Authorising third-country branches under CRD VI

The European Banking Authority’s (EBA) consultation could fundamentally reshape how non-EU banks operate in EU markets. It runs until 3 February 2026, with final guidelines expected later in the year and implementation from January 2027. This leaves a narrow window to prepare for a structural shift in supervisory expectations and more cohesive oversight.

What’s changing under CRD VI?

Until now, many non-EU banks have operated across EU member states without a physical presence, relying on passporting or local exemptions, but this will no longer be permitted. CRD introduces a harmonised EU-wide framework requiring non-EU banks conducting core banking activities – such as deposit-taking, lending and issuing guarantees – to establish and operate through an authorised branch or, in some cases, a subsidiary in each relevant member state.

Setting up a branch is not a simple formality. It involves a formal application to the national competent authority, including submission of a detailed business plan, governance arrangements, risk management framework and compliance with prudential standards on capital and liquidity. For larger or systemically important operations, regulators may even require subsidiarisation instead of a branch.

This shift means non-EU banks must rethink their European operating model. 

Key implications:

• Business planning: Assessing which markets to maintain and determining the most efficient structure (branch versus subsidiary)
• Booking model changes: Moving from current cross-border booking practices to localised models aligned with EU requirements
• Migration and implementation: Transitioning client relationships, contracts, and operational processes to the new structure
• Governance and controls: Establishing local governance frameworks, risk management, and compliance processes to meet EU standards

Article

CRD VI: EU banking rules tighten for third-country firms

Read more

Why are the rules changing?

To date, the treatment of non-EU branches was fragmented. Each member state applied its own rules, creating inefficiencies and opportunities for regulatory arbitrage. This approach made cross-border oversight complex and raised systemic risk concerns – especially as the largest non-EU banking groups hold most of their EU assets through branches rather than subsidiaries.

CRD VI introduces a harmonised framework designed to strengthen transparency, improve governance, and reduce financial stability risks. It also aligns with Basel III and the broader EU banking package, signalling Europe’s commitment to global supervisory consistency, with improved accountability and greater operational resilience.

A standardised approach to authorisations

The EBA has set out a standardised process for third country authorisations, covering what information firms need to provide, how supervisors will assess applications and the templates to be used. This represents a comprehensive review of a branch’s ability to operate safely and soundly under EU standards.

Applications must include the following:

• Business plan and financial projections aligned with governance and risk frameworks
• Capital endowment and liquidity arrangements, with evidence that resources are immediately available to absorb losses at branch level
• Internal governance and risk management, including fit-and-proper local management, and ICT or outsourcing controls
• Booking arrangements and registry book design to meet CRD VI’s autonomy and transparency requirements
• Reporting capability mapped to EBA templates for both the branch and the head undertaking
• Information on the head undertaking, including prudential compliance and a legal opinion confirming no home-country impediments to EU compliance
• A non-opposition statement from the home authority, marking a new era of cross-border supervisory cooperation

The guidelines also offer a proportionate approach with scaled-down requirements for smaller branches – but they must still demonstrate prudential soundness. Existing branches will need to be re-authorised or uplift their compliance by January 2027.

Broader changes for branches under CRD VI

In addition to changes in authorisations, there are further amendments for how third-country branches operate under CRD VI, including: 

• Mandatory local presence for core banking services – from January 2027, non-EU banks can’t provide lending, deposit-taking or guarantees cross-border without an authorised branch or subsidiary; remote access is no longer an option, with limited exemptions
• Branch classification and proportionality – supervisors will apply intensity based on branch size and complexity, but all firms must demonstrate prudential soundness
• Booking and registry obligations – branches must maintain autonomous booking arrangements and a registry book capturing all EU-originated business, to improve risk management and transparency
• Capital and liquidity standards – minimum endowment capital and liquidity buffers will apply, alongside stricter governance and risk frameworks
• Enhanced reporting – standardised templates will require granular data on branch operations and the head undertaking, demanding robust systems and automation
• Subsidiarisation for systemic branches – where assets exceed EUR 30 billion in a single member state, authorities may require conversion to a subsidiary, increasing capital costs but unlocking passporting rights

These changes rely on real-time data and automated reporting, which will affect operating models and funding strategies. They may also require further investment in technology and systems.

Taking early action

Standardising the treatment of third-country branches will improve transparency, accountability and supervisory consistency across the EU. However, UK firms with EU customers have significant work ahead to meet the requirements in the short timeframe available, without disruption to ongoing services. To get started, firms will need to consider work on booking controls, governance and management information, in addition to local variation in implementation. 

Key activities:

• A structured gap analysis against proposed requirements: governance, booking, capital, liquidity and reporting capabilities
• Prioritising resilient upgrades that will stand regardless of consultation tweaks – such as booking models and capital calibration
• Early engagement with supervisors to streamline the non-opposition process and avoid late-stage hurdles
• Participation in the consultation to help benchmark practices and shape the final framework

Early movers can turn regulatory change into a differentiator. For example, an application pack that’s aligned to EBA templates will accelerate authorisations in all EU territories – streamlining these activities and reducing the administrative burden.

Similarly, aligning management information with reporting templates will strengthen governance and create a foundation for better analytics. There are also booking processes to consider, and more robust controls will deliver greater insights into branch profitability and risk while also satisfying compliance requirements. Even the non-opposition step (requiring confirmation from home regulators) can nurture a trusting and collaborative relationship with overseas supervisors, turning compliance into a strategic advantage. 

For more insight and guidance on third-country authorisations under CRD VI, contact Rashim Arora.