CRD VI Implementation in Germany: New Regulatory Framework for Third-Country Undertakings

In an effort to harmonize German law with European law requirements, the new draft German CRD VI transposition law provides for a revision of the existing legal framework for third-country undertakings offering core banking services in Germany.

The Capital Requirements Directive (EU) 2024/1619 - CRD VI amended Directive 2013/36/EU with regard to supervisory powers, targeted and risk appropriate own funds requirements, sanctions, third-country branches, and environmental, social, and corporate governance (ESG) risks. CRD VI requires its transposition into the national law of the member states by January 11, 2026, whereas some provisions concerning the new CRD third-country branches shall become applicable as of January 11, 2027.

On October 10, 2025, the German government published a draft of the German Banking Directive Implementation and Bureaucracy Relief Act (Bankenrichtlinienumsetzungs- und Bürokratieentlastungsgesetz), which aims at transposing the harmonization efforts of CRD VI into German law (Draft CRD VI Implementation Act).

THE OBJECTIVE OF CRD VI

CRD VI seeks to harmonize the different regulatory approaches of the member states of the European Union with regard to third-country firms providing core banking services in the EU by considering the risks to financial stability and market integrity posed by such third-country firms.

As part of this harmonization, CRD VI introduces a requirement for such third-country firms to establish a physical branch in each member state where they intend to provide their services with only a few exemptions for specific types of services and clients. Going forward, third-country branches shall be classified according to their risk and shall be subject to risk-adjusted regulatory restrictions, such as specific capital requirements and disclosure obligations.

THE CURRENT GERMAN LEGAL FRAMEWORK FOR CROSS-BORDER BANKING SERVICES

Under the current regulatory framework in Germany, third-country firms that intend to conduct banking business or provide financial services in Germany must establish a branch or subsidiary in Germany and obtain an authorization pursuant to the German Banking Act (Kreditwesengesetz-KWG) from the BaFin unless they can rely on one of the few exemptions currently available under the KWG.

For example, the KWG includes an exemption for the provision of banking and financial services that, due to their nature, do not require supervision by the BaFin (Section 2 (4) KWG), as well as for an exemption under Section 2 (5) KWG for third-country institutions that are subject to equivalent supervision in their home country. These exemptions are granted by the BaFin on a discretionary basis following an assessment of the facts of each individual case.

NEW AUTHORIZATION FRAMEWORK FOR THIRD-COUNTRY FIRMS UNDER THE DRAFT CRD VI IMPLEMENTATION ACT

As under current German law, going forward, third-country firms will be able to provide core banking services in Germany either through a licensed subsidiary established in another member state of the EU that benefits from the so-called European passport or by establishing a subsidiary in Germany which obtains a banking license under the KWG.

In addition, the Draft CRD VI Implementation Act provides for the possibility of establishing a CRD VI third-country branch in Germany through which core banking services can be provided. Core banking services are understood to include the activities listed in Annex I, points 1, 2, and 6 of Directive 2013/36/EU, such as, in particular, the acceptance of deposits and other repayable funds, lending activities, and the issuance of guarantees.

CRD third-country branches will not be eligible to participate in the notification procedure and will not be able to benefit from the European passport. Instead, CRD VI requires third-country firms to establish a separate branch in each member state where they intend to offer core banking services.

The Draft CRD VI Implementation Act sets out the requirements for obtaining approval for the operation of a CRD third-country branch in Germany. The approval for a CRD third-country branch is subject to, inter alia, the following requirements:

• The fulfilment of certain regulatory minimum requirements such as capital, liquidity, corporate governance, risk management, accounting, and reporting requirements
• The activities for which authorization is sought are covered by the authorization of the parent company and are supervised by the competent regulatory authority in the home country of the parent company
• The supervisory authority in the home country of the parent company has been informed of the application to open the CRD third-country branch and has been provided with a business plan for this third-country branch
• The BaFin is able to access all necessary information about the parent undertaking from the supervisory authority in the home country of the parent company and can coordinate its supervisory activities effectively, particularly in times of crisis or times of financial distress affecting the parent company, its group, or the financial system of the third country
• There is no reasonable suspicion that the CRD third-country branch is being used for the purposes of money laundering or terrorist financing or is intended to facilitate the commission of such crimes

The Draft CRD VI Implementation Act provides for a classification of CRD third-country branches into two risk categories, whereby Class 1 CRD third-country branches are considered riskier than class 2 branches. A CRD third-country branch may be classified in risk class 1 if one of the following criteria is applicable:

• The total value of assets recorded or initiated by the CRD third-country branch amount to at least €5 billion in Germany according to the report of the immediately preceding annual reporting period.
• The authorized activities of the CRD third-country branch include the acceptance of deposits or other repayable funds from private customers within the meaning of Section 67 (3) of the Securities Trading Act, and the amount of these deposits and other repayable funds amounts to at least 5% of the branch's total assets and liabilities, or exceeds €50 million.
• The CRD third-country branch is not a qualified CRD third-country branch.

If a CRD third-country branch does not meet any of the requirements above, it shall be deemed a CRD third-country branch of risk class 2.

Additionally, the Draft CRD VI Implementation Act includes the possibility that BaFin might classify a CRD third-country branch as “Qualified CRD third-country branch,” if all of the following criteria are met:

• The prudential and supervisory standards as well as the applicable regulatory framework for banking services in the home country of the parent company are at least equivalent to the standards set by Directive 2013/36/EU as amended on November 27, 2024 and Regulation (EU) No. 575/2013.
• The supervisory authorities responsible for the parent company are subject to confidentiality obligations that are at least equivalent to the requirements of Title VII, Chapter 1, Section II of Directive 2013/36/EU in the version of November 27, 2024.
• The country in which the head office is located is not listed in Delegated Regulation (EU) 2016/1675 on the basis of Article 9 of Directive (EU) 2015/849 as a high-risk country with strategic deficiencies in its national system for combating money laundering and terrorist financing.

Further, the BaFin may require a CRD third-country branch established in Germany to obtain a full banking license pursuant to Section 32 KWG and establish a subsidiary in Germany if (1) a CRD third-country branch established in Germany intends to carry out activities in another EU member state, or has already done so, or (2) it is classified as systemically relevant, or (3) the total amount of all assets held by all CRD third-country branches of the same third-country group in the EU reaches or exceeds €40 billion, or (4) the amount of assets of the CRD third-country branch in Germany reaches or exceeds €10 billion.

Even though the currently available exemptions from the licensing requirements of the KWG pursuant to Sections 2 (4) and 2 (5) KWG will not be entirely abolished by the Draft CRD VI Implementation Act, their scope of application will be significantly narrowed. Going forward, the BaFin, will only be allowed to grant an exemption under Section 2 (5) KWG if such exemption does not contradict the branch establishment requirement pursuant to Articles 21c and 47 of CRD VI or other regulatory requirements or decisions at EU level.

Essentially, an exemption from the branch establishment requirement will only be available (1) for firms involved exclusively in interbank and intragroup transactions; and (2) for investment firms that provide core banking services only as ancillary services to their investment services in accordance with MiFID II (Annex 1, Section B).

 

In addition, the Draft CRD VI Implementation Act does not indicate that going forward the general freedom to provide banking services without a license upon the unsolicited request of a person or entity located in Germany (so-called reverse solicitation) will no longer be possible. As under the current legal framework, the Draft CRD VI Implementation Act does not explicitly regulate or define the scope of the reverse solicitation exemption so that its application will have to be assessed on a case-by-case basis.

The new reporting, capital, liquidity, governance and risk requirements are in general applicable for all third-country branches, existing prior to the new regulation and established under the new regulation. Exemptions that were granted pursuant to Section 2 (5) KWG in the past are not protected by grandfathering provisions. According to the Draft CRD VI Implementation Act, BaFin is expressly required to revoke such exemptions if the third-country undertaking is now subject to the obligation to establish a CRD third-country branch in Germany.

FURTHER ASPECTS OF THE DRAFT CRD VI IMPLEMENTATION ACT

Besides the introduction of CRD third-county branches, the Draft CRD VI Implementation Act emphasizes the integration of ESG risks into risk management and corporate governance strategies. Institutions are required to develop specific plans to address financial risks arising from ESG factors, including the transition to climate neutrality. The Draft CRD VI Implementation Act aims to reduce unnecessary burdens on institutions by revising national regulations considering international and European standards, thereby facilitating credit provision, especially for small and medium-sized enterprises.

The Draft CRD VI Implementation Act introduces changes to improve banks' handling of ESG risks, emphasizing these risks in general risk management. It identifies the need for harmonized suitability assessments for members of management bodies, including key function holders, aiming for early identification of suitability deficiencies.

SUMMARY

According to the current version of the Draft CRD VI Implementation Act, third-country firms intending to start or to continue providing core banking services in a member state of the EU will need to assess if they should establish a CRD third-country branch or a subsidiary in Germany or in a member state of the EU.

This will in particular depend on the intended scope of business within the EU as the option to establish a CRD third-country branch does not allow the passporting of the branch authorization throughout the EU and even if the requirements for obtaining and holding the necessary authorization for a CRD third-country branch may be less burdensome than the requirements for obtaining a full banking license in the EU, this advantage may be outweighed by the missing passport.