EU Announces the Official Publication of CRR3 and CRD6, Enhancing Banking Regulation Framework

Overview of CRR3 and CRD6

CRR3 introduces significant changes to the calculation of Pillar 1 capital requirements and updates the corresponding reporting and disclosure requirements. These rules will generally become applicable on January 1, 2025. Notably, the European Commission, in a speech by Commissioner McGuinness, confirmed its intention to move the market risk FRTB start date to January 1, 2026, due to delays in the USA.

Critical aspects of CRR3 include:

• Credit Risk: The main changes to the standardized approach to credit risk relate to the performance of due diligence when using external credit assessments, the risk weighting for exposures to institutions without an external credit assessment, equity investments, exposures collateralized by real estate and off-balance sheet items.
• Credit Valuation Adjustment Risk (CVA): CRR3 replaces the existing approaches for calculating CVA risk with three new methods: the standardized approach (SA-CVA), which is based on an internal model and may only be used with supervisory approval, the foundation approach, and the simplified approach. The current exemptions for CVA risks will be retained, but the CRR3 introduces a reporting obligation for exempted transactions. In addition, an institution may also decide to include exempted transactions in the capital requirement for CVA risks, achieving offsetting against corresponding hedging transactions.
• Operational Risk: The new standardized approach replaces all existing methods. The capital requirement is based on a business indicator. The internal loss multiplier (ILM) based on historical losses proposed in the Basel IV text is not implemented in CRR3. However, institutions will still be required to collect extensive data on operational risk losses.
• Market Risk: Revised trading book boundary and adoption of the FRTB approaches for capital calculation purposes. A distinction is made between an approach based on internal models, which requires regulatory approval, a standardized approach, and a simplified, standardized approach. The latter calculates the capital requirement for market risk using the currently applicable market risk standardized approach, although regulatory multipliers must be considered.
• Output Floor: The output floor will now apply to all institutions in the EU, unlike the European Commission's original proposal in October 2021. However, member states can decide to use the output floor only at the highest level of consolidation. Initially, the output floor was only to be applied at the highest level of consolidation of an institution or for stand-alone institutions in the EU, whereby additional capital requirements would be distributed among subsidiary institutions in a complicated manner.
• Treatment of crypto-assets: Crypto-assets resulting from the tokenization of traditional assets should be treated like the underlying asset. Asset Reference Tokens that refer to conventional assets will receive a risk weight of 250%. For all other crypto-assets that do not have an underlying traditional asset, a risk weight of 1250% is designated. Additionally, a "large exposure limit" of 1% of Tier 1 capital is set for this latter group of crypto-assets.

CRD6: Capital Requirements Directive

CRD6 revises several supervisory tools and includes new rules, particularly for
third-country banks' access to the EU market. It also mandates the inclusion of
ESG-related risks in banks' governance and risk management practices. EU member states must transpose the requirements of CRD6 into national law by January 11, 2026. Specific provisions related to the systemic risk buffer will
apply from July 29, 2024.

Critical components of CRD6 include:

• Supervisory Powers and Sanctions: Enhanced powers for supervisors to impose sanctions and corrective measures.
• Third-Country Branches: CRD6 introduces a new Article 21c into the CRD, which requires third-country undertakings to establish a branch in a Member State and apply for authorization to commence or continue conducting certain "core banking services". The scope of this requirement has significantly narrowed since the original proposal in October 2021. However, it is a critical issue for third-country banking groups with EU customers.
• ESG Risks: Mandating banks to incorporate ESG risks into their governance structures and risk management processes reflects the growing importance of sustainable finance.

Implications for banks and conclusion

Implementing CRR3 and CRD6 will have significant implications for banks operating within the EU. These institutions must adjust their risk management and reporting frameworks to comply with the new requirements.

Key areas of focus will include:

• Ensuring a high-quality implementation of the revised credit, market, and operational risk frameworks.
• Enhancing data collection and reporting capabilities to meet new reporting and disclosure requirements.
• Extending pricing and capital planning capacity to cope with the increased complexity of the output floor.
• Incorporating ESG factors into governance and risk management practices requires potentially substantial strategy and operation changes.