, and consolidated supervision. These aspects will be discussed in the next paragraphs, but for now we focus on the definitions pertaining to the scope of the law, which need to focus on the following two points.
9. First, every banking law needs to define what is considered to be the “banking business” subject to licensing. The standard practice is to define this concept as “the taking of deposits from the public and the making of loans on its own account.” This may require the banking law also to define the concept of “deposit,” which raises the question on the extent to which this definition in the banking law relies on the definition in the civil code, if any. (On the interaction between definitions in different laws more generally: see below) In that regard, one should bear in mind that deposits of money with a bank are legally not deposits, but actually loans—the bank has contractually the right to use the deposit funds by lending them on. Hence the need for a sui generis definition of “deposits” in the banking law. Establishing the precise contours of that definition may be hazardous: a too broad definition may improperly include ordinary borrowing and the issuing of bonds and commercial paper, while a too narrow definition may open the gates for regulatory arbitrage and evasion.
10. Secondly, definitions need to ensure that the scope of the banking law covers both individuals and corporations. Requiring only a “company” or “entity” that carries on banking business to be licensed is insufficient, as it leaves open the possibility that banking business be carried out by an individual or a non-corporate entity, without running afoul of the licensing requirement.8 The law needs to be clear that all individual persons as well as corporations and non-corporate legal entities can be caught by the relevant provision. This is achieved by (i) requiring that any “person” exercising banking business or otherwise taking deposits from the public is subject to licensing and (ii) defining “persons” as both natural and legal persons. If it is the policy intent to only allow corporate entities to hold a banking license, this should be stated as a qualifying license criteria,9 and not through the definitions.
11. The core definitions should be enshrined in the banking law itself. As a legal matter, definitions that shape the personal and material scope of application of a primary law cannot, and should not, be provided for in secondary regulation; their place is in the primary law.10 This does not mean that some more detailed aspects of certain central definitions cannot be elaborated upon in secondary regulation.11 As regards the more operative definitions (e.g., “exposure,” “subsidiary,” “bank-related party,”), there is more tolerance for inserting them in secondary regulation. This being said, the overall legal certainty and transparency of the banking law would be served by putting most operative definitions in the primary law itself.
12. In spite of their criticality, many banking laws lack relevant and robust definitions. The extent to which terms used in the law are defined differs between legal traditions. Our experience has shown that the extent to which terms used in banking and other financial sector legislation are defined differs between common and civil law traditions, with the former generally defining more terms and the latter sometimes relying on definitions already found in the Civil or Commercial Codes. This being said, this difference should not be overestimated: civil law banking laws increasingly include a list of definitions,12 and many common law banking laws refer to definitions enshrined in other laws.13 Be that as it may, our experience is that, both in civil and common law traditions, definitions are however often overlooked in banking laws.14
13. A second concern is that definitions should be consistent with one another and consistent across various interconnected laws. The need to have internally consistent definitions within the banking law is self-evident. A common example is the definitions of “parent companies” and “subsidiaries”. These two definitions should be flipsides of each other, but many banking laws do not necessarily draft them as such. Secondly, as the banking law is typically only one of many relevant laws (e.g. company law, competition law, consumer protection law, insolvency law) that are relevant for banking regulation, there is a need to make sure that definitions are consistent across the various relevant laws, at least to the extent that those laws are indeed interconnected.15 This problem often arises when there are definitions of the same term in different laws and, when the definition of a term is amended in one law, while the similar definition in another law is not concurrently amended. One way to avoid such inconsistencies would be to only define the term in one law and for other laws to simply make cross-references.16 For example, the definitions of “bank” in a deposit guarantee law can cross-refer to the definition of “bank” in the banking law. This simple legislative drafting method overcomes the problems of inconsistent definitions in various laws and having to amend multiple definitions in various laws each time one law is amended.
14. A third concern is that definitions should not also provide for substantive obligations or requirements.17 This is a general rule of legislative drafting technique, but often infringed in banking and other laws. This rule certainly applies when banking laws include upfront a single article/section with all or most of the definitions of the law. Such approach has an advantage from the perspective of legal clarity, although it may complicate the ease with which the law is read. When, in contrast, the law spreads definitions throughout its structure, as in the civil law tradition, it is to be expected that definitions and normative provisions are more closely interwoven.
15. Finally, without compromising certainty, there should also be sufficient flexibility afforded to regulators to exercise judgment or prescribe additional categories within the definitions. For example, for the purposes of consolidated supervision, related party transactions and large exposure limits, terms such as “parent companies”, “banking groups” and “affiliated parties” will need to be defined with the necessary precision (see below). However, there should be flexibility for regulators to prescribe additional categories of affiliated parties. A common legal technique would be to set out specific categories in the primary law, with a residual discretion to the regulator to prescribe additional categories in subsidiary legislation.18 In some cases, this technique can even be used in the other direction, by exempting certain cases from the general definitions of the banking law.19
III. Objectives, Functions and Legal Powers of Supervisor
16. The legal framework should clearly set out the supervisory authority’s objectives, functions and legal powers.20 The banking law, as any type of supervisory law, is essentially a specialized branch of administrative law. This body of law sets out how the States and its agencies operate, and under which conditions and modalities the rights of citizens can be constrained by the State. To protect their citizens, in many jurisdictions the judiciary construes the powers of the State and its agencies narrowly: they have no functions and powers but those established by legislation (the legality principle). In that light, to make banking supervision and regulation legally robust, it is imperative that the contours of the “mandate” of banking supervisory agencies are adequately laid down in legislation. The mandate comprises the agency’s objectives, functions and powers. The objectives are the goals that the supervisory authority aims to accomplish (the “why” of the regulator’s mandate). The functions (or tasks) are the activities that the supervisory authority should undertake to attain these goals (the “what”). The powers are instruments and tools (the “how”) the supervisory authority will need to achieve its objectives and perform its functions.
17. Many banking laws do not adequately specify the objective of banking supervision and regulation. To offer an effective anchor for supervisory decision making, including in the context of accountability exercises of autonomous supervisors, a clear statement of the supervisory authority’s overall objective in supervising banks should be specified in the primary law. An alternative approach is to cast the objectives as those of banking supervision per se, instead of as objectives of the supervisory authority.21 Common supervisory objectives include to promote the safety and soundness of banks and the banking system and to protect depositors.22 The drafting of supervisory objectives often raises the following three complex legal points:
- Some jurisdictions may assign other objectives to banking supervisors, such as the development of the local financial sector.23 It is however important to ensure that such other objectives are legally subordinate to, and do not conflict with, the primary objectives of financial stability and depositor protection.24
- The primary supervisory objectives should also be phrased in an achievable manner. To phrase an objective as “to prevent bank failures” is unrealistic and conducive to “moral hazard” problems. In this regard, the BCP clearly state that it should not be the objective of banking supervision to prevent bank failures. However, an (implied) objective of banking supervision should be to reduce the probability and impact of a bank failure, so that when a failure occurs, the failure can be managed in an orderly manner. This could be achieved by the new supervisory tool of “Recovery and Resolution Planning.
- A final point is that the primary objectives of banking supervisory authorities should be read in their broader institutional context. For instance, the financial stability objective of a separate supervisory authority should be read in conjunction with the central bank’s objective in this regard. In a similar vein, the depositor protection objective must be considered in light of the depositor guarantee scheme.25
18. To enable the supervisory authority to pursue its objectives, there should be a (set of) corresponding statutory function(s). For supervisory authorities that are not central banks, these functions can easily be discerned from the banking law, and are generally not specified as such in legislation—in contrast to the objectives and powers. The reason for such approach is that banking supervisors have few and straightforward functions. This issue is more relevant for those central banks that are also banking supervisory authority, since they are charged with a great many functions. To offer clarity in this regard, central banks laws often set out a comprehensive list of functions in a single legislative provision. If that is the case, such a list should ideally also include a supervisory/regulatory function.26 A good way to draft such a function is to charge the supervisory authority with the succinct function “to regulate and supervise banks and other financial institutions.” An alternative is to draft the regulatory and supervisory function in somewhat more detail,27 possibly even in the banking law instead of in the central bank law.28 Whatever approach is taken, such a function should be clearly distinguished from the objectives of the central bank-cum-supervisory authority, given that they play legally very different roles.29
19. The legal framework should also be clear as to whether the supervisory authority has powers to pursue the statutory objectives. Does the supervisory authority have the legal powers to pursue the statutory objectives (e.g., powers to issue regulations, to set prudential standards, to grant and revoke banking licenses, to take corrective action, impose sanctions etc.), or does the power reside with another authority or agency? Ideally, the supervisory authority should also be the licensing authority and be able to issue regulations and take supervisory decisions autonomously. However, constitutional or administrative law may constrain the level of involvement of autonomous (i.e., non-political) agencies in general or individual normative decisions, and require a degree of involvement of political bodies in the establishment and enforcement of banking and other forms of regulation. For instance, in some countries, the supervisory authority may not have the legal power to issue or revoke licenses30 or to promulgate secondary regulation.31 The question is of course to which degree this is the consequence of a political choice or, conversely, legal constraints.
20. From a drafting perspective, the supervisory authority’s objectives, functions and legal powers should as much as possible be provided by the banking law. This is particularly relevant for those central banks that are also banking supervisors. When that is the case, the central bank law should only refer summarily to—and not intend to summarize—the legal aspects of the bank supervisory regime; this body of law should as much as possible be comprehensively enshrined in the banking law itself. If the bank supervisory regime is spread out over two or more laws, the interpretation and application of the rules will be complicated, for instance due to a higher risk of contradiction and also to complexities inherent to the contextual interpretation method.
Figure I.Common Objectives, Functions and Powers
21. Finally, effective and efficient bank supervision requires the involved authorities to have clear mandates, without gaps or overlaps in their responsibilities. Where there is more than one regulatory authority involved in banking supervision or supervision of a banking group, the respective roles and responsibilities should be clearly defined in the law. This is necessary to avoid regulatory and supervisory gaps. Effective domestic inter-agency cooperation and coordination would also be crucial in such cases (see below).
IV. Legal Nature and Hierarchy of Secondary Regulatory Instruments
22. To ensure their effective implementation, most banking laws authorize the issuance of a variety of secondary legal instruments. It is all but impossible, and moreover quite impractical, to include all aspects of banking regulation in a single piece of primary legislation. By consequence, most legislatures have included in their countries’ banking laws powers for the government and/or banking supervisors to issue legal instruments aimed at implementing the main banking law. Thus these instruments are “secondary” to the primary banking law.
23. The legal nature of those secondary legal instruments is often unclear. We are not concerned here with the powers of the government to issue decree-type instruments as per general constitutional provisions or principles. Generally speaking, such powers raise few legal questions. Nor shall we discuss here the question whether banking supervisors ought to have autonomous regulatory powers per se, which often raises complex constitutional and administrative law issues (see para. 19), and calls for an altogether different paper. Rather we are concerned in the context of this paper with the more problematic issue of the “regulatory” powers granted to banking supervisors to issue regulations, circulars, guidelines, directives, and similar instruments, the legal nature of which is often unclear. The two most common questions that arise in this respect concern (i) the binding nature of the instruments in question, and (ii) their place in the overall “hierarchy of norms.”
A. Legal Nature
24. Banking laws should first be clear as to the legal nature or effect of the respective secondary instruments issued under them. In doing so, it is critical to adequately distinguish between those instruments that have direct binding effects on private entities, and those that do not.32
Binding Secondary Instruments
25. If a jurisdiction is to have recourse to binding secondary instruments issued by the supervisor, the banking law itself or another piece of primary legislation should unequivocally establish the authority to issue such instruments.33 The manner in which this is done raises several concerns, grounded in the interaction between the banking law and administrative and constitutional law. The following four principles apply:
- The banking supervisory authority should ensure that it issues its binding secondary instruments under the categories and conditions foreseen by constitutional and/or administrative law.34 In this respect, it is often important to distinguish between binding instruments of general application to all banks (“regulations”), and those that apply to a single bank (often labeled “instructions” or “orders”). In many jurisdictions, general and individual normative instruments are subject to different prescriptions of constitutional and/or administrative law. In our advisory practice, we have often observed that jurisdictions tend to conflate those two aspects, which may weaken the legal robustness of those instruments.
- Drafters of banking laws must decide whether they will grant the banking supervisor general executive power over the banking law, or only a specific power to implement on a case by case basis the provisions of the banking law that need to be implemented by secondary regulation. Each of those two approaches has advantages and disadvantages. The advantage of the former is that the supervisor has broad regulatory powers and can decide to regulate whenever a specific development requires regulatory action. The disadvantage is that the statutory ground for regulation is less precise and explicit, which makes the regulation more vulnerable to the argument that it was established without sufficient legal basis. The latter approach raises the opposite points.
- Banking laws should not create different but similar legal instruments (e.g. “regulations” and “rules”) if there is no real added value in the distinction. Doing so would create unnecessary legal confusion that may weaken the legal robustness of those instruments.
- The legal framework should be clear as to how the secondary instruments acquire their binding effect. To that end, the law should be clear on which decision-making body of the banking supervisor is competent to issue the instrument, how the instruments are promulgated and published, and what the consequences of their breach are.
Non-Binding Secondary Instruments
26. If the banking law provides for non-binding secondary instruments, the law should equally be clear on their legal effects and nature. If the banking law is silent on such instruments, than it may generally be assumed that the supervisory authority can issue non-binding instruments.35 If however the law establishes such an instrument, then the law should expressly state that the purpose of the instrument (e.g., a circular) is to merely provide guidance to private entities, so as to avoid confusion on its legal nature. If the legal instrument is not binding in itself, but still has legal consequences for a supervised entity (e.g., a warning notice that commences a regulatory delay) or for the supervisor itself, this should equally be provided for with precision in the law, or at least be clearly determinable pursuant to the relevant general principles of the relevant jurisdiction. The consequences of breaching the prescriptions enshrined in non-binding instruments are another issue that may need to be addressed in the banking law.
27. A particular concern in that regard is that the use of different labels in the banking law should be consistent with the broader legal framework. For instance, if the administrative law regime of a jurisdiction recognizes the use of binding secondary instruments labeled “guidelines,” it would be unwise to refer as “guidelines” to non-binding legal instruments under the banking law. Conversely, if in a country’s legal tradition “circulars” are generally used to label summaries of non-binding administrative practice (e.g., in the field of tax law), it is better not to use the term to designate normative instruments under the banking law. An example of how a jurisdiction explains to the public the legal effect (if any) of the various legal instruments can be found in Box 1.
B. Hierarchy of Norms
28. The banking law or broader legal framework should be unequivocally precise on the place of the secondary instruments in the overall legal “hierarchy of norms.” Most, if not all, legal systems utilize this concept, pursuant to which all public law acts are ranked according to a legal hierarchy, entailing that each legal act must be consistent with the legal acts of a higher rank. If a lower legal instrument is not consistent, judicial review can strike down the lower, inconsistent legal act, thus rendering it inapplicable and unenforceable. A common hierarchy looks as follows: (1) the constitution, (2) acts of parliament/congress, (3) normative instruments (“decrees”) of the executive, i.e. the cabinet as a whole, (4) normative instruments (sometimes also called “decrees”) of individual ministers/secretaries, (5) normative instruments (“regulations”) of autonomous regulatory agencies, and (6) normative instruments of local governments.36 In designing legal frameworks for banking supervision, this implies that due care must be given to determining with the highest possible precision which elements are, or must be, governed by primary law, and which ones may be dealt with in secondary regulation. Moreover, drafters of secondary instruments should ensure that the latter are consistent with, as well as grounded in, what is set out in primary legislation, and are promulgated pursuant to an empowering provision in the primary legislation.
Box 1.Classification of Instruments
Classification of Instruments Issued by Monetary Authority of Singapore (MAS)37
MAS, in carrying out its functions as a regulator of the financial services industry, issues various instruments under Acts administered by MAS. For the purposes of this website, the following classification of instruments issued by MAS is adopted:
The Acts contain statutory laws under the purview of MAS which are passed by Parliament. These have the force of law and are published in the Government Gazette. Examples are the Banking Act and Financial Advisers Act.
(2) Subsidiary Legislation
Subsidiary legislation is issued under the authority of the relevant Acts and typically fleshes out the provisions of an Act and spells out in greater detail the requirements that financial institutions or other specified persons (e.g. a financial adviser’s representative) have to adhere to. Subsidiary legislation has the force of law and may specify that a contravention is a criminal offence. They are also published in the Government Gazette. Examples are the Insurance (Actuaries) Regulations and Finance Companies (Advertisements) Regulations.
Directions detail specific instructions to financial institutions or other specified persons to ensure compliance. They have legal effect, meaning that MAS could specify whether a contravention of a direction is a criminal offence. Directions consist of the following:
(a) Directives - Directives primarily impose legally binding requirements on an individual financial institution or a specified person.*
(b) Notices - Notices primarily impose legally binding requirements on a specified class of financial institutions or persons. Examples are the Notice to Banks (MAS 603) on Branches and Automated Teller Machines and Notice to Life Insurers (MAS 307) on Investment-linked Life Insurance Policies.
Guidelines set out principles or “best practice standards” that govern the conduct of specified institutions or persons. While contravention of guidelines is not a criminal offence and does not attract civil penalties, specified institutions or persons are encouraged to observe the spirit of these guidelines. The degree of observance with guidelines by an institution or person may have an impact on MAS’ overall risk assessment of that institution or person. Examples are the Technology Risk Management Guidelines for Financial Institutions and Guidelines on Standards of Conduct for Insurance Brokers.
Codes set out a system of rules governing the conduct of certain specified activities. Codes are non-statutory and do not have the force of law. However, a breach of a Code may attract certain non-statutory sanctions like private reprimand or public censure. There is currently a Code on Take-overs and Mergers (which is administered by the Securities Industry Council), a Code on Collective Investment Schemes and a Code of Conduct for Credit Rating Agencies. A failure to abide by a code does not in itself amount to a criminal offence but may have certain consequences.**
(6) Practice Notes
Practice Notes are meant to guide specified institutions or persons on administrative procedures relating to, among others, licensing, reporting and compliance matters. Contravention of a practice note is not a criminal offence, unless a procedure stated in the practice note is also required by an Act or regulation. An example is the Practice Note on Lodgment of Documents relating to Offers of Shares and Debentures.
Circulars are documents which are sent to specified persons for their information or are published on the MAS website for public information. Circulars have no legal effect. An example is the MAS Circular to Banks on Outsourcing of Cash And Cheque-Related Transactional Services to Another Bank.
(8) Policy Statements
Policy statements outline broadly the major policies of MAS.
V. Licensing Requirements
29. Many banking laws tend to conflate the procedure and criteria for licensing banks; these are two related but legally very different concepts. The licensing procedure sets out the procedural rules that applicants—and indeed the supervisory authority—are required to follow in requesting a banking license from the competent licensing authority. As discussed below, this includes the informational requirements necessary to commence the licensing procedure. The licensing criteria, in contrast, provide the substantive preconditions that must be met by an applicant for the licensing authority to grant it the license. Banking laws often include provisions dealing with both aspects in a confusing manner, whereby it is not clear which aspects are procedural and which aspects are substantive. It should be noted that this problem can be general, or specifically related to a particular sub-issue (e.g. significant shareholders).38
A. Licensing Criteria
30. To remedy this weakness, the primary law should first clearly set out the licensing criteria for banks. The details of these criteria can certainly be further elaborated in subsidiary regulation.39 However, the core criteria themselves should be clearly set out in primary legislation.40 From a drafting perspective, this does not only require that the subject matter (e.g., governance, accounting mechanisms) be provided, but also the yardstick against which the subject matter will be judged (e.g., the governance must be appropriate for the operations and structure of the bank). Further, it is critical that the respective requirements are well defined. In doing so, a balance should be struck between legal certainty for the industry to know what licensing requirements are required to be satisfied and the discretion of the regulator to refuse licensing. In that regard, it is often very useful to provide an overview to the political bodies, industry, and the public at large, by way of circulars or similar non-binding instruments, of the licensing authority’s administrative practices in granting and refusing licenses as well as its understanding of the relevant legal framework.
31. International good practice has now converged upon a comprehensive set of minimum statutory licensing criteria. The following are the typical criteria that are expected to figure in well written banking laws:
- the minimum paid-up capital of the bank should meet the amount established by law or regulation; (as opposed to the Capital Adequacy Ratio, which is an altogether different concept, relying on the ongoing level of risk exposure in relation to qualifying own funds);
- the ownership structure of the bank should be sufficiently transparent and allow for effective supervision of the bank;41
- fit and proper requirements for directors and senior management of the bank;
- suitability requirements for significant shareholders of the bank;
- a financial structure, managerial structure, and business plan that are appropriate for the programme of the bank’s projected activities;42
- adequate arrangements for accounting, internal controls, risk management, and internal and external audit; and
- for branches and subsidiaries of foreign banks, the consent of the foreign bank’s home supervisor as well as an adequate supervisory arrangement between home and host supervisor.43
32. The legal operation of the licensing criteria should also be clear. On the one hand, it must be beyond doubt that the license can only be granted if the licensing authority is satisfied that all licensing criteria are (cumulatively) met. On the other hand, the law should also be clear as to whether the licensing authority can refuse the license even though all criteria are met. In that regard, there may be good “systemic” reasons to refuse the license, for instance when the banking system is overbanked, or when there is general state of systemic distress. In some legal systems, it is necessary to include such systemic licensing criteria in the law itself, lest applicants enjoy a legal right on a license when all the bank-specific criteria are met. In other legal systems, such systemic criteria are not necessary, because the licensing authority can refuse (as per general administrative law principles or on public interest grounds) to grant a license even though all criteria are met.
B. Licensing Procedure
33. Furthermore, banking laws should lay the legal basis for the licensing procedures, although the details can very well be established in secondary regulation. At a minimum, the primary law should grant the licensing authority the power to establish a comprehensive licensing procedure by means of secondary regulation.44 This approach is, however, not the very best practice we have distilled from our advisory practices. Rather, we believe that the primary banking law itself should include the core provisions of the licensing procedure. The main argument for this is similar to the one regarding the criteria: because the licensing procedure, and in particular the refusal to grant a license, may affect third party interests, it is advisable to enshrine the key mechanisms of the procedure in primary law, including the possibility to legally challenge the said refusal. An additional but related argument is indeed that courts may be requested to review the legality of decisions taken pursuant to the licensing procedure. Firm foundations established in statute rather than in the licensing authority’s own rules tend to strengthen the position of the licensing authority in this type of review, in the sense that the review focuses on the legality of the individual decision rather than of the entire procedure—an illegal procedure would ipso facto affect the legality of the individual decision.
34. Here too it is possible to distill good legal practice. Without purporting to be exhaustive, the following elements call for the attention of drafters of banking laws:
- The law should unambiguously state that the licensing criteria operate as such, i.e. they must all be fully deemed met by the licensing authority for the license to be granted.45 When not all criteria are fully deemed to be met, the licensing authority must have the power—if not the duty—to reject the license application. (see also BCP 5)
- The law should require the applicant to provide complete and correct information to the licensing authority. As it is quite impractical to establish all informational requirements in primary legislation, it is appropriate to stipulate that the licensing authority can specify those, or impose additional requirements, in secondary regulation.46 Secondary regulation may also be useful to prescribe the more practical informational aspects of the licensing procedure (e.g., forms). Finally, in listing informational requirements in law and regulations, it is always useful to insert a “catch-all” clause pursuant to which the licensing authority may require any additional information deemed necessary or useful for completing the licensing process.47
- The law should set out the legal consequences of any incomplete or untimely provision of information.48 For instance, the relevant time period for deciding upon the license should only commence if and when the licensing authority has determined that it has received all necessary information to come to a conclusion. Further, the provision of incorrect information should be a ground for refusing to grant the license,49 and withdrawing it in the event the license has already been granted.
- The law should lay out the key steps, and the corresponding time-frames, of the licensing procedure. In some countries, the banking law includes a rule that the licensing authority will decide upon the license application within (x) months upon receiving a complete application.50 Such a rule is sometimes complemented by another rule that the license application shall be deemed rejected if the licensing authority has not decided within the required time. In designing such rules, a balance must be struck between the flexibility of the supervisory authority in making complex judgments and the fundamental right of applicants to seek judicial review of administrative decisions. In doing so, due regard must be given the application of general administrative law principles, which may provide guidance as to when an administrative decision is deemed to be made and when it becomes subject to judicial review. In case there would be no such principles, or if the general principles would be unclear or problematic, it may be useful to enshrine some specific principles in the banking law to enhance the overall legal quality of the process.
VI. Ongoing Requirements versus Licensing Criteria
35. Many banking laws are unclear as to the extent to which, beyond the licensing stage, the initial licensing criteria continue to apply on an ongoing basis to maintain the license. As discussed in the previous section, banking laws should provide the requirements (“criteria”) for obtaining a banking license. All of these requirements should not only apply at the licensing stage, but should continue to apply even after the banking license has been granted. BCP 5, EC 3 provides that the criteria for issuing licenses should be “consistent with” those applied in ongoing supervision. The manner in which this is legally achieved in banking laws, however, often leaves something to be desired.
36. The banking law needs to explicitly provide that all licensing criteria continue to apply to licensed banks as ongoing requirements. Naturally, the legal nature of ongoing requirements differs considerably from that of licensing criteria and the banking law should bring out this distinction clearly. This is most obvious in case of breach of ongoing requirements. In this regard, it is critical that the supervisory authorities have the appropriate power to take remedial action if any of the criteria is no longer satisfied. To enable the supervisor to monitor changes, the legal framework could impose an obligation on the bank to immediately report to the supervisor any changes in information or circumstances after the grant of the license, to enable the supervisor to make the necessary assessment. A failure to provide timely notification should in such case attract the appropriate corrective measures and/or sanctions.
37. Three examples of typical criteria which need to be complied with as long as a firm holds a banking license are -
- Suitability requirements for significant shareholders. At the licensing stage, the licensing authority determines suitability of the bank’s major shareholders, sources of initial capital and ability of shareholders to provide additional support. These requirements should continue to apply once the license is granted as there is a need to ensure continued suitability and financial soundness of the significant shareholders. As will be discussed in detail in Section VIII below, in relation to changes in significant shareholdings in the bank, the authorities should have powers to approve or reject changes to ensure that the ownership structures do not hinder effective supervision.
- Fit and proper requirements for directors and senior management. The requirement for directors and senior management to be fit and proper should continue to apply as well. Therefore, the banking law should require that the subsequent appointment of bank directors and senior managers be subject to the supervisor’s express prior approval. BCP 14 provides that laws, regulations or the supervisor should require banks to notify the supervisor as soon as they become aware of any information that may negatively affect the fitness and propriety of a bank’s Board member or member of senior management. Should a director or senior management no longer satisfy the fit and proper requirements, the supervisor should be empowered to require the relevant person to be removed from his position, whether directly or via the bank.
- Internal controls, accounting, risk management, audit requirements. At the licensing stage, the authority reviews the proposed strategic and operating plans of the bank. This would entail a determination that there is an appropriate system of corporate governance, risk management and internal controls that is commensurate with the scope and degree of sophistication of the proposed activities of the bank.51 These requirements would continue to apply beyond the grant of the license and the supervisor would be monitoring the implementation of these policies.
VII. Corporate Governance
38. The recent financial crisis has brought corporate governance issues to the fore. Most banking failures are caused by weaknesses in bank governance. For advanced economies, this problem consists predominantly of management being insufficiently accountable to the shareholders and stakeholders of banks. The recent crisis showed up additional problems with insufficient board oversight of senior management, inadequate risk management and unduly complex or opaque bank organizational structures and activities. A good corporate governance framework facilitates efficient decision making, promotes accountability, transparency and legitimacy. Sound corporate governance practices also enhance public confidence in individual banks and the banking system52.
39. The emphasis on good corporate governance and risk management has resulted in a new CP on corporate governance in the 2012 version of the BCP. BCP 14, in relation to corporate governance, requires that banks and banking groups have robust corporate governance policies and processes covering strategic direction, group and organizational structure, control environment, responsibilities of the banks’ Boards and senior management and compensation. These policies and processes should be commensurate with the risk profile and systemic importance of the bank. BCP 15 deals with the bank’s risk management process.
40. There are several aspects of bank corporate governance that should be addressed in the legal framework. Banks are typically structured as companies, and companies law requirements would apply to the extent that they do not conflict with express provisions in the banking law, devised as a lex specialis departing from the general company law.53 Provisions on the board of directors, board meetings, audit requirements and the like would typically be found in the Companies Law. To the extent that there is a need for specific requirements for banks (e.g., a minimum or maximum number of directors, specific committees, more detailed requirements for selection of external auditors and external audits), these should be expressly provided for or varied in the banking law.54 The legal framework, whether in the Banking Law or the Companies Law, would need to address the following:
- Board of Directors. The law should set out the Board composition and the minimum number of independent directors55. There should also be a clear process for nominating and appointing directors, clarity on the duration of office, qualification and disqualification criteria and a requirement for supervisory approval. There should also be provisions dealing with conflicts of interests and confidentiality obligations which should survive beyond the term of directorship. Supervisors should have the legal power to require changes in the composition of the bank’s Board if it believes that any individual is not fulfilling his duties in relation to the criteria set out in BCP 1456.
- Fit and proper criteria for board directors and senior management. Bank board members and senior management need to be suitably qualified for their duties and satisfy fit and proper criteria. Typical criteria would relate to -
- i. honesty, integrity and reputation (not refused right to carry on trade, business, profession, not censured, disciplined or suspended by a professional body, no criminal proceedings or convictions),
- ii. competence and capability (past performance or expertise, no conflicts of interest, educational qualifications); and
- iii. financial soundness (able to fulfill financial obligations, not a bankrupt, no outstanding judgment debts).Typically, a banking law would provide for a general requirement that Board directors and senior management be fit and proper persons. The details on what constitutes “fit and proper” could be expanded upon in subsidiary legislation or guidelines. The term “senior management” is subjective and may be understood differently depending on a bank’s size and organizational structure. Reiterating the very first point made in this paper, it is thus essential to define with precision the universe of “senior management” that would be subject to this test, so as to provide clarity and prevent legal challenges.
- Audit, risk management and internal control. The law should require an external audit and internal audit function, with Board oversight over it. Banking supervisors should be satisfied that banks have in place a comprehensive risk management process to identify, measure, monitor and control all material risks. The Board and senior management should know and understand the bank’s and banking group’s operational structure and risks. The Board approves and oversees implementation of the bank’s strategic direction, risk appetite and strategy, establishes conflicts of interest policies etc. The Board should also have audit and risk committees whose duties and membership are segregated from the executive functions of the bank.57
VIII. Power to Control Ownership Changes
41. The misuse of banking resources by dominant shareholders is a second notable example of corporate governance failures that are an important cause of bank failures. Sometimes this problem is caused by an individual shareholder exercising excessive influence. In other cases banks are owned by conglomerates and the bank’s funds are used to fund commercial and industrial activities of affiliate firms beyond what would be conducive to the long term stability of the bank.
42. Many banking laws lack the legal tools to prevent such oft-occurring misuse. All too many banking laws lack robust mechanisms to vet new significant shareholders acquiring their stake after the licensing procedure has been completed, as well as tools to remove inappropriate shareholders once they have illegally acquired their influential position, or legally acquired it and start misusing it. In some instances, this problem has been considered by the IMF to be so fundamental to supporting the medium term financial, and consequent balance-of-payment stability of its members, that the Fund has required strengthening the rules regarding significant ownership of banks as part of its structural conditionality under Fund-supported programs. This was for instance the case of the recent arrangements of the DRC and Bangladesh under the Fund’s Extended Credit Facility, which both required these countries to significantly strengthen their regulatory frameworks for significant shareholders.58
43. In what follows, we will give an overview of the central elements that any legal framework for significant shareholdings in banks should include.59 While some of the details of the broader regime (e.g., in respect of the details of the approval standards, the procedural aspects of the approval process, and some elements of the enforcement regime) can be established in secondary regulation, we believe that the central features of this regime should be established in primary legislation. This would provide legal certainty, reinforce the importance of those rules, and enhance the effectiveness of supervision and enforcement.
44. The supervisory authority should first and foremost have the power to control changes in significant ownership in banks. The legal mechanism underpinning this power consists of several interconnected components. The first component is one of principle: the law should stipulate with utmost clarity that a person or entity may and can only acquire or divest a significant shareholding in a bank with the explicit and prior approval of the supervisor. This entails that any shareholder, or prospective shareholder, should request the approval by the supervisor of its intent to acquire or divest a shareholding respectively above or below the applicable thresholds, prior to actually acquiring or divesting the said shareholding.
45. Secondly, the banking law or implementing regulations should lay down the thresholds beyond which supervisory approval is required. Most banking laws start with shareholdings of 5% or 10%, and require additional approvals for every 5 or 10%.60 Several banking laws do not require further approval once a shareholder has acquired with supervisory approval 50% + 1 of the shares or voting rights, which is deemed to be full control over the bank.61 To make the mechanism effective, the banking law or regulations will need to establish explicitly that the shareholding must be considered either directly or indirectly, i.e. held through various connected legal entities or natural persons.
46. A third important component of this power is the relevant standard for approval. The supervisory authority should have the power to block the acquisition or divestment when that would endanger, or risk to endanger, the prudent and sound management of the bank. BCP 6 EC 3 requires that the criteria for approval should be “comparable to those used for licensing banks.” These criteria determine the “suitability” of the prospective significant shareholder with respect to the management of the bank, and essentially relate to the following four elements:
- the significant shareholder must display the trustworthiness and experience—both in managing important participations and in managing banks—that render it appropriate for it to participate in the control of a bank;
- the significant shareholder must be financially sound, in a manner that both avoids that its own financial weakness negatively impacts the bank and allows it to financially support the bank in case the latter’s financial solidity is weakened by circumstances;
- the structure and the behavior of the significant shareholder may not hinder effective supervision of the bank in question; and
- the significant shareholder should not raise issues from the perspective of anti-money laundering.
47. Fourthly, the banking law should establish effective corrective mechanisms in case the relevant prescriptions were breached, or a previously approved significant shareholder starts misbehaving. Ideally, these corrective mechanisms address both short term/protective and longer term/definitive needs. An example of the former is the power to suspend the voting rights associated with the shareholding (see also the BCP 6 EC 3). An example of the latter consists of the power of the supervisor to attach the shareholding—or at least limit its transferability—and to require divestment of part or whole of the participation. Such strong powers will be necessary to satisfy the BCP 6 EC 5 requirement that “the supervisor has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisor.”
48. An important question relates to how the supervisor should be informed of changes in the significant shareholders of banks. Naturally, supervisors can keep a close eye on shareholding structures of banks by regularly inspecting the share registers of banks and the voting patterns during the general assembly of shareholders. Further, it should be clear that the legal obligation to request prior approval for the acquisition or divestment of significant shareholdings rests with the (prospective) shareholder. This being said, the question arises whether the bank itself ought to have an obligation to inform the supervisory authority when it becomes aware of important changes in its shareholders’ structure or events which could affect the suitability of shareholders. Banking laws that impose such an obligation upon banks are rare, but this approach could become more prevalent in the future.62
IX. Market Access by Foreign Banks: Branches vs. Subsidiaries vs. Representative Offices
49. The legal distinction between branches, subsidiaries and representative offices of foreign banks is not always well appreciated. The establishment of foreign banks in a host country can take very different legal forms, with important legal and regulatory consequences.
- Branches are legally dependent extensions of a bank and they do not have any legal personality separate from the parent entity. This implies that claims on, and assets of, the branch are claims on, and assets of, the parent entity.63 A branch would have a local management team but is directly monitored by the head office.
- A subsidiary is incorporated in the local “host” jurisdiction and is a legally separate entity from the parent bank in the “home” jurisdiction. It would have separate capital, a separate Board of Directors and would be monitored by the parent indirectly, as part of the banking group.
- A representative office is an entity that does not carry out any regulated activity but serves as a liaison office only.
50. First, the legal framework should be clear as to the type of “foreign” corporate entity that can obtain a license and carry out banking activity. This determination will have a significant impact on the modalities under which a foreign bank can exercise banking activity in a host country. In particular, the banking law will need to establish whether branches of foreign banks are allowed to carry out banking business or whether the jurisdiction requires a subsidiary to be formed. It may seem obvious, but it is worthwhile stressing that to be allowed to open a branch in a host country, the parent entity should be licensed as a bank in its home country. This issue is less straightforward for subsidiaries. The banking law will need to determine under which conditions a foreign entity can apply for a banking license for a subsidiary in the host country. If both branches and subsidiaries are allowed, the banking law should explicitly provide for this, and corresponding definitions be included in the law. In any event, the banking law should also make clear that representative offices are not authorized to carry out any banking activities and should limit their activities to that of a promotional/ liaison nature.
51. Next, the banking law should clearly stipulate which prudential requirements apply to which type of establishment of foreign banks. If a jurisdiction allows for both branches and subsidiaries, the next issue is to determine what types of activities these respective entities can carry out and what are the applicable regulatory requirements for each form of entity, e.g. minimum asset maintenance requirements, cash balances and liquid assets for branches and intra-group exposures for subsidiaries. Many banking laws fail to set out with sufficient precision which rules apply, or do not apply, to subsidiaries and branches of foreign banks. For subsidiaries, this is not that problematic as they are typically considered as local banks. For branches, however, the lack of adequate legal clarity can cause severe problems. Table I below sets out possible licensing and regulatory distinctions between subsidiaries and branches.64 As can be seen from the table, the requirements do not differ substantially and should generally be applicable whether an entity is a branch or a subsidiary. However, in the case of a branch, reliance on the home supervisor for certain aspects of regulation become crucial and the host authorities need to be satisfied with the level of supervision carried out by the home authority. Further, asset maintenance requirements are generally imposed on branches rather than subsidiaries.
|Minimum Capital||Same amount as for local banks||Capital Dotation|
|Corporate Form||Same form as for local banks||Corporate form of parent bank|
|Fit and Proper||Board and Management||Management Board (depend on home supervision)|
|Significant Shareholders||Applicable||Indirectly applicable (depend on home supervision)|
|Risk, Control and Audit||Yes||Yes|
|Consent of Home Supervisor||Yes||Yes|
|Consolidated Supervision of Home Supervisor||Yes||Yes|
|Capital Adequacy Large Exposures Related Party Lending||Yes||Yes with consideration of parent capital|
|Liquidity Ratios Central Bank Minimum Reserves||Yes||Yes|
|Local Asset Maintenance Requirements||No||Yes|
52. A related issue is what is, or should be, the extent of supervisory powers over branches and subsidiaries of foreign banks in the “host” jurisdiction. The recent financial crisis showed that the soundness of bank branches may be critical for the host country for both financial stability and political reasons. Whilst recognizing the need for interaction and coordination with home country authorities, it is important for the host country to have strong tools to regulate (and resolve) bank branches. From the perspective of regulatory oversight, the difference between branches and subsidiaries should be minimal. BCP 13 also requires that supervisors require the local operations of foreign banks to be subject to prudential, inspection and regulatory reporting requirements similar to those required of domestic banks.
53. Lastly, although outside the scope of this paper, the distinction between branches and subsidiaries is also relevant when it comes to resolution.
X. Consolidated Supervision
54. From a policy perspective, international best practice (BCP 12) requires international banks to not only be supervised on an individual (“solo”) basis, but, to the extent they belong to a “group,” they should also be supervised “on a consolidated basis.” This entails that the supervisory authority “adequately monitors and, as appropriate, applies prudential standards to all aspects of the business conducted by the banking group worldwide.” To be more precise, consolidated supervision consists of applying certain prudential standards not only to the bank itself, but also to a collective body of entities belonging to the same corporate “group” as the bank, forming an economic entity under unified decision. This necessitates that that collective body reports the relevant financial and supervisory information qua group, i.e. in a consolidated fashion.
55. At first sight, the principle of consolidated supervision appears conceptually relatively easy to grasp, but its implementation in law raises many complex legal questions. Many banking laws struggle with establishing clear and robust legal underpinnings for consolidated supervision. Part of this is caused by the fact that the policy prescriptions are not always that clear. Another contributing factor is that the design of the legal underpinnings for consolidated supervision requires a delicate interaction between banking law, company law and accounting law. It is hence incumbent upon the legal draftsman to disentangle the relevant legal concepts and to provide the appropriate legal basis for applying the relevant supervisory tools on a consolidated basis. In that light, the main legal components for a sound framework for consolidated supervision are discussed below. Recognizing however the complexity of this issue, we focus only on the major legal concepts, and acknowledge that this could benefit from a more detailed approach, which would surely require a separate paper.
56. First, the banking law must determine with precision which aspects of the banking supervisory toolkit will be applied on a consolidated basis. Conceptually, consolidated supervision was originally designed to be applied to the quantitative aspects of bank supervision, and in particular for limits on, or minimum requirements for, capital adequacy, liquidity, large exposures, and bank-related party lending. In such cases, the mathematical ratios are applied with numerators and denominators that represent the consolidated accounts and supervisory reporting of the entire banking group. There is however a noticeable tendency to apply the broader concept of consolidated supervision also to the qualitative aspects of banking supervision, such as governance and fit and proper requirements.65 Whatever approach is taken, the banking law should be precise in providing for which of those quantitative and qualitative aspects consolidated supervision applies, or at least allow the regulator to adequately define those aspects in secondary regulation.66 A statement of the general principle of consolidated supervision is not enough.
57. In addition, the banking law must stipulate mechanisms to determine which entities (different from the bank) will be included in this process (implying that such entities will be part of the consolidation scope of the group for supervisory purposes). The determination of which entities will be included will evidently depend on the types of prudential standards that are applied on a consolidated basis. For instance, applying capital adequacy ratios based on risk exposures resulting from banking activities to a group including non-financial entities will lead to an irrelevant, or at least biased, picture of the group’s situation under a banking supervision perspective. For such non-financial entities, other prudential tools than consolidation might be appropriate (for example deduction from qualified capital at group level of participating interest in non-financial entities). In any event, the law must establish the principles for determining which non-bank entities will be included into the supervision of the bank on a consolidated basis and, conversely, which entities will be excluded. The details of these principles can be enshrined in legislation or in secondary regulation, but the core concept that supervisory tools apply to non-bank entities connected to a bank should be established in primary legislation.
58. Banking laws can basically follow two approaches to achieve this outcome.
- Some jurisdictions follow an approach whereby the banking law establishes the circle of consolidated supervision by referring to accounting law: in principle, the entities included in consolidated financial reporting pertaining to a bank are also included in consolidated supervision. This has the advantage of simplicity. The disadvantage is that the needs of supervisory consolidation may be different from those of accounting consolidation. For this reason, when a banking law refers to accounting law, it should do so as a starting point, and foresee the possibility to depart from the accounting law for supervisory purposes.67
- In other jurisdictions, the banking law or implementing regulations will establish a sui generis concept—quite disconnected from accounting law—of “banking group” or “financial conglomerate,”68 the entities of which will be included in the consolidated supervision of the bank that is part of the group. The advantage of such approach is that the circle of covered entities is more likely to be finely attuned to the needs of supervision. The downside however is that financial reporting is complicated by distinct consolidation rules for the same corporate group (see below).
59. Whatever the approach taken, the legal framework will need to address three distinct legal variables:
- First, to be subject to consolidated banking supervision, the group of connected entities must naturally include at least one bank.69
- Secondly, the law will need to determine which type of link or connection the other legal entities need to have with the bank in order to be included in the latter’s consolidated supervision. It is in this regard that the question of reliance on accounting law is particularly relevant. Accounting law will require consolidated financial reporting of all entities that are connected by way of a concept of “control” exercised by a single ultimate parent company “at the top of the pyramid.” To that end, accounting laws typically include detailed criteria for establishing control (necessary to have access to the assets of the entity).70 Will the banking law rely on these concepts, or will it establish its own criteria?
- Thirdly, the question arises whether this link is sufficient in and of itself, or whether other requirements are relevant. Should the entities be of a financial nature? Should they be regulated?
60. These distinctions are also relevant to financial reporting, without which consolidated supervision cannot be effective. The banking law must provide for the principle of consolidated supervisory reporting by combining the information of all entities included in the circle of consolidated supervision.71 As will be discussed below, the “periodic” information provision requirements of banking laws should require the transfer of information from supervised banks to the supervisor at two levels: first, the general accounting reporting through financial statements, and second, the specific supervisory reporting. What is essential is that for banks that are part of banking groups, both sets of information should be reported on a consolidated basis. In other words, it does not suffice to merely report general accounting information as per the consolidation rules established in generally applicable accounting law; the supervisory information must be reported on both solo and consolidated bases too.
XI. Sharing of Information and Inter-agency Cooperation
61. A legal framework to support domestic and cross-border cooperation and information sharing should be in place. This would include the ability to cooperate with domestic authorities (deposit insurance schemes, securities, insurance regulators etc.) and foreign (home-host) authorities. The ability to share and exchange information is crucial for effective supervision of cross-border banks and domestically for macro-prudential oversight. BCP 3 provides that laws, regulations or other arrangements should provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors and that these arrangements reflect the need to protect confidential information.72 The legal framework should thus be clear that the banking regulator can cooperate and share information with other domestic authorities, as well as international counterparts.
62. The legal framework should not only support such cooperation, there should be no provisions which hinder or restrict cooperation and information sharing. In some legal frameworks, although information can prima facie be shared with other domestic and foreign authorities, a closer examination reveals that information sharing is subject to certain pre-conditions or limiting criteria. For example, some statutes may limit the circumstances in which information may be shared to a situation where there is a need to enforce a breach of a provision.
A. Information Sharing and Cooperation at Different Stages
63. Cooperation is required at all stages; at the initial licensing stage, as part of ongoing supervision and in resolution. BCP 13 on home-host relationships provide that home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities and effective handling of crisis situations.
- Licensing stage. At this stage, contact and information sharing between the home and potential host supervisor is crucial. The host supervisor would want to obtain supervisory information from the home supervisor on the banking group, in order to assess the license application of a branch or subsidiary. The host supervisor would also want to assess whether the home supervisor is supervising the banking group on a consolidated basis. Legal frameworks should also require the prior consent of the home supervisor of a parent bank to be obtained before a bank is granted a license (BCP 15). In this regard, the home supervisor would also need confidence that supervision in the host country is adequate and information will flow from host to home supervisor. Lastly, host supervisors would require that the local operations of foreign banks be conducted up to the same standards as those required of domestic banks.
- Ongoing Supervision. Information-sharing takes place between home and host supervisory authorities for the purpose of consolidated supervision of cross-border banking groups, through supervisory colleges and other arrangements. Joint examinations of branches and subsidiaries of banking groups could be conducted or the home supervisor could be given on-site access to facilitate the assessment of the group. The legal framework should be clear as to the modalities of such inspections and access, i.e. whether the host supervisor needs to be merely informed or if consent of the host supervisor needs to be obtained. Although BCP 13, EC 8 provides for the home supervisor to merely inform the host supervisor of intended visits, some countries have expressly included in their legal framework a requirement for prior approval rather than a mere notification—this is understandable given that this is intimately related to a country’s sovereignty. Further, it could also be clarified whether it will be a joint inspection or if the host supervisor may send a representative and whether the examination report would be shared in full with the host supervisor. Information should be shared when there are supervisory concerns and shared on a timely basis.73
- Resolution. BCP 11, EC 7 states that the supervisor should cooperate and collaborate with relevant authorities in deciding when and how to effect the orderly resolution of a problem bank situation. The crisis has shown that the range of agencies that information should be shared with needs to be expanded beyond supervisory authorities to include central banks (who are not supervisors), Ministries of Finance, deposit insurance and other resolution agencies. Such information sharing is important for these non-supervisory agencies to carry out their respective mandate or play a role in the resolution of banks.74 The requirement for systemically important institutions to prepare recovery and resolution plans (RRPs) should also have a statutory footing. While some countries have provided expressly for this in their legal framework, some others rely on the general powers in the banking law to obtain information or to issue directives. The latter may however not be sufficient and open to legal challenges. For effective sharing of information for the RRP process, it would be preferable for an express statutory footing for sharing information for such purposes.
B. MoUs and Cooperation Agreements
64. Apart from the statutory legal framework, cooperation arrangements are frequently captured in MoUs (bilateral and multi-lateral) or exchanges of letters. Where such agreements exist, their legal effect and their interaction with the statutory framework are important. Most MoUs are not legally binding agreements and subject to the relevant legal framework. As such, the scope of cooperation that may be extended under such MoUs will need to be read in the context of the relevant applicable law.
65. Some frameworks also make it conditional that an MoU is in place before information can be shared. Where this is so, then there should be some flexibility built-in to allow information to be shared on a timely basis between authorities that have yet to enter into a MoU, especially in an emergency situation. MoU negotiations may sometimes be protracted and should not hinder interim information sharing. As such, the legal framework may need to make it clear that information sharing is allowed even whilst a MoU is in the process of being negotiated.
66. Disclosure of information should be subject to adequate confidentiality requirements and safeguards that are appropriate to the nature of the information and clearly set out in the law. Where disclosure of confidential information may be compelled under certain statutes e.g., freedom of information legislation or by the courts, authorities may be less willing to share information. Banks may also be unwilling to provide sensitive information to banking regulators if they are not adequately assured of the confidentiality safeguards that would apply if information is shared with other domestic and foreign authorities.
67. Most regimes provide that information may be shared subject to the following safeguards -
- The legal framework should establish a regime for the protection of confidential information that imposes adequate confidentiality requirements on authorities, their employees (both current and former) and agents that receive or have received confidential information, and there should be effective sanctions and penalties (criminal and civil) for breach of confidentiality requirements.
- The requirement that the legal framework of the recipient authority has comparable confidentiality requirements as that of the authority providing the information. The level of protection would need to be assessed to be adequate and there are effective sanctions for breach of the confidentiality. There should be clear criteria and procedures for determining comparability, given that this is often a difficult exercise and requires a basic understanding of another jurisdiction’s laws.
- The requirement of prior consent for onward sharing. There should be clarity as to when information received from the banking supervisor may be onward shared with another authority or person. Authorities generally share information on the understanding that there will not be any onward disclosure to third parties without seeking the prior consent of the authority providing the information. Where information is required to be shared with third parties, the prior consent of the authority should be obtained and third parties should be subject to similar confidentiality requirements.
- The commitment to take best efforts to resist disclosure. A recipient authority may be compelled by statute or the courts to disclose information in certain cases e.g. third party subpoenas for disclosure under freedom of information or similar legislation. The legal regime should provide that when faced with applications to compel disclosure, the recipient authority should take all reasonable means to resist disclosure of information, such as relying on public interest grounds or seeking to rely on legal exemptions and privileges to preserve the confidentiality of the information. It would be helpful in this regard if the law would provide that the supervisor can only disclose confidential information to courts or judicial authorities in the context of civil or criminal proceedings.
68. Legal protection should also be afforded to the banking supervisor, its employees and agents. Where information is disclosed by the banking supervisor and its employees or agents, there should be legal protection for the agency as well as current and past employees and agents against criminal or civil action for breach of confidential requirements. Such legal protection should be explicit in the law and should extend only to cases where the disclosure was lawful.
XII. Bank-Related Party and Large Exposure Limits
69. Banking laws often struggle with establishing clear, robust and distinct legal underpinnings for bank-related party and large exposure limits. This is mainly caused by the fact that both types of prudential limits are similar yet different concepts, and tend to confuse drafters of banking laws. The key features of these two critical tools of banking regulation can be summarized as follows:
- Bank-related party limits impose restrictions on the amounts that a bank can lend to borrowers that are “connected” with the bank, such as through their shareholders, directors and managers. Such limits are quantitative and expressed as a percentage of the capital of the lending bank. In addition, it is good practice for banking laws to prescribe qualitatively how transactions with bank-related parties can be entered into by banks. More specifically, the approval of such transactions should be subject to higher governance standards than ordinary bank transactions.
- Large exposure limits aim at limiting concentration risk in the balance sheet of banks by imposing quantitative limits on individual large exposures of banks as well as the total of a bank’s large exposures. Such limits are entirely quantitative and expressed as a percentage of the capital of the lending bank.
70. On the one hand, both limits make use of similar legal techniques. The three important legal commonalities of both supervisory tools are that:
- The limits are built upon a common set of legal definitions, which include the concepts of “exposure”—this should not only include credit claims but also other types of financial risk—and “capital.” These definitions are typically shared with other components of the banking law (e.g., the definition of capital will also be used for the establishment of the capital adequacy ratio). This does not mean that all definitions are shared between both types of limits, or that either concept does not need its own specific definitions. On the contrary, the regulation of bank-related party transactions will require a specific definition of such party in the banking law,75 secondary regulation, or a combination of both.
- Both limits require the establishment of a quantitative limit relative to capital. As a legal matter, those quantitative limits can be established by a relatively simple and general habilitation in primary legislation combined with more detailed rules in secondary regulation.
- Both limits should be designed so that connected borrowers are considered to be a single exposure for the purpose of the limits. To achieve this, some banking laws have recourse to a definition of single risk in primary law.76 Other laws simply establish the principle in the substantive provisions. In any event. The concept of connectedness between borrowers should be clearly distinguished from relatedness between a borrower and a stakeholder in the bank.
71. On the other hand, both limits also feature important legal differences. The main distinction is that, whereas large exposure limits can be designed as relatively straightforward quantitative prudential limits, bank-related party rules require a set of comprehensive governance prescriptions that in most cases need to be included in primary legislation. These prescriptions will require that bank-related party transactions be entered into “at arm’s length” basis and be approved by the board of directors, without participation in the vote of the interested director. Other distinctions are that bank-related party transactions are typically subject to more stringent reporting rules, and that some banking laws require that bank-related party transactions be deducted from the bank’s capital if certain conditions are not met.77
XIII. Supervisory Enforcement, Early Intervention and Resolution
72. While adequate enforcement is critical to their effectiveness, many banking laws establish sub-optimal enforcement mechanisms. The three most common legal problems are (i) conceptual confusion about the types of enforcement measures, (ii) an inadequate link between enforcement and license revocation, and (iii) legally problematic sanctioning regimes.
A. Types of Enforcement Measures
73. Where there are concerns over the safety and soundness of banks, timely action is required.78 The effectiveness of resolution frameworks—the last phase of dealing with troubled banks—hinges critically on the quality of the legal regimes for the earlier phases of supervisory enforcement and early intervention. The legal framework should provide for a logical progression of increasingly intrusive actions to deal with everything from relatively minor breaches of the law to insolvency and liquidation. Conceptually, the three phases can be distinguished as follows:
- Supervisory Enforcement—Ordinary enforcement powers allow supervisory authorities to require a banking institution to address any violation of law or regulation or unsafe and unsound practice. Use of these powers does not require a finding that the institution is in danger of failure, but it may be that the bank falls below established regulatory threshold requirements. Key examples of such powers are the powers to (i) impose fines, (ii) remove directors and managers who no longer meet the fit and proper requirements, (iii) remove significant shareholders that are no longer suitable, (iv) issue “cease-and-desist” orders to bring an end to inappropriate behavior of banks, (v) issue directions to take remedial action to address the underlying issue; and (vi) suspend certain bank activities for a specified period of time.
- Early Intervention—At the last stage before resolution, the supervisory authorities should have explicit and strong powers to require the board and management of an ailing bank to undertake forceful action aimed at strengthening the financial position of bank, or refrain from action that would further weaken it. Such types of measures—recently coined “early intervention” measures—include prohibiting certain operations, requiring a bank to submit a restructuring plan, raising additional capital, prohibiting dividend payouts, prohibiting new activities, and requiring the divestment of certain assets or businesses. The bank at this stage remains under private control. A failure to implement the required measures or failure to adequately address the concerns would be a ground for commencement of resolution proceedings and putting the problem bank into public control, or closing it.
- Resolution—At this stage, the resolution authority should assume control of an unviable bank, to rehabilitate it where possible, or to liquidate the bank in an orderly manner when rehabilitation proves impossible. Where the supervisory authority and resolution authority are two distinct agencies, resolution may be triggered by the supervisory authority, which will also be competent for withdrawing the license.
74. Many banking laws conflate the various stages for dealing with troubled banks. Often banking laws will include a single list of measures dealing with non-compliance with banking regulatory prescriptions. These measures typically range from sanctions—a tool of supervisory enforcement—all the way to license revocation—a key component of resolution. From a legal-formal perspective, this is not in and of itself problematic. We must recognize that the border between in particular supervisory enforcement and early intervention is not always clear. For instance, does the power to prohibit certain operations belong in the former or the latter category, or both? Be that as it may, the central legal problem is that, under a “single list” approach, there is often a lack of clear, robust, proportional and coherent triggers for applying appropriate measures at each phase of a bank’s non-compliance with regulatory standards and financial distress.79 A consequence of this is that courts may be skeptical toward the application of the toughest types of measures, mainly because the legislation does not bring out the “crescendo” nature of bank distress and the corresponding measures, which may be found to infringe the proportionality principle. To address this weakness, it is useful to reflect the stages of supervisory enforcement, early intervention and resolution explicitly and distinctively in well-tailored legislative provisions.
75. To provide critical legal clarity, it is particularly important to provide clear and robust quantitative and qualitative triggers for the type of action that can be taken at each stage. Examples of quantitative triggers are those tied to quantifiable variables, such as for instance liquidity or capital adequacy ratios. Qualitative triggers entail a degree of exercise of supervisory judgment, for example in relation to management not being fit and proper, or a finding of unsafe and unsound practices. The fact that these triggers require judgment does not preclude that they should be drafted with as much clarity as possible.
76. It is equally important to be clear as to whether the supervisory action is mandatory or discretionary. Some countries provide for a prompt corrective action or prompt remedial action framework, where certain regulatory actions mandatorily have to be taken upon breach of certain triggers. While this provides some degree of legal certainty and clarity, and reduces the probability of legal challenges as well as supervisory forbearance, it can also tie the hands of the regulators when the action mandated by the law may not be the most appropriate response in a particular case. Legal drafters would be well advised to acknowledge that each situation is different, and thus grant a certain degree of flexibility—and hence discretion—to the supervisory authority in taking corrective action. Forbearance is legally better addressed by way of governance and accountability frameworks.
B. Link with License Revocation
77. Akin to licensing requirements, there should be legal clarity as to when a license may be revoked. The timing and impact of the revocation of a license needs to be clear, given that the supervisory authority will typically not have any supervisory powers over the ex-bank (e.g. directional powers) once the license is revoked.80 Clear yet flexible, and proportionate grounds for license revocation should be set out in the banking law, and the interaction of those grounds with the resolution regime should be explicitly provided for. (We note that there should be grounds for revocation that are not directly connected to the financial situation of the bank.) This interaction goes both ways. Where relevant, this requires careful drafting of the sequencing of administrative and judicial action.
- In one direction, the license revocation should ipso facto trigger liquidation; this automatic consequence should be explicitly spelled out in the banking law.81 (It is thus not helpful that administrative or judicial authorities be given any power of discretionary judgment to open liquidation procedures.) It is sometimes argued that such automaticity is not necessary, given that the legal entity could continue its business as a non-bank. This argument is however not convincing. The license revocation entails ipso facto a prohibition for the ex-bank to maintain deposits, which should hence be swiftly transferred to a duly licensed institution. This problem is exacerbated by the fact that the license revocation will almost inevitable occur against the backdrop of severe financial weakness of the bank, which will equally require a swift transfer of guaranteed deposits and corresponding assets. At any rate, a (preferably administrative) liquidation procedure offers the best context for effectuating such transfer.
- In the other direction, a failure to rehabilitate a troubled bank by way of resolution measures (other than liquidation) should in principle trigger license revocation (and thus liquidation). Legally this cannot be drafted with the same automaticity as the previous mechanism, given that this requires discretionary judgment from the supervisory agency. Nevertheless, the principle itself that failure to rehabilitate a bank by way of resolution measures is a ground for license revocation should be established clearly and explicitly in the banking law.
78. Relevant considerations that arise in a license revocation are what are the due process requirements and avenues for appeals. Does the bank need to be given prior notice and an opportunity to be heard and make representations as to why the license should not be revoked? Can the regulator revoke a license on an urgent basis, on public interest grounds? Is there an avenue for appeal against the license revocation and what remedies are available? License revocation decisions should be irrevocable on appeal; monetary compensation should be the only available remedy in the event of a legally wrongful revocation. To ensure legal certainty, these issues need to be explicitly dealt with in the legal framework.82 Country experience has shown that, if a bank’s license is reinstated after a successful legal challenge, it would be difficult to resume ordinary banking business after a prolonged period of suspension.83 Experience has shown that such reinstatement is quite undesirable.
C. Role of Sanctions
79. In the case of non-compliance with provisions of the law, commensurate penalties and sanctions should be imposed. These may take the form of criminal penalties (monetary, custodial), civil penalties or administrative fines. Such measures may be taken concurrently with any corrective action power. The imposition of sanctions raises several legal questions that need to be addressed in banking laws or other legislation, such as penal codes. This paper will focus on three important issues, but many more delicate legal questions arise. For instance, each type of sanction may be subject to distinct procedural prescriptions, “due process” requirements, or competent review bodies. Drafters of banking laws would be well advised to study carefully the full legal ramifications of each type of enforcement measure enshrined in the draft law.
80. For sanctions to be effective, they should be targeted at both the corporate and individual level (vicarious liability). Corporations have no mind of their own and actions are taken via their directors and management. Therefore it may also be appropriate that action can be taken at the individual level, i.e. the directors or senior management who had knowingly contributed to the breach or willfully neglected to take actions to prevent the breach. Often, action may be taken against both the corporate entity and the persons behind the breach. In this regard, BCP 11, EC 5 requires that the supervisor applies sanctions not only to the bank but, when and if necessary, also to management and/or the board or individuals therein.
81. In addition, the legal framework should provide for an appropriate penalty for the relevant breach. Policy considerations will have to determine what is the appropriate penalty that is commensurate with the severity of the breach (and sufficient for deterrent effect purposes). Monetary penalties may not necessarily be prohibitive for big banking organizations. However, where there is a “name and shame” exercise, banks may be more concerned with the reputational risk associated with the breach rather than the actual quantum of the fine. Should the penalty take the form of a fixed amount of fine and imprisonment term or a maximum amount allowing discretion to be exercised? Penalties are rarely provided as a fixed amount or length of imprisonment in the law. This allows the regulator or judicial authority to exercise discretion to impose the appropriate penalty commensurate with the seriousness of the offence. Different factors (such as the track record of the offender, whether the breach was self-reported, whether remedial actions have been taken to rectify the breach) would be relevant in considering the appropriate penalty to be imposed. It is more common for laws to provide an upper limit or maximum penalty in terms of a monetary amount of a fine or a figure and a maximum term of imprisonment. As corporate entities cannot be subject to imprisonment, some country’s laws also provide a “doubling-up” of the fine in the case of corporations.
82. A relevant consideration is whether the applicable penalty should be set out in the primary law or in secondary legislation, such as a regulation. Typically penalties provided in secondary legislation would be subject to a limit, and would generally be less than that provided in primary law. It is thus important to ensure that if the intent is to provide for a penalty in the subsidiary legislation, the intended penalty falls within what is allowed in the regulation and there is an empowering provision in the primary law that allows the penalty to be prescribed (to satisfy the legal principle of nullum crimen sine lege). Non-binding secondary instruments should never have a penalty for a breach.
83. The meta message of this paper is that clear and robust legal underpinnings buttress the effectiveness of banking supervision. The drafting of a banking law raises many questions of financial policy, for which robust international best practice has emerged in the form of the BCP. The drafters of banking laws will however also face complex legal challenges that also need to be addressed, and for which guidance is not always available. This paper hopefully makes a useful contribution in this regard.
84. Another message is that while a clear and robust banking law is a sine qua non, the banking law cannot be considered in isolation from the wider legal context— banking law is thus not a sufficient legal underpinning for supervision. In the end, banking supervisory law is applied administrative law, and weaknesses in the general administrative law framework will inevitably affect the banking law. A similar logic applies mutatis mutandis to civil and commercial law, including company law. Authorities would therefore be well advised to acknowledge the broadness of the necessary legal underpinnings, including by dedicating the required resources to building a strong legal function within their supervisory agencies.