Skip to content

AI-generated content: Responses are generated by AI, automatically assembled and may contain errors. Conformi is a research tool and does not replace legal advice or case-by-case legal review. All responses should be verified using the linked original sources.

Conformi/Knowledge Base/Financial services/CRD IV
💰For financial services

Capital Requirements Directive IV (CRD IV) — Directive 2013/36/EU on Access to Credit Institution Activity and Prudential Supervision

Analysis from 17 April 20262 sourcesConsolidated versionEUR-Lex Original

Does our bank's governance, capital planning and bonus structure survive the next SREP cycle — and what happens if it does not?

Credit institutions and investment firms operating in the EU must permanently meet CRD IV governance, ICAAP, capital-buffer and remuneration requirements — breaches can trigger administrative penalties of up to 10 % of annual net turnover, and the compliance function should verify alignment ahead of each annual SREP review.

Short Answer

CRD IV sets out the rules under which credit institutions and investment firms access their business, are governed, and are supervised across the EU [Art. 1]. It mandates a comprehensive internal capital adequacy assessment process (ICAAP) [Art. 73], robust governance arrangements including an independent risk management function [Art. 74, Art. 76], a bonus cap limiting variable remuneration to 100 % of fixed pay — or 200 % with qualified shareholder approval [Art. 94(1)(g)], and a layered system of CET1 capital buffers including a 2.5 % capital conservation buffer [Art. 129]. Competent authorities conduct at least annual Supervisory Review and Evaluation Process (SREP) reviews and can impose additional own funds requirements (Pillar 2) [Art. 97, Art. 104].

Who is affected

All credit institutions authorised under the Directive and investment firms as defined by Art. 4(1)(2) of Regulation (EU) No 575/2013 operating in the EU. Financial holding companies and mixed financial holding companies with head offices in the Union are also covered for certain provisions [Art. 2(4)]. Central banks and post office giro institutions are excluded [Art. 2(5)].

Deadline

No upcoming transposition deadline — fully applicable since 31 December 2013, with capital buffers (Title VII Chapter 4) effective since 1 January 2016 and G-SII buffers at 100 % since 2019 [Art. 162]. The key ongoing obligation is the annual SREP cycle: competent authorities update their review at least annually for systemically important institutions [Art. 97(4)].

Risk

Administrative pecuniary penalties of up to 10 % of total annual net turnover for legal persons, or up to EUR 5 000 000 for natural persons [Art. 66(2), Art. 67(2)]. For subsidiaries, the relevant turnover is calculated on the consolidated account of the ultimate parent [Art. 67(2)]. Additional measures include withdrawal of authorisation [Art. 67(2)(c)], temporary bans from management functions [Art. 67(2)(d)], and mandatory public disclosure of penalties on the competent authority's website for at least five years [Art. 68].

Proof

Legal status

  • In force
  • as of 2026-04-17
  • Consolidated version

Primary sources

What to do now

Legal / DPO

  • Verify that the management body composition complies with fit-and-proper requirements and directorship limits — significant institutions' board members may hold at most one executive plus two non-executive directorships simultaneously [Art. 91(1), Art. 91(3)].
  • Confirm that the institution's shareholder notification obligations for qualifying holdings are properly mapped and that internal reporting triggers are in place for each threshold crossing at 20 %, 30 % and 50 % [Art. 22(1), Art. 26(1)].
  • Review whether the remuneration framework caps variable pay at 100 % of fixed remuneration — or at 200 % if a qualified shareholder vote has been obtained — and that the approval procedure is documented and reported to the competent authority [Art. 94(1)(g)].

Compliance

  • Ensure the ICAAP documentation is current and proportionate to the nature, scale and complexity of the institution's activities, and that it has been subject to internal review in the current year [Art. 73].
  • Map all five capital buffer layers — capital conservation (2.5 %), countercyclical, G-SII, O-SII and systemic risk buffer — to the institution's CET1 position and verify that the combined buffer requirement is met; non-compliance triggers automatic distribution restrictions [Art. 128, Art. 129, Art. 141].
  • Prepare for the annual SREP by collating current stress-test results, business-model analysis and governance-arrangement evidence, since the competent authority's review covers all of these elements [Art. 97, Art. 98].

IT / Security

  • Implement and document IT arrangements for new and existing branches as required in the branch passport notification, including disaster recovery and data-centre resilience details [Art. 3(2)(d)(iii) of Delegated Regulation 1151/2014 pursuant to Art. 35(5)].
  • Ensure that operational-risk policies explicitly cover IT risk, model risk and business-continuity scenarios, and that contingency plans are tested and can limit losses during severe disruption [Art. 85].
  • Support the independent risk management function with adequate IT systems for real-time risk aggregation and reporting, since SREP reviews assess whether risk data infrastructure is fit for purpose [Art. 76(5), Art. 97].

Product / Engineering

  • Check that any new lending product or customer-facing activity is reflected in the branch's programme of operations and that the competent authority has been notified before cross-border expansion [Art. 35, Art. 39].
  • Ensure liquidity risk management systems are calibrated for each product line, currency and legal entity, including intra-day monitoring and alternative-scenario stress testing [Art. 86(1), Art. 86(8)].
  • Verify that the risk committee reviews whether the pricing of liabilities and assets offered to clients properly reflects the institution's risk strategy, and that any remedy plan required is escalated to the management body [Art. 76(3)].

Key Terms

ICAAP (Internal Capital Adequacy Assessment Process)
Obligation for institutions to maintain sound strategies and processes to assess the amounts, types and distribution of internal capital adequate to cover their risks on an ongoing basis [Art. 73].
SREP (Supervisory Review and Evaluation Process)
The process by which competent authorities review an institution's arrangements, strategies, processes and mechanisms and evaluate whether own funds and liquidity ensure sound risk management and coverage [Art. 97].
Capital conservation buffer
A mandatory Common Equity Tier 1 buffer equal to 2.5 % of total risk exposure amount, held in addition to Pillar 1 requirements [Art. 129].
G-SII (Global Systemically Important Institution)
An institution identified as globally systemically important, subject to an additional CET1 buffer ranging from 1 % to 3.5 % depending on its systemic importance sub-category [Art. 131(4)].
O-SII (Other Systemically Important Institution)
An institution identified as systemically important at domestic level, subject to an additional CET1 buffer of up to 2 % [Art. 131(5)].
Combined buffer requirement
The total CET1 capital needed to meet the capital conservation buffer plus, where applicable, the countercyclical, G-SII, O-SII and systemic risk buffers [Art. 128(6)].
Qualifying holding
A direct or indirect holding in an institution representing 10 % or more of the capital or voting rights, or which makes it possible to exercise significant influence over the management of that institution [Art. 22(1), CRR Art. 4(1)(36)].
Management body
The body of an institution with ultimate decision-making authority, encompassing both its management and supervisory functions. Members must satisfy fit-and-proper requirements [Art. 91].
?

Frequently Asked Questions

What is the bonus cap under CRD IV?
Variable remuneration must not exceed 100 % of the fixed component. With a qualified shareholder vote (at least 66 % majority with 50 % quorum, or 75 % of represented ownership rights), this cap can be raised to 200 % [Art. 94(1)(g)].
What capital buffers does CRD IV require?
CRD IV introduces five buffers on top of the Pillar 1 minimum: a 2.5 % capital conservation buffer [Art. 129], an institution-specific countercyclical buffer [Art. 130], a G-SII buffer of 1–3.5 % [Art. 131(4)], an O-SII buffer of up to 2 % [Art. 131(5)], and a systemic risk buffer [Art. 133]. All must be held in Common Equity Tier 1 capital.
What happens if an institution does not meet the combined buffer requirement?
The institution faces automatic restrictions on distributions — it may not make dividend payments, pay variable remuneration or make payments on Additional Tier 1 instruments beyond the maximum distributable amount (MDA) calculated under [Art. 141].
How often does the SREP take place?
Competent authorities determine frequency and intensity based on the institution's size and systemic importance. For institutions covered by the supervisory examination programme, the review is updated at least annually [Art. 97(4), Art. 99].
What governance requirements does CRD IV impose on the management body?
The management body must define, oversee and be accountable for governance arrangements including risk strategy, internal controls, financial integrity and segregation of duties [Art. 88(1)]. The chairman of the supervisory function must not simultaneously serve as CEO unless authorised by the competent authority [Art. 88(1)(e)]. Significant institutions must establish a risk committee and a nomination committee [Art. 76(3), Art. 88(2)].
Who is excluded from the scope of CRD IV?
Central banks, post office giro institutions (where applicable under national law), and the access of investment firms to activities regulated under MiFID are excluded [Art. 2(5)].
What supervisory powers can the competent authority exercise under Pillar 2?
Competent authorities can require additional own funds above Pillar 1 minimums, restrict business activities, demand divestment of risky positions, limit variable remuneration, and require enhanced governance and risk-management arrangements [Art. 104(1)].
3

Assessment Factors & Checklist

Premium
Start 7-day free trial
4

Questions for Your Lawyer

Premium
Start 7-day free trial
5

Conclusion & Summary

Premium
Start 7-day free trial

Detailed analysis with source links.

Schalten Sie die KI-Analyse frei — mit markierten Fundstellen und direkten Links zu EUR-Lex. 7 Tage kostenlos testen.

Start 7-day free trial

Keine Kreditkarte heute. Kündigung jederzeit.