Scholarly article on topic 'The Centralisation of European Financial Regulation and Supervision: Is There a Need for a Single Enforcement Handbook?'

The Centralisation of European Financial Regulation and Supervision: Is There a Need for a Single Enforcement Handbook? Academic research paper on "Law"

Share paper
OECD Field of science

Academic research paper on topic "The Centralisation of European Financial Regulation and Supervision: Is There a Need for a Single Enforcement Handbook?"

Eur Bus Org Law Rev (2015) 16:439-465 DOI 10.1007/s40804-015-0025-8 CrossMark


The Centralisation of European Financial Regulation and Supervision: Is There a Need for a Single Enforcement Handbook?

Dalvinder Singh1

Published online: 23 November 2015

© The Author(s) 2015. This article is published with open access at

Abstract The Banking Union is at an important juncture post the period of institution building, with policy pronouncements being published by the ECB about how it will go about undertaking its task of supervision within the eurozone. These attempt to explain how it will address the complex task of supervising banks within a multilayered framework of regional and domestic rule-making and oversight. This paper assesses the ECB's approach to supervision and enforcement and the extent to which its approach to supervision is clear enough to overcome the challenges of a multilayered structure and whether or not the constituent parts understand the culture of regulation and supervision it espouses to ensure the multilayered model combines together in a coherent manner. This paper suggests that this is without a doubt a challenge due partly to the limited jurisdiction of the ECB as a prudential regulator and supervisor. The paper proposes a single enforcement approach and a single enforcement handbook to complement the regulatory and supervisory processes under the European Single Rulebook and Single Supervisory Handbook. It is argued that this would assist the process of interpreting and understanding how

This paper forms the basis of a Parliamentary Briefing Paper forthcoming in December 2015, in association with the Industry and Parliament Trust (UK). The paper culminates from discussions at a 1-day workshop entitled 'How European finance legislation is making waves in the UK economy' (March 2014, Industry and Parliament Trust). The paper was presented at the International Conference entitled 'European Banking Union: the new regime', held at the Universidad CEU San Pablo, Madrid, in April 2014, and more recently at 'The Banking Union and the creation of duties', a conference held at the European University Institute, Robert Schuman Centre for Advanced Studies, Florence, on 19-20 March 2015. I am grateful to the participants in the events for their feedback and discussion. I am also grateful to Iulia Nicolescu, LLM Candidate, University of Warwick, for research assistance.

D. Singh: Professor of Law.

& Dalvinder Singh

1 School of Law, University of Warwick, Coventry, UK

supervision and enforcement will work and reduce the expectations gap between the ECB and the regulated.

Keywords Enforcement policy • Banking Union • Prudential regulation • Conduct risk • Administrative measures • Criminal sanctions • Judgement-based approach • Single Supervisory Mechanism (SSM) • Compliance

1 Introduction

The financial crisis highlighted the need for reform of the regulation and supervision of banks and other financial institutions.1 As a response, the European Commission has, since 2010, proposed approximately 40 new sets of rules to improve the regulation and supervision of the financial services sector across the EU.2 In seeking to address questions such as those regarding financial stability, depositor and investor protection and the recovery and resolution of failing financial institutions, these changes are not only relevant to the EU's sizeable banking and financial services sector, but have wider societal implications.3 These reforms are also inextricably linked with broader questions of European economic and political integration.

The European agenda is, at this juncture, focused on institution-building and the harmonisation of rules and regulations, to improve the safety and soundness of financial firms and to strengthen the integrity of markets as a whole at the European level.4 Those reforms do not, however, adequately consider the approach to enforcement as a separate policy consideration to ensure that firms and individuals in the financial services industry comply with those requirements. It is suggested here that the reforms should also include formal consideration of enforcement policy at both Member State and European Central Bank (ECB) level to ensure that both prudential requirements and conduct risk requirements are enforced

1 For example, Ben S Bernanke, Chairman, Board of Governors of the Federal Reserve System, 'Monetary Policy and the Housing Bubble', at the Annual Meeting of the American Economic Association, Atlanta, Georgia (3 January 2010). bernanke20100103a.htm. Accessed 17 July 2014 ('... it is essential that we learn the lessons of the crisis so that we can prevent it from happening again. Because the crisis was so complex, its lessons are many, and they are not always straightforward. Surely, both the private sector and financial regulators must improve their ability to monitor and control risk-taking. The crisis revealed not only weaknesses in regulators' oversight of financial institutions, but also, more fundamentally, important gaps in the architecture of financial regulation around the world.').

2 European Commission, A new financial system for Europe: financial reform at the service of growth, state of play 27.06.2014, available at Accessed 16 July 2014.

3 In the US context, see Levitin (2014).

4 In particular, the European Banking Authority (EBA) is leading an initiative to develop a Single Rulebook, which aims to provide a unified regulatory framework of prudential rules for the EU financial sector and to complete the single market in financial services. See EBA, The Single Rulebook, available at Accessed 19 October 2015. It has been argued, however, that 'the ''patchwork'' institutional organisation of EU bank supervision, with different member states being subject to different degrees of supervisory centralisation, and notably the risk for supervisory fragmentation between the SSM [Single Supervisory Mechanism] and the rest of the EU, could threaten the uniform application of the rulebook'. Babis (2014).

consistently. It is argued that, given the level of discretion to interpret the provisions provided to EU Member States under CRD IV,5 further technical guidance is required regarding the approach to those administrative measures and penalties to reduce the risk of enforcement arbitrage. It is suggested here that the European Single Rulebook and Single Supervisory Handbook need to be complemented with a single enforcement handbook to properly govern financial services. The primary aim of the paper is to explore how best to develop a coherent approach to regulatory enforcement in the single regulatory-supervisory and resolution mechanism. The paper critically evaluates the approach to enforcement of regulation and supervision and then to enforcement of administrative sanctions in CRD IV. I would argue that these co-exist, when considering enforcement policy contextually.

2 The European Regulatory Landscape Pre-Financial Crisis6

The regulation of financial institutions operating within the EU is complex. In their home EU Member State, financial institutions are subject to both national and European legislation. In addition, financial institutions which operate in multiple states (both within the EU and globally) are subject to the regulatory regimes of those foreign states in which they operate. From the 1980s and early 1990s, European financial services regulation sought to promote cross-border operations by facilitating the establishment of branches in other EU Member States, 'passporting' home EU Member State authorisations and harmonising technical standards.7 Such initiatives aimed to promote trust between EU Member States by underpinning the process of 'passporting' home state authorisations through minimum administrative prudential regulation and supervision for banks and investment businesses seeking to operate across borders. The EU agenda in the late 1990s shifted attention to securities markets and later to banking, insurance and pensions markets.8 It focused on their relative competitiveness, efficiency and the interests of investors by minimising explicit and

5 Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012 [2013] OJ L176/1 (CRR); Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC [2013] OJ L176/338 (CRD IV).

6 Peter Kerstens, Political Officer for Financial Services Policy, DG for Internal Market and Services, 'An introduction to the European architectural landscape', workshop hosted by the Industry and Parliamentary Trust, London, 6 March 2014 (entitled 'Turning the tide? How European finance legislation is making waves in the UK economy').

7 European Commission, Completing the internal market: White Paper from the European Commission to the European Council, COM(1985) 310 final; Single European Act, OJ 1987 L169/1; Second Council Directive 89/646/EEC of 15 December 1989 on the coordination of laws, regulations and administrative provisions relating to the taking up and pursuit of the business of credit institutions and amending Directive 77/780/EEC OJ 1989 L386/1.

8 European Commission, Financial services: implementing the framework for financial markets: action plan, COM(1999) 232, 11 May 1999 (known as the 'Financial Services Action Plan'); European Commission, Commission White Paper of 1 December 2005 on financial services policy 2005-2010, COM(2005) 629; Alexandre Lamfalussy et al., Final Report of the Committee of Wise Men on the Regulation of European Securities Markets (Brussels, 15 February 2001); Cranston (1995).

implicit barriers and achieving a higher level of financial services integration.9 This mirrored similar concerns in the US and prompted dismantlement of barriers to banking and non-banking activities on both sides of the Atlantic, albeit in the US later than in the EU with the Gramm-Leach-Bliley Act 1999.10 This deregulatory and re-regulatory trend continued until the financial crisis of 2007/2008.

Then came the financial crisis. Although termed the 'Global Financial Crisis', it is more accurately described as, at least, two separate but interconnected crises. The first, the 'US sub-prime mortgage crisis' saw the collapse of the US housing market and sent shockwaves across world financial markets through the international trade in financial instruments derived from such mortgages. The second, the 'European sovereign debt crisis', highlighted the potential 'vicious circle'11 that may exist between states and their domestic banks. Certain EU Member States were exposed materially as lenders of last resort to their domestic banks, whilst those domestic banks, in turn, held considerable amounts of sovereign debt issued by their home EU Member State and were thereby exposed to the creditworthiness of that state.12 Common to both crises were therefore problems of financial interconnectedness (although arising at different levels of the financial system) and of inherent structural weakness.

3 Recent Regulatory Reforms of the EU Financial Services Sector

In response, fundamental reforms to the global financial system have been proposed. The G20, in adopting an 'in it together' approach, has been instrumental in establishing the core elements of this new global regulatory framework.13 Key objectives of these reforms include addressing the structural weaknesses highlighted above, but also promoting a more stable financial system and encouraging better international coordination. To that end, the reforms have targeted the resilience of financial institutions (for example, through tougher prudential requirements), financial institutions which are 'too big to fail' and the regulation of the 'shadow banking' sector and of derivatives trading.14 In addition, the EU has adopted

9 For example, EC Directive 2004/39/EC of the European Parliament and of the Council of 21 April 2004 on markets in financial instruments amending Council Directives 85/611/EEC and 93/6/EEC and Directive 2000/12/EC of the European Parliament and of the Council and repealing Council Directive 93/22/EEC, OJ 2007 L145/1 (MiFID).

10 Financial Services Modernization Act of 1999 (Gramm-Leach-Bliley Act) 15 U.S.C. §6801.

11 Various parties have referred to this as a 'vicious circle', for example, European Central Bank, Euro Area Statement, 29 June 2012 ('... it is imperative to break the vicious circle between banks and sovereigns').

12 A high-level timeline of the European sovereign debt crisis is set out at business-13856580. Accessed 14 July 2014.

13 G20, Declaration: Summit on Financial Markets and the World Economy, 15 November 2008.

14 The G20's financial regulatory reform agenda is coordinated by the Financial Stability Board. See Financial Stability Board, Press Release: Financial Stability Board reports to G20 leaders on financial regulatory reform progress, 5 September 2013; Financial Stability Board, Press Release: Meeting of the Financial Stability Board in Moscow on 8 November, 8 November 2013; Financial Stability Board, Press Release: FSB plenary meets in London, 31 March 2014. pr_140331/. Accessed 17 July 2014.

measures to strengthen another source of structural weakness, i.e., the adoption of the euro across multiple EU Member States within the euro area.15 The passing of legislation to effect these internationally promulgated reforms is now well advanced at EU level.16 These reforms are primarily structural and institutional, and can be grouped under three broad headings:

(A) Creating a new regulatory architecture for the safety and soundness of the EU financial services sector - This has included further harmonisation of rules governing the financial services sector, and from a supervisory perspective, the establishment of three new European Supervisory Authorities17 and a European Systemic Risk Board to identify macro-prudential risks;18

(B) Promoting a safer and more responsible financial services sector in the EU -Tools for achieving this have included imposing stronger prudential requirements on banks,19 reforming executive remuneration and board

15 Ferran (2014).

16 European Commission, supra n. 2.

17 Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority) amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC, OJ L 331, 15 December 2010; Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC, OJ L 331, 15 December 2010; Regulation (EU) No 1094/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Insurance and Occupational Pensions Authority), amending Decision No 716/2009/EC and replacing Commission Decision 2009/79/EC, OJ L 331, 15 December 2010; Proposal for a Directive of the European Parliament and of the Council amending Directives 2003/71/EC and 2009/138/EC in respect of the powers of the European Insurance and Occupational Pensions Authority and the European Securities and Markets Authority, COM/2011/0008 final - COD 2011/0006, 19 January 2011.

18 Regulation (EU) No 1092/2010 of the European Parliament and of the Council of 24 November 2010 on the European Union macro-prudential oversight of the financial system and establishing a European Systemic Risk Board, OJ L 331, 15 December 2010.

19 See, in particular, the development of: (i) a Single Rule Book of prudential requirements for banks' capital, liquidity and leverage under CRD IV and CRR; (ii) an enhanced framework for securities markets under Directive 20014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU, OJ L 173, 12 June 2014 (MiFID 2) and Regulation (EU) No 600/2014 of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Regulation (EU) No 648/2012, OJ L 173, 12 June 2014 (MiFIR); and (iii) an enhanced framework to prevent market abuse under Directive 2014/57/EU of the European Parliament and of the Council of 16 April 2014 on criminal sanctions for market abuse (Market Abuse Directive), OJ L 173, 12 June 2014 (MAD) and Regulation (EU) No 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse (Market Abuse Regulation) and repealing Directive 2003/6/EC of the European Parliament and of the Council and Commission Directives 2003/124/EC, 2003/125/EC and 2004/72/EC, OJ L 173, 12 June 2014 (MAR).

structures20 and adopting a new crisis prevention, management and resolution framework;21

(C) Establishing a 'banking union' to support the single currency within the euro area - This is based on three key pillars, i.e., a Single Supervisory Mechanism,22 a Single Resolution Mechanism23 and a Common Deposit Guarantee Scheme.24

Each is considered in more detail below. (A) A New Regulatory Architecture

A key objective of the European Commission has been to promote financial stability. In 2011, three new European Supervisory Authorities (the European Banking Authority, the European Securities and Markets Authority and the European Insurance and Occupational Pensions Authority)25 and the European Systemic Risk Board26 were established to improve cross-border cooperation, consistent enforcement of rules and systemic oversight within the EU. To support a level playing field across the Single Market, the European Commission has also proposed further harmonisation of legislation in order to establish a Single European Rulebook of prudential requirements for all financial institutions within the EU.27 Whilst financial services legislation was historically promulgated through EU directives, recent reforms have generally been implemented through regulations. Regulations are directly effective in EU Member States without further enactment

20 CRD IV, Arts. 92-95.

21 Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014 establishing a framework for the recovery and resolution of credit institutions and investment firms and amending Council Directive 82/891/EEC, and Directives 2001/24/EC, 2002/47/EC, 2004/25/EC, 2005/56/EC, 2007/36/EC, 2011/35/EU, 2012/30/EU and 2013/36/EU, and Regulations (EU) No 1093/2010 and (EU) No 648/2012, of the European Parliament and of the Council, OJ L 173, 12 June 2014.

22 Regulation (EU) No 1024/2013 of the European Parliament and of the Council of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions, OJ L 287/63; Regulation (EU) No 1022/2013 of the European Parliament and of the Council of 22 October 2013 amending Regulation (EU) No 1093/2010 establishing a European Supervisory Authority (European Banking Authority) as regards the conferral of specific tasks on the European Central Bank pursuant to Council Regulation (EU) No 1024/2013, OJ L 287/5, 29 October 2013.

23 European Commission, Statement/14/119: Finalising the Banking Union: European Parliament backs Commission's proposals (Single Resolution Mechanism, Bank Recovery and Resolution Directive, and Deposit Guarantee Schemes Directive), 15 April 2014; Council Implementing Regulation (EU) 2015/81 of 19 December 2014 specifying uniform conditions of application of Regulation (EU) No 806/2014 of the European Parliament and of the Council with regard to ex ante contributions to the Single Resolution Fund, OJ L 15, 22.1.2015.

24 Directive 2014/49/EU of the European Parliament and of the Council of 16 April 2014 on deposit guarantee schemes, OJ L 173, 12 June 2014.

25 See Regulation (EU) No 1093/2010; Regulation (EU) No 1094/2010; Proposal for a Directive of the European Parliament and of the Council amending Directives 2003/71/EC and 2009/138/EC, supra n. 17.

26 Regulation (EU) No 1092/2010, supra n. 18.

27 See EBA, The Single Rulebook, supra n. 4.

and so their use seeks to avoid 'gold plating' by EU Member States and to promote greater consistency across EU Member States.

(B) A Safer and Responsible Financial Services Sector

Recent EU legislation has established revised prudential requirements for banks, building societies and investment firms, based on commitments undertaken by the G20.28 These reforms implement in the EU the recommendations promulgated by the Basel Committee on Banking Supervision in December 2010 (Basel III) through CRD IV.29 At its core, CRD IV imposes enhanced capital adequacy requirements on banks, including through the increased holding of core tier one capital. CRD IV also imposes additional capital requirements against counter-cyclical risk, lays down new rules for counterparty risk and establishes new tests for liquidity and leverage coverage. There are further enhanced capital buffer requirements for systemically important financial institutions.30 CRD IV came into effect on 1 January 2014 (although certain provisions will be phased in up to 2019).

CRD IV also addresses the remuneration of bank executives.31 It imposes various requirements on banks, including the adoption of a global remuneration policy, the establishment of independent remuneration committees and special rules on variable remuneration.32 Whilst variable remuneration structures (for example, bonuses, performance shares and share options) are commonly used to align senior managers' interests with those of shareholders, such structures have also been identified as a potential cause of excessive risk-taking. Similarly, the non-binding nature of a substantial body of corporate governance (based on voluntary codes of conduct) has been criticised as being ineffective in promoting sound corporate governance practices. Significantly, the focus in each case is on the incentives and levers which influence the behaviour of bank executives, not on the actual personal responsibility of those individuals for that conduct.

28 G20, Leaders' Statement, The Pittsburgh Summit, 24-25 September 2009, at pp 11-13. https://g20. org/wp-content/uploads/2014/12/Pittsburgh_Declaration_0.pdf. Accessed 19 October 2015. Recently, following up on G20 commitments, the European Commission also adopted a new delegated regulation on mandatory central clearing, as per Regulation (EU) No 648/2012 of the European Parliament and of the Council of 4 July 2012 on OTC derivatives, central counterparties and trade repositories (the European Market Infrastructure Regulation - EMIR) for certain over-the-counter (OTC) interest rate derivative contracts. European Commission, Financial stability: new Commission rules on central clearing for interest rate derivatives, 6 August 2015, Press Release; Commission Delegated Regulation of 6.8.2015 supplementing Regulation (EU) No 648/2012 of the European Parliament and of the Council with regard to regulatory technical standards on the clearing obligation.

29 Basel Committee on Banking Supervision, Basel III: international framework for liquidity risk measurement, standards and monitoring, Bank of International Settlements, December 2010; Basel Committee on Banking Supervision, Basel III: the liquidity coverage ratio and liquidity risk monitoring tools, Bank of International Settlements, January 2013.

30 For further details, see European Commission, A comprehensive EU response to the financial crisis: substantial progress towards a strong financial framework for Europe and a banking union for the eurozone, 24 January 2014, MEMO/14/57.

31 See CRD IV, Recitals 62-69, referring to 'remuneration policies which encourage excessive risk-taking behaviour'.

32 CRD IV, Arts. 92-95.

In relation to variable remuneration, CRD IV provides that the variable component of a bank executive's remuneration must not exceed 100 % of the fixed component of his or her remuneration. If the EU Member State so provides, that ratio may be increased up to 200 %, provided that certain conditions are fulfilled. EU Member States may also allow banks to apply a discount rate of up to 25 % of the remuneration if it is deferred for at least 5 years.34 This new regime has applied to remuneration paid from 1 January 2014, irrespective of when the relevant contract was entered into.35 As to the question of its effectiveness, to the extent that these reforms increase the proportion of remuneration which is fixed, then arguably they do mitigate the structural concern that excessive variable remuneration promotes risk-taking. There is, however, evidence already that major banks are seeking to structure around the new requirements, with HSBC, for instance, adopting 'fixed pay allowances' to reduce the ratio of variable to fixed remuneration.36 This is an area where economic and political considerations interplay. Public hostility towards what is perceived as excessive pay for bank executives and employees is being balanced against concerns that such measures may prejudice the global competitiveness of EU banks in attracting the most talented employees or may result in employees migrating to less regulated parts such as shadow banking. Whilst the impact of these reforms will only become clear over time, they do demonstrate the importance placed on bank corporate governance and remuneration in promoting financial stability, and hence the need for increased regulation in these areas.

(C) A 'Banking Union' within the European Union

Another key issue faced by EU Member States following the financial crisis was the imbalance in their respective abilities to weather the crisis. The fragmented response of EU Member States to the European sovereign debt crisis highlighted the lack of centralised mechanisms at the EU level to resolve the crisis. This absence of a coordinated approach was seen as particularly damaging to the euro area given its shared single currency. Indeed, arguably, this imbalance has been more destabilising for the governance mechanisms of the EU than the crisis itself. As a result, in addition to the regulatory and supervisory initiatives detailed above, specific measures have been enacted to maintain confidence in the euro area. The establishment of a 'banking union', compulsory within the euro area and open to all other EU Member States, seeks to promote a more centralised and coordinated response to any future financial crisis, as well to break the, potentially dangerous, negative feedback loops between banks and the sovereign debt markets. It also represents part of the European Commission's further efforts towards deeper economic and monetary union.

33 Or a lower percentage, if an EU Member State so provides.

34 CRD IV, Art. 94(g)(iii).

35 Ibid., Art. 162(3).

36 Jamie Robertson, 'Bankers' bonuses: Shareholders wary of making allowances', BBC News, 24 April 2014. Accessed 16 July 2014.

There are two main pillars to the 'banking union'. First, a 'Single Supervisory Mechanism' was formally adopted by the EU in October 2013.37 The ECB, in its capacity as the single supervisor, now has responsibility for banking supervision within the 'banking union', its objective being to safeguard the financial soundness of individual financial institutions and to protect consumers of financial services.38 In so doing, responsibility for banking supervision is centralised at the eurozone level, although the ECB only has direct supervision over significant banks (estimated to be around 130 banks, representing approximately 85 % of the total banking assets within the euro area).39 Macro-prudential supervision is undertaken by another new authority, the European Systemic Risk Board.40 Second, a 'Single Resolution Mechanism' is being established, so that if a bank gets into difficulty, the resolution process will be managed by a single 'resolution authority' funded by a levy raised from all eurozone banks.41 Finally, a common deposit guarantee scheme (with a limit of up to €100,000)42 is being implemented across the euro area and is guaranteed by a single fund.43 The reforms detailed above concentrate on the structures and institutions of the EU financial services market and have various objectives. They seek to avoid excessive risk-taking, for example, through holding insufficient capital or through remuneration and bonus structures. They aim to avoid moral hazard by improving resolution techniques in order to reduce the exposure of public funds as lenders of last resort. They seek to promote financial stability through the orderly resolution of failing financial institutions. But, noticeably, they do not address questions of responsibility for the financial crisis. Even the reforms to bank executive remuneration are one step removed from the question of individual responsibility by addressing the rewards for behaviour, not the behaviour itself.

In the following part of the paper it is argued that further policy elaboration is required to develop a coherent set of middle-ground administrative penalties and measures, as advocated in CDR IV, in order to reduce the risk of enforcement arbitrage between EU Member States and regulatory authorities taking either an over-accommodative or under-accommodative approach to enforcement. In particular, it is suggested that the European Single Rulebook and Single Supervisory Handbook should be complemented with a single enforcement handbook to promote consistency.

37 Regulation (EU) No 1024/2013; Regulation (EU) No 1022/2013, supra n. 22.

38 Hertig et al. (2010).

39 An outline of the scope of regulation is set out on the European Central Bank website. http://www.ecb. Accessed 17 July 2014.

40 Regulation (EU) No 1092/2010, supra n. 18.

41 Council Implementing Regulation (EU) 2015/81 of 19 December 2014, supra n. 23.

42 Some EU Member States have a higher coverage limit, notably Italy and France.

43 Directive 2014/49/EU, supra n. 24.

4 Do the Reforms Adequately Address Questions of Accountability of Firms and Individuals for the Financial Crisis?

Both during and after the financial crisis, there were strong calls that there should be powers to hold those at the helm of the large financial institutions accountable for their part in the crisis. A number of culprits responsible for the financial crisis are evident, including governments, central banks, financial regulators and the firms and individuals that either were rescued with state support or merged during the crisis. However, apportioning responsibility to private actors only addresses one part of the complex picture underpinning the root causes. Indeed, the reasons for the large number of culprits is arguably the 'intellectual capture' that surrounds monetary policy, risk management, financial regulation and prudential supervision.44 It is beyond the scope of this paper to explore those issues further. The focus here is instead on enforcement sanctions against private actors, namely financial firms and individuals.

The life cycle of financial institutions shows evidence of opportunities to address less material failures and forms of non-compliance that could lead to an overall culture of mismanagement, rather than breaches of prudential requirements. The weakness of the EU single financial services market agenda is its reliance on the EU Member States to determine the sanction (if any) for compliance failures. Whilst it is not suggested that the EU single financial services market agenda has not addressed matters of regulatory sanctions, it has, in many ways, left the administration of the sanctions to the discretion of each EU Member State. I suggest that this leads to an uneven playing field when it comes to enforcement sanctions, and thus to a risk of inconsistent public enforcement. Moreover, such enforcement is more likely to manifest itself in the form of supervisory warnings and threats than as formal publicised penalties or administrative measures.

In this context, this paper assesses the extent to which the reforms proposed by CRD IV will address some of those themes. The next section looks at the wider policy issues surrounding enforcement, with a focus on compliance and deterrence-based models. It suggests that enforcement requires a policy framework to ensure a consistent and proportional approach. The last section will then reflect on these issues in light of the Single Supervisory Mechanism and the extent to which it mitigates the risks of an inconsistent enforcement approach.

5 The Salient Features of an Enforcement Model

The complexity of financial or banking firms is such that they exist in an interplay between corporate law and banking law and regulation, which ultimately lends itself to a multiplicity of approaches to the duties of care, enforcement and accountability.

44 See, e.g., IMF Independent Evaluation Office (IEO), IMF performance in the run-up to the financial and economic crisis, IMF surveillance in 2004-07, Evaluation Report, 2011, at p 17: 'The IMF's ability to correctly identify the mounting risks was hindered by a high degree of groupthink, intellectual capture, a general mindset that a major financial crisis in large advanced economies was unlikely, and incomplete analytical approaches', cited in Lauk (2014), at p 84; Jenkins (2012).

The opportunity to lift the veil of incorporation and challenge those at the helm of the banking corporation is the focus of much research and investigation. In this context, different duties arise depending on where in the 'corporate-regulatory space' one resides, either as regulator or regulated. For the purposes of bank regulation: the regulator primarily owes its duty to the third-party depositors and investors as a whole. For the purposes of the regulated, the duty of care in corporate law is to the corporation/shareholder, and in financial services regulation to the interests of depositors/investors. I would argue that both contexts should be viewed with equal importance rather than there being a perception within this public and private law context that one is superior to the other. The autonomy of the bank therefore resides in an interesting context where there is considerable focus on not only operational but also strategic aspects of the business undertaken. This paper focuses on the public-administrative law forms of accountability and enforcement.

The approach to regulation requires consideration of how we go about undertaking the task of regulation and how best to ensure its requirements are complied with by those regulated.45 The most common approach to regulation is some form of risk-based approach.46 The limited range of resources to undertake the task of regulation and supervision means decisions need to be worked out in advance about how regulatory resources will be allocated and how the objectives of regulation will be achieved. The need for adequate resources cannot be underestimated as it will determine the ability of the regulator to investigate and assess the extent of a possible breach of the rules. There is also the need to ensure that regulators are able to develop further rules and guidance to capture and oversee new forms of industry innovations which transcend traditional forms of business lines. These matters will have a direct impact on how regulation is enforced. Indeed, the complexity of modern society and those participating in it requires a more sophisticated approach to enforcement that captures the idiosyncratic nature of how individuals and corporations abide by rules.47 The wider economic and social impacts of the approach to enforcement and enforcement decisions should also be given careful attention.48 The level of transparency of enforcement decisions needs to be considered with some appreciation that disclosure of all enforcement decisions may be counterproductive. Therefore, the regulator needs to assess whether the range of sanctions are fit for purpose to deal with the different forms of non-compliance that can undermine them.49

The enforcement model thus has to ensure that it has two essential elements worked into the design, namely a compliance and a deterrence-based approach.50

45 Baldwin et al. (2012), at p 230.

46 Black (2005); Black and Baldwin (2010); Black (2008); Black and Baldwin (2012); Gray (2009).

47 Reiss Jr (1984), at p 32.

48 Black and Baldwin (2008).

49 A criticism that surfaced during the financial crisis was that the enforcement sanctions at hand could not deal with the types of acts or omissions considered to have contributed to the losses or failures that occurred.

50 See specifically Scholz (1984a, b); Brown (1994); Makki and Braithwaite (1993); Hutter (1988, 1989); May and Burby (1998); Cook (1989), at p 104; Hopkins (1994).

Ensuring observance of rules requires both these two forms of approach to regulatory compliance. The two enforcement methods can be interpreted as opposite poles of a compliance continuum.51 A compliance-based approach is focused on making sure rules and standards are observed through a dialogue between the regulator and the regulated. Key features of a compliance-based approach are cooperation and persuasion. Consultation and education are also important components within this approach, as they enhance communication and provide the regulated with an environment in which they can influence the way regulation is designed to operate in the marketplace.52 It is therefore considered as the initial approach based on a dialogue between the regulator and the regulated, as action in the first instance. On the other hand, a deterrence-based approach should be seen as ensuring compliance by negative means at the opposite end of the spectrum of a compliance-based approach, through sanctions and punishments. The deterrence-based approach refers to the use of sanctions to punish non-compliance with the requisite rules and standards of behaviour. It is therefore seen as action in the last resort. According to Reiss, a regulatory strategy based on deterrence would consider the imposition of a penalty as a positive sign of success.53

The decision to either take a compliance or deterrence style of enforcement is dependent on the regulator's view of the regulated. The more sophisticated enforcement style is essentially a combination of a compliance and a deterrence-based approach rather than a single approach which could not capture and ensure compliance by the majority of the regulated. Having at hand a broad enforcement approach allows the regulator to exercise judgment as to the most appropriate course of action. As explained by Bardach and Kagan, 'to reject punitive regulation is naive; to be totally committed to it is to lead a charge of the Light Brigade. The trick of successful regulation is to establish a synergy between punishment and persuasion.'54 The wider move to a judgment-based approach to regulation and supervision is likely to mean a more inquisitorial approach between the regulator, financial firms and individuals. The move to a judgement-based approach is likely to exert significant pressure on regulatory resources.

An enforcement strategy should appreciate that the industry and individuals working within it are not a homogenous group with the same incentives to comply. In light of that, the enforcement strategy requires a sanctions regime that addresses a spectrum of failures of compliance with regulatory rules and requirements. The enforcement model needs to be designed so that it appropriately captures those forms of behaviour. The categorisation adopted by Kagan and Scholz is a useful starting point before moving on to the types of sanctions.55 The 'regulated' are placed into three broad categories: the 'amoral calculator', the 'political citizen' and the 'organisational incompetent'.56

51 Gunningham (1987), at p 70; Cotterell (1992), at p 245.

52 Hawkins and Thomas (1984), at p 82.

53 Reiss (1984), at p 25.

54 Bardach and Kagan, cited in Ayres and Braithwaite (1992), at p 25.

55 Kagan and Scholz (1980), at pp 67-68.

56 Ibid.

In the first category, the 'amoral calculator' is likely to only respond to action in the last resort - either an administrative, civil or criminal action against the firm and/or those individuals at the firm personally culpable for the losses or failure. In this category, the firm is essentially motivated by the profit it can secure before it is stopped, which it views could outweigh the economic costs of the sanction, without even possibly considering the broader social and economic consequences of its actions for market confidence and integrity. The recent case of the Portuguese Espirito Santo bank and the wider financial conglomerate of which it was part also shows evidence of fraudulent activities and accounting irregularities.57 In this case, losing authorisation to undertake regulated businesses is a strong possibility. The difficulty with the label of the 'amoral calculator' is the political use of the label and the expectations gap it can open up when those considered as 'amoral calculators' are not held accountable in the way society expects. Moreover, a dilemma arises when those considered politically 'amoral calculators' can demonstrate compliance with the rules and industry guidance. An example of this is the case of Royal Bank of Scotland (RBS) and the decision to takeover ABN AMRO and the role of Fred Goodwin (CEO), at the early stages of the global financial crisis.58 The exception is where there is clear evidence of criminal behaviour, as is seen with the successful prosecution of directors of Anglo Irish Bank fortheir involvement in unlawful loans to clients.59 In Spain, bank directors have been prosecuted for using state support to fund their personal pensions.60

In contrast, the 'political citizen' is at the other end of the behavioural spectrum to the 'amoral calculator'. In the case of the 'political citizen', the enforcement approach is likely to be at the opposite end of the spectrum since it will be premised on cooperation and negotiation of how regulation could be complied with. The idea of enforcement sanctions is the last thing on the minds of both the regulator and regulated. A clear example of this approach would be the use of internal models to calculate and comply with capital and liquidity levels under the Basel requirements and the regulator's discretion to grant waivers to compliant firms. The regulatory dialogue is likely to form a process of education to ensure compliance is exercised in a way that achieves the ends of the regulated since it will perhaps be innovating in the design of new products offered in the market. In this instance, the dialogue on

57 Patricia Kowsmann, David Enrich and Margot Patrick, 'Behind the collapse of Portugal's Espirito Santo empire', The Wall Street Journal (online), 12 August 2014. Accessed 19 October 2015; The Economist, 'Banco Espirito Santo, sharing the pain: Portugal grapples with a failed bank', 9 August 2014. http:// Accessed 19 October 2015.

58 John Kampfner, 'Making it happen: Fred Goodwin, RBS and the men who blew up the British economy by Iain Martin - review: the truth about the collapse of RBS makes shocking reading', The Guardian, 16 September 2013. Accessed 19 October 2015.

59 Paul Hosford,'Ireland sees first bankers convicted of giving illegal loans', The Journal.IE, 17 April 2014. Accessed 19 October 2015.

60 Sean Martin, 'Spanish bankers convicted for first time since economic crisis', International Business Times, 30 May 2014. Accessed 19 October 2015.

best practices could possibly be the basis for showcasing to others the approach that needs to be taken to undertake certain businesses and so incentivise improvements in behaviour. The need for dialogue on behalf of the regulator is necessary as it enables the regulator to maintain an understanding of business and industry innovation. But it can pose questions of regulatory or political capture.

The third category, the 'organisational incompetent', could manifest itself in a variety of forms within the spectrum of failings from simple to gross negligence. The regulator is likely to respond with perhaps less punitive sanctions in comparison to the amoral calculator but more than that meted out to those considered political citizens. In such cases, a significant proportion of non-compliance arises from internal organisational failures that expose the firm to the risk of losses or fraud. The potential social and economic risks of such acts or omissions can be extremely serious as well and could even bring the firm to the brink of failure. For instance, the circumstances leading to Northern Rock requiring emergency liquidity support from the Bank of England were due primarily to its poor funding model.61 Moreover, in 2008, Lloyds TSB had its status damaged after the takeover of Halifax Bank of Scotland (HBOS) - which was on the verge of collapse - and needed a massive public bail-out by the UK to stabilise its position.62 Below are a number of further observations that can be made at this juncture.

The categorisation of firms and individuals is not likely to be static and they might well move between those categories overtime without expecting to. Moreover, the size and complexity of firms operating in various business lines also means that the firm could well be in all three different categories and have its reputation associated with one or the other, depending on which is dominant. The thought of these firms failing during the financial crisis of 2007-2010 would have been unthinkable a few years before. The categorisation of being at one point a 'political citizen' and then an 'organisational incompetent' or, at the extreme end of the spectrum, an 'amoral calculator', is likely to move in that order unless, through restructuring and given time, the firm can re-establish its reputation in the market place.

The regulator requires a range of enforcement sanctions to deal with the different types of regulated firms and individuals explored above.63 The enforcement sanctions and measures that regulators can use can take a variety of forms but are normally categorised into administrative, civil and criminal sanctions.64 An attempt to increase the use of non-punitive administrative sanctions could directly increase enforcement activity in the intermediate range of offences without society or the market closing its doors on a participant. It is evident that the regulator needs a number of regulatory enforcement powers to deter the various forms of behaviour

61 House of Commons Treasury Committee, The run on the Rock, Fifth Report of Session 2007-08, Volume I, 26 January 2008, at pp 15-17. cm200708/cmselect/cmtreasy/56/56i.pdf. Accessed 19 October 2015.

62 FSA, Final Notice, Bank of Scotland Plc, 9 March 2012. bankofscotlandplc.pdf. Accessed 19 October 2015.

63 For an excellent examination of this issue, see Mann (1992), at p 1863; Shapiro (1985), at p 193.

64 Mann (1992).

noted above.65 The wide arsenal of enforcement sanctions means that regulators can address various forms of behaviour through the use of either punitive or non-punitive means, depending on the firm's or individual's level of culpability and blame for the losses or failure, thus signalling that the behaviour addressed is considered unacceptable. The signalling can take place either in private or in public so that others within the firm or in the industry see that such behaviour is considered unacceptable.

The Ayres and Braithwaite enforcement pyramid provides a succinct reflection of the types of enforcement powers that regulators are likely to have at their disposal.66 Ayres and Braithwaite have set out the choice of sanctions in a pyramid, with the most serious sanctions at the top. The base of the pyramid advocates negotiation, but further up the ladder the degree of severity of the sanction increases, recognising the need for a variety of enforcement methods to ensure compliance. Further up the pyramid, at the apex,is 'licence revocation', which will literally terminate the right to undertake licensed activities.67 The pyramid highlights that administrative sanctions such as licence revocation or suspicion may well, in some circumstances, be considered extremely punitive. Within the pyramid of enforcement sanctions, administrative sanctions also exist in the form of powers to restrict or limit regulated activities, to prevent changes of ownership, or to restrict expansion of businesses either domestically or internationally.

The enforcement arsenal that forms part of the responsive regulation discourse provides an extremely useful way to understand how enforcement sanctions sit within a hierarchy of punitive and non-punitive sanctions. A range of administrative, civil and criminal sanctions also addresses the possibility of regulatory under-enforcement and over-enforcement since it gives the regulator a number of options to address the problem it has identified. A lack of response is likely to require an explanation. It would also be unrealistic to think of regulators moving up the pyramid from negotiation to licence revocation in some seamless fashion.68 The reality is more likely to be an assessment of the evidence and determination of which enforcement sanction is best suited to address the problem or minimise the harm being produced. The decision to impose either an administrative or a civil or criminal sanction also requires the regulator to consider the costs and level of resources needed to pursue one of those different routes.69 Moreover, it is important to take into account the spill-over effects of enforcement decisions to the wider socio-economic system.

This section has explored some of the key elements of enforcement policy, namely the approach to enforcement, the different types of behaviour regulated firms and individuals can display, and finally the range of sanctions needed to address those various forms of culpability. There is no real one-size-fits-all approach that can be adopted. The move to some form of single enforcement model has to be

65 Gunningham (2012), at p 126.

66 Ayres and Braithwaite (1992), at p 26.

67 Ibid., at p 35.

68 Haines (1997), at p 220.

69 According to Scholz (1984a, b), at p 392; Ayres and Braithwaite (1992), at p 26.

congruent to a separate approach to prudential requirements and those associated with conduct risk failures. What is important is the need to be mindful of conduct risk failures resulting from conduct of business failures that could morph into wholesale poor practices which undermine the prudential soundness of the institution and possibly lead to risks to the financial stability of the market as a whole. This will pose a particular challenge to regulators with a narrow mandate, as in the case of the ECB. From a holistic perspective, the gap in enforcement regarding conduct of business risks at the eurozone level also provides a reason for a Capital Markets Union with a regulator safeguarding market integrity with an appropriate enforcement model to address conduct of business risks. This would complement the ECB's prudential focus.

It is important to assess whether the reforms proposed by CRD IV will address some of these themes. It will be suggested that, in light of the above-mentioned gaps, inconsistency of approach will inevitably exist and thus thwart a level playing field.

6 Is the EU Moving to a Coherent Enforcement Approach?

The EU financial services regulators are not without a range of enforcement powers and sanctions, far from it.70 Still, the thought of a single overarching approach to enforcement and sanctions poses tremendous challenges for the discrete ways regulation and supervision are undertaken in the members of the European Union.71 The cultures and traditions of regulation, supervision, accountability and enforcement differ considerably, as do the responsibilities allocated to a single, dual or multiple set of regulators and supervisors. This highlights that there are not only country-specific cultural approaches that need to be appreciated but also, as noted above, different approaches between the various business lines that make up the financial services industry. However, under the EU agenda of more consistency of approach to the oversight of financial services, enforcement must also be tackled in the same way as prudential and conduct risk requirements. Whilst the above may improve compliance with more robust prudential requirements and conduct risk requirements, it is suggested that a coherent deterrence approach is needed to achieve the enforcement objectives. The move to a 'single supervisory regime' will improve EU Member State compliance. Compliance will, however, only be entirely consistent when the deterrence part of the enforcement model is coherently

70 Committee of European Banking Supervisors, Mapping supervisory objectives and powers, including early intervention measures and sanctioning powers, Review Panel, March 2009, CEBS 2009/47; See also European Commission, Impact Assessment, Accompanying the document Proposal for the Directive of the European Parliament and the Council, on the access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms and amending Directive 2002/87/EC of the European Parliament and of the Council on the supplementary supervision of credit institutions, insurance undertakings and investment firms in a financial conglomerate, 20.7.2011, COM(2011) 453 final, SEC(2011) 952 final.

71 The point here is that the financial services industry is not a single homogenous grouping, let alone a single industry, but a complex set of different industries where a single enforcement approach would need to be broad enough to achieve the objectives of the distinct industries.

addressed as well. The evidence provided by the 2009 Review and the 2011 Impact Assessment72 clearly indicates significant gaps in the enforcement arsenal of EU Member States and a lack of credible deterrence in the enforcement of administrative penalties and measures. It highlights, in particular, gaps and divergences in approach between EU Member States as to what regulators can and cannot do when faced with similar problems at banks. This also depends on whether the relevant bank is, in all intents and purposes, a going concern or a gone concern.

The adoption of CRD IV sets out a number of reforms to the enforcement regime in EU Member States to address the divergence between EU Member States in the way they deal with failures at banks as well as with individuals responsible for those failures.73 It first provides the basis to develop administrative penalties, but criminal sanctions are not covered.74 It also requires EU Member States to put in place administrative measures for dealing with non-compliance. EU Member States can rely on existing penalty regimes to build a coherent set of penalties and fill in gaps with new penalties to deal with the different forms of non-compliance likely to arise. Article 65(2) enables EU Member States to apply the penalty in accordance with national law provisions that also apply to members of the management body, such as, for example, those relating to shareholders' powers to dismiss directors.75 In this respect, the financial regulator will have to be mindful of such procedural rights when exercising those powers.

The forms of administrative measures that EU Member States need to have in place, as a minimum, are listed and the matters to be taken into account in deciding the size of the penalty or extent of the administrative measures are provided.76 The first set of reforms includes those to deter unauthorised regulated activities or unauthorised acquisition of a qualifying holding in a credit institution.77 In respect of those administrative measures, EU Member States are required to publish a statement about the matter, exercise a cease-and-desist order, and adopt a procedure to calculate the penalty to be applied to the firm and individuals responsible.78 In those instances, the regulator may well address such problems using a combination of administrative and civil sanctions. In extreme cases, individuals found to be managing such unregulated businesses could also be criminally prosecuted for fraud or dishonesty.

The other administrative measures to improve the regulators' ability to deal with the different forms of non-compliance relate to the following79: false statements to

72 Supra n. 70.

73 CRD IV, Section IV, Supervisory powers and powers to impose penalties, Art. 64.

74 Ibid., Art. 65(1).

75 Ibid., Art. 65(2); Companies Act 2006, s.168.

76 CRD IV, Art. 66.

77 Ibid., Art. 66(1)(a)-(d).

78 Ibid., Art. 66(2)(a)-(f).

79 Ibid., Art. 67(1)(a).

acquire authorisation;80 failure to report changes to acquired holdings;81 failure to put in place specific governance arrangements as required by the national competent authorities;82 misreporting information to the regulator about own funds;83

84 85 86 87

misreporting data, large exposure, liquidity or leverage ratio; failure to hold the appropriate liquid assets;88 exceeding exposure limits;89 mismanaging securitization risks;90 and appointment of members of the management body without the suitable experience, skills and knowledge.91 In response to such matters, the EU Member State may withdraw authorisation,92 impose a temporary prohibition on individuals from the industry,93 or impose pecuniary penalties on the firm or relevant individuals.94

In respect of these types of failures, the regulator may not address those problems with deterrence options. Instead, it may opt for more of a compliance-based approach and negotiate to ensure adherence, as the threat of sanctions maybe enough to make the regulated respond. When deciding the size of the administrative penalties and/or the severity of the administrative measures, the regulator is specifically required to take into account the following: the gravity of the breach; the level of responsibility of the firm or individual; the level of profit or loss avoided as a result of the breach; losses sustained by investors; the level of cooperation offered; and the risk posed to the stability of the system.95

EU Member States are required to report administrative penalties to the EBA, which will give the EBA a better understanding of the level of enforcement penalties administered across the EU. The utility of this is, however, called into question since it should also extend to administrative measures so that the EBA can get a better picture of the enforcement of those matters across the EU as a whole. At the same time, some of the administrative measures may not be publicised, and, rightly so in the public interest, since they could, if the timing is not considered suitable, pose external spill-over risks. The risk of enforcement inconsistency

80 Ibid., Art. 67(1)(b).

81 Ibid., Art. 67(1)(c).

82 Ibid., Art. 67(1)(d).

83 Ibid., Art. 67(1)(e).

84 Ibid., Art. 67(1)(f).

85 Ibid., Art. 67(1)(g).

86 Ibid., Art. 67(1)(h).

87 Ibid., Art. 67(1)(i).

88 Ibid., Art. 67(1)(j).

89 Ibid., Art. 67(1)(k).

90 Ibid., Art. 67(1)(l).

91 Ibid., Art. 67(1)(p).

92 Ibid., Art. 67(2)(c).

93 Ibid., Art. 67(2)(d).

94 Ibid., Art. 67(2)(e)—(g).

95 Ibid., Art. 66(1)(c)-(d); Art. 67(2)(e)-(g); Art. 70(a)-(h).

96 Ibid., Art. 69(1)-(4).

remains since some EU Member States may impose more punitive administrative measures in comparison to others when breaches at banks are identified.

CRD IV makes significant changes to the enforcement regime but also confers significant discretion on EU Member States to interpret the provisions, as well as discretion on the regulators to make decisions on a day-to-day basis. Therefore, it will not necessarily improve the level of consistency across the European Union. It is suggested that additional regulatory guidance from the EBA is needed to reduce the divergence of approach and thus reduce the risk of enforcement arbitrage by booking the more risky business in jurisdictions where there is a greater probability of under-enforcement compared to a jurisdiction where there is likely to be over-enforcement. The level of enforcement is still partly reliant on the level of resources which the local regulator has to investigate such matters, thus again leading to the risk of enforcement arbitrage by firms that are aware of the differing approaches to the supervision of risk. Moreover, the enforcement sanctions associated with breach of prudential requirements are not likely to be initiated, or even publicised, unless the institution's viability is in doubt and is part of the reason for moving towards resolution.

The administrative penalties and measures focus on the authorisation of regulated activities, prudential requirements and internal management controls, and, in so doing, concentrate on the safety and soundness of institutions. Those measures are necessary and are not called into question, but do require consistency across the EU. Moreover, since mismanagement of conduct risk generally exists before signs of prudential risk emerge, it is argued that the move to reform administrative penalties and measures should be extended to all areas of financial services. The level of public enforcement of prudential requirements is miniscule in comparison to its conduct of business counterpart. With such focus on prudential requirements and internal management controls, the enforcement agenda is not being addressed appropriately to improve consistency and to avoid the risks of 'under' or 'over' enforcement, as described by Mann.97

The move to formally introduce a criminal sanctions regime to support administrative sanctions and measures across the European Union over recent years98 is a response to the call from society to ensure that those individuals found culpable are exposed to the risk of imprisonment or criminal financial penalties. Criminal sanctions provide the traditional deterrent against acts which have a sufficiently deleterious, adverse effect and impact on society. The punishment prescribed by the criminal justice system tries to achieve a broad range of goals which are not necessarily attainable with one sanction, such as restraint, retribution, rehabilitation, education, denunciation, compensation or just deserts.99 Indeed, the introduction of a criminal sanctions regime will not necessarily mean that we will

97 Mann (1992).

98 See e.g. Regulation (EU) No 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse (Market Abuse Regulation) and repealing Directive 2003/6/EC of the European Parliament and of the Council and Commission Directives 2003/124/EC, 2003/125/EC and 2004/72/EC Text with EEA relevance; Directive 2014/57/EU of the European Parliament and of the Council of 16 April 2014 on criminal sanctions for market abuse (Market Abuse Directive); Ferran et al. (2012), p. 7.

99 For a detailed examination of criminal sanctions, see Gobert and Punch (2003), at pp 214-252; Croall (2001), at pp 123-142.

see those considered culpable put behind bars, for it is incredibly difficult to succeed in securing criminal prosecutions. For similar reasons, it is unlikely to find regulators exercising their powers to revoke a bank's licence or to ban, permanently or temporarily, individuals from working in the financial industry. In the regulatory context, a greater overlap between criminal, administrative and civil sanctions exists under the auspices of administrative powers.100 The growth in the use of administrative sanctions is nevertheless based on a systematic process of decriminalising regulatory offences, which has curtailed the use of criminal sanctions for all but the most serious offences.101 It is only in more recent times, in the aftermath of the global financial crisis, that we have seen a re-emergence of criminal sanctions to complement other enforcement sanctions.102

Given the above, it is argued that the powers provided in CRD IV require the ECB as the single supervisory authority to develop better guidance for EU Member States and to flesh out a more consistent application of enforcement sanctions.

7 Complementing the European Single Rulebook and the Single Supervisory Handbook with a Single Enforcement Handbook

This paper proposes to create an enforcement handbook to complement the European Single Rulebook and the Single Supervisory Handbook. It is suggested that the latter two are focused on a compliance-orientated and remedial model of enforcement. The remedial approach is interpreted to mean putting in place corrective measures to deal with, inter alia, capital, liquidity, governance and internal control shortcomings. The success of the Banking Union is reliant on the EBA, in terms of rule design, and on the ECB to undertake the work of prudential supervision, working, in part, with national competent authorities to ensure compliance with requirements set out, for instance, in CRD IV and CRR. The process of the EBA assisting with rule convergence and compliance is an example of that model.103 This process will also identify inconsistencies in approach and put in place mechanisms to iron out those variations through the development of technical standards, guidance and recommendations.104 The EBA is yet to develop,

100 For the use of criminal sanctions, see Kadish (1963); Harvard Law Review (1979).

101 Coffee Jr (1992); Kerrigan et al. (1993).

102 Supra n. 98.

103 See, for instance, the process of peer review undertaken by the EBA, similar to the IMF and World Bank financial sector assessment process. For example, EBA, Report on the peer review of the EBA Guidelines 31 regarding credit concentration risk, 14 July 2014. 10180/534414/EBA+Report+on+the+peer+review+of+the+GLs+on+credit+concentration+risk.pdf. Accessed 19 October 2015.

104 See the EBA's supervisory convergence and disclosure efforts, the latter revealing 'the way in which each Member State exercises the options and national discretions available in EU banking legislation and the general criteria and methodologies used by national authorities in the Supervisory Review and Evaluation Process (SREP)', at; EBA, Revised 2015 Working Programme, at p 3. 10180/842038/30+09+2014+(EBA+2015+Work+Programme+Annex).pdf/de36f4b0-80ee-4e26-af0c-86b99965b510. Accessed 19 October 2015.

however, standards, guidance or recommendations on the enforcement sanctions set out in CRD IV.105

The responsibility conferred on the ECB to fulfil the single supervisory role also lends itself to more of a compliance-based model of enforcement, consisting of a remedial approach to supervisory matters (with the exception of the most punitive of sanctions, withdrawal of authorisation).106 The above mechanisms - the Single Rulebook and Single Supervisory Handbook - provide a considerable level of support to the ECB and a centralised supervisory agenda. Moreover, the ECB is also expected to work closely with the national regulators of EU Member States not within the eurozone through formal memoranda of understanding.107

The important element in this process of developing a consistent ground for the regulation and supervision of significant banks is to ensure that the interpretation and application of rules is sufficiently transparent even though the rules themselves are already transparent. The culture and approach will need time to develop so that a consensus can develop around what is considered good supervision.108 The focus on prudential requirements could result in a time lag between conduct and impact on capital or liquidity levels, so it is important for the ECB to also look at the wider behaviour of banks.

The challenge will be to develop a normative framework that (1) can link, at a high level, the discrete elements of the single supervisory and resolution mechanisms; (2)is sufficiently informative about its approach to supervision; and (3) captures the discretion that resides in the national authorities. The importance of this exercise would be to assist the ECB, significant banks and national authorities in understanding the expectations associated with the 'single' approach. It is quite evident that various approaches to regulation and supervision exist, from traditional command and control, principles-based, light-touch, compliance-based or deterrence-based approaches, to more recent intrusive, judgment-based and forward-looking approaches. Each approach has its own type of perimeters to control the discretion of the regulator and the regulated, and its own construction of what constitutes risk to regulatory objectives.

The move towards a judgment-based approach by the ECB and Member States could form the basis of an adversarial approach which to other regulators with a more administrative form of regulation and supervision appears extremely intrusive in the affairs of the regulated. The regulated could be of the view that this is a move

105 In this connection, the EBA has only 'very limited direct, binding powers of intervention over NCAs [national competent authorities] and banks'. This is confined to exceptional situations such as, for instance, breaches of EU law, where EBA would direct NCAs or banks to comply in a specific way. Instead, day-to-day supervision has broadly been left at national level notwithstanding the European Financial Stability Facility (EFSF) reforms. See Recital 9, Regulation (EU) No 1093/2010, cited in Moloney (2014), at p 1621.

106 CRD IV, Art. 4(1).

107 Ibid., Art. 3(6).

108 Daniele Nouy, Chair of the Supervisory Board of the Single Supervisory Mechanism, 'The European banking landscape - initial conclusions after 4 months of joint banking supervision and the challenges ahead', speech at the SZ Finance Day 2015, Frankfurt am Main, 17 March 2015. https://www. Accessed 19 October 2015.

to over-regulation.109 The primary challenge is the need to provide adequate reasons to give the regulated the right to evaluate a decision and the regulator to avoid allegations of the judgment appearing subjective and disproportionate rather than objective and proportionate. The ECB's overarching role of providing greater consistency in order to bridge different approaches to regulation and supervision implies that it should be able to develop a common approach and understanding. The explanation of the risk-based approach adopted by the ECB implies that it constitutes a single homogenous form.110 The process of allocating regulatory resources according to a risk-based approach requires a better construction of the risk-based approach so that it is clear how the intensity of supervision and decision-making changes according to how risks are expected to be monitored, assessed and then remedied. Based on the risk-based approach to regulation it will be necessary to construct how judgments are likely to be executed within that framework. Again, the judgment-based approach does need to be structured to improve the transparency of how it is expected to be applied.

The ECB is conferred a range of investigatory, information-gathering and enforcement powers to support its supervisory work, which it can exercise directly or indirectly.111 It is granted responsibilities that amount to it being the competent authority of those banks deemed significant.112 The ECB directly exercises supervisory, investigatory and enforcement powers, or initiates powers indirectly with the support of national supervisory authorities acting on its behalf.113 Benefits are gained by the ECB's ability to utilise the national supervisory authorities' knowledge in the ECB's supervisory tasks. In addition, the ECB's ability to share staff of national supervisory authorities through exchanges and secondments enables the ECB to build up its own understanding of the institutions on a day-to-day basis. It will therefore have, for all intents and purposes, the powers of national supervisory authorities at its disposal. The recent ECB decision to assess a number

109 Sabine Lautenschläger, Member of the Executive Board of the ECB and Vice-Chair of the Supervisory Board of the Single Supervisory Mechanism, 'Monitoring, regulation and self-regulation in the European banking sector', speech at the evening reception at the Deutsche Aktieninstitut in Frankfurt am Main, 21 April 2015. Accessed 19 October 2015.

110 See ECB, 'Guide to banking supervision', European Central Bank, 2014, at p. 8. https://www. Accessed 19 October 2015.

111 Chapter III, Regulation (EU) No 1024/2013, supra n. 22. The ECB will also have to think about separating the functions of supervision and investigation to avoid conflicts of interest spilling into the decision-making process as regards potential enforcement. The reliance on the EU Member States' national authorities will also need to be coordinated accordingly.

112 Ibid.; ECB, List of credit institutions.; ECB, The list of significant supervised entities and the list of less significant institutions, September 2014. http://www. Accessed 19 October 2015.

113 See Art. 6(5), Regulation (EU) No 1094/2010, supra n. 17. In this regard, the ECB 'has a range of rule-making and quasi-rule-making tools' as provided by Arts. 4(3) and 6(5). This may result in certain 'positive spillover effects' as regards the coordinating relationship between the ECB and NCAs of less significant banks as a consequence of the ECB's supervision of significant ones. See Moloney (2014), at p 1648.

of banks to determine whether they could, in the future, be classified as significant is a good example of it exercising its discretion.114 It also illustrates how the ECB can ask the national authorities to provide it with the information to make such an assessment and to form its view. The ECB will therefore need to develop its own approach to supervision policy so that it can be judged against that policy in the exercise of its responsibilities.115 The tools and tasks of supervision and the discrete approaches of national supervisory authorities require policy coherency to bring them together. Part of this exercise is initiated with the guidance on supervision.116 But this can only be a first step on the road of supervision. A large proportion of its role and approach is argued to be opaque, to say the least. Whilst there is a degree of consistency in the approach to supervision, there is considerable room for enforcement arbitrage with the multiple layers of oversight at regional and EU Member State level and the reality of participating and non-participating EU Member States within the framework of centralisation. This reflects the reliance the ECB will have on national resources and approaches to fulfil part of its mandate.117 But more significantly, the ECB is required to exercise its responsibilities in accordance with relevant EU law.

The ECB must therefore comply with the interpretation of the provisions of directives adopted by EU Member States. CRD IV also enables national authorities to interpret enforcement sanctions in line with national law,118 thus exacerbating the risk of enforcement arbitrage. This is the case even despite the decision to take a consistent approach towards the interpretation of CRD IV. The result could be that the ECB may be required to apply different interpretations to similar sets of circumstances, depending on how the relevant EU Member State has exercised its discretion. Indeed, the field of administrative enforcement sanctions is one area that could lend itself very easily to differing interpretations due to the precision with which they are drafted, which could thus lead to different outcomes.119 In order to partly remedy the gap identified here, the move to creating a single enforcement handbook would start the process of minimising inconsistency.

114 Decision of the European Central Bank of 4 February 2014 identifying the credit institutions that are subject to the comprehensive assessment (ECB/2014/3), (2014/123/EU).

115 Daniele Nouy, Chair of the Supervisory Board of the ECB, 'Launch of the SSM - what will change in banking supervision and what are the imminent impacts on the banking sector?', speech at the Third FIN-FSA Conference on EU Regulation and Supervision, Helsinki, 5 June 2014. https://www. Accessed 19 October 2015.

116 Supra n. 110.

117 There is also the risk that the ECB relies on the supervisory authority to exercise enforcement decisions rather than taking such decisions itself. However, the risk of such an approach would be that the ECB would show itself to be reluctant to intervene and give the impression that it is under-enforcing and using more carrots than sticks. This is similar to Ayres and Braithwaite's analogy of central banks acting as a 'Benign Big Gun' where they have a considerable arsenal of tools and powers but rarely utilise them. The argument runs that the presence of the powers is enough to ensure compliance. As we have seen, that is not always the case.

118 See Art. 64(2), Section IV, CRD IV.

119 The classic work in this area is by Diver (1983).

The supervisory regime articulated in the guide is not sufficient on its own to explain the approach to supervision, as each facet of the supervisory process requires clarification of how best to comply with additional guidance. The lack of specificity would enable the domestic regulators and the regulated to challenge enforcement policy and sanctions. While that may not be the mandate of the ECB but rather that of the EBA, the technical standards provided by the EBA120 are just as vague and open to interpretation as the rules themselves, thus in many ways lending little assistance to the process of rule interpretation and compliance. In the area of CRD IV and administrative sanctions there is limited assistance. Moreover, the stress-testing of banks provides an understanding of the underlying risks in the banking system but cannot be viewed as the ECB's sole basis for then disclosing enforcement actions or decisions.

The paper therefore advocates moving towards a single enforcement book to improve the interpretation of administrative enforcement powers at the level of the centralised bodies, EU Member States, supervisory bodies and the regulated. The development of a single enforcement handbook would serve several purposes, in line with Diver's work on the precision of administrative rules.121 The process of articulating standards and guidelines around administrative sanctions enables the centralised bodies to explain the aims, objectives and principles which they would like to associate with this part of their responsibilities. Providing guidance on the use of enforcement sanctions would also support a process of consistency of application of administrative sanctions. Such guidance would need to reflect the interpretation of the enforcement sanctions and thus enable a more centralised approach to what is considered reasonable behaviour. Indeed, the approach taken to address behaviour needs to clarify the opacity surrounding 'what is reasonable and unreasonable' whilst not unnecessarily disabling the use of those sanctions to address individual behaviour. The guidance could also help national authorities and EU Member States gauge which type of enforcement sanction to apply, i.e., administrative, civil or criminal. This would assist the authorities in determining the level of recourses that they will need to deal with a matter. The centralised authorities would also, through a process of transparent practices, be better placed to gauge areas of under- and over-enforcement when relying on national supervisory authorities to execute certain enforcement decisions. The ECB as a supervisor would be able to assess whether it is taking a consistent approach to such matters across the EU and is not simply being influenced by national interests. The move to a single enforcement handbook would also lead to better coordination of enforcement powers between going concern and gone concern, for example, in connection with the powers of early intervention. The whole enforcement lifecycle can then be addressed as a whole rather than incrementally in separate places. Connecting the parts also means better levels of accountability since it enables the

120 See EBA, Guidelines on common procedures and methodologies for the supervisory review and evaluation process (SREP), 19 December 2014. EBA-GL-2014-13+(Guidelines+on+SREP+methodologies+and+processes).pdf. Accessed 19 October 2015.

121 There are challenges to articulating the precision of administrative sanctions but this has not prevented financial regulators from formulating a better understanding of this area.

central authorities to identify whether national authorities could address problems earlier by applying administrative sanctions prior to the situation snowballing into a risk of the bank being put into resolution. The EBA's process of peer review of rule compliance and frequency of use could equally apply to compliance with, and frequency of use of, administrative sanctions. The review work would offer the centralised bodies the opportunity to better understand the level of resources they need to devote to such areas.

8 Conclusion

A range of challenges have been identified, and enforcement has certainly been noted as one of them. The ECB's use of national authorities to inform its decisions does require a consistent approach in order to ensure that relationships are not established on the basis of the political bargaining power of respective EU Member States. The ECB will therefore need to develop its own approach to supervision policy, so that it can be judged against that policy in the exercise of its responsibilities. The tools and tasks of supervision and the discrete approaches of national supervisory authorities require policy coherency to bring them together. From a rather critical perspective, the ECB is still to develop a coherent policy framework around its new day-to-day responsibilities: its rather 'bottom-up approach' of lots of tools and levers but little in the way of a coherent regulatory and supervisory framework for how those levers and tools are or may be used, subsequently opens up an expectations gap. The importance of this area of policy is that it addresses the day-to-day dilemmas and challenges of supervision associated with intensive supervision, investigations and enforcement, and the reasons why a coherent enforcement policy is needed. Eventually, enforcement of prudential risks, conduct risk and conduct of business risks should be complemented and strengthened by an EU Capital Markets Union with an actual focus on regulation and supervision of market integrity and investor protection, since these issues tend to give rise to more enforcement activity.

The move towards greater levels of consistency in rule compliance, through the adoption of a single regulatory regime and centralisation of regulatory and supervisory policy and oversight regarding significantly important banks, makes a more consistent approach to enforcement policy necessary to be able to deal with 'middle ground' failures that can arise when a bank is a going concern but not at the point of resolution. Developing a coherent enforcement strategy is imperative to improving the consistency of approach and to achieving consistent supervisory objectives. This task is, nevertheless, onerous due to the complex way enforcement can be exercised in each EU Member State. However, neither that hurdle nor the complexity of the financial services industry should stand in the way of taking the opportunity to address enforcement in the financial services industry and to consider the feasibility of forming a single enforcement approach.

Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (, which permits unrestricted use,

distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.


Ayres I, Braithwaite J (1992) Responsive regulation: transcending the deregulation debate. Oxford University Press, Oxford

Babis VSG (2014) Single Rulebook for prudential regulation of banks: mission accomplished? Eur Bus Law Rev (forthcoming). Also published as University of Cambridge Faculty of Law Research Paper No 37/2014, at p 37. Baldwin R, Cave M, Lodge M (2012) Understanding regulation: theory, strategy, and practice, 2nd edn.

Oxford University Press, Oxford Black J (2005) The emergence of risk-based regulation and the new public risk management in the United

Kingdom. Public Law (Autumn), pp 512-548 Black J (2008) Forms and paradoxes of principles-based regulation. Cap Mark Law 3:425-457 Black J, Baldwin R (2008) Really responsive regulation. Mod Law Rev 71:59-94 Black J, Baldwin R (2010) Really responsive risk-based regulation. Law & Policy 32:181-213 Black J, Baldwin R (2012) When risk-based regulation aims low: approaches and challenges. Regul Gov 6:2-22

Brown R (1994) Theory and practice of regulatory enforcement: occupational health and safety regulation

in British Columbia. Law & Policy 16:63 Coffee JC Jr (1992) Paradigms lost: the blurring of the criminal and civil law models—and what can be

done. Yale Law J 101:1875 Cook D (1989) Rich law, poor law: differential response to tax and supplementary benefit fraud. Open

University Press, Milton Keynes Cotterell R (1992) The sociology of law: an introduction. Butterworths, London Cranston R (ed) (1995) The single market and the law of banking, 2nd edn. Lloyds of London Press, London

Croall H (2001) Understanding white collar crime. Open University Press, Milton Keynes

Diver CS (1983) The optimal precision of administrative rules. Yale Law J 93:65

Ferran E (2014) European Banking Union: imperfect, but it can work. Legal Studies Research Paper No

30/2014, April 2014. Forthcoming in Busch D, Ferrarini G, European Banking Union, OUP Ferran E et al (2012) The regulatory aftermath of the global financial crisis. Cambridge University Press, Cambridge

Gobert J, Punch M (2003) Rethinking corporate crime. Butterworths, London

Gray J (2009) Is it time to highlight the limits of risk-based financial regulation? Cap Mark Law 4:50-62 Gunningham N (1987) Negotiated non-compliance: a case study of regulatory failure. Law & Policy 9:69 Gunningham N (2012) Enforcement and compliance strategies. In: Baldwin R, Cave M, Lodge M (eds)

The Oxford handbook of regulation. Oxford University Press, Oxford, pp 120-145 Haines F (1997) Corporate regulation: beyond 'punish or persuade'. Clarendon Press, Oxford Harvard Law Review (1979) Developments in the law—corporate crime: regulating corporate behavior

through criminal sanctions. Harv Law Rev 92:1227 Hawkins K, Thomas J (1984) Enforcing regulation. Kluwer-Nijhoff, Boston

Hertig G, Lee R, McCahery JA (2010) Empowering the ECB to supervise banks: a choice-based approach. ECFR 7:171

Hopkins A (1994) Compliance with what? The fundamental regulatory question. Br J Criminol 34:431 Hutter BM (1988) The reasonable arm of the law? The law enforcement procedures of environmental

health officers. Clarendon Press, Oxford Hutter BM (1989) Variations in regulatory enforcement styles. Law & Policy 11:153 Jenkins R (2012) Regulators, financial industry and the problem of regulatory capture. In: International Centre for Financial Regulation (ICFR), Pagliari S (eds) Making good financial regulation: towards a policy response to regulatory capture. Grosvenor House Publishing Ltd, Foreword Kadish SH (1963) Some observations on the use of criminal sanctions in enforcing economic regulations. Univ Chic Law Rev 30:423

Kagan RA, Scholz JT (1980) The criminology of the corporation and regulatory enforcement strategies.

In: Hawkins K, Thomas J (eds) Enforcing regulation. Kluwer Nijhoff, Boston, pp 67-68 Kerrigan LJ et al (1993) Project: the decriminalization of administrative law penalties: civil remedies,

alternatives, policy, and constitutional implications. Adm Law Rev 45:367 Lauk TC (2014) The triple crisis of Western capitalism: democracy, banking and currency. Palgrave Macmillan, New York

Levitin AJ (2014) The politics of financial regulation and the regulation of financial politics: a review

essay. Harv Law Rev 127:1991 Makki T, Braithwaite J (1993) Praise, pride and corporate compliance. Int J Sociol Law 21:73 Mann K (1992) Punitive civil sanctions: the middle ground between criminal and civil law. Yale Law J 101:1795

May PJ, Burby RJ (1998) Making sense out of regulatory enforcement. Law & Policy 20:157 Moloney N (2014) European Banking Union: assessing its risks and resilience. Common Mark Law Rev 51:1609-1670

Reiss AJ Jr (1984) Selecting strategies of social control over organizational life. In: Hawkins K, Thomas J

(eds) Enforcing regulation. Kluwer Nijhoff, Boston, p 32 Scholz JT (1984a) Cooperation, deterrence, and the ecology of regulatory enforcement. Law Soc Rev 18:179

Scholz JT (1984b) Voluntary compliance and regulatory enforcement. Law & Policy 6:385 Shapiro S (1985) The road not taken: the elusive path to criminal prosecution for white-collar offenders. Law Soc Rev 19:179