Cross-border lending: CRD VI in focus

Overview

The clock is ticking on the implementation of the EU’s CRD package and there is now less than a year until CRD VI is required to be implemented into the national laws of EU member states. Until now, progress by the member states has been slow with only a handful having begun the transposition process. Whilst a significant proportion of the legislative package focuses on implementing the final Basel III standards together with a number of other EU-specific reforms designed to enhance resilience, transparency and risk management practices, the amendments which introduce new minimum regulatory requirements for the lending activities of entities from third countries in the EU represent a significant change for the way third country entities can access the EU market going forwards. 

In this article we:

• recap the legislative context of the CRD package and its timeline for implementation;
• focus on one of the most transformative requirements that will impact the cross-border lending landscape in the EU, the requirement for non-EU entities to establish a regulated third country branch when carrying on certain core banking activities;
• provide an update on progress by member states towards implementation and suggest some areas where we may see divergences in approach; and pose a number of questions that may be useful when analysing next steps.

What's coming and when?

The CRD package updates the EU banking regime and consists of amendments to both the Capital Requirements Directive (2013/36/EU) (CRD) and the Capital Requirements Regulation ((EU) No 575/2013) (CRR).  After a period of prolonged negotiations between the EU regulatory authorities, on 19 June 2024, CRR III and CRD VI (CRD Package) were published in the Official Journal of the European Union, starting the clock ticking on an
18-month deadline for EU member states to transpose CRD VI into national law (the back stop date being 10 January 2026). While the majority of the measures implementing CRD VI into national law are required to enter into application on 11 January 2026, certain measures shall apply later including measures to comply with the provisions on authorisation of third country branches, which shall apply from 11 January 2027.  CRR III became generally applicable from 1 January 2025.

To facilitate their application, the CRD Package also requires several implementing texts at EU level, such as delegated regulations, regulatory technical standards, implementing technical standards and guidelines. In particular, we note that by 10 July 2026, the European Banking Authority is required to have issued guidelines outlining information, procedures and conditions relevant to authorisation as a branch. 

Key changes for third country entities providing banking services in the EEA

Until CRD VI, the position on the regulation of cross-border banking services has not been homogenous across the EU so each member state has to date taken its own approach as to whether and on what basis third country institutions can provide services to clients in the EU.   

CRD VI introduces a new requirement (under article 21(c)) for third country institutions to at least establish an authorised branch in the member state of the client to whom they are actively marketing/providing core banking services (Third Country Branch Requirement). 

This requirement will effectively restrict the provision of core banking services by third country institutions on a cross-border basis. 

Given that third country branches are also currently subject to varying national rules, member states will also be required to apply minimum authorisation, reporting and supervisory requirements to such local branches and regulatory authorities will have powers to require the restructuring or subsidiarisation of systematically important EU branches of non-EU banks. 

What banking services are in scope?

The core banking services in scope of the Third Country Branch Requirement include the following (Core Banking Services):

• Taking deposits and other repayable funds.
• Lending including, consumer credit, credit agreements relating to immovable property, factoring, with or without recourse, financing of commercial transactions (including forfeiting).
• Guarantees and commitments.

The provision of cross-border investment services under MiFID remains unaffected and continues to be subject to MiFID/MiFIR market access rules.

What third country institutions are in scope?

For deposit-taking, the answer is clear cut – all types of third country entities offering deposit-taking are in scope.  For lending, guarantees and commitments the scope is narrower and the Third Country Branch Requirement applies only where the third country institution qualifies as a credit institution or as a large investment firm (subject to fulfilment of certain criteria).  Note that insurance undertakings, commodity dealers and funds are specifically excluded.

Are there any exemptions?

There are some limited exemptions to the Third Country Branch Requirement. Only active solicitation of the Core Banking Services is caught by the new requirement and as such the Third Country Branch Requirement is specifically stated not to apply where Core Banking Services are requested at the exclusive initiative of the client.

In addition, where the client or counterparty is a credit institution or is a member of the same group as the third country institution, the Third Country Branch Requirement will not apply. Further, services provided by third country institutions that are ancillary to core MiFID services and activities (in Annex I Section A of MiFID II) are excluded from scope.

Grandfathering arrangements

CRD VI provides for a grandfathering period for contracts concluded before 11 July 2026. Where a non-EU entity simply continues to service its existing cross-border arrangements, without entering into new ones after the cut-off date, it will not be subject to the Third Country Branch Requirement.

Regulation at EU member state level

Divergent interpretations

Whilst the CRD Package should create a more homogenised landscape for provision of Core Banking Services, CRD VI is a directive and therefore needs to be transposed into the national law of each EU member state. As a result, there is scope for divergence upon implementation, often driven by the protection of local needs and political agendas. At aosphere, we are tracking implementation, including any anomalies, gold plating and divergent interpretations.

In particular, we are tracking the following areas:

• when the Core Banking Services are deemed to be provided ‘in’ a member state (note that CRD VI does not specify what constitutes the provision of services ‘in’ a member state so approaches may diverge on this point);
• whether there are any transitional arrangements for existing authorisations for third country branches;
• whether third country branches will be subject to the same requirements that apply to local credit institutions;
• any guidance on the application of the reverse enquiry exemption;
• the extent to which a Core Banking Service must be ancillary to core MiFID services to be excluded from the Third Country Branch Requirement;
• the scope of grandfathering arrangements for contracts concluded before 11 July 2026; and
• any impact on the status of existing member state exemptions/cross-border regimes.

Update on implementation 

Progress on implementation of CRD VI across the member states has been minimal to date. 

·       Ireland has recently kick-started the process by the Irish Department of Finance’s publication of a consultation on national discretions regarding the implementation of CRD VI. This includes consulting on the application of requirements for third country branches and whether Ireland should apply the full regime applicable to a CRD credit institution to third country branches or a sub-set of them (and if so, what criteria should be used), or branch-specific requirements to all third country branches.  The introduction of the Third Country Branch Requirement will be a significant change to the Irish regulatory landscape which in general doesn’t currently require authorisation for commercial lending activities.

·     Norway also published a consultation in February 2025 on proposals for the implementation of CRD VI into Norwegian law and to implement certain provisions in CRD IV and CRD 5, to the extent that these have not been sufficiently implemented in Norwegian law.  Although CRD VI has not yet been incorporated into the EEA Agreement, the Norwegian Ministry of Finance states in its consultation that it aims to facilitate the implementation of the directive into Norwegian law by the 10 January 2026 deadline.

Time to strategise/plan for implementation

From 11 January 2027 onwards, third country institutions that provide Core Banking Services in a member state will no longer be able to do so on a cross-border basis and will need to either cease such business, establish an authorised third country branch, provide such services through a different EU-based operation (a non-bank entity or CRD-authorised EU subsidiary) and/or rely on exemptions. 

The establishment of an authorised branch will likely require a relatively significant investment of resources into the authorisation process as well as ongoing compliance with capital, liquidity, governance, booking and other supervisory requirements. In addition, note that a branch will not have the ability to passport its authorisation to other EU member states and so will only be able to operate in the jurisdiction where it is established. Conversely, establishing or moving business lines into a CRD-authorised EU subsidiary with passporting rights would facilitate active marketing/provision of services cross-border between EU member states.

Some key questions to consider when assessing the impact of CRD VI and your options:

• To what extent do your current activities fall within the Core Banking Services and are you the type of entity in scope of the Third Country Branch Requirement?
• How likely are you to be able to rely on any of the exemptions to the Third Country Branch Requirement?
• What approach has each member state taken when implementing the CRD VI and what is the status of any pre-existing national laws, exemptions or tolerated practices post implementation?
• What is your current footprint in the EU, if any, and how can you best take advantage of existing operations?
• Can existing lending activities be migrated to non-credit institutions or EU group entities (i.e. restructure to use a non-bank entity)?
• If you are a third country institution with an existing EU branch, will the particular member state apply transitional arrangements for existing authorisations or whether re-authorisation will be required?
• If opting to establish a branch in the EU, where would be the optimum location to do so? And is a branch sufficient or would you want to be able to passport your activities to other EU member states?