FAQs - Banks

What is the supervisory regime for banks?

The ECB and the Bank of Italy, in close cooperation, perform supervisory functions to protect the safety and soundness of the European banking system, increase financial integration and stability, and ensure consistent supervision. The ECB supervises significant banks and banking groups; while the Bank of Italy supervises less significant banks and banking groups, in accordance with the general guidelines and instructions issued by the ECB.

The Bank of Italy retains full authority in the areas of consumer protection, anti-money laundering and countering the financing of terrorism, oversight of payment services and financial markets, and supervision of non-banks financial intermediaries and branches of Extra-EU banks.

The Bank of Italy performs its supervisory role with due regard for the entrepreneurial nature of the supervised entities, which set their strategies, organizational models and investment policies independently in compliance with a prudential regulatory framework.

The Bank conducts analysis and takes measures to promptly identify any signs of potential anomalies in the intermediaries' technical/organizational structures and urges them to take appropriate corrective measures. Controls cover all aspects of banking operations, with a focus on the solidity of their organizational structures, the quality of risk management and risk mitigation, capital adequacy in the event of losses, fairness and transparency to customers. Specific controls are in place to ensure compliance with anti-money laundering and usury laws, in order to safeguard the integrity of the financial system and prevent illegal conduct.

The Bank of Italy performs both documentary checks - by collecting, processing and systematically analysing a comprehensive set of statistical, accounting and administrative information - and on-site inspections to confirm the quality and accuracy of the data provided by intermediaries and to have a better understanding of their organizational and management arrangements. On-site inspections are tailored to reflect the characteristics, size and complexity of each bank and focus on material risks, corporate governance and internal audit.

In what language can licensing applications be submitted?

Licensing applications may be submitted in any official language of the European Union, at the applicant's discretion, as provided for in Article 24 of Regulation (EU) No. 468/2014.

What documents should be attached to the application?

The information and documents to be attached to licensing applications are listed in Bank of Italy Circular 285/2013 and in the EBA/RTS/2017/08 technical standards. As a rule, the following documents are required:

1. memorandum of incorporation and articles of association;
2. business plan, organizational structure report and corporate governance plan;
3. list of direct and indirect shareholders, by absolute and percentage value of their holdings. For indirect holdings, the entity through which the interest is held must be specified;
4. documents confirming that the direct and indirect qualifying shareholders meet all requirements;
5. proof of payment of capital contributions to the minimum extent required by applicable provisions, issued by the head office of the bank where the payment was made;
6. information on the origin of the money used to pay capital contributions;
7. description of the business group, including by means of charts;
8. fit and proper certificates for members of the management body, including with reference to the interlocking rules laid down in the Article 36 of Decree Law 201/2011;
9. report on the investment and/or payment services to be provided, where applicable.

Depending on their situation and business model, applicants may be required to produce additional documents for preliminary assessments (e.g. an expert analysis for any contributions in kind).

The documents referred to in points d), e) and h) above must be no older than 6 months prior to the date of submission of the licensing application.

How does the Bank of Italy assess a bank's ownership structure?

When assessing licensing applications from newly-incorporated entities, the Bank of Italy pays particular attention to the financial soundness and the quality of shareholders, in order to make sure that the bank will be able to manage start-up risks and, in the event of a crisis, to minimize the costs associated with value destruction.

For this purpose, the Bank of Italy will assess the quality of qualified shareholders (i.e. shareholders that hold at least 10 per cent of shares or voting rights or can exercise a significant influence over the bank) and the financial soundness of the business plan, based on the following criteria: the good repute, ethics, professionalism and expertise of those who, as a result of the acquisition of a qualifying holding, will perform administrative and management functions in the intermediary; the financial soundness of the shareholders of qualified shareholders; the intermediary's ability to comply with the provisions governing its business following the acquisition of qualified shareholders; the suitability of the group structure of the qualified shareholders for the purposes of effective supervision; no grounds to suspect that the acquisition is associated with money laundering or terrorist financing. These assessments are carried out in line with the provisions of Article 19 of the TUB and the Bank of Italy Measure of 26 July 2022.

The analysis of a bank's ownership structure does not result in a separate decision on qualifying holdings or follow the procedures laid down in the relevant legislation, but feeds into the preliminary assessments for licensing purposes.

This analysis is carried out based on the information and documents produced in accordance with the Bank of Italy Measure of 26 October 2021.

How does the Bank of Italy assess a company that is part of a group or a subsidiary?

Preliminary analysis is intended to assess the soundness of the business plan and the transparency and fitness of the proposed ownership structure. If the new bank is part of a group, we will also assess the composition of the group, the location of individual member companies, and the adequacy of the supervisory systems of the countries in which any foreign members of the group are established, so as to make sure that we can effectively perform our supervisory tasks at individual and consolidated level.

What does the Bank of Italy assess in terms of governance and members of the management body and key function holders?

The Bank of Italy assesses the bank's governance structure for risk management capabilities, consistency with the prospective business scope and size, and transparency in the allocation of tasks among corporate boards and in investor relations.

In addition, the Bank of Italy conducts fit and proper (F&P) assessments on members of the management body, general manager and key function holders, which is key to ensure sound and prudent management.

F&P assessments focus on members of the management body, general manager and key function holders' work ethics, independence, expertise and time commitment. F&P assessment rules are laid down in Article 26 of the TUB and in Ministerial Decree 169/2020.

Financial intermediaries are responsible for identifying fit and proper members of the management body, general manager and key function holders, in terms of both the number and the quality of their members. Moreover, they must ensure that the appointees meet F&P requirements and criteria throughout their term of office.

Members of the management body must also comply with the interlocking rules laid down in the Decree Law 201/2011.

When assessing new banks, special attention is paid to the professional profile of members of the management body and key function holders in order to ensure that they are able to cope with start-up risks and, in the event of a crisis, to minimize the costs associated with value destruction.

What should be included in the business plan?

The content of the business plan is covered by Bank of Italy Circular 285/2015. The document, to be drawn up by the directors, must contain:

• an overview of the bank's operations and its prospective business lines;
• a description of its technical and organizational structure, internal control system and IT system;
• provisional budgets for the first three financial years showing investment amounts, expected financial results, and compliance with the prudential requirements for the first three years of operation.

The document must also illustrate a baseline and an adverse scenario, with their economic and financial impact and their effects on prudential profiles, identify the required capital strengthening measures and estimate their costs.

The business plan must contain forecasts at bank level and, where appropriate, at consolidated and sub-consolidated level.

How does the Bank of Italy assess banks' business plans?

The Bank of Italy will assess banks' business plans for: a) their current and prospective sustainability, taking into account the required start-up investment and prospective business volumes; b) compliance with all prudential requirements since inception and throughout the forecast period.

The business plans submitted with licensing applications are assessed based on Sections 7 and 8 of the EBA/GL/2021/12 Guidelines.

Shareholders may be required to commit to providing financial support to the new bank for business development purposes or in the event of financial distress.

How does the Bank of Italy assess banks' business plans?

What should be included in the organizational structure report?

The organizational structure report, in accordance with the supervisory provisions applicable to banks, shall include at least the following:

• composition, role and functioning of corporate bodies;
• composition and role of any committees;
• information on how conflicts of interest are managed and on remuneration policies;
• risk appetite framework, ICAAP and ILAAP regulations;
• internal regulation of credit and finance processes;
• organizational chart with the number of resources allocated to each unit.

With reference to the description of the internal control and risk management system, the documents submitted must specify, for each control function:

• roles, responsibilities and reporting lines;
• responsibilities of function heads;
• number of persons allocated to each unit.

With reference to the IT system and the business continuity plan, applicants are required to outline their backup and disaster recovery systems, as well as providing the name and job description of the IT manager.

Where corporate functions (processes, services or operations) are outsourced, applicants must submit evidence that these arrangements will not prevent the intermediary from complying with legal requirements, affect customer relationships, reduce the quality of the internal control system or hinder internal supervision.

Please refer to the FAQ on this specific point.

What information should be provided on outsourced corporate functions?

Intermediaries can outsource corporate functions (processes, services or operations), including core functions, provided that these arrangements do not prevent the intermediary from complying with legal requirements, affect customer relationships, reduce the quality of the internal control system or hinder internal supervision.

Supervisory provisions require intermediaries to adopt specific corporate policies to ensure that outsourced functions are performed properly, the internal control system works smoothly and external providers' operations are regularly monitored. Applicants outsourcing any corporate functions are required to include the following information, in accordance with the EBA/GL/2019/02 Guidelines:

• a brief description of the outsourced operations;
• the names of external providers, together with a board of directors assessment - for core operations only - of their suitability, both in qualitative and quantitative terms, also considering any other outsourcing contracts they may have with other intermediaries;
• the corporate outsourcing policy document setting out the following basic information, in line with the principle of proportionality: i) the decision-making process for outsourcing corporate functions; ii) the basic content of outsourcing contracts and the expected service levels for outsourced operations; iii) how outsourced functions are monitored; iv) internal information flows intended to ensure the full understanding and governance of the risk factors associated with outsourced functions; v) contingency plans for providers' failure to perform outsourced operations properly;
• a summary of the outsourcing agreement for core operations showing the parties' main rights and obligations; expected service levels, in objective and quantifiable terms, and service performance metrics; any conflicts of interest and the related mitigation measures; the contract duration and renewal terms, as well as mutual obligation provisions for contract termination;
• a description of the measures taken, including organizational measures, to ensure ongoing monitoring of outsourced operations. The document should also specify the internal resources designated as outsourcing managers, whose professional profiles should be in line with this position.

Intermediaries outsourcing corporate functions are required to oversee the risks arising from outsourcing decisions, keep control of and remain responsible for outsourced operations, and retain the technical and management skills required to backsource them. It is understood that corporate boards and the heads of outsourced functions will remain responsible for the overall performance of those operations.

How does the Bank of Italy assess the organization and its internal control system?

A bank's organization and internal control system are assessed for efficiency and consistency with its size and operational complexity.

The Bank of Italy will assess the intermediary's IT system, which must ensure proper operation and compliance with regular supervisory reporting requirements.

Banks may outsource certain functions, depending on their operational complexity; outsourcing agreements shall specify basic service levels and grant the supervisory authority access to the provider's systems.

It is understood that the bank and its corporate boards will remain liable for outsourced operations.

In addition, intermediaries are required to comply with anti-money laundering provisions under Italian law and to cooperate with authorities through know-your-customer processes and the reporting of any suspicious transactions.

The chosen organizational structure will be assessed based on Section 9 of the EBA/GL/2021/12 Guidelines.

Under what situation does a licence lapse?

The licence will lapse if the bank does not start operations within one year of licensing or if it expressly forfeits its license within the same period.

A limited extension for starting operations, normally not exceeding three months, may be granted for cause upon the bank's request, to be submitted at least 60 days before the one-year time limit expires.

The lapse notification shall be issued by the European Central Bank in accordance with Regulation (EU) No. 468/2014.

In cases where the licence has lapsed, the company shall change its corporate purpose in order to exclude the banking business or shall file for liquidation.

Under what conditions is a licence withdrawn?

Without prejudice to cases of licence withdrawal permitted by law, a banking licence shall be withdrawn when: a) the conditions under which it was granted no longer exist; b) it was obtained through misrepresentation;c) it is ascertained that the bank has ceased business for more than six consecutive months;d) the bank is in compulsory administrative liquidation pursuant to Article 80 of the TUB.

The withdrawal decision shall be adopted by the European Central Bank in accordance with Regulation (EU) No. 468/2014.

In cases where the licence is withdrawn, the company shall change its corporate purpose with the aim to exclude the banking business or  to order the liquidation.