Quick Take: After a year in draft, the final rules extend the regulatory perimeter

In September 2018, the European Central Bank (ECB), acting in its capacity as the lead of the Single Supervisory Mechanism's (SSM) pillar in the Eurozone's Banking Union, published the final version of the Supervisory Guide to "On-site Inspections and Internal Model Investigations" (the OSIIM Guide).1 The OSIIM Guide sets strict supervisory expectations of Banking Union Supervised Institutions (BUSIs) and thus very much reads like rules with which BUSIs will need to comply. This Client Alert follows our previous coverage on the draft version2 of the OSIIM Guide.

Herein we discuss the differences between the draft and final versions of the OSIIM Guide and the implications for BUSIs' operations within the Banking Union, but also globally. Notably, the final version extends the regulatory perimeter to a wider body that is termed in the OSIIM Guide as "inspected legal entities" (ILEs), even if in other areas the OSIIM Guide is clear that it aims to address only direct ECB-SSM supervised BUSIs. The introduction of a new form of ratings grid (from F1 to F4) on severity of an impact of findings is also noteworthy and has operational impact. A Feedback Statement3 explaining the rationale and context of certain changes and thus finalization of the rules in the final version of the OSIIM Guide was also published end of September.

Aside from editorial changes, content-changes have been made to introduce new or clarifying existing principles, most of which apply to how the SSM plans to apply the OSIIM Guide, notwithstanding that the ECB-SSM's terms in its internal non-public guidelines and/or the internal supervisory handbook may be more detailed and/or take precedence over what is set out in the final version of the OSIIM Guide. The Feedback Statement's clarifications explain the changes from the draft to the final version of the OSIIM Guide and include details on how and when the SSM will use external consultants; the SSM's improved team management and steering; better inspection planning principles and preparation of reports, meetings and multi-agency/multi-jurisdictional cooperation—including with non-EU jurisdictions. The Feedback Statement also provide the context around why the final version of the OSIIM Guide places greater emphasis on appropriate seniority representation in a proportionate manner as well as how the SSM will request information, documents and interviews of relevant persons.

Annex 1 to this Client Alert provides an illustration of steps that are likely to be relevant for BUSIs subject to an investigation. Annex 2 provides, for illustrative purposes only, a deltaview showing changes—some of which introduce new steps or change the supervisory tone and thus compliance for BUSIs. The OSIIM Guide should be seen as a dynamic tool that will evolve over time.

What the final OSIIM Guide covers

In summary, on-site inspections (OSIs), which may investigate ILEs' treatment of risks, its risk controls and governance, and internal model investigations (IMIs), which focus on the use and governance of prudential models, are termed in the OSIIM Guide jointly as "inspections." These are key supervisory tools of the SSM. These tools are further complemented by the powers of the national competent authorities (NCAs) in the EU-27 and other competent powers that make up the European System of Financial Supervision (ESFS). The final OSIIM Guide, marks a further "Europeanization" of supervisory rulemaking in the Banking Union, with ECB-SSM led rules acting as a tool to harmonize the NCAs. At present, the SSM conducts approx. 300 inspections a year for the ca. 125 credit institutions it directly supervises.

The final OSIIM Guide's remit has been extended to a wider set of entities and to cover those:

"Third-parties to whom credit institutions have outsourced functions or activities, and any other undertaking included in supervision on a consolidated basis where the ECB is the consolidating supervisor."

This change is quite significant inasmuch as it is considerably more tailored and thus potentially easier to police by the SSM. The draft had proposed that coverage apply:

"...to other legal entities which are within the scope of inspections because they have a business relationship with the supervised entity."

It will remain to be seen whether the ECB-SSM will actually be able to extend the application of OSIs or IMIs to entities that are (1) non-BUSIs and/or (2) otherwise outside the currently SSM regulatory perimeter or whether they will be challenged. In any event, the OSIIM Guide, whilst formally framed as "non-binding" guidance, forms part of the SSM's "supervisory examination programs (SEP)" for in-scope BUSIs and makes this Guide a "qua rulebook" that very much follows recent ECB-SSM policymaking.

Going forward, the level and frequency of inspections are also likely to increase. One such contributing factor is that the SSM's "targeted review of internal models" (TRIM), which is the latest of a series of multi-year supervisory projects, and consequently the ECB-SSM, has increased its set of IMI powers and dedicated resources on the matter. Add to this the fact that the ECB likely will be undertaking a range of thematic reviews in the 2019 supervisory cycle flowing from a range of 2018 findings. Some of those are in relation to specific weaknesses of BUSI's business models and/or their systems and controls.  With concerns around compliance by BUSIs in relation to financial crime, and specifically money laundering4 prevention becoming an issue that the ECB-SSM may bring into an expanded supervisory remit, justifying it based on prudential issues, the OSIIM Guide is more ambitious in breadth and what it expects of ILEs than the draft version. Regardless of business model, ILEs on forthcoming supervisory cycles are likely to be faced with more tailored application of the EU's Single Rulebook for financial services by the ECB-SSM to the Banking Union.

Why the OSIIM Guide matters and to whom it applies

For those firms relocating to the Banking Union, due to Brexit or otherwise and irrespective of whether they themselves are or will form part of a BUSI's group or themselves be a BUSI, the OSIIM Guide's provisions may sharpen the supervisory tone of engagement beyond what some firms may be used to. In addition, the ECB-SSM is increasingly tacking its thematic investigations and inspection work streams in a more coordinated fashion with its international peers. That means that a development in the United States can cascade into action and application of the OSIIM Guide in respect of EU activity in a much more profound fashion than has been the case previously.

Moreover, as with other SSM rules, the contents of the OSIIM Guide may, over time, be rolled-out to a wider breadth of BUSIs or mirrored by other NCAs outside the Banking Union. Like with the draft, the final version of the OSIIM Guide applies to those BUSIs that are significant credit institutions (SCIs) for Banking Union purposes and thus subject to direct supervision by the ECB component of the SSM. It also applies to much larger body of BUSIs and legal entities that are categorized as less significant institutions (LSIs) and thus subject to indirect ECB-led supervision and direct NCA-led supervision as well as those that are non-BUSIs such as non-bank financial institutions.

In terms of geographical and extraterritorial reach, the OSIIM Guide applies to situations where the SSM's ECB component operates. This includes non-Banking Union states (supported by the NCAs) and in third-countries. Consequently, once the UK becomes, from an EU perspective, a third country, the OSIIM Guide would apply in respect of ILEs located in the UK.  It could also, in theory, apply to the third parties that the final OSIIM Guide also attempts to bring into scope. Moreover, in addition to a more definitive application of the final OSIIM Guide's principles to third-parties retained by BUSIs, Section 3 of the OSIIM Guide in the final version states that the powers to request any information or document also applies to "...any other undertaking included in supervision on a consolidated basis where the ECB is the consolidating supervisor."

Notwithstanding the above, the scope and application of the OSIIM Guide to LSIs creates certain legal and supervisory uncertainty. As the FAQ currently states, the OSIIM Guide will only apply to LSIs where the ECB decides to make use of its powers to supervise the relevant LSI directly. Even if this is to be the case, it is quite conceivable that the OSIIM Guide will be followed by relevant NCAs in the Banking Union in relation to inspections of LSIs, as the general practice amongst the various NCAs is to align and apply the ECB guidelines and standards (incl. those still in draft and/or marked as non-binding) as far as possible when exercising their own powers.

Key takeaways in the final OSIIM Guide

The final OSIIM Guide (like the draft) is composed of three sections detailing 1: a General Framework; 2: the Inspection Process; and 3: applicable Principles for Inspections. The third section is where perhaps the majority of comments were expected to be directed during the consultation process, but in practice, Section 1 also sparked some debate. The legal basis for the aforementioned sections are laid out in the founding legislation of the SSM and the CRR/CRD IV regime, along with the provisions of the SSM's internal non-public Supervisory Manual detailing processes and apportionment of responsibilities within the SSM and the interactions between centralized functions within the ECB and the individual NCAs.

Section 1 of the OSIIM Guide recaps the tasks of individual decision makers by walking through the roles of the Supervisory Board, the roles of the Joint Supervisory Teams (JSTs), the role of the JST Coordinator (JSTC), the Head of Mission (HoM) and the approach to finalizing supervisory examination programs (SEP) as well as conducting OSIs and IMIs, in a manner that conforms with the supervisory objectives.

These supervisory objectives stipulate that inspections be conducted on a risk-based, proportional, intrusive, forward-looking and action-orientated manner. To ensure these supervisory objectives are met, the HoM and the inspection team operate independently of—but in coordination with—the relevant JST. Furthermore, the final report(s) as well as stipulated supervisory expectations will feed into the JST wider supervisory work (i.e. the inspection teams have the capacity to impact directly the work and JST supervisory outlook for a given entity).

Consequently, one of the key takeaways for BUSIs and ILEs alike, in relation to the final version of the OSIIM Guide, is that the composition of inspection teams and JSTs will be of importance. The composition of such teams will dictate the supervisory experience of BUSIs. Whilst the SSM, in its four years of operations, has made headway at a rapid pace, there are, as some BUSIs have commented, divergences in the experience and resourcing of certain JSTs and inspection teams. Some of these constraints are often related to language or technical experience of inspectors. This is not addressed in the OSIIM Guide and ideally merits redress to ensure resource constraints are alleviated.

What seems to be addressed by the OSIIM Guide, however, is the mitigation of any resource constrains. As outlined in the FAQ, the inspection teams can be comprised of ECB inspectors, supervisors employed by NCAs, JST members and external consultants. Despite being still in draft form, the OSIIM Guide approach to inspection team composition is already applied today, raising some concerns across the various ILEs. Namely, some financial institutions are concerned that the use of external consultants may affect their remediation efforts in light of the SSM expectations, as well as other work streams in the wider Banking Union sense. This concern stems from the fact that certain inspection teams include at times members of external consultants that also act on behalf of that said financial institution. These third parties, as well as the ILEs, are subject to conflicts of interests management obligations; however, it remains yet unclear whether ILEs may wish to challenge such investigation team's composition or in the alternative, make better use of specialist legal counsel who not only bring the benefit of privilege, but also more stringent rules on conflicts of interest management and client care.  Where a third party is also a potential ILE, a further conflict of interest may arise.

What the final version does do (in Sections 1.6 and 1.7) is more stringently define that external consultants are considered "as regular team members during the inspection."  That does raise some significant concern and is almost counterintuitive to the criticisms that have been voiced. The additions go on to say, "External firms are contractually obliged to comply with the ECB's strict professional secrecy requirements. They and their staff are required to sign individual confidentiality agreements to that effect.

Similarly, whilst JSTs and inspection teams are tasked with coordinating with Banking Union NCAs, along with other supervisory authorities within the ESFS, there is a growing consensus amongst BUSIs that greater coordination within the teams as well as across the authorities would be appreciated5. This would avoid duplication and allow for a more efficient and balanced supervisory engagement process, especially across "business as usual" compliance work streams. Furthermore, a number of BUSIs have experienced difficulties with progressing certain "change" initiatives and/or remediation activities as the information-flow across the larger JST teams and across authorities is not always timely/transparent. This is especially desirable where the NCAs in the Banking Union are separated from their conduct of business supervisory counterparts at the national level. There are a number of Banking Union supervisory priorities that require a high-degree of conduct of business input. This means that ILEs may want to take note of the interplay between SSM or national-led inspection process.

Section 2 of the OSIIM Guide sets out the individual main steps in the inspection process: These are set out in further detail in the Annex to this Client Alert. These steps include:

Preparatory Phase

1. Notification of an inspection to the ILE

2. First request for information

Investigation Phase

3. Kick-off Meeting, which is used to expand the details that had been presented to the ILE in the notification letter and to communicate the objectives, scope and steps involved in the inspection. The final version is much clearer than the draft in communicating that ILEs are expected to have senior management engaged and accountable at these meetings

4. On-site fieldwork phase

Reporting Phase

5. Exit meeting based on a draft report which has been shared with the relevant NCAs and ECB-SSM DG MS IV (on-site inspections) prior to being sent by the HoM with a standardized feedback template to the ILE prior to the exit meeting where the ILE has a possibility to comment on the draft report

6. Publication of final report within two weeks of the exit meeting, the HoM, taking on board any relevant written comments (if any) following the feedback (if any) at the exit meeting finalizes the draft report and sends the ILE, and possibly the parent entity, if within a supervised group of BUSIs, the final report plus a letter of action/supervisory communications

Inspection Outcomes Phase

7. Closing Meeting

8. ILE's provision of its draft action plan followed by a final action plan and a follow-up by the JST of the ILE's final action plan.

Contrary to the draft, the final version of the OSIIM Guide introduces a concept of an "inspection memo" which the HoM and the JSTC use to set the rationale, scope and objectives of the inspection as well as the tasks assigned to the team members.

As with the draft, anyone reading the OSIIM Guide and the various steps might be forgiven from assuming that the OSI and IMI provisions are always comparably slower than processes of NCAs and other national authorities in the ESFS potentially being able to act faster and earlier. That being said, the SSM does have the organizational power to accelerate the individual steps in a concurrent manner and thus react when it needs to in a more rapid fashion whilst still sequentially going through the process. And this is a risk that ILEs may want to note when amending internal policies to reflect how the OSIIM Guide may impact their business operations and when to engage support from external counsel6  in relation to scheduled inspections, thematic reviews or so-called "deep dives" or "dawn raids."

More importantly and pressingly, some ILEs may need to revisit further their internal governance, in order to ensure that their action plans are prepared, presented and executed in a timely manner, where external counsel/support might need to be engaged at an earlier stage given the tight timelines for response. In addition, ILEs need to be mindful when designing their internal processes in relation to inspections and other supervisory reviews management, to ensure the right degree of flexibility and engagement of internal stakeholders and external counsel, in light of the deferring practices and timelines for FED, BaFin, PRA/FCA, independent reviews, etc.7

Section 2 of the OSIIM Guide specifically sets out, what it terms "...a wide variety of inspection techniques..." these include any of the individual or a combination of the following techniques:

  • Observation, information verification and analysis: With an aim to check and evaluate the information provided by the ILE and to observe the relevant processes.
  • Targeted interviews or requests for explanations orally or in writing: By meeting with relevant staff at the ILE, the inspection team collects information about inspected areas and compares the documented processes and organizational structures with the practices of the ILE, which the inspection team may challenge the interviewees. "Significant interviews" with ILEs must be conducted by at least two inspectors.
  • Walk-throughs: Hereby the inspection team meets with relevant staff and ensures that the process that the ILE reports is actually embedded and applied in practice. The process aims to also evaluate consistency of provisions and locating gaps and weaknesses.
  • Sampling/case by case examinations: Hereby the inspection team takes targeted or random samples of data or datasets so as to validate the results and also to gauge the level of problems in certain areas or across the business including the quality of the ILE's risk management and efficacy of other governance and control functions (the latter are implied if not explicitly mentioned).The inspection team will share the methods of data extrapolation with the ILE.
  • Confirmation of data: This involves the checking of integrity, accuracy and consistency of the ILE's data by various recalculation and benchmarking means.
  • Model testing: This involves the ILE testing performance of its models and their output using scenario analysis with various hypothetical and historical market conditions dictated by the SSM.

The final version of the OSIIM Guide clarifies that the ILE's team has the possibility, "within reason" to request status meetings with the SSM's inspection team. Despite this new right, in practice, status meetings are set-up throughout the OSI/IMI as these aid the work of the inspection team. Status meetings are usually used to discuss/clarify facts and outstanding questions and/or to agree on additional deliverables. These meetings are usually scheduled by the inspection team despite the ILE being able to request them.

Communicating the findings of an inspection and setting the remedial action plan

Following the conclusion of an inspection, the SSM will provide the ILE with a final report and will also prepare the draft "recommendation."  The final version of the OSIIM Guide is much clearer that the report needs to collate findings and assign categories to each based on their actual or potential impact on the ILE's financial situation, level of own funds or own funds requirements based on OSIs reviewed. These range from "F1" - low impact to "F4" - very high impact. This new categorization approach or "severity grid" is important and has operational impact, especially where BUSIs may have different assessments or methodologies to that of the ECB-SSM in assessing severity.  If for example the ECB-SSM allocates a F3 finding that internally in an ILE would have been a F4, the ILE will need to decide whether to use the ECB-SSM rating (which would make reporting obligations more standardized) or use a dual system both for monitoring and remedy.  Most larger BUSIs maintain a mechanism to encourage lower severity findings and reward improvements to severity findings.

The draft report is processed within the ECB and with the NCAs for consistency – as opposed to validation.  Translation is undertaken where the ILE has requested to be addressed in their national language as opposed to English. The draft report and a standardized feedback template is sent to the ILE ahead of the "Exit Meeting" at which time the draft report and notifications such as draft recommendations or decisions are communicated prior to finalization. The draft recommendations and/or decisions may, depending on circumstances, diverge from the final report's conclusions. This can cause friction and confusion for recipients.

The draft recommendation is a supervisory communication that sets out the remedial actions applicable to the ILE. These supervisory communications can take two forms, namely:

  1. A letter communicating supervisory expectations in respect of all or only some findings (Supervisory Expectations Letter or SEL) which is an SSM operational act and is thus not legally binding (but persuasive) and thus does not require a supervisory Decision, i.e., an ECB legal instrument approved by the Supervisory Board. In the event of a SEL being issued, the OSIIM Guide states that the ILE recipient of such a SEL does not receive a formal right to be heard to appeal against the SSM's recommendations. A recipient of a SEL is only required and expected by the JST to remediate those points raised in the SEL and the OSI report only as it does not contradict the SEL – if points in the draft/final report are omitted in the SEL then this would permit a lesser scope of remedial action to be carried out; or
  2. A formal supervisory Decision which sets out legally binding supervisory measures addressed to the ILE. The ILE has a right to be heard in respect of a Decision.

The SSM in sending its supervisory communication, in particular in the case of a Decision, may exercise other supervisory powers, notably by imposing upon the ILE:

A. Conditions: These suspend the legal effectiveness of the SSM's authorization or which change or extend an internal model until the ILE has taken specific remedial action to comply with its obligations.
B. Limitations: These restrict, prohibit or modify the use of a model and may include a change to how an ILE calculates its own funds requirements, which would cause it to need to raise regulatory capital immediately.
C. Obligations: These introduce remedial actions on the ILE in order to restore compliance with its obligations.
D. Recommendations: These set remedial actions upon the ILE and which, whilst not legally binding, are sufficiently persuasive for an ILE to comply with the recommendation.

Depending on circumstances, the process may be capped with a "Closing Meeting" following the finalization and communication of the report and the supervisory communications.

Given the variety of tools that are used by the SSM in its supervisory communications, a number of BUSIs have experienced some difficulties as to how to manage internally their deliverables towards the supervisors, as the granularity of and differentiation between these tools is not always fit for purpose in the context of BUSIs complexity and size. Timing is also an issued.  An OSI Report and draft recommendations could run out to 6 to 9 months elapsing prior to progressing to the final report and remediation phase.  Moreover, timing may also mean that remediation may not be in line with the JST's feedback. It remains to be seen whether the SSM will improve its timeliness.

Further complexity is added to this matter, by any language barriers within the inspection teams as well as between the SSM and the BUSIs/other ESFS stakeholders, resulting in sometimes inconsistent use of terminology, or interpretation of it. Against this background, further clarification and harmonization in the use of and meaning behind the various supervisory tools used in the supervisory communications of all ESFS stakeholders may be recommendable.

Section 3 of the OSIIM Guide: Applicable principles for inspections

Section 3 of the OSIIM Guide remains, as in the draft, arguably the most important for BUSIs during the consultation process. This section sets the tone of how the SSM inspection teams, the HoM and JSTC will discharge their supervisory mandate. It also sets the supervisory expectations applicable to the ILEs, i.e., what the SSM expects of those ILEs before, during and after an inspection.

Section 3 also details how the SSM sees its own rights vis-à-vis ILEs and equally ILEs' rights vis-à-vis the SSM. Needless to say, even after a final version is agreed upon, there are likely to be some differing views, some of which may end within the ECB-SSM's Administrative Board of Review and/or the Court of Justice of the European Union (CJEU).

Some of the ECB-SSM's powers and principles should be familiar to many BUSIs and ILEs and exist in more prescriptive detail in certain jurisdictions yet some are amended specifically for the SSM. Some BUSIs, however, may find the ILE-SSM interaction model completely different, requiring significant adjustments in their supervisory dialogue practices. Notably the OSIIM Guide addresses the following:

  • ILEs and ECB-SSM are reminded of the supervisory principle that they should work together to ensure the proper conduct and efficiency of the inspection. ILE's are reminded that their internal rules and policies should not be misused to interfere with this goal. What is not mentioned, are the legitimate expectations of ILEs, as the supervised, that the inspectors and relevant teams are sufficiently resourced and skilled. Given the range of supervisory fees that BUSIs are burdened with beyond the SSM fees, the lack of interoperation and coordination within the SSM or with other ESFS stakeholders can detract from what ideally should be approached with efficiency in mind.
  • ILEs are reminded that inspection teams may, within the scope of the inspection, conduct all necessary investigations of any persons and thus request any information, explanation or justification and thus be able to obtain and check every document it requires of whatsoever nature and to take copies and extracts. What this principle however fails to mention are the applicable rules and principles of legal privilege that may operate even when dealing with a supervisory authority. The OSIIM Guide remains also silent on the issue of internal processes and timeliness in terms of providing information; however, most of the inspection teams try to be mindful of ILE's complexity when requesting information. It goes without saying that any unreasonable delays or failure to provide timely data/information would be addressed by the OSI report.
  • ILEs are reminded that an inspection team has the right to interview any person, regardless of their seniority, and may request the cooperation of qualified staff of the ILE. What this principle does not adequately acknowledge are those person's rights to be accompanied or represented by inter alia legal counsel in such circumstances.
  • SSM inspection teams are reminded to act in an ethical and professional manner, in accordance with applicable laws, regulations and professional procedures and to observe professional secrecy. What this principle passes by are instances where a number of qualified experts from relevant BUSIs may, in the quest of talent, join the SSM, or where certain JSTs may have an overconcentration of national bias.  This is particularly important as the OSIIM Guide specifically reminds SSM inspection teams that they must comply with an ILE's internal rules on data protection, information systems and physical access to premises etc.
  • The principles in Section 3 also touch upon the rights of which language must be used during an inspection. Language matters for a number of reasons but notably because linguistic abilities can differ both within the SSM staff but also equally in terms of the ILE's abilities. Any resulting disconnect can lead to a number of unintended supervisory outcomes occurring, as has already been the case in respect of certain BUSIs. The final version has permitted ILEs to waive the right to receive a report in a given national language without prejudice to future rights on what language it interacts with the SSM. This right is supposed to allow for a more streamlined process – although it is debatable whether this is something that ILEs will always wish to apply.
  • Section 3 states rather directly, "Inspected legal entitles are expressly asked whether they agree to use English when communicating with the inspection team and the JSTs, as a matter of efficiency." This aims to help the ECB-SSM more so than the ILE per se; however, like any BUSIs who might be familiar with the practical difficulties in dealing in, for example, Irish with the Central Bank of Ireland or Welsh with the former Financial Services Authority of the United Kingdom, English is expedient to the extent that both sides can communicate easily as well as have the multilingual resources, including resorting to their external counsel, to facilitate an efficient exchange of information and advice in the relevant languages and/or an English language version if needed. Communications and the inspection reports (draft and final) are drafted in English and may be accompanied by an official translation.
  • Moreover, language also matters given that both ILE and SSM staff may involve a number of non-native English speakers and thus even if English is the common working language used during an inspection, both sides have an interest to ensure that each understands fully the context of concepts and expressions as they are used. Again, there are some instances of supervisory communications and conditions being "lost in translation" and these having led to adverse delays in supervisory outcomes.

As a practical tip, having multilingual external counsel being able to facilitate translation and/or sense check the differences between the English and local language version of supervisory communications from the SSM as well as the ECB-SSM's own use of certain concepts can help manage the multilingual process more cost-efficiently.

Outlook and some next steps for BUSI

The SSM and its various supervisory guides, even if termed non-legally binding, nevertheless could not be clearer in their contents and scope of application. In each instance, and here in the OSIIM Guide, the contents have persuasive obligations and communicate supervisory expectations so that these are qua rulebooks that set the supervisory tone.

This means that the OSIIM Guide builds an entire chapter in how the Single Rulebook for financial services is applied within the Banking Union. This is welcome, yet also potentially beneficial for BUSIs and a range of other entities that fall within the initial category of ILEs, or financial services firms more generally, as the scope of the OSIIM Guide might be mirrored by other NCAs or rolled-out by the SSM to a wider scope of persons. In any event, the advent of the OSIIM Guide lays a clearer roadmap as:

  1. JST compositions begin the rotation phase with members of the JSTs changing to new teams.
  2. The area of thematic reviews and TRIM led OSIs and IMIs increases as this remains a supervisory priority for 2019 and beyond.
  3. The area of thematic and ad-hoc supervisory inspections, including to non-BUSI third country entities (hence the expansion of the scope of the OSIIM Guide by reference to ILE) increases as a result of BREXIT and other relocations to the EU-27 and Eurozone-19 and its Banking Union.

If you would like to receive further analysis from our wider Eurozone Group, or in relation to the topics discussed above, including specifically what the OSIIM Guide might mean for future supervisory engagement and regulatory risk or how to take action, then please do get in touch with our Eurozone Hub Contacts listed to the right.

Annex 1 - the SSM's OSI Process and its impact on Inspected Legal Entities (ILEs)

The below is indicative as both the ECB-SSM and the ILE may agree on frequency and timelines depending on the relevant deliverable, complexity

Annex 2 – comparison of draft and final version of OSIIM Guide

Shows, merely for illustrative purposes a deltaview of changes.

For further information, click here.


1. Available: https://www.bankingsupervision.europa.eu/ecb/pub/pdf/ssm.osi_guide201809.en.pdf

2. See our Client Alert available here: https://www.dentons.com/en/insights/articles/2018/august/3/the-draft-ecb-ssm-supervisory-guide-to-on-site-inspections-and-internal-model-investigationsm.

3. Available: here

4. An area that like with other areas that conduct regulation but which the ECB-SSM may take into its supervisory scrutiny due to a range of prudential regulatory concerns or other policymaking grounds.

5. Moreover, there is growing evidence that there is an emerging disconnect between BUSI's expectations of how familiar JSTs and OSIs may be with market practice and/or operations of BUSIs globally and/or in specific EU jurisdictions and how that might differ with the experiences of NCAs. Some of these issues are compounded by OSI teams potentially never having been exposed to a specific BUSI or a JST composition being unfamiliar with particular supervisory concerns and/or objectives. Concrete examples include that a certain governance set-ups within a BUSI may be the result of JST expectations being put into action and these then being criticized by an OSI team without that team knowing the JST requested it.  The final version of the OSIIM Guide's Follow-Up phase aims to partly mitigate this but absent any improvements to pre-OSI/IMI engagement amongst JSTs and inspection teams within the SSM, BUSIs (but also other non-BUSI ILEs) may want to maintain a list of confirming where changes have been requested by a specific supervisory authority.

6. What is interesting to note is that the OSIIM Guide makes no mention of an ILE's right, whether at the EU level and/or within individual national law and regulatory frameworks, to be represented or have counsel present in proceedings nor any reference to various rights to assert legal privilege.

For more information on the various timelines and practices, please contact Dentons' Eurozone Hub who maintain a global special investigations working group comprised of contentious and non-contentious regulatory experts as well as litigators to provide immediate assistance in relation to supervisory action as well as "defending and/or explaining" BUSIs' files.

7. Moreover, as the number of JST staff and inspections increase, the principles in the OSIIM Guide and the SSM's internal Supervisory Manual might need a practical check of conduct of JST staff members and the writing up their findings on their draft reports or final reports or simply meeting notes on public transportation, whether en route to a relevant meeting or for those outside of Frankfurt, commuting back to their "home" member states.

Dentons is the world's first polycentric global law firm. A top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is committed to challenging the status quo in delivering consistent and uncompromising quality and value in new and inventive ways. Driven to provide clients a competitive edge, and connected to the communities where its clients want to do business, Dentons knows that understanding local cultures is crucial to successfully completing a deal, resolving a dispute or solving a business challenge. Now the world's largest law firm, Dentons' global team builds agile, tailored solutions to meet the local, national and global needs of private and public clients of any size in more than 125 locations serving 50-plus countries. www.dentons.com.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.