FAQs - Banks

The following FAQs are intended to help banks understand how the licensing process works. This section contains the FAQs on the rules applicable to banking licence applications; see the dedicated section for details on the administrative process.

What is the supervisory regime for banks?

The ECB and Banca d'Italia, in close cooperation, perform supervisory functions to protect the safety and soundness of the European banking system, increase financial integration and stability, and ensure consistent supervision. The ECB supervises significant banks and banking groups, while Banca d'Italia supervises less significant banks and banking groups, in accordance with the general guidelines and instructions issued by the ECB.

Banca d'Italia retains full authority in the areas of consumer protection, anti-money laundering and countering the financing of terrorism, oversight of payment services and financial markets, and supervision of non-bank financial intermediaries and branches of non-EU banks.

Banca d'Italia performs its supervisory role with due regard for the entrepreneurial nature of the supervised entities, which set their strategies, organizational models and investment policies independently in compliance with a prudential regulatory framework.

The Bank conducts analysis and takes measures to promptly identify any signs of potential anomalies in the intermediaries' technical/organizational structures and urges them to take appropriate corrective measures. Controls cover all aspects of banking operations, with a focus on the solidity of banks' organizational structures, the quality of risk management and risk mitigation, capital adequacy in the event of losses, fairness and transparency to customers. Specific controls are in place to ensure compliance with anti-money laundering and usury laws, in order to safeguard the integrity of the financial system and prevent illegal conduct.

Banca d'Italia performs both documentary checks - by collecting, processing and systematically analysing a comprehensive set of statistical, accounting and administrative information - and on-site inspections to confirm the quality and accuracy of the data provided by intermediaries and to have a better understanding of their organizational and management arrangements. On-site inspections are tailored to reflect the characteristics, size and complexity of each bank and focus on material risks, corporate governance and internal audit.

For the supervision of crypto-asset activities, please also refer to the joint note by Banca d'Italia and CONSOB published on 29 October 2024.

In what language can licensing applications be submitted?

Licensing applications may be submitted in any official language of the European Union, at the applicant's discretion, as provided for in Article 24 of Regulation (EU) No. 468/2014.

What documents should be attached to the application?

The information and documents to be attached to licensing applications are listed in Banca d'Italia Circular 285/2013 and in the Commission Delegated Regulation (EU) 2022/2580. As a rule, the following documents are required:

  1. memorandum of incorporation and articles of association;
  2. business plan, organizational structure report and corporate governance plan;
  3. list of direct and indirect shareholders, by absolute and percentage value of their holdings. For indirect holdings, the entity through which the interest is held must be specified;
  4. documents confirming that the direct and indirect qualifying shareholders meet all requirements;
  5. proof of payment of capital contributions to the minimum extent required by applicable provisions, issued by the head office of the bank where the payment was made;
  6. information on the origin of the money used to pay capital contributions;
  7. description of the business group, including by means of charts;
  8. fit and proper certificates for members of the management body, including with reference to the interlocking rules laid down in the Article 36 of Decree Law 201/2011;
  9. report on the investment and/or payment services to be provided, where applicable.

Depending on their situation and business model, applicants may be required to produce additional documents for preliminary assessments (e.g. an expert analysis for any contributions in kind).

The documents referred to in points d), e) and h) above must be no older than 6 months prior to the date of submission of the licensing application.

How does Banca d'Italia assess a bank's ownership structure?

When assessing licensing applications from newly-incorporated entities, Banca d'Italia pays particular attention to the financial soundness and the quality of shareholders, in order to make sure that the bank will be able to manage start-up risks and, in the event of a crisis, to minimize the costs associated with value destruction.

For this purpose, Banca d'Italia will assess the quality of qualified shareholders (i.e. shareholders that hold at least 10 per cent of shares or voting rights or can exercise a significant influence over the bank) and the financial soundness of the business plan, based on the following criteria: the good repute, ethics, professionalism and expertise of those who, as a result of the acquisition of a qualifying holding, will perform administrative and management functions in the intermediary; the financial soundness of the qualified shareholders; the intermediary's ability to comply with the provisions governing its business following the acquisition of qualifying holdings; the suitability of the group structure of the qualified shareholders for the purposes of effective supervision; no grounds to suspect that the acquisition is associated with money laundering or terrorist financing. These assessments are carried out in line with the provisions of Article 19 of the TUB and the Banca d'Italia Measure of 26 July 2022.

The analysis of a bank's ownership structure does not result in a separate decision on qualifying holdings or follow the procedures laid down in the relevant legislation, but feeds into the preliminary assessments for licensing purposes.

This analysis is carried out based on the information and documents produced in accordance with the Banca d'Italia Measure of 26 October 2021.

How does Banca d'Italia assess a company that is part of a group or a subsidiary?

Preliminary analysis is intended to assess the soundness of the business plan and the transparency and fitness of the proposed ownership structure. If the new bank is part of a group, we will also assess the composition of the group, the location of individual member companies, and the adequacy of the supervisory systems of the countries in which any foreign members of the group are established, so as to make sure that we can effectively perform our supervisory tasks at individual and consolidated level.

What does Banca d'Italia assess in terms of governance, members of the management body and key function holders?

Banca d'Italia assesses banks' governance structure for risk management capabilities, consistency with the prospective business scope and size, and transparency in the allocation of tasks among corporate boards and in investor relations.

In addition, Banca d'Italia conducts fit and proper (F&P) assessments on members of the management body, general manager and key function holders, which is key to ensure sound and prudent management.

F&P assessments focus on the work ethics, independence, expertise and time commitment of members of the management body, general manager and key function holders. F&P assessment rules are laid down in Article 26 of the TUB and in Ministerial Decree 169/2020.

Financial intermediaries are responsible for identifying fit and proper members of the management body, general manager and key function holders, ensuring adequate quality and numbers. Moreover, they must ensure that the appointees meet F&P requirements and criteria throughout their term of office.

Members of the management body must also comply with the interlocking rules laid down in the Decree Law 201/2011.

When assessing new banks, special attention is paid to the professional profile of members of the management body and key function holders in order to ensure that they are able to cope with start-up risks and, in the event of a crisis, to minimize the costs associated with value destruction.

What should be included in the business plan?

The content of the business plan is covered by Banca d'Italia Circular 285/2015. The document, to be drawn up by the directors, must contain:

  • an overview of the bank's operations and its prospective business lines;
  • a description of its technical and organizational structure, internal control system and IT system;
  • provisional budgets for the first three financial years showing investment amounts, expected financial results, and compliance with the prudential requirements for the first three years of operation.

The document must also illustrate a baseline and an adverse scenario, with their economic and financial impact and their effects on prudential profiles, identify the required capital strengthening measures and estimate their costs.

The business plan must contain forecasts at bank level and, where appropriate, at consolidated and sub-consolidated level.

How does Banca d'Italia assess banks' business plans?

Banca d'Italia will assess banks' business plans for: a) their current and prospective sustainability, taking into account the required start-up investment and prospective business volumes; b) compliance with all prudential requirements since inception and throughout the forecast period.

The business plans submitted with licensing applications are assessed based on Sections 7 and 8 of the EBA/GL/2021/12 Guidelines.

Shareholders may be required to commit to providing financial support to the new bank for business development purposes or in the event of financial distress.

What should be included in the organizational structure report?

The organizational structure report, in accordance with the supervisory provisions applicable to banks, shall include at least the following:

  • composition, role and functioning of corporate bodies;
  • composition and role of any committees;
  • information on how conflicts of interest are managed and on remuneration policies;
  • risk appetite framework, ICAAP and ILAAP regulations;
  • internal regulation of credit and finance processes;
  • organizational chart with the number of resources allocated to each unit.

With reference to the description of the internal control and risk management system, the documents submitted must specify, for each control function:

  • roles, responsibilities and reporting lines;
  • responsibilities of function heads;
  • number of persons allocated to each unit.

With reference to the IT system and the business continuity plan, applicants are required to outline their backup and disaster recovery systems, as well as providing the name and job description of the IT manager.

Where corporate functions (processes, services or operations) are outsourced, applicants must submit evidence that these arrangements will not prevent the intermediary from complying with legal requirements, affect customer relationships, reduce the quality of the internal control system or hinder internal supervision.

Please refer to the FAQ on this specific point.

What information should be provided on outsourced corporate functions?

Intermediaries can outsource corporate functions (processes, services or operations), including core functions, provided that these arrangements do not prevent the intermediary from complying with legal requirements, affect customer relationships, reduce the quality of the internal control system or hinder internal supervision.

Supervisory provisions require intermediaries to adopt specific corporate policies to ensure that outsourced functions are performed properly, the internal control system works smoothly and external providers' operations are regularly monitored. Applicants outsourcing any corporate functions are required to include the following information, in accordance with the EBA/GL/2019/02 Guidelines:

  • a brief description of the outsourced operations;
  • the names of external providers, together with an assessment by the board of directors - for core operations only - of their suitability, both in qualitative and quantitative terms, also considering any other outsourcing contracts they may have with other intermediaries;
  • the corporate outsourcing policy document setting out the following basic information, in line with the principle of proportionality: i) the decision-making process for outsourcing corporate functions; ii) the basic content of outsourcing contracts and the expected service levels for outsourced operations; iii) how outsourced functions are monitored; iv) internal information flows intended to ensure the full understanding and governance of the risk factors associated with outsourced functions; v) contingency plans for providers' failure to perform outsourced operations properly;
  • a summary of the outsourcing agreement for core operations showing the parties' main rights and obligations; expected service levels, in objective and quantifiable terms, and service performance metrics; any conflicts of interest and the related mitigation measures; the contract duration and renewal terms, as well as mutual obligation provisions for contract termination;
  • a description of the measures taken, including organizational measures, to ensure the ongoing monitoring of outsourced operations. The document should also specify the internal resources designated as outsourcing managers, whose professional profiles should be in line with this position.

Intermediaries outsourcing corporate functions are required to oversee the risks arising from outsourcing decisions, keep control of and remain responsible for outsourced operations, and retain the technical and management skills required to backsource them. It is understood that corporate boards and the heads of outsourced functions will remain responsible for the overall performance of those operations.

How does Banca d'Italia assess the organization and its internal control system?

A bank's organization and internal control system are assessed for efficiency and consistency with its size and operational complexity.

Banca d'Italia will assess the intermediary's IT system, which must ensure proper operation and compliance with regular supervisory reporting requirements.

Banks may outsource certain functions, depending on their operational complexity; outsourcing agreements shall specify basic service levels and grant the supervisory authority access to the provider's systems.

It is understood that the bank and its corporate boards will remain liable for outsourced operations.

In addition, intermediaries are required to comply with anti-money laundering provisions under Italian law and to cooperate with authorities through know-your-customer processes and the reporting of any suspicious transactions.

The chosen organizational structure will be assessed based on Section 9 of the EBA/GL/2021/12 Guidelines.

What should a bank do to extend its activity to crowdfunding services for business?

Under the ECSP Regulation, banks are allowed to provide crowdfunding services to businesses. To this end, when submitting an application for authorization they must provide the information required by this Regulation. If the information already filed with Banca d'Italia is up to date, the bank does not need to submit it again; instead, it may provide a declaration certifying that the information has not changed and therefore does not require updating. However, all information specifically related to the provision of crowdfunding services must still be provided (see Banca d'Italia provisions implementing Article 4-sexies.1 of the TUF, only in Italian).

In addition, in accordance with the provisions of the ECSP regulation, the prudential requirements for crowdfunding service providers do not apply to banks, which are already subject to relevant prudential legislation.

What should a bank do to extend its operations to crypto-assets under the MiCA Regulation?

Under the MiCA Regulation, banks may:

  • issue, offer to the public and seek admission to trading of e-money tokens (EMTs). To this end, they must notify Banca d'Italia of their intention to offer EMTs to the public or to request their admission to trading at least 40 working days before the scheduled start date of operations; they must also submit a crypto-asset white paper, drawn up in accordance with the provisions of the MiCA Regulation, at least 20 working days before its publication. For more information see the dedicated page;
  • issue, offer to the public and seek admission to trading of asset-referenced tokens (ARTs). To this end, they must notify Banca d'Italia of their intention to issue ARTs at least 90 working days before the scheduled start date of operations, providing the information required by the MiCA Regulation; they must also submit a crypto-asset white paperfor approval by the Authorities (Banca d'Italia in agreement with CONSOB), in accordance with the provisions of the same Regulation and the RTS on the procedure for the approval of white papers for ARTs issued by credit institutions. For more information, see the dedicated page;
  • provide all crypto-asset services. To this end, they must provide Banca d'Italia with the information required under the MiCA Regulation. For more information, see the dedicated page;
  • offer crypto-assets other than e-money tokens and asset-referenced tokens following CONSOB's operational guidance.

If the information already submitted to Banca d'Italia during the previous licensing process is up to date, applicants will just be required to submit a statement confirming that the information has not changed. Moreover, in line with the provisions of the MiCA Regulation, the provisions on prudential requirements applicable to other ART issuers and crypto-asset service providers do not apply to credit institutions, which remain subject to the relevant prudential legislation.

Please refer to the operational guidance published on 13 September 2024 and to the MiCAR intermediaries dedicated page.

What steps must a bank take to engage in credit servicing activities in Italy?

Under Italy's Consolidated Law on Banking (TUB), the rules governing the purchase and management of bad loans do not apply when these activities are carried out by banks, even in relation to loans they have issued or purchased (see Article 114.2 of the TUB).

As a result, banks do not need to obtain any additional authorization to engage in these activities. However, they are required to comply with specific obligations - mainly conduct and disclosure requirements - outlined in Banca d'Italia's provisions for credit servicers (see Part Two, Chapter 1, Sections II and III, only in Italian).

For more information, please visit the dedicated page on credit servicers.

Under what conditions does a licence lapse?

The licence will lapse if the bank does not start operations within one year of the licensing date or if it expressly renounces its license within the same period.

A limited extension for starting operations, normally not exceeding three months, may be granted for cause upon the bank's request, to be submitted at least 60 days before the one-year time limit expires.

The lapse notification shall be issued by the European Central Bank in accordance with Regulation (EU) No. 468/2014.

In cases where the licence has lapsed, the company must change its corporate purpose to exclude the banking business or file for liquidation.

Under what conditions is a licence withdrawn?

Without prejudice to the cases of licence withdrawal permitted by law, a banking licence shall be withdrawn when: a) the conditions under which it was granted no longer exist; b) it was obtained through misrepresentation; c) it is ascertained that the bank has ceased business for more than six consecutive months; and d) the bank is in compulsory administrative liquidation pursuant to Article 80 of the TUB.

The withdrawal decision shall be adopted by the European Central Bank in accordance with Regulation (EU) No. 468/2014.

In cases where the licence is withdrawn, the company must change its corporate purpose to exclude the banking business or file for liquidation.