top of page
Search

EBA Consults on Revisions to Guidelines on Internal Governance

Executive Summary


The EBA/CP/2025/20 consultation paper proposes draft revised Guidelines on internal governance for financial institutions and third-country branches (TCBs) operating in the EU. The revisions are primarily driven by recent amendments to Directive 2013/36/EU, specifically from Directive (EU) 2024/1619, and incorporate lessons from supervisory practices. The core objective is to ensure that institutions have robust, transparent, and well-integrated governance frameworks that are proportionate to their size and complexity. The guidelines reinforce the role of the management body and introduce new requirements related to diversity, TCBs, and the formal documentation of roles and responsibilities.

ree

Summary of Key Revisions and Implications


The revisions aim to strengthen and harmonise governance standards across the EU financial sector. Below are the significant changes and their implications:


1. Governance for Third-Country Branches (TCBs)


  • Revisions: New guidelines specify that TCBs must implement a robust and sound governance framework, similar to EU institutions. They must have at least two local managers who effectively direct the business and possess the necessary knowledge, skills, and experience. These local managers are subject to suitability assessments, and the TCBs must maintain "sufficient substance" to avoid becoming "empty shells."

  • Implications: TCBs will face stricter regulatory oversight and higher standards for local management and governance. They are required to manage risks linked to back-to-back and remote booking arrangements and must not systematically or substantially back-to-back transactions with an EU nexus. This ensures that TCBs pose a lower risk to the EU's financial stability and market integrity.


2. Formal Documentation of Roles and Duties


  • Revisions: Institutions are now required to create and maintain two key documents:

    • Individual statements of roles and duties for all members of the management body (both management and supervisory functions), senior management, and key function holders.

    • A comprehensive mapping of duties that details reporting lines and responsibilities, demonstrating a clear and coherent organisational structure.

  • Implications: This creates greater accountability and transparency by clearly defining who is responsible for what. The mapping helps identify any gaps in responsibility and ensures that the governance framework is practical at both the individual institution and the consolidated group level.


3. Focus on Diversity and Inclusion


  • Revisions: The guidelines reinforce principles of equality, diversity, and inclusion, drawing on the EBA's benchmarking report on diversity practices and gender-neutral remuneration. Institutions must:

    • Have gender-neutral policies for remuneration, recruitment, and career progression.

    • Set policies to foster a gender-balanced pool of candidates for management body positions.

    • Monitor the gender pay gap and other indicators of gender representation and treatment.

  • Implications: This moves beyond simple diversity targets to mandate the implementation of policies and monitoring tools to ensure a more equitable and inclusive corporate culture. It supports the creation of a diverse talent pipeline, which the EBA believes contributes to more robust governance and decision-making.


4. Expanded Scope of Risk Management


  • Revisions: The guidelines explicitly broaden the scope of risks that institutions must manage and report on:

    • ESG risks: Institutions must consider environmental, social, and governance risks (including climate and biodiversity) in the short, medium, and long term (at least 10 years) and develop plans with quantifiable targets to address them.

    • Digital Operational Resilience (DORA): The guidelines are updated to align with Regulation (EU) 2022/2554, requiring robust governance for managing ICT risk and ensuring operational resilience.

    • Artificial Intelligence (AI): The document now references the new AI regulation, indicating that risks related to AI systems must be considered.

    • AML/CTF: The importance of having governance arrangements to manage money laundering and terrorist financing risks is re-emphasised.

  • Implications: Institutions must adopt a more holistic and forward-looking approach to risk management, integrating non-financial risks like ESG and ICT into their core frameworks. This requires a fundamental shift in how risks are identified, measured, and mitigated, moving beyond traditional financial risk categories.


5. Conflict of Interest Management


  • Revisions: The guidelines strengthen the framework for managing conflicts of interest, especially regarding loans and transactions involving members of the management body and their related parties. Decisions on such transactions must be documented and made objectively, generally on "arm's length" terms. The guidelines introduce measures to mitigate conflicts when a former CEO or other executive becomes a member of the supervisory function, such as abstaining from discussions or votes on their previous actions.

  • Implications: This introduces stronger safeguards to prevent decisions from being compromised by personal interests. It enhances the independence of the supervisory function and promotes prudent decision-making.


 
 
 

Comments

bottom of page