EBA publishes draft guidelines on the authorisation of third country branches

RegCORE Client Alert | Banking Union, Capital Markets Union + Savings and Investment Union

Quick Take

On 3 November 2025, the European Banking Authority (EBA) published a consultation paper setting out draft guidelines on the authorisation of third country branches (hereinafter referred to as the Guidelines).EBA consultation paper, Draft Guidelines on the authorisation of third country branches in accordance with Article 48c(8) of Directive 2013/36/EU, consolidated version available here.Show Footnote The Guidelines aim to establish a harmonised framework for national competent authorities (NCAs) authorising third country branches (TCBs). They are addressed to head undertakings and the NCAs responsible for receiving and assessing TCB applications. The Guidelines are expected to apply from 11 January 2027 onwards.See p. 20 of the Guidelines.Show Footnote

The Guidelines apply to all TCB authorisation applications under the new CRD VI regimeDirective (EU) 2024/1619 of the European Parliament and of the Council of 31 May 2024 amending Directive 2013/36/EU as regards supervisory powers, sanctions, third-country branches, and environmental, social and governance risks (CRD VI).Show Footnote (see standalone thought leadership from our EU RegCORE on CRD VI), except where Member States apply the ‘subsidiary‑like approach’—i.e., treating a TCB as if it were a CRR credit institution subject to full CRR/CRD supervision. As explored in this Client Alert, the Guidelines introduce a structured list of information to be included in TCB applications,See Part I of the Guidelines.Show Footnote the procedure regarding the application (including standard forms and templates),See Part III of the Guidelines.Show Footnote the assessment of conditions for granting authorisation,See Part II of the Guidelines.Show Footnote and the circumstances under which NCAs may rely on information that has already been provided in a prior TCB authorisation process.See Part I, paragraphs 10 and 11 of the Guidelines.Show Footnote They embed proportionality via a new Class 1/Class 2 categorisation of TCBsSee 3.2 of the Guidelines.Show Footnote, tighten expectations on governance, booking and liquidity so TCBs are not “empty shells”See 3.3.2 b) of the Guidelines.Show Footnote, and hard wire cooperation with third country home supervisors and anti-money laundering and combatting financing of terrorist (AML/CFT) authorities.See Part II, paragraph 34 of the Guidelines.Show Footnote

Key takeaways

Scope of the Guidelines

The Guidelines apply to all TCBs that are subject to the new TCB-regime under CRD VI, except where Member States apply the ‘subsidiary-like approach’.

Across the EU-27’s Member States and the respective NCAs (including those participating in the Banking Union) can choose to apply the same requirements to TCBs as to regulated institutions. In other words, they can treat TCBs as if they were subsidiaries of the parent company (subsidiary-like approach). This is the case in Germany, as according to Sect. 53 para. 1 German Banking Act (Kreditwesengesetz, KWG) a TCB that is located within the EU and conducts banking business or financial services within the meaning of the KWG is itself considered a credit institution or financial services institution within the meaning of the KWG.

However, the definition of credit institution/financial services institution in KWG and in CRD VI (currently) differs. The scope of KWG with regard to the definition of ‘credit institution’ is much broader than in CRD VI. CRD VI ultimately refers to Art. 4 no. 1 (1) of the Capital Requirements Regulation (EU) No. 575/2013 (CRR).

We therefore assume that not all TCBs that are considered as credit institutions or financial services institutions under the KWG are affected but rather only those that would also be considered as CRR credit institutions under CRR at the same time.

However, some prudential requirements set out in Title VI of CRD VI are TCB-specific (e.g. the booking arrangement for originated business). Consequently, the parts of the guidelines that cover these specific requirements also apply to applications for authorisation for TCBs that are subject to the ‘subsidiary-like approach’.

List of information requirements

The Guidelines are structured as follows: 

1. Part I: lays down the list of information to be included in the application for authorisation to establish a TCB under CRD VI and related exemptions; 
2. Part II: contains the assessment methodology; 
3. Part III: covers the procedural elements; and
4. Annexes: contains standard submission letters and templates for the submission of the information included in the application for authorisation.

The Guidelines provide a comprehensive list of information to be included in TCB applications by the applicant’s ‘head undertaking’ (and the intermediate and the ultimate parent head undertaking as applicable), covering the program of operations (business plan,See Part I, paragraph 4 of the Guidelines.Show Footnote capital endowment,See Part I, paragraph 7 of the Guidelines.Show Footnote liquidity requirements,See Part I, paragraph 8 of the Guidelines.Show Footnote internal governance,See Part I, paragraph 5 of the Guidelines.Show Footnote and booking arrangementsSee Part I, paragraph 9 of the Guidelines.Show Footnote) and information about the head undertaking’s compliance with prudential requirements.See Part I, paragraph 2g of the Guidelines.Show Footnote

This includes (not exhaustive):

• All information necessary to identify the applicant’s head undertaking;See Part I, paragraph 1 of the Guidelines.Show Footnote
• If the head undertaking is part of a group, corporate charts of the group,See Part I, paragraph 2a of the Guidelines.Show Footnote identification of the members of the management body,See Part I, paragraph 2c of the Guidelines.Show Footnote information on the capital structure,See Part I, paragraph 2d of the Guidelines.Show Footnote non opposition statements from third country authorities that reflect compliance with prudential requirements (e.g., own funds, liquidity metrics, leverage, organisational adequacy)See Part I, paragraph 2g of the Guidelines.Show Footnote and audited financial statements of the last three yearsSee Part I, paragraph 2e of the Guidelines.Show Footnote, just to name a few.

Where lending or guarantees/commitments are not subject to authorisation in the third country, the application should clarify that such activities form part of the ordinary course of business and are subject to prudential regulation and supervision.See Part I, paragraph 1d of the Guidelines.Show Footnote

Applications must include a  ‘programme of operations’ (i.e. a regulatory business  plan) that contains a credible three year business plan on baseline and stress scenario bases that credibly demonstrates initial viability and ongoing sustainability, prudential forecasts for capital endowment and liquidity calibrated to the envisaged TCB class (1 or 2), and robust internal governance and risk management arrangements to ensure the TCB is not an ‘empty shell’ and manages assets and liabilities recorded or originated in the Member State.[See Part I, paragraph 4 of the Guidelines.]

The information on AML/CFT should identify the responsible person, present a business wide ML/TF risk assessment, describe governance and resources dedicated to AML/CFT, and explain how internal systems and controls address identified risks, including the origin and transfer channels of capital endowment resources.See Part I, paragraph 6 of the Guidelines.Show Footnote

Categorisation of TCBs (Class 1 and Class 2)

According to Art. 48a (1) and (2) CRD VI, TCBs are split into Class 1 (higher risk) and Class 2 using triggers including:

• Total value of assets ≥ EUR 5bn;
• Amount of retail deposits ≥ 5% of total liabilities or > EUR 50m; 
• Head undertaking in an AML/CFT high risk country; or 
• Non equivalent third country prudential/supervisory/confidentiality regime. 

When none of the referred conditions are met, the TCB falls in Class 2. Class 1 faces stronger governance, capital endowment, liquidity and reporting.

The Guidelines refer to this separate categorisation and task the national competent authorities with assessing the liquidity coverage requirement in a certain manner when a TCB is classified as a Class 1 TCB. 

Procedural implications

Procedurally, Part III of the Guidelines aim to balance transparency and flexibility, emphasising assessment timelines,See Part III, paragraphs 60, 62 and 63 of the Guidelines.Show Footnote clear communication with applicants,See Part III, paragraphs 58, 59 and 62 of the Guidelines.Show Footnote including the ability to request clarifications or additional information, and cooperation – particularly with third country authorities supervising the head undertaking(s)See Part III, paragraph 64 of the Guidelines.Show Footnote and the AML/CFT supervisor for the condition on the absence of ML/TF concerns. See Part III, paragraph 66 of the Guidelines.Show Footnote They include a standard letter for requesting information from third country authorities,See Annex I of the Guidelines.Show Footnote a standard application letter,See Annex II of the Guidelines.Show Footnote and a template for filing the application.See Annex III of the Guidelines.Show Footnote

Interaction with the Banking Union

Although the authorisation of TCBs remains a national competence, CRD VI expressly integrates the Banking Union framework where relevant. Accordingly:

• The ECB, acting through the Single Supervisory Mechanism (SSM), does not directly authorise TCBs because they are not CRR credit institutions.
• However, the ECB-SSM becomes involved where:
  • The Member State applies the subsidiary‑like approach, resulting in the TCB being treated as a CRR credit institution; or
  • The TCB forms part of a group already supervised by the ECB at significant‑institution level.

In addition to the above the Guidelines reinforce existing CRD VI obligations on cooperation between NCAs of SSM Member States and: 

• The ECB-SSM, where prudential implications arise for supervised groups;
• The Single Resolution Board (SRB), particularly regarding resolvability and information sharing for groups with MREL‑related dependencies; and
• AML/CFT authorities, as part of the Union‑level AML/CFT supervisory architecture, including the AML Authority (AMLA) once operational.

Overall, the Guidelines create a more explicit supervisory interface between national TCB supervision and the single supervisory and resolution mechanisms. They do however mean that a number of firms may need to (re-)assess key considerations of both the Guidelines along with Banking Union supervisory specifics. 

Key considerations

The Guidelines will significantly affect TCB groups seeking to establish or maintain branches in the EU. Within and across the Banking Union Member States this also means the following specifics:

• Host NCAs must consider the effect of a TCB’s operations on the financial stability of the Banking Union, not only the individual Member State.
• Booking and liquidity arrangements must ensure that material risk concentrations do not spill over into Banking Union institutions.
• For groups supervised by the ECB-SSM, NCAs are expected to seek the ECB-SSM’s input under Art. 48b CRD VI on cross‑border group risk, intra‑group exposures, and booking models.

Across the EU-27 overall, the Guidelines underscore the importance of even more cooperation between NCAs and third country authorities to ensure access to necessary information and effective supervisory coordination, especially in periods of crisis or financial distress.

The Guidelines’ new framework will apply to both existing and new TCBs. Undertakings with existing TCBs will need to ensure that they comply with the new framework by 11 January 2027, if they wish to retain their TCB licenses. For TCBs that fall under the classification of credit institutions/financial services institutions in their respective member states (as is the case in Germany) and are considered a CRR credit institution at the same time, a significant portion of the Guidelines is not applicable by default. In this respect, the impact of the Guidelines is manageable

Outlook

With the consultation period closing on 3 February 2026, firms with existing or planned EU TCBs should promptly analyse the draft Guidelines to determine their potential impact. This is a critical opportunity to influence the final framework. A number of firms may wish to assess how the new requirements on governance, booking and liquidity will affect their operating models and to consider submitting a formal response to the EBA, either directly or via industry associations, to address any significant concerns.

The draft Guidelines are set to apply from 11 January 2027 (with the exception of the provisions in Article 2 (1), fourth subparagraph of CRD VI). NCAs will have two months from publication of the translations to report whether they comply. In the context of the Banking Union it is also conceivable that the ECB-SSM will publish its own further supervisory ‘clarifications’ qua expectations as to the harmonised application of the Guidelines as part of its on-going streamlining efforts of how the EU’s Single Rulebook for financial services is applied across the Banking Union.

About us

PwC Legal is assisting a number of financial services firms and market participants in forward planning for changes stemming from relevant related developments. We have assembled a multi-disciplinary and multijurisdictional team of sector experts to support clients navigate challenges and seize opportunities as well as to proactively engage with their market stakeholders and regulators.  

Moreover, we have developed a number of RegTech and SupTech tools for supervised firms, including PwC Legal’s Rule Scanner tool, backed by a trusted set of managed solutions from PwC Legal Business Solutions, allowing for horizon scanning and risk mapping of all legislative and regulatory developments as well as sanctions and fines from more than 2,500 legislative and regulatory policymakers and other industry voices in over 170 jurisdictions impacting financial services firms and their business. 

Equally, in leveraging our Rule Scanner technology, we offer a further solution for clients to digitise financial services firms’ relevant internal policies and procedures, create a comprehensive documentation inventory with an established documentation hierarchy and embedded glossary that has version control over a defined backward plus forward looking timeline to be able to ensure changes in one policy are carried through over to other policy and procedure documents, critical path dependencies are mapped and legislative and regulatory developments are flagged where these may require actions to be taken in such policies and procedures.   

The PwC Legal Team behind Rule Scanner are proud recipients of ALM Law.com’s coveted “2024 Disruptive Technology of the Year Award” and the “2025 Regulatory, Governance and Compliance Technology Award in 2025”.  

If you would like to discuss any of the developments mentioned above, or how they may affect your business more generally, please contact any of our key contacts or PwC Legal’s RegCORE Team via de_regcore@pwc.com or our website.