QuickTake

On 2 March 2021 the European Central Bank (ECB), acting in its role at the head of the Banking Union's Single Supervisory Mechanism (SSM), published its supervisory guide to the method of setting administrative pecuniary penalties (the SAPP Guide)1 pursuant to Article 18(1) and (7) of the SSM Regulation.2 For sake of context "administrative pecuniary penalties" also includes fines.

This Client Alert revisits the ECB-SSMs SAPP Guide and how the ECB-SSM decides on how to fine Banking Union supervised institutions (BUSIs) and specifically when credit institutions, financial holding companies and mixed financial holding companies (collectively referred to as "supervised entities" in the SAPP Guide) breach compliance with requirements falling within the ECB's SSM mandate.

The SAPP Guide and the powers that the ECB-SSM has are separate to those of other EU-level authorities (EBA, ESMA and EIOPA) as well as those of national competent authorities (NCAs) in the European System of Financial Supervision (ESFS) may have under their own supervisory mandates. Crucially, the SAPP Guide has not been updated, as at the time of writing of this Client Alert, to cover those investment firms that have, due to legislative changes, also become BUSIs.

This Client Alert should also be read in conjunction with our coverage on the ECB-SSM's 2018 Supervisory Guide to OSIs and IMIs (the OSIIMI Guide)3 as well as with the overview of supervisory sanctions issued by the ECB-SSM directly or on behalf of NCAs in respect of individual BUSIs.4

The ECB-SSM also publishes an Annual Report presenting aggregate statistics of sanctioning activities of the ECB-SSM and NCAs in the context of Banking Union. The Annual Report of SSM Sanctioning Activities in 2021 was published on 12 August 2022 (the 2021 Sanctioning Report)5 and key trends from that report are discussed in this Client Alert as well.

The SAPP Guide is also very quick to remind readers that "In exercising its power to impose such administrative pecuniary penalties, the ECB enjoys a wide margin of discretion within the limits of the SSM Regulation and SSM Framework Regulation." The "wide margin of discretion" and the principle that the ECB-SSM must ensure that its penalties are "effective, proportionate and dissuasive" was also established in a landmark judgment in Crédit Agricole SA v European Central Bank.6 Given that the ECB-SSM is in the process of returning to a more normalised supervisory engagement process, the extent and level of fines may increase and consequently supervised entities may wish to consider how to forward plan their options.

The SAPP Guide marks a further "Europeanisation" of enforcement powers in the Banking Union

The ECB-SSM can directly impose administrative pecuniary penalties on those BUSIs that are categorised as significant credit institutions (SCIs) i.e., those that are directly supervised by the ECB-SSM and indirectly by NCAs, when they breach directly applicable acts of European Union law, including ECB-SSM decisions or regulations.

Moreover, the ECB-SSM can impose administrative pecuniary sanction on those BUSIs that are less significant institutions (LSIs) i.e., those that are indirectly supervised by the ECB-SSM and directly by NCAs, when they breach of ECB-SSM regulations or decisions imposing obligations vis-à-vis the ECB on those entities.

Equally, in cases of breaches of national law implementing European Union Directives, breaches of "common procedures" rules in the case of LSIs, breaches committed by natural persons, or when a non-pecuniary penalty has to be imposed, the ECB-SSM may request the relevant NCA to open national sanctioning proceedings, pursuant to Article 18(5) of the SSM Regulation. The ECB-SSM may also address such a request to an NCA where penalties may be imposed under national legislation which confers specific powers on the NCA currently not required by the relevant European Union law. This does not affect an NCA's ability to open its own proceedings, at its own initiative, under national law for tasks not conferred on the ECB-SSM.

When determining the level of administrative pecuniary penalties, the ECB-SSM will take account of all "relevant circumstances relating to that breach, in order to ensure the consistent application of penalties and ensure that penalties are dissuasive even for larger institutions. Specifically, administrative pecuniary penalties should have a deterrent effect in order to prevent the supervised entity concerned (specific deterrence) or any other entity supervised by the ECB-SSM (general deterrence) from engaging in the same or similar conduct in the future." That being said, the final amount of administrative pecuniary penalties is capped at a legal maximum that may not exceed 10% of the total annual turnover of the supervised entity from the preceding business year or twice the amount of profits gained or losses avoided as a result of the breach (with reference to the methodology summarised below).

In setting a level, the ECB-SSM will in also consider relevant factors relating to (i) the impact of the breach and (ii) the supervised entity's misconduct. It will also take account of the size of the supervised entity – normally by reference to total assets of the supervised entity as well as the benefits derived from that breach in setting a proportionality of the size of the administrative pecuniary penalty. This is done on the basis of a two-step approach, namely:

  1. Determining the base amount for the penalty, which requires:
    1. assessing the severity of the breach – i.e., as "minor", "moderately severe", "severe", "very severe" or "extremely severe" on the basis of (1) the impact of the breach and (2) the degree of misconduct by the supervised entity;
    2. determining the impact of the breach – i.e., as "low", "medium" or "high" and thus consideration of (1) the effect that the breach has on the prudential situation of the supervised entity and its effective supervision, (2) the duration of the breach, (3) the extent of the damage caused to third parties and (4) the actual and potential consequences ofthe breach on the reputation of and confidence in the banking sector;
    3. determining the degree of misconduct – i.e., as "low", "medium" or "high" and consideration of whether the supervised entity committed the breach intentionally or negligently, as well as all other circumstances relevant to its degree of responsibility;7 and
    4. classifying the breach – meaning the ECB-SSM will consider a breach to be "minor" where its impact and the degree of misconduct are "low". It will however be regarded as "moderately severe" where both factors are medium and consequently as "severe" where both are "high". The ECB-SSM also states in the SAPP Guide that "Without prejudice to other breaches which may be classified as "extremely severe", breaches which have (or could potentially have) systemic consequences will be considered "extremely severe"";
  2. Setting the base amount. For breaches classified as "very severe" or below, this will be done either with reference to a penalty grid, or by multiplying the amount of profits gained or losses avoided (if they can be determined) by an amount corresponding to the severity of the breach. That second method may only be used if the proportionality of the overall level of the penalty is ensured. Where breaches are classified as "extremely severe", the ECB will set the base amount for the penalty as a percentage of the supervised entity's total annual turnover.

Crucially, the SAPP Guide is clear that the ECB-SSM may, at its absolute discretion, increase or reduce the base amount in order to take account of "all mitigating and aggravating circumstances" as well as to ensure that the penalty is proportionate, effective and dissuasive. In addition, the ECB-SSM will also look at whether multiple breaches are derived from the same set of facts.

Aggravating and mitigating circumstances may include (but is not limited to) delays or a reluctance to cooperate with the ECB-SSM's exercise of its investigatory powers (including under the OSIIMI Guide and other supervisory powers) that may lead to an increase in the base amount. Conversely, the base amount may be reduced where the supervised entity cooperates with the ECB-SSM in a timely manner before, during and after the investigatory measures (e.g., by providing relevant information in order to help establish the facts) or where the supervised entity takes steps to effectively remedy the breach on its own initiative.

Where multiple breaches are derived from the same set of facts, the ECB-SSM is permitted, as set out in the SAPP Guide to adjust the base amount if it believes that a penalty corresponding to the sum of the individual penalties for the various breaches would not be proportionate given the circumstances of the case.

Proportionality also means the ECB-SSM look at the appropriateness of the penalty in the light of the financial situation of the supervised entity and the potential impact on that financial situation, in order to ensure that the penalty does not cause the supervised entity to become insolvent, cause it serious financial distress or represent a disproportionate percentage of its total annual turnover. Where the supervised entity that has committed the breach belongs to a supervised group, the total annual turnover that is used for this purpose will be the total annual turnover resulting from the most recent available consolidated annual financial accounts for the supervised group. In addition, the ECB may, in certain cases, impose a symbolic administrative pecuniary penalty. The justification for imposing such a penalty will be indicated in its decision.

The SAPP Guide concludes with leaving the door open to further supervisory discretion in stating that "Finally, the particularities of a given case or the need to impose an effective, proportionate and dissuasive penalty in a particular instance may justify a departure from the standard method of setting administrative pecuniary penalties that is detailed in this guide."

Key takeaways from the 2021 Sanctioning Report

The 2021 Sanctioning Report was prepared by the SSM Network of Enforcement and Sanctions Experts. It covers the activities of the ECB-SSM as well as those of the Banking Union NCAs acting in their SSM capacity. The 2021 Sanctioning Report states that 142 administrative pecuniary penalties were imposed by competent authorities in 2021. This should be contrasted with the 508 formal sanctions that were conducted by the SSM during 2021 with 44% of proceedings on-going at the year-end of 2021, 32% resulting in a penaltyimposed and 24% of proceedings were closed without penalty.8 LSIs and officials at LSIs were the most persons subject to proceedings.9

Of the 142 administrative pecuniary penalties issued can be distinguished between 75% of these being pecuniary penalties, amounting to a total of EUR 31.7 million with the highest pecuniary penalty amounting to EUR 24.5 imposed on a SCI. For other types of supervised entities, the highest pecuniary penalties in 2021 were as follows: natural persons EUR 1.5 million; LSIs EUR 680,000; other legal persons falling within the remit of the competent authorities' sanctioning activities EUR 160,000.

The remaining 25% consisted of penalties of a non-pecuniary nature and periodic penalty payments. While these sums may seem small when compared to administrative pecuniary penalties levied by supervisory authorities in other jurisdictions, they levels are rising.

Other differences also include that sanctioning and enforcement in the Banking Union is, certainly over 2021 concentrated on natural persons. These represented 42.5% of all proceedings conducted and 37.5% of all administrative penalties imposed. LSIs were on a very similar level, being focused in 42% of all proceedings conducted. The percentage of administrative penalties imposed on them was even higher, at 44%. By the end of 2021, the focus in terms of number of proceedings ongoing had shifted further towards LSIs and LSI officials. This shift matters, notably given that, despite the SAPP Guide establishing common standards, the 2021 Sanctioning Report summarises the continuing problem with national divergences, even despite the ECB-SSM's efforts to streamline the CRR/CRD IV framework in the Banking Union, that framework still:

"...currently ensures only a minimum level of harmonisation with regard to sanctioning, material differences remain in the national laws transposing the Directive applied by the competent authorities when exercising their sanctioning powers. In particular, breaches of the prudential requirements set out in European Union law are not always sanctionable under the national law of participating Member States. Other aspects may also affect a competent authority's decision to pursue a breach, e.g., the length of the limitation period, a statutory obligation to open a procedure in the event a breach is identified or discretion to close a case solely for reasons of proportionality."

The SAPP Guide does not close that level of fragmentation.10 Moreover, the 2021 Sanctioning Report does not cover the ECB-SSM's nor NCA's activities that fall outside the scope of prudential supervision within the SSM. In particular, information on sanctioning activities related to payment systems, markets in financial instruments, investment services, prevention of the use of the financial system for the purpose of money laundering and terrorist financing, and consumer protection are excluded from the scope of the 2021 Sanctioning Report.

The main findings in the 2021 Sanctioning Report concluded that the majority of fines related to breaches of internal governance standards (predominantly risk management and internal controls breaches as well as organisational requirements (including with regard to management body functions and committees) followed by breaches of supervisory reporting failures. This follows on from work that was set in the SSM's 2021 Supervisory Priorities11 and which remains a focus area for the SSM's 2022-2024 Supervisory Priorities.12 Other areas that saw a rise in breaches included a number of proceedings for failures in compliance with the large exposure regime as well as compliance with rules on liquidity, qualifying holdings, prudential consolidation and recovery plans.

Outlook

The SAPP Guide has built an entire new chapter in how the Single Rulebook for financial services in respect of enforcement and sanctioning powers is applied within the Banking Union. This is welcome in terms of driving consistency and certainty for BUSIs and the wider set of supervised entities as well as financial services firms more generally, in particular if the ECB-SSM's efforts are rolled-out by other NCAs. However, the strict supervisory tone and more intrusive level of scrutiny, in particular as, post-pandemic, the SSM reverts to more use of its sanctioning powers, may require firms to ready themselves.

Footnotes

1 Available here.

2 Available here.

3 The OSIIMI Guide is available here. Our Client Alert on that development is available from PwC Legal's EU RegCORE.

4 Details of which are available here.

5 Available here.

6 See: T-576/18, ECLI:EU:T:2020:304, paragraph 133 and 135.

7 As the SAPP Guide states (para. 15): "...the ECB will consider that a supervised entity which fails to comply with its special duty of care by committing a breach that an entity which was normally informed and diligent would have avoided can generally be regarded as having shown a low degree of misconduct if there are no other circumstances pointing to more serious misconduct."

8 It should be noted that 216 of these (123 of which were initiated at the ECB-SSM's request) were suspended at the start of 2021 due to criminal proceedings before the national courts against the same person(s) in connection with the same facts. Moreover, in para. 16 the SAPP Guide states: "The degree of misconduct will be considered higher where the supervised entity (i) could not have been unaware that its conduct would potentially result in a breach of its prudential requirements, or (ii) where it committed the breach because of deficiencies in its internal controls (unless those deficiencies are addressed by means of a separate administrative penalty) or (iii) as a result of a gross misinterpretation of a legal requirement." and equally "The highest degree of misconduct can usually be assumed where the supervised entity (i) knew that its conduct would certainly or almost inevitably result in a breach of its prudential requirements, (ii) prevented or hindered the ECB from obtaining a comprehensive picture of its prudential situation, or (iii) sought to conceal a breach of its prudential requirements or deceive the ECB-SSM."

9 Of the formal sanctioning proceedings conducted in 2021 216 concerned natural persons (173 LSI officials, 5 SI officials and 38 other natural persons), 214 concerned LSIs, 52 concerned other legal persons and only 26 concerned SCIs.

10 See discussion in various articles by M. Huertas in the Journal of International Banking Law and Regulation on the national options and discretions elimination (NODE) efforts of the ECB-SSM in relation to how the CRR/CRD IV framework, as amended, is applied in the Banking Union.

11 Available here.

12 Available here, which should also be read in conjunction with "Navigating 2022: a focus on EU as well as Banking Union and Capital Markets Union Supervisory Priorities in the year ahead" published by PwC Legal's EU RegCORE.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.