The European Commission has presented its new strategy for a Savings and Investment Union (SIU). This initiative aims to facilitate access to the capital markets for citizens and open up more financing channels for companies in the EU. Planned innovations also concern supervision and deposit protection. Renate Prinz and Dr. Cornelius Hille have assessed the plans for us.
Continue ReadingAuthor: Renate Prinz
The EU’s new attempt at a financial union: what banks need to know now
By Renate Prinz | Dr. Cornelius Hille on 10. April, 2025
Posted In EU, Financial Services
Outlook On Financial Regulations And Supervisory Practice In Germany And The EU
By Renate Prinz on 03. April, 2025
Posted In Banking Law, Financial Services
The new article by Renate Prinz in Finextra examines the regulatory framework of the European Union for the year 2025 and offers valuable insights into future developments and challenges.
Read the full article here.
DORA (Digital Operational Resilience Act): Lessons Learned
By Renate Prinz on 31. March, 2025
Posted In Dora
The leading fintech conference FIxBE will take place on April 9 and 10, 2025 at CityCube Berlin. FIxBE provides a platform for discussions on the latest developments in the financial sector and enables networking with experts and innovators from the industry.
Our partner Renate Prinz will participate in the panel on April 10 at 2:15 pm on the topic “DORA (Digital Operational Resilience Act): Lessons Learned” at FIxBE 2025.
In this panel, Renate Prinz will share her experiences and insights on the implementation of DORA. She will discuss the challenges and successes and provide practical tips for companies looking to strengthen their digital operational resilience.
You can find more information about the event here.
McDermott Investment Funds Academy AML, DORA, LMT & Co – Update & Outlook 2025
By Frank Müller | Renate Prinz on 28. March, 2025
Posted In Dora
Our McDermott Investment Funds Academy online seminar took place on March 26. Our experts from the Investment Funds & Regulatory Law practice groups – as well as experts from the Luxembourg law firm Arendt & Medernach – gave an outlook on regulatory developments in 2025. The following topics were covered, among others:
- LMTs & Side Pockets – Practice in Germany & Luxembourg
- AML: New developments in money laundering law
- DORA compliance
The online seminar was aimed at employees of fund initiators and sponsors, institutional investors, asset managers, capital management companies, custodians, banks, etc. with a connection to investment funds and their transactions.
Thank you for your participation.
Are you already familiar with the DORA Check? The self-test helps you to find out whether your company is affected by the DORA regulations and what action needs to be taken. Find out more
McDermott Investment Funds Academy – AML, DORA, LMT & Co – Update & Outlook 2025
By Renate Prinz on 28. February, 2025
We cordially invite you to our online seminar of the McDermott Investment Funds Academy on March 26th from 9:30 to 10:30 AM. Our experts from the Investment Funds & Regulatory Practice Groups, as well as experts from the Luxembourg law firm Arendt & Medernach, will provide you with an outlook on regulatory developments in 2025. Among other topics, we would like to discuss the following with you:
- LMTs & Side Pockets – Practice in Germany & Luxembourg
- AML: New Developments in Anti-Money Laundering Law
- DORA Compliance
The online seminar is aimed at employees of fund initiators and sponsors, institutional investors, asset managers, management companies, custodians, banks, and others related to investment funds and their transactions.
We look forward to seeing you.
Register here.
M&A in the EU market: Essential factors for investors to consider
By Renate Prinz on 27. February, 2025
Posted In Financial Services, Risk Management, Transactions
Investing in Europe: Is it a good time to do so? Opinions differ. The EU financial sector has experienced significant growth in recent years, driven by technological advancements and evolving consumer preferences, but there is also heavy regulation. Despite the downsides of a high degree of regulation, such as increased costs, inflexibility, many internal guidelines, and a higher number of employees, it also has a positive effect on the overall market and economic opportunities.
Financial regulation ensures stability, transparency, and consumer protection. Especially in the financial industry, these are key aspects customers look at, considering the major failures we have seen in the fintech market in recent years. Against this background, the EU financial market presents a unique landscape for mergers and acquisitions (M&A), characterized by stringent regulations, evolving market dynamics, and emerging trends.
Understanding the key considerations for transactions in the financial industry is crucial for investors looking to navigate this complex environment. This article outlines essential factors to review when investing in entities regulated in the European Union. It also highlights the differences from investments in other jurisdictions and industries, discusses the expected timing, and explores current trends in EU FinTech investments.
Investing in the EU financial industry differs from investments in other jurisdictions and industries in several ways, including:
Regulatory Scrutiny: The financial industry is subject to higher regulatory scrutiny compared to other sectors. This means investors must navigate complex regulatory frameworks and ensure compliance with stringent requirements.
Systemic Risk: Financial institutions are interconnected and play a critical role in the economy. As such, they are exposed to systemic risks that can have widespread implications. Investors must assess the target entity’s risk exposure and mitigation strategies.
Capital Requirements: Financial institutions are required to maintain certain capital levels to ensure solvency and stability. Investors must evaluate the target entity’s capital adequacy and its ability to meet regulatory requirements.
Key pre-deal considerations
Conducting thorough due diligence is paramount. It is crucial to ensure that the target entity is appropriately regulated. Investing in an entity that is not regulated but should be can lead to significant legal and financial risks. Supervisory authorities may take enforcement actions against both the entity and the acquirer, including fines, sanctions, and even the revocation of licenses.
Due Diligence
When preparing for and evaluating an acquisition in the financial sector, particularly in the EU, it is important to carefully determine, as part of the due diligence, whether the target complies with the applicable financial supervisory law. In particular, does the target have the license required for its type of business or does it need a license at all?
If a license is required, it is also essential to determine whether the target consistently fulfills the requirements necessary for the license, in particular with regard to risk management, money laundering, reporting, and liquidity and equity. However, on 17 January 2025, it also became necessary to determine whether the requirements for cybersecurity and operational resilience under the Digital Operational Resilience Act are being met, especially with regards to outsourcing.
The legal consequences of noncompliance with the requirements are far-reaching and can not only affect profitability but also lead to a complete ban on business activities, the exclusion of management, severe fines, and a restriction of new business, especially if anti-money laundering (AML) and risk management are not sufficiently set up. Measures taken against a licensed company are always published by the financial supervisory authority, along with the respective deficiencies. This ‘naming and shaming’ leads to a loss of trust in the market, which in turn can lead to a loss of customers.
Does this mean that when it comes to investments, it is better to steer clear of the EU financial sector? With so many regulations, it is challenging to always comply with the numerous requirements, let alone check compliance as part of a due diligence process.
As always, a risk assessment must be convened on the basis of appropriate information. It is neither possible nor necessary to check every single violation and every facet of regulatory compliance in each individual case. This would also exceed any reasonable level of financial investment prior to the transaction. But experienced advice that provides an overview of compliance and potential red flags with regards to the most important parameters and showstoppers is essential.
For example, for many regulations, rectification is possible and sufficient following a notice of noncompliance from the financial supervisory authority. However, a distinction must be made: what are the showstoppers and where can we go along without seeing a major risk.
On that basis, key points to consider in the due diligence process are:
The target’s business model and the necessary licenses in each jurisdiction.
Ongoing proceedings, orders, or enforcements of the competent supervisory authority.
The target’s compliance with key regulatory requirements and whether the necessary structures are in place, particularly with regard to capital requirements, AML compliance, reporting obligations, and risk management.
Deal phase: Owner control proceeding
An owner control proceeding is triggered when an investor intends to acquire a significant stake in a licensed EU entity (i.e., more than 10% of the equity or voting rights in the target entity, alone or together with other parties). This threshold is set to ensure that any significant influence over the management and operations of the entity is subject to regulatory scrutiny. The goal is to maintain the stability and integrity of the financial system by ensuring that only fit and proper persons can exert control over regulated entities.
What happens in an owner control proceeding?
The owner control proceeding involves a comprehensive assessment by the relevant supervisory authorities, such as the European Central Bank, or national competent authorities such as BaFin in Germany. The key requirements include:
Notification: The proposed acquirer must notify the relevant authority of their intention to acquire a qualifying holding. Intention means the obligation to notify may arise already pre-signing (e.g., when the necessary shareholder resolutions to the acquisition are passed). This notification needs to include detailed information about the acquirer, the acquirer’s shareholding structure, the transaction, and the target entity.
Documentation: The acquirer must provide extensive documentation, including financial statements, business plans, and information about the acquirer’s background and reputation. Additionally, financing and origin of the funds used to finance the transaction need to be filed with the competent authority. This will help the authorities assess the financial soundness and integrity of the acquirer.
Fit and proper test: The authorities will conduct a fit and proper test to evaluate the suitability of the acquirer and its managing directors. Documentation to be provided also includes extensive information on the managing directors and board members of the acquirer and its shareholders (e.g., cover letters, certificates of good conduct, and letters of recommendation).
Impact assessment: The acquirer must demonstrate how the acquisition will impact the target entity and its group structure. This includes assessing the potential effects on the entity’s governance, risk management, and overall stability. It is, therefore, necessary to file a three-year business plan for the target company to prove the ongoing financial and economic stability.
Important to navigate smoothly through the process
Navigating the owner control proceeding smoothly requires careful preparation and attention to detail. Here are some key tips:
Early engagement: Engage with the supervisory authorities early in the process. This helps in understanding their expectations and addressing any concerns proactively.
Comprehensive documentation: Ensure all required documents are complete, accurate, up to date, and translated, if necessary. Not all authorities accept English-language documentation. Also, incomplete or inaccurate documentation can lead to massive delays. Some of the necessary documents take time to be obtained, especially if further national authorities are required for such documents.
Clear communication: Maintain clear and transparent communication with the authorities.
Professional advice: Seek early-stage professional advice from legal and financial professionals who focus on regulatory compliance. The process is complex and the risk that authorities will delay or reject the transaction is high. Experienced advice helps to navigate smoothly through the process and understand the key parameters in regulatory proceedings.
What kicks you out?
Several factors can lead to the rejection of an owner control application, especially if the acquirer is unable to demonstrate financial stability and soundness or if the acquirer fails the fit and proper test due to issues related to integrity, competence, or reputation. If the acquisition is deemed to have a negative impact on the target entity’s stability, the application will be denied as well.
Special SPA provisions
The Share Purchase Agreement (SPA) must also take into account the regulatory particularities. Any findings or uncertainties arising from the due diligence can be covered by corresponding representations and warranties, provided that they are not absolute showstoppers.
Successful completion of the ownership control procedure should be included as a closing condition. If the parties agree to a long stop date, it is important to take into account the usual processing times based on experience with the competent supervisory authority.
To the extent necessary, arrangements regarding equity and liquidity must be made with the seller side to ensure that all requirements are met upon closing. This applies, in particular, if equity has previously been secured through financing measures by the parent company.
Depending on the regulation and jurisdiction, managing directors and board members in the target company may also only be able to take up office after the individuals have been approved by the supervisory authority.
Expected timeline
The timeline for completing an M&A transaction in the EU financial market can vary depending on several factors. The main timing issue, which is different from non-regulated deals, is the duration of the owner control proceeding. Even though EU regulators have deadlines within which they need to respond and decide, they usually find ways to stretch these deadlines if necessary, especially by requiring further information.
We typically advise to plan an additional three to nine months for an owner control proceeding, depending on the jurisdiction and individual license, business model, and whether the investor is already active in the financial market or already has other licensed shareholdings in the EU. Other timing aspects are comparable to other deals. Due diligence and decision-making might take longer because of regulatory and equity factors, which might be more extensive, but this depends on the particular deal.
Outlook
Investing in the EU financial market through M&A offers significant opportunities but requires careful consideration of regulatory, financial, and operational factors. By understanding the unique aspects of the financial industry, conducting thorough due diligence, and staying informed of market trends, investors can navigate this complex landscape and achieve successful outcomes.
MiCAR in Practice: BaFin Issues Guidance on Crypto Services
By Annabelle Rau | Renate Prinz on 10. January, 2025
Posted In Crypto Regulation
At the beginning of the year, the German Federal Financial Supervisory Authority (“BaFin“) released a guidance document on crypto-asset services under the new EU Regulation on Markets in Crypto-Assets (“MiCAR“). This regulation has been directly applicable to crypto service providers in the EU since December 30, 2024.
The guidance provides clarifications on the licensing requirements for crypto services and the obligations for providers. Key points include:
- Definitions of Crypto Services: BaFin specifies which crypto services are subject to licensing and connects these to the well-established investment services under MiFID II.
- Licensing of Crypto-Asset Service Providers: The guidance includes detailed information on when licensing requirements apply, and which entities are eligible for authorization.
- Notification Requirement: Entities with existing licenses (e.g., credit or investment institutions) may provide certain crypto services without obtaining additional authorization but must notify BaFin in accordance with MiCAR requirements. The guidance outlines the specific requirements for this notification procedure.
The guidance serves as a practical tool for crypto businesses to navigate and comply with the new regulatory framework established under MiCAR securely and efficiently.
An Overview of the New Consumer Credit Directive
By Renate Prinz on 06. December, 2024
Posted In EU
One year after the new EU Consumer Credit Directive (Directive 2023/2225) came into force, questions remain: When will it be implemented? What will be regulated? How is the business community reacting? The directive brings significant changes and extensions in an effort to strengthen consumer protection and meet the challenges of digitization. But does it really provide consumers with the desired added value and protection, or does it prevent innovative, successful business models – from which consumers benefit – via overregulation?
Key Contents of the Directive
The new directive significantly expands the scope of application for consumer credit and covers loans of less than €200, as well as free loans and leasing transactions. This extension aims to ensure that smaller and previously unregulated forms of credit are protected by the directive. Overdrafts are now also subject to more comprehensive regulations. And with the regulation of free loans, purchases on accounts and the popular “buy now pay later” offers will be covered by the Consumer Credit Directive. This payment method, which is particularly popular in Germany, is regarded as interest-free credit. However, there are certain exceptions and regulations that affect purchases on accounts. Small- and medium-sized companies can continue to offer purchases on accounts without having to comply with the stricter regulations if it is free, processed within 50 days, and does not involve external service providers. However, the stricter rules apply to larger retailers.
The goal of the directive is to prevent consumers from becoming over-indebted, for example, because of excessive financial demands, high interest rates, or unfair contract terms that were not sufficiently publicized before the contract was concluded. The “buy now, pay later” offers in particular were a thorn in the side of many consumer protection organisations because of the threat of “unnoticed” financial overstretching of buyers.
The following measures and obligations apply under the new directive to protect consumers:
- Pre-contractual information obligations will be tightened to inform consumers even more comprehensively about the relevant contractual conditions
- The introduction of interest rate caps
- Duties of good conduct for the lender, particularly for fair contractual conditions
- Mandatory assessment of the consumer’s creditworthiness to ensure they can repay the loan
- Guidelines on advertising for consumer loans: all advertising must include a statement that taking out a loan is subject to a fee. Misleading advertising statements are prohibited.
The Consumer Credit Directive must be transposed into national law by EU Member States within two years (by November 2025). The regulations can then be expected to apply starting November 2026. A draft law for national implementation in Germany is not yet available.
Reactions and Criticism
The level of protection for consumer loans is thus adjusted to match the level of protection for residential property loans. However, comparability is very limited if a purchase on account for €30 can fall under the stricter regulations. This was precisely what consumer protection organisations were calling for as the burden on consumers often leads to financial overload in the total amount because of many smaller purchases. Nevertheless, the administrative burden for a creditworthiness check alone for loans of less than €200 is unequally high. A lower limit here would have been desirable for the credit industry.
While consumer advocates welcome the new regulations because of their broad scope of application and the fixed introduction of interest rate caps, the directive has been strongly criticized by the banking industry. Considerable interests and legitimate concerns of banks and merchants have been largely ignored. For example, credit and payment institutions fear considerable additional work and costs, especially because of the mandatory creditworthiness checks that are required for even the smallest loans. Due to the very different payment habits and circumstances of EU consumers and, therefore, very different national interests, it remains to be seen how differently the directive will be transposed into national law, which is likely to lead to additional implementation and administrative costs for players in the individual EU Member States.
Navigating EU Sanctions: How Investment Funds and Corporates Can Meet the ‘Best Efforts’ Standard
By Renate Prinz on 02. December, 2024
Co-Authors: | |
With the introduction of the 14th sanctions package, entities established in the European Union are required to ‘undertake their best efforts to ensure’ that non-EU subsidiaries they own or control do not undermine EU Regulation 833/2014 imposing EU sanctions against Russia, or EU Regulation 765/2006 imposing EU sanctions against Belarus. This obligation stretches to EU citizens, including those located outside the European Union, who control corporate and fund structures around the world.
The term ‘best efforts’ is not explicitly defined within the EU regulations. On November 22, 2024, the European Commission issued guidance on how to comply with this obligation in its Frequently Asked Questions on Russia sanctions (FAQ). The clarifications, however, largely reiterate obligations set out in the Preamble to the EU Regulation 2024/1745 which introduced the ‘best efforts’ requirement in June 2024.
In this alert, we summarize the key features of this provision, with a focus on how investment funds and other global corporates can meet the ‘best efforts’ standard. In response to the Commission’s overriding emphasis on awareness of one’s operations, existing structures and ongoing activities should be reviewed, and robust sanctions compliance policies should be put into place to efficiently navigate the increasingly turbulent EU sanctions landscape.
Origins of the ‘Best Efforts’ Obligation
The roots of the ‘best efforts’ obligation lie in the lack of consensus among EU Member States on how to address Russia and Belarus sanctions circumvention. Initially, the proposed obligation was designed to hold EU companies fully responsible for any undermining of EU Russia and Belarus sanctions by their non-EU subsidiaries. However, this proposal has been watered down due to pressure from certain Member States arguing that the wording was too extensive and onerous.
The ‘best efforts’ requirement under the EU Russia and Belarus sanctions regimes applies to EU companies and EU nationals in respect of companies they own (i.e., in which hold 50% or more of the proprietary rights or have a majority interest) or control (i.e., they have the right to appoint or remove a majority of the board, the right to use assets of that company, or the right to manage it or exercise a dominant influence over it) outside the European Union.
Implementation Guidance
In its recently issued FAQ, the European Commission emphasizes the need for EU companies and their management to be aware of the activities conducted by the non-EU entities they own or control and the risks related to such activities.
While the determination on whether the business has actually exercised its ‘best efforts’ in ensuring that its non-EU subsidiaries comply with EU sanctions will depend on the nature, size and risk profile of the business, the Commission clarified that ‘best efforts’ may include:
- the implementation of internal compliance programs;
- systematic sharing of corporate compliance standards;
- sending internal newsletters and sanctions advisories;
- setting up mandatory reporting on sanctions breaches; and/or
- organising mandatory sanctions trainings.
According to the FAQ, any of the following may amount to a breach of this obligation:
- knowledge of activities undermining EU sanctions;
- failure to block transactions undermining EU sanctions; and/or
- failure to carry out appropriate due diligence regarding activities of non-EU subsidiaries which resulted in undermining EU sanctions.
In this respect, the German Central Bank also confirmed that this obligation should be seen as satisfied when coherent and consistent mechanisms are implemented by EU entities allowing them to ensure that non-EU subsidiaries adhere to the EU sanctions.
Additionally, as clarified in the FAQ, the only valid defence to failure to comply with the ‘best efforts’ obligation is if the EU company no longer controls the non-EU subsidiary due to external reasons such as, for example, nationalization or compulsory administration. The European Commission expressly stated that liability will not be mitigated in the event that control over the subsidiary is lost due to the EU entity’s own actions, for instance, due to its previous risk-prone decisions to operate in Russia or Belarus. Likewise, EU parent companies or their employees’ decisions to recuse themselves from any Russia and Belarus related business of their subsidiaries would undermine the ‘best efforts’ obligation.
Compliance with the ‘Best Efforts’ Obligation by EU Investment Funds
The European fund industry will be affected by the ‘best efforts’ obligation on multiple levels. All regulated EU investment vehicles such as collective investment undertakings (CIUs) managed by undertakings for collective investment in transferable securities (UCITS), or alternative investment funds (AIFs), managed by alternative investment fund managers (AIFMs) must comply with this requirement in respect of all non-EU entities that they own or control within their structures. Additionally, the obligation may apply to Limited Partners (LPs) who own the entities. The Ultimate Beneficial Owners (UBOs) of both LPs and fund managers, as relevant, who hold EU passports may also be held personally liable in case of breach.
As a result, EU funds and corporates, irrespective of geographic markets or the sectors they operate in, should carefully assess their roles and determine who exactly has the responsibility to ensure the compliance of non-EU entities with EU Russia and Belarus sanctions, and decide on how compliance can practically be assured within the specific corporate structure. As a follow-up, if any exposure to Russia or Belarus is identified, stand-alone group sanctions policies should be put in place in line with the ‘best efforts’ requirement. It is no longer sufficient for the fund to impose a general ban on activities or investments touching upon Russia or Belarus. The fund and the involved parties, including any EU holding companies and concerned UBOs who are EU nationals, are now required to actively ensure that all umbrella entities (owned or controlled by them) are not involved in any activities that would be prohibited under EU Russia and Belarus sanctions.
Identifying prohibited activities may not be an easy task. In addition to prohibitions on the export of numerous types of goods or services to Russia or Belarus from non-EU entities, certain imports from Russia or Belarus, including non-EU intragroup trade, may also be restricted. In relation to fund managers, prohibited activities could include, for instance, the purchase, sale, provision of investment services, or dealing with transferable securities and money-market instruments issued by Russian or Belarussian companies subject to EU sanctions. In practice, trading in securities issued by these companies may be restricted, regardless of whether the trading is made through a non-EU entity or occurs on non-EU primary or secondary markets. The same may apply to trading in units or shares of CIUs, regardless of their denomination, particularly if they provide exposure to securities issued by Russian or Belarussian entities.
In the FAQ, the Commission has followed teleological interpretation of the prohibitions and insists on primarily taking into account the goal of particular sanctions (e.g., to weaken Russia’s economic base and curtail its ability to wage war), instead of the literal wording of the underlying prohibition. It remains to be seen if this approach will be shared by EU national authorities and courts. As clarified by the European Commission, the mere fact that an EU company (or an EU citizen who controls it) is aware that a non-EU subsidiary is involved in activities undermining EU Russia or Belarus sanctions is sufficient to conclude that the EU company did not comply with its ‘best efforts’ obligation. Therefore, EU funds who fail understand Russia / Belarus sanctions related risks and put in place comprehensive sanctions policies extending to their non-EU subsidiaries could find themselves exposed to potential liability.
The penalties for sanctions violations are set out in EU Directive 2024/1226 on sanctions criminalization and include prison sentence of at least 5 years (in the case of natural persons) and a maximum fine of at least 5% of worldwide turnover (in the case of companies), although EU Member States may impose even higher penalties at their discretion. Alongside increasing enforcement risk from EU Member States which have begun focusing on non-EU activities, funds and corporates will be also faced with meticulous scrutiny by EU banks and financial institutions. In fact, it is market practice for EU lenders to require extensive warranties on absolute compliance with EU sanctions (including compliance with the ‘best efforts’ obligation) and for lenders to periodically request EU funds and corporates to explain how such compliance has been put in place.
US Exposure and Risk
EU investment funds should also monitor the activities of their US subsidiaries to the extent that there is any Russia or Belarus exposure. EU and US sanctions are not entirely aligned when it comes to restricted products or activities directed to Russia or Belarus, and this gap may widen if new trade policies are adopted by the US in the near future.
Currently, the United States does not have any blocking regulations that prevent its companies from complying with EU-imposed sanctions (such as EU Regulation 2271/96 which has countered certain US sanctions since its implementation in 1996), and we can only speculate on how the new US administration will respond to this situation. However, it is clear that any prudent EU fund operating globally would start preparing their sanctions policies now to enable quick and efficient navigation of potentially conflicting US and EU sanctions.
The DORA Deadline – How to prepare, and how to use legal AI for DORA contract review
By Renate Prinz on 15. November, 2024
Financial Services (FS) firms need to comply with the EU’s new Digital Operational Resilience Regulation (DORA) until January 17, 2025. Compliance isn’t optional, it’s the law.
In this webinar, we spoke about what DORA meant for clients and how to use legal AI for contract review and remediation.
The following topics were discussed:
- What DORA is and who it applies to
- What Financial Services firms need to do before January 2025
- What contract review and remediation work needs to be done
- How McDermott uses legal AI with BRYTER Extract for DORA contract review and remediation.
You can find a recording of the webinar here:
DORA Check
By Renate Prinz on 31. October, 2024
Digital threats and cyberattacks are increasing every year. In 2023, digital threats caused damages of more than €200 billion in Germany, of which 72% resulted from cyberattacks (source: Bitkom, study on economic protection 2023). To counter the threat to the system-critical financial sector, the EU has decided to implement a uniform, high level of security. The Digital Operational Resilience Act (DORA) is the answer.
The regulation on digital operational resilience is intended to reduce the risks arising from the ever-increasing dependence on information and communication technology in the financial sector. In particular, DORA is expected to reduce the risk of severe operational disruption arising from digital threats and cyberattacks, by focusing on the entire value chain. Notably, DORA subjects IT service providers to direct financial supervision – for the first time. DORA will apply to companies in the financial sector and their IT service providers from January 17, 2025 . It’s crucial for every company to check whether DORA applies to them and what measures need to be taken now, including reviewing outsourcing contracts for DORA compliance and internal IT infrastructure.
McDermott developed DORA Check to provide a first overview of the regulation to keep users informed about the legal essentials of DORA.
Click here to access the tool.
DORA takes effect: Digital resilience and cybersecurity in the EU
By Renate Prinz on 29. October, 2024
McDermott Will & Emery’s financial regulatory partner Renate Prinz authored in Finextra that explored what DORA (the EU’s Digital Operational Resilience Act) entails, what its contents and objectives are, and what relevant companies need to do now to be DORA compliant next year. Here you can read the full article.
Dubai and Abu Dhabi Firms Involved in Crypto: Regulatory Pitfalls to Avoid When Dealing with EU or UK Clients
By Renate Prinz on 26. September, 2024
Posted In Crypto Regulation
Co-Authors: |
Continuing developments in the crypto regulatory sphere have significantly increased the attractiveness of Dubai and Abu Dhabi for crypto firms with global ambitions. Firms should remember, however, that they may also need to comply with the EU or UK crypto regulatory regimes, especially when engaging with clients or investors from these jurisdictions.
In this article, we summarise recent crypto developments in the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM), and discuss the pitfalls crypto firms should avoid when dealing with EU or UK clients.
Recent Crypto Developments in Dubai and Abu Dhabi
Both DIFC and ADGM have historically been very active in the crypto sphere.
Most recently, on 13 March 2024, DIFC released its DIFC Law No. 2 of 2024 (Digital Assets Law) providing for a comprehensive set of rules relating to crypto-assets. Among other things, the Digital Assets Law defined a ‘Digital Asset’ as an asset which:
“(a) exists as a notional quantitative unit manifested through the combination of the active operation of software by a network of participants and network-created data;
(b) exists independently of any particular person and legal system; and
(c) is not duplicable and the use or consumption of the thing by one person or a specific group of persons necessarily prejudices the use or consumption of the thing by one or more other persons”.
In response to diverging case law on how crypto-assets should be qualified, the Digital Assets Law clarified that they should be considered as intangible property that is neither a thing in possession nor a thing in action. Specific rules have been introduced relating to the change of control, the transfer of legal title, the exercise of rights upon insolvency and the recovery of crypto-assets.
On the ADGM side, on 18 December 2023, its Financial Services Regulatory Authority released updated Guidance on Regulation of Virtual Asset Activities. Among other things, the Guidance sets out the legal framework for crypto firms willing to operate as multilateral trading facilities for crypto-assets, which have recently proven to be increasingly popular amongst investors.
Providing Crypto Services to EU clients
Dubai and Abu Dhabi-based firms willing to engage with clients based in the EU should carefully assess the applicable regulatory regime. Depending on the type of crypto products and services they offer, firms may fall within the scope of EU Regulation 2023/1114 on markets in crypto-assets (MiCA) or under the regime of EU Directive 2014/65/EU (MiFID II).
Under MiCA, non-EU firms providing crypto products or services to EU clients will require an authorisation unless such products or services are provided at the own initiative of the EU client. As clarified by the European Securities and Markets Authority (ESMA), this so-called “reverse solicitation” exemption is, however, “very narrowly framed and as such must be regarded as the exception; and it cannot be assumed, nor exploited to circumvent MiCA.” Indeed, the reverse solicitation rule under the MiCA regime is much stricter than in other regulations so far. In addition, ESMA reiterated that (in practice usually used) standardised contractual clauses or disclaimers in which clients declare that the products or services are provided at their own initiative are not relevant for assessing whether the activity falls within the scope of exemption or not.
For the purposes of MiCA, “solicitation” includes the promotion, advertisement or offer of crypto-assets or services by any means, including social media platforms or mobile applications as well as “promotions, advertisements and offers of a general nature and addressed to the public (with a broad and large reach) such as, for instance, brand advertisements by way of sponsorship deals.” This also includes the promotion of a crypto product or service by a third party, which may also be attributed to the provider and accordingly requires a license. Additionally, the reverse solicitation exception also no longer applies to pre-existing customers of the crypto service provider. This means that the (also individual) offering of products and services to pre-existing EU customers requires permission, as does the offering of services to the market in general.
Learn more by watching our webinar, Are You Ready for MiCAR?
Providing Crypto Services to UK clients
Crypto firms should assess the applicable regulatory regime even more carefully when engaging with UK clients, given that they will unlikely be able to rely on the “reverse solicitation” exemption.
Under the Financial Services and Markets Act 2000, non-UK firms may not provide regulated services to clients based in the UK unless they are authorised, or rely on an exclusion. Although the UK Government is still working on how to incorporate crypto-assets into the existing UK financial regulatory regime (noting that derivatives referencing crypto-assets are already covered by specific rules), it has indicated that the Overseas Persons Exclusion (which is the UK equivalent of the “reverse solicitation” exemption) will not be available to non-UK firms providing crypto services to UK clients.
Non-UK firms may not engage in the marketing of investment activity relating to specific crypto-assets to UK clients without an authorisation, approval of such marketing by an authorised person, or reliance on an exemption. Here, although the Overseas Communicator Exemptions (which are the UK equivalents of the “reverse solicitation” exemption for marketing activities) would generally be available, a number of other exemptions will not be available to non-UK crypto firms (such as the high-net-worth individuals or self-certified sophisticated investors exemptions).
Please do not hesitate to call with any questions you may have. Our experienced team are here to help you to navigate through the complexities of EU and UK crypto regulatory regimes.
Endnotes
[1] DIFC Law No. 2 of 2024: https://edge.sitecorecloud.io/dubaiintern0078-difcexperie96c5-production-3253/media/project/difcexperiences/difc/difcwebsite/documents/laws–regulations/digital_assets_law_2_of_2024.pdf.
[2] Guidance – Regulation of Virtual Asset Activities in ADGM, Financial Services Regulatory Authority, December 18, 2023: https://en.adgm.thomsonreuters.com/sites/default/files/net_file_store/Guidance-Regulation_ofVirtual_Asset_Activities_in_ADGM_(VER05.181223).pdf.
[3] ‘How The UAE Became A Crypt Hub Poised For Explosive Growth’, Forbes, November 16, 2023: https://www.forbes.com/sites/digital-assets/2023/11/16/how-the-uae-became-a-crypto-hub-poised-for-explosive-growth/?sh=667c494c32a8.
[4] Article 61 of MiCA: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02023R1114-20240109.
[5] ‘ESMA clarified timeline for MiCA and encourages market participants and NCAs to start preparing for the transition’, ESMA, October 17, 2023, Page 5: https://www.esma.europa.eu/sites/default/files/2023-10/ESMA74-449133380-441_Statement_on_MiCA_Supervisory_Convergence.pdf.
[6] Consultation Paper on the draft guidelines on reverse solicitation under the MiCA, ESMA, January 29, 2024, Paragraph 18: https://www.esma.europa.eu/sites/default/files/2024-01/ESMA35-1872330276-1619_Consultation_Paper_on_the_draft_guidelines_on_reverse_solicitation_under_MiCA.pdf
[7] Idem, Paragraph 12.
[8] Prohibiting the sale to retail clients of investment products that reference cryptoassets – Policy Statement PS20/10, Financial Conduct Authority, October 2020: https://www.fca.org.uk/publication/policy/ps20-10.pdf.
[9] Future financial services regulatory regime for cryptoassets – Response to the consultation and call for evidence, HM Treasury, October 2023, Paragraph 4.33: https://assets.publishing.service.gov.uk/media/653bd1a180884d0013f71cca/Future_financial_services_regulatory_regime_for_cryptoassets_RESPONSE.pdf.
[10] Financial promotion rules for cryptoassets – Policy Statement PS23/6, Financial Conduct Authority, June 2023, Section 1.17: https://www.fca.org.uk/publication/policy/ps23-6.pdf.
BaFin Declines to Act Against PFOFs (For Now)
By Dr. Frederic Peine | Renate Prinz on 18. April, 2024
Posted In Banking Law
The Federal Financial Supervisory Authority (BaFin) will, for now, not take action against payments by third parties to investment firms (Wertpapierfirmen) for forwarding client orders (known as payment for order flow, or PFOF).
In an announcement dated 22 March 2024 BaFin stated that, should investment firms violate the PFOF prohibition with domestic clients, it will refrain from taking measures or imposing sanctions until the completion of the national legislative process in Germany. The PFOF prohibition, as contained in the amended version of the Regulation (EU) No. 600/2014 of the European Parliament and of the Council (MiFIR), stipulates that investment firms acting on behalf of retail clients and professional clients may not receive any fees, commissions or non-monetary benefits from third parties for the execution of orders from these clients at a particular execution venue (Article 39a(1)(1) MiFIR).
This ban on kickbacks is based on the principle that investment firms working for their clients should strive to obtain the best possible price and the greatest chance of execution for the transactions they carry out. Therefore, investment firms should select the execution venue or counterparty for the execution of their clients’ transactions exclusively from the perspective of achieving the best possible result for their clients. In the case of receiving kickbacks, there is a risk that these client interests are at least not fully taken into account.
EU member states can deviate from the PFOF prohibition until 30 June 2026 (Article 39a(2) MiFIR). Germany, following the announcement by the German Federal Ministry of Finance (Bundesministerium der Finanzen), intends to make use of this option as it pertains to securities orders from clients residing or established in Germany. The corresponding exemption provision is expected to be included in Section 138a of the German Securities Trading Act (WpHG) and is currently in the legislative process (BT-Drucksache 20/10280).
Nevertheless, supervised investment firms must continue to adhere to the PFOF prohibition. However, until the new regulation in Section 138a WpHG comes into effect, BaFin will not penalize any violations, provided that the requirements of the new Section 138a WpHG are met.
BaFin’s supervisory communication is available at this link.
Compliance in focus: duties, challenges and competencies of the Management Board and Supervisory Board
By Renate Prinz on 15. March, 2024
Posted In Compliance, ESG
The webinar with our partner Renate Prinz focuses on the latest compliance challenges for executives and supervisory boards. It delves into essential topics that are highly relevant today, both for C-level executives and non-executives on governing bodies. We begin with a thorough introduction to current compliance requirements and the organization of compliance within the company.
Explore key themes, including whistleblowing, anti-money laundering, the Supply Chain Due Diligence Act, and ESG. A central focus of the Passion for People webinar is understanding the specific responsibilities that board members and supervisory boards bear in this context, as well as effective ways to fulfill them.
Of particular relevance is the question of what competencies need to be developed within the organization and at the first and second management levels to meet the increasing demands. We will provide practical insights and concrete recommendations to ensure that your company has the necessary resources and capabilities to successfully navigate the complex compliance landscape.
Key topics include: Compliance requirements and organizational structure
- Whistleblowing, anti-money laundering, Supply Chain Due Diligence Act, and ESG
- Duties and challenges faced by board members and supervisory boards
- Building essential competencies within the first and second management levels.
You can view a recording of the session below (German language):
Renate Prinz in FinExtra: “Non-Performing Loans are now subject to regulation: What it means.”
By Renate Prinz on 05. March, 2024
Posted In NPL
Let’s revisit the aftermath of the 2007-2008 financial crisis. Credit institutions faced a pressing challenge: unloading their massive non-performing loan (NPL) portfolios. Our legal team consistently assisted these institutions, clarifying possibilities, limitations, and crucially, what purchasers could not achieve. Surprisingly, the NPL market remained unregulated until now. Renate Prinz provides an overview on the new regulation on Non-Performing Loans in FinExtra and answers the following questions:
- What are NPLs?
- What is the NPL Directive?
- What are the credit servicer obligations?
- What are the NPL purchaser obligations?
- How is the regulation handled?
- How will new regulation change the NPL environment?
Read the full article here.
Licence requirement for credit service providers – services for non-performing loans now require a licence
By Renate Prinz on 28. February, 2024
Posted In Banking Law, Financial Services, NPL
When the Secondary Credit Market Act (Kreditzweitmarktgesetz) came into force on 30 December 2023, services relating to non-performing loans, i.e. loans that are no longer being settled or are at risk of default, will require a licence. Companies that already provide credit services today had to register with BaFin in February and state that they will continue to provide these services and now have until April to submit a licence application. A transitional regulation will then apply to them, under which the services can initially still be provided without a licence. In addition, the sale of NPLs by credit institutions will be subject to clear rules, particularly with regard to the standardised communication of information on the NPLs sold.
BaFin has published FAQs on the new regulation.
These summarise initial information on the licensing requirement and licensing procedures. BaFin has also drawn attention to the changed submission deadlines.
Are You Ready for MiCAR? – Webinar on the Introduction to the new EU Crypto Regulation
By Annabelle Rau | Renate Prinz on 09. February, 2024
Posted In Crypto Regulation, MiCAR
We had the pleasure to host our webinar on the new regulation of crypto-assets in the EU (Markets in Crypto-Assets Regulation (MiCAR)), with a focus on the scope of MiCAR, licensing requirements and procedures, and obligations for crypto-asset service providers in the EU. Our experts, specializing in Financial Regulatory Law with a focus on the current crypto regulation, engaged in discussions regarding the upcoming changes due to MiCAR in 2024.
The seminar was targeted at all those who were (or aspired to be) involved in the crypto scene or provided services in this domain, seeking insights into compliance with the new regulation.
You can view a recording of the session below:
What To Expect From The EU’s New PSD3, PSR AND FIDA Regulations
By Annabelle Rau | Renate Prinz on 08. November, 2023
Posted In EU
The Payment Services Directive II (PSD2) has changed the payment services industry in Europe. However, many details remain open and impractical and the implementation of the directive and the administrative practices of local financial supervisory authorities differ greatly in some cases. A reform is now pending with PSD3, which aims for a higher degree of harmonization and will bring with it many new requirements for payment service providers.What are the most important changes and challenges facing the industry? How can payment service providers prepare? Read the article by Renate Prinz and Annabelle Rau to find out how the planned PSD 3 directive, the Payment Services Regulation (PSR) and the Framework Regulation on Access to Financial Data (FIDA) could change the landscape of payment services.
Click here for the full article.
McDermott is nominated in the Financial Times Innovative Lawyers Awards in Europe
By Renate Prinz on 29. July, 2023
Posted In ESG
We are very pleased to announce that our firm has been nominated in the categories Innovation in Digital Solutions and Innovative Lawyers in Impact and ESG in the Financial Times Innovative Lawyers Awards Europe.
The German legal tech team, led by Dr Thomas Hauss, was nominated for the Check of Regulatory Authorizations (CORA) tool in the Innovation in Digital Solutions category. The tool supports users in navigating the highly complex landscape of German and European financial supervisory law.
Learn more about CORA here.
Click here for the shortlist.
Our CORA team: Dr. Thomas Hauss, Renate Prinz, Annabelle Rau, Dr Philip Uecker, Dr Frederic Peine and Helena Wittmund.
European Supervisory Authorities (ESAs) put forward common understanding of greenwashing and warn on risks
By Renate Prinz on 04. July, 2023
Posted In ESG, Sustainability, Sustainability Risks
The European Supervisory Authorities published their Progress Reports on Greenwashing on June 1st. The reports includes a common high-level understanding of Greenwashing and thus helps to provide market participants and regulators with a shared reference point in dealing with this phenomenon.
In the report, ESMA assesses which areas of the sustainable investment value chain (SIVC) are more exposed to the risk of greenwashing. This assessment is meant to help market participants in preventing and mitigating greenwashing, and to support ESMA and NCAs in prioritising supervisory actions and regulatory intervention. The findings show that misleading claims may relate to all key aspects of the sustainability profile of a product or an entity – from governance aspects to sustainability strategy, targets and metrics or claims about impact. The report also provides sectorspecific assessments for key sectors under ESMA’s remit such as issuers, investment managers, benchmark administrators and investment service providers.
The final ESA greenwashing report is expected to be published in May 2024.
Click here for further details
Stability through regulation
By Renate Prinz on 15. May, 2023
Posted In Banking Law, Crypto Regulation, MiCAR
The financial industry is once again facing uncertainty and turbulence, caused in particular by the demise of some banks and problems in the crypto scene. In view of the current regulatory density, the question arises whether this is sufficient to ensure the stability of the financial industry and whether it can actually help to create market security and trust. Renate Prinz classifies the current developments in the Börsen-Zeitung.
Click here to read the full article in German.
The year is drawing to a close – what’s new for 2023?
By Renate Prinz on 19. December, 2022
Posted In Banking Law, Financial Services, Funds
As the year draws to a close, it is worth taking a look at new regulations at the start of the year: As of January 1, the new Regulatory Technical Standards (RTS) on the EU Disclosure Regulation will apply to financial market participants and financial advisors. With the Disclosure Regulation, which already came into force in March 2021, respective companies must prove how sustainable their products are, the extent to which ESG criteria, i.e. ecological and social standards and good corporate governance, are observed and pursued and which strategies are applied here.
The Disclosure and Taxonomy Regulation applies to financial market participants, especially in the fund sector, but also to insurance companies offering insurance investment products, credit institutions and investment services companies providing portfolio management, as well as providers of pension products and financial advisors in these areas.
Important points of the disclosure regulation remained unclear and left questions unanswered. This is now to be remedied by the technical standards, which were already adopted in August 2022. These will once again specify with more detail what information is to be disclosed about individual financial products, how it is to be disclosed and, in particular, how information is to be disclosed about how significant environmental impacts are avoided.
From January 1, 2023, the Regulatory Technical Standards on the Disclosure Regulation must be taken into account. However, this will not be the end of the story – the EU Commission has already initiated a review to revise the RTS, with a particular focus on financial products that invest in nuclear energy and gas.
More information can be found here with further links to more detailed information.
Understanding the regulatory landscape for crypto-assets in Germany and the EU
By Renate Prinz on 11. November, 2022
Posted In Crypto Regulation
Currently, you can read summaries and briefings about the new crypto asset market regulation (“MiCAR”) everywhere. Certainly MiCAR has the potential to give the EU crypto market a huge boost. From what we have seen so far, regulation for new business models, especially in the fintech market, is not as bad as everyone has assumed so far.
Renate Prinz puts the developments in FinExtra in perspective. Click here for the article.
McDermottTech 2022 – Recap
By Annabelle Rau | Renate Prinz on 21. October, 2022
Posted In Crypto Regulation, Events
From crypto, NFTs and blockchain technologies, to ethics in artificial intelligence, outsourcing and cloud deals, to trends in IP protection and enforcement in the metaverse: Together, we discussed some of the latest global trends in the technology industry at this year’s McDermottTech.
Interested in the content of our panels? Click here for the videos of our panels. You can also download the PowerPoint presentation here.
FinTech Market: Regulation of crypto assets in Germany and the EU
By Annabelle Rau | Renate Prinz on 21. September, 2022
Posted In Crypto Regulation
In this webinar, Renate Prinz and Annabelle Rau provide an overview of the current regulatory land-scape for crypto assets and crypto service providers in Germany, also taking a look at the European level, where uniform legislation for the regulation of crypto-assets is coming soon. The following fur-ther topics will be covered:
- Regulatory classification of crypto-assets in Germany.
- Licensing requirements in connection with crypto-assets and crypto-services
- Overview of the regulatory requirements for entities regulated in Germany
- Draft European crypto regulation, in particular the Markets in Crypto-Assets Regulation (“MiCAR”).
- Passporting of licenses within the EU
Click here to watch the video.
Interested in the presentation used in the webinar? Contact us to receive a PDF of the presentation.
Article in Libra: EU creates uniform rules for dealing with crypto assets
By Annabelle Rau | Renate Prinz on 16. September, 2022
Posted In Crypto Regulation
In their latest article for “Libra – das Rechtsbriefing”, Renate Prinz and Annabelle Rau present the main contents of the new “Markets in Crypto-Assets Regulation” (MiCAR), which the European Council, the EU Parliament and the EU Commission recently agreed on.
Click here to read the entire article.
New BaFin circulars on liquidity standards
By Renate Prinz on 02. September, 2022
Posted In Banking Law
In August, BaFin published new circulars on the quantitative liquidity standards of the CRR (Capital Requirements Regulation), which, in particular,
- address the regulatory treatment of off-balance sheet products in the structural liquidity ratio (Net Stable Funding Ratio – NSFR or “simplified NSFR”) as well as
- adjust the materiality criteria for annual reporting (Art. 23 of Delegated Regulation 2015/61).
The two circulars are relevant for all institutions to which Article 6 (2) CRR apply and which are classified as “Less Significant Institutions (LSIs)” pursuant to Article 6 (4) SSM Regulation, as well as for all institutions pursuant to Section 1a German Banking Act (KWG) which are not CRR credit institutions, but which are classified as CRR credit institutions with regard to the application of certain standards (Section 1a (1) KWG).
The adjustment of the materiality criteria is intended in particular to relieve many institutions of the reporting obligation, to ensure that reports only have to be submitted by institutions for which the respective product groups are also relevant in terms of substance, i.e. higher thresholds for the materiality criteria and more precise determination of the products and services covered by Art. 23 (1) a) – h) IR 2015/61 and associated liquidity outflows.
The liquidity standards distinguish between liquidity coverage ratio (LCR) and the structural liquidity ratio (NSFR). The NSFR is intended to hedge structural, longer-term liquidity risk, i.e., to ensure that institutions have sufficient and stable funding over the long term to reduce their stress sensitivity. Accordingly, institutions must have a minimum level of stable funding. The LCR, on the other hand, addresses short-term liquidity and ensures a liquidity buffer for a stress scenario of at least 30 days, with the respective stress scenario being specified by the supervisory authority.
Circular 6/2022 has been applicable since publication on August 1, 2022 and is to be taken into account for the first time for the reporting date of March 31, 2023. Circular 7/2022 applies from August 15, 2022.
To access the circulars, click here:
A summary of the measures and further background explanations can be found here.
EU Trilogue agreed on Markets in Crypto Assets Regulation (“MiCAR”)
By Annabelle Rau | Renate Prinz on 11. August, 2022
Posted In Crypto Regulation
The trilogue agreed on the final text for the Markets in Crypto Assets Regulation (“MiCAR“) on June 30, 2022, which now needs to be adopted by the member states (click here for the press release).
- MiCAR will for the first time create a single European legal framework for crypto assets, crypto issuers and service providers. Crypto assets have been regulated in a predominantly inconsistent manner in Europe to date.
- MiCAR provides for specific requirements for Utility Token, Value-Referenced Token and E-Money Token. It does not include Security Tokens, which are already subject to existing EU financial services regulations, and Non-fungible Tokens (“NFTs”), unless they fall under one of the crypto asset categories.
- In addition, MiCAR regulates regulatory requirements for crypto issuers (e.g., obligation to prepare a white paper) and crypto service providers (e.g., requirement for licensing and ongoing conduct of business obligations).
- New compared to the draft version is, for example, that companies on the crypto securities market are now required to submit a statement with information on their environmental and climate footprint. The content, methods and presentation of the statement will then be specified by ESMA (European Securities and Markets Authority) via technical standards.
The final text of MiCAR has not yet been published. The regulation is expected to enter into force at the end of the year, and the provisions will then be directly applicable in all EU member states after a transition period of 18 months following entry into force.
