Skip to content

CRD VI cross-border rules take shape

Final provisions on cross-border banking services in the EU published

CRD VI will bring in uniform minimum prudential requirements for third country branches providing banking services in the EU and, more importantly, introduces a ban for third country institutions providing core banking services (lending, guarantees and commitments and deposit-taking) into the EU on a cross-border basis. The provision of cross-border investment services as such remains unaffected. The new rules will likely start applying in autumn 2026. The law provides for limited exemptions, such as the traditional concept of reverse solicitation (to be “codified” in Article 21c) and in the context of intragroup services and grandfathering of certain existing contracts.

Firms affected by the change will need to consider options such as migrating business to non-credit institutions or EU group entities and assess if existing business can continue to rely on exemptions.


In October 2021, the European Commission issued proposed revisions to the Capital Requirements Directive (CRD) (to be amended by a further Directive, CRD VI) and to the Capital Requirements Regulation (CRR) (to be amended by a further Regulation, CRR III), known as the ‘2021 Banking Package’, which also aims to implement the Basel III / Basel 3.5 requirements.

Trilogue negotiations on the amendments proposed by the 2021 Banking Package commenced in March 2023. In December 2023 the final elements were politically agreed and endorsed by Council and Parliament. The text is subject to a final vote by Parliament before publication in the Official Journal.

CRD VI introduces a prohibition on the provision of cross-border core banking services into the EU by a third country institution, coupled with harmonised minimum requirements for the regulation of branches of third country institutions. The prohibition is proposed as a new Article 21c of CRD VI. It does not affect the provision of investment services.

In this note we give a high-level overview of the potential implications for firms providing cross-border services into the EU (in particular, lending) and possible structuring options. We do not cover the requirements for (existing) third country branches. This topic will be discussed in a separate note.

Current state of play in the context of provision of banking services on a cross-border basis

So far, EU regulatory law is silent on the regulation of cross-border banking services in the context of third country institutions. Whether (and with what restrictions) third country institutions can provide services to clients in the EU is therefore a matter of the national law of the respective Member State. For example, third country institutions can currently lend to clients in certain Member States (e.g. Ireland) without a licensing requirement if certain requirements are met. Conversely, it is not possible to lend into certain Member States (e.g. France, Italy) from a third country institution. Several Member States provide some form of waivers from the licensing requirement in the context of the service provision on a cross border basis, where the law in the third country provides for a comparable supervision framework (e.g. Germany, Spain).

The new regime in the context of provision of banking services on a cross-border basis

Article 21c CRD VI introduces a ban on the provision of cross-border core banking services the EU. Structurally, the new requirement is to be classified as market access rules for third country institutions in the EU. More precisely, they go beyond the implementation of the prudential requirements from Basel and are purely driven by the European legislator.

The prohibition in Article 21c applies where:

  • a third country institution
  • provides core banking services
  • in a Member State
  • unless an exemption is available.

This calls into question the operational set-up of large international groups that are using national exemptions to provide banking services in the respective Member State while booking credit exposures not through a local entity, but on the balance sheets of the larger third country institution to keep capital requirements for the local (licensed) branch lower.

What services are captured? Core banking services

Article 21c CRDVI only applies in the context of the provision of so-called ‘core banking services’. In its initial draft on CRDVI, the Commission proposed a complete ban on the provision of cross-border services, more specifically an array of activities listed in the annex to the CRD including leasing, payments services, e-money services and even certain investment services. In the final version of Article 21c CRD VI only three types of services from the originally proposed list remain, namely:

  • accepting deposits and other repayable funds;
  • lending, including inter alia: consumer credit, credit agreements relating to immovable property, factoring with or without recourse, financing of commercial transactions (including forfeiting); and
  • provision of guarantees and commitments.

To whom does this apply? Third country institution

Which entities are in scope of the new prohibition depends on the type of service offered. All types of entities offering deposit-taking would be in scope.

As regards cross-border lending and guarantees and commitments the scope is narrower, and applies only where the third country undertaking:

  • would qualify as a credit institution; or
  • “would fulfil the criteria laid down in points (i) to (iii) of Article 4(1), point (b) of CRR, if it were established in the Union”.

In practice the former would capture banks; the latter, investment firms which (i) deal on own account or underwrite financial instruments, and (ii) are large or part of a large group (having total consolidated assets or carrying out investment services in respect of amounts exceeding EUR 30 billion). The definition explicitly excludes insurance undertakings, commodity dealers and funds.

What is considered as provision of services “in” a Member State

The legislation does not define what amounts to the provision of a service “in” a Member State. The background materials make it clear that the Commission anticipated that all activities with EU clients should be considered as provision of service “in” a Member State. Some of the materials associated with the negotiation of the final position suggest otherwise. It is unclear whether Member States will seek to use the concept to water down the restriction (as, for example, Luxembourg does today).

What are the exemptions?

There are a number of activities that are exempted:

  • interbank services (i.e. services provided to another credit institution);
  • intragroup services; and
  • reverse solicitation (whose parameters are “codified” in Article 21c and broadly mirror those already in place under MiFID).

Services provided which are ancillary to core MiFID services and activities (i.e. Section A Annex I to MiFID e.g. related deposit-taking and granting credit or loans) are also excluded from scope. The scope of this carve-out is not yet clear; it seems to capture margin loans and deposits taken as part of broker-dealer activities, but it is not clear how remote banking activities can be from core MiFID activities.

The Commission will conduct a review before implementation on whether the exemptions should extend to financial sector entities. It is not clear what the scope of “financial sector entity” will be, though there is an existing definition for the term in CRR.

As mentioned before, in some jurisdictions, such as Germany, a number of large institutions currently rely on cross-border waivers granted on the basis of national law. CRD VI does not address this aspect explicitly; however, as it does not provide for an exemption in this regard, these waivers will likely cease to be available.


The timeline for the implementation of CRD VI is not set in stone but will depend on when the text is published in the Official Journal (expected in spring 2024). After publication there will be an 18-month transposition period for Member States to implement CRD VI into national law. This will be followed by a 12-month period of transitional relief for licensing applications before any restrictions on cross-border services apply.

Assuming the legislation is published in the Official Journal in spring 2024, this would mean that the new licensing requirement would go live in autumn 2026.

It is likely that exemptions from the licensing requirement under the current Member State law will no longer be granted.


The draft legislation provides for grandfathering of “existing contracts” to “preserve clients acquired rights”. That means contracts entered into 6 months or more before the end of the transitional relief (i.e., sometime in Q3/Q4 2025) may continue to be serviced cross-border without the requirement to establish a branch.

It is however unclear how far this grandfathering extends and if, for example material amendments to existing contracts would trigger a licensing requirement. On the basis of the existing wording of the provision it seems likely as it refers to “acquired rights” suggesting that if the contractual rights change significantly in the course of the transaction, they may then fall outside the grandfathering provisions.

This leaves room for uncertainty and the absence of clear guidance at EU-level can most likely only be answered based on the implementing legislation and existing regulatory practice in the individual Member States.

Options for continuing business

De-scoping activities – migration to non-credit institutions

In those jurisdictions in which the licensing position will change adversely, one workaround will be conducting a jurisdictional analysis to ascertain if certain business lines could be efficiently migrated to group entities which are outside scope of the core prohibition (e.g. non-credit institutions).

Relying on exemptions

Depending on the business line, it might be possible for large amounts of cross-border activities to continue by relying on one or more of the exemptions. For example, if certain business lines only provide a core banking service to an EU credit institution, or are ancillary to core MiFID business, these business lines could continue with no disruption. It will be necessary to diligence each relevant cross-border business line to assess the applicability of exemptions.

Migrate relevant business lines into an EU subsidiary

The requirement only captures third country institutions. A locally authorised EU entity can provide core banking services within the EU via passporting rights.
This option would require a significant diligence exercise. Aside from the operational considerations, there will likely be an impact for the EU entity with regards to e.g. regulatory capital and liquidity arrangements to account for the extra business that will now appear on its balance sheet.

Establish a third country branch in relevant jurisdictions

This will likely be the least desirable option. Branch applications are time intensive and require a significant operational implementation effort, and the resulting authorisation will not result in any further cross-border rights than the provision of services into the specific local jurisdiction. It would therefore be necessary to establish a branch in each jurisdiction into which core banking services are being provided (if this option alone were used). Such branches would then be subject to the capital, liquidity and governance and reporting requirements discussed in our separate bulletin.