The European Banking Authority is consulting on new regulatory technical standards detailing information for acquirors of qualifying holdings to provide. These EBA RTS are set to establish a harmonized set of minimum information across EU jurisdictions to support the supervisory assessment of proposed acquisitions under the revised Capital Requirements Directive (CRD VI). If adopted as currently proposed, the RTS will introduce fundamental changes and additional requirements compared to current rules, such as the German Shareholder Control Ordinance (Inhaberkontrollverordnung, “InhKontrollV”).
Trust structures
Where the proposed acquirer is a trust or a similar structure, the draft RTS require detailed disclosures to enhance transparency and supervision.
Trusts must identify all key individuals involved – such as trustees, asset managers, settlors, beneficiaries, and protectors – by providing personal details, identity documents, and (for the trustees asset managers) detailed CVs. In addition, trusts must also submit the trust deed, describe the trust’s legal features and functioning, investment policy, investment restrictions and exit strategies. The draft RTS also require information on the method of financing the trust and resources ensuring the financial soundness of the trust to support the target institution, requirements which are not foreseen in the current German rules.
UCITS, AIFs and investment decision makers
The RTS require not only disclosure of the investment policy for UCITS (Undertakings for Collective Investment in Transferable Securities) and AIFs (Alternative Investment Funds) but also the identity and suitability of the individuals responsible for investment decisions. Where relevant, historical performance of the fund’s qualifying holdings must also be supplied. These requirements go beyond current German rules which only contain specific requirements for sovereign wealth funds, private equity funds and hedge funds.
Extension of reliability criteria
Certain aspects of the reliability assessment are extended both for proposed acquirors that are natural persons as well as for managing directors of proposed acquirors that are legal persons. The RTS (see, in particular, Article 2(1)(a)) require disclosure not only of criminal proceedings and certain regulatory actions but also of a much wider range of potentially negative factors, including any breaches of laws or regulations.
In addition, natural persons are required to provide information on experience in IT, cybersecurity, digital innovation, and (where relevant) crypto-assets and distributed ledger technology (DLT). The InhKontrollV has not, to date, mandated this level of detail in CV disclosures.
More detailed requirements on the proposed acquisition
Under Article 5 of the draft RTS, acquirors must provide granular detail on the shares to be acquired, including market value, proposed acquisition price, and the methodology used for determining the price. The information on the proposed acquisition includes information on prudential waivers available to the target institution as a result of the acquisition.
This is a significant expansion compared to the InhKontrollV which does not require such detailed pricing and valuation information.
Financing and source of funds: Enhanced obligations
Article 7 of the proposed RTS contains a more detailed set of requirements to substantiate the origin of acquisition funds:
- Description of activities generating funds: Acquirors must document the economic activity generating the acquisition capital and submit supporting evidence, such as financial statements or tax records.
- Anti-money laundering: There must be explicit proof that funds do not originate from money laundering or terrorist financing.
- Asset sales: If assets are sold to finance the deal, details, appraisals, and conditions of sale must be submitted.
- Debt financing: Detailed information is required on lenders, the rationale for using debt, the debt repayment plan (including contingencies around target institution dividend payments), and any planned refinancing within three years.
- Non-bank lenders: If a non-credit or non-financial institution is the lender, additional information on the lender’s activity, legal form, and contractual control rights is required.
- Crypto-asset transfers: The RTS also require detailed information and traceability when crypto-assets are used.
By contrast, German regulation requests evidence about the origin and sufficiency of funds but not at the same level of granularity, especially for debt structures or crypto-asset transactions.
New business plan requirements based on shareholding
Similar to the current regime, the RTS clearly differentiate the requirements for business plans according to the anticipated shareholding/influence. However, the information to be provided deviates (drastically in some elements) from what has been provided for in the InhKV.
In particular:
- Up to 20%: Strategic intentions
The RTS introduce the new requirement to disclose whether the investment is strategic or a portfolio holding, the period for which the holding is intended, and whether further changes to the holding are planned (Article 8(1) RTS). - Between 20% and 50%: Light touch business plan
Acquirors must provide a light-touch business plan outlining medium-term financial goals, strategy for influencing the target, and potential redirection of business or products (Article 9 RTS). Under the InhKontrollV, financial information is usually only required for controlling acquisitions. - 50% or more: Full business plan
For an anticipated holding of 50%, the RTS retains the requirement to provide a three-year business plan. The baseline and adverse (stress) scenarios which are typically requested by the regulators in practice are now specifically set forth in the RTS. The RTS further cover certain regulatory forecasts which are also foreseen under the InhKontrollV, such as the CRR capital ratios. However, it also covers forecast calculations of additional ratios such as the large exposure limits and more detailed risk assessments, including operational risks, fraud ICT and cyber-security risks, significant risks related to the third-party service providers, inherent AML risks and ESG risks.
Technology and outsourcing: New specific disclosures
ICT and outsourcing risks are a new focus of the RTS, reflecting DORA (the Digital Operational Resilience Act).
Acquirors must set out the impact of the proposed acquisition on the governance arrangements, which cover, in addition to the current German rules, the overall IT and technology architecture and to the policy relating to ICT third-party service providers of critical or important functions data flowcharts, in-house and external software used and the essential data and systems security procedures and tools including back-up, business continuity plans and audit trails.
Surprisingly, the RTS also provide for the requirement to outline any update of the recovery plan that may be necessary following the proposed acquisition. This seems to be difficult to implement in practice, given that recovery plans are typically kept very confidential by the institutions and are usually not shared with proposed acquirors in the due diligence.
Further extensions of information required
The RTS provides for additional disclosure requirements with regard to the integration of the target in the proposed acquiror’s group, including description of the strategy, timeline and governance structure of the integration within the group, and an outline of the envisaged workstream projects.
It also requires the due diligence report and internal approval documents for the proposed acquisition and the minutes of the competent decision-making body, all of which are currently not foreseen in the InhKontrollV.
Reduced information for certain indirect acquisitions
There are more limited information requirements for AIFs or UCITS that are intermediate entities in the same group under the control of an ultimate beneficial owner. The RTS also applies more limited requirements where a holding is transferred to a new indirect holding within the same group. These two exemptions are more tailored and explicit than the German regime, which, however, needs to be interpreted in line with the recent ECJ ruling on indirect acquisitions (see our previous blogpost: ECJ ruling simplifies intra-group reorganisations of regulated banks).
Under the draft InhKontrollV which has been published for consultation on 20 May 2025, more far-reaching exemptions apply to notifying parties which are part of a group, do not qualify as parent entity of such group and are not the direct acquirer of the target.
Impact and next steps
The EBA’s draft RTS reshape some of the requirements on the information to be provided when intending to acquire a qualifying holding. Even though some of these developments merely rollover existing requirements, the RTS also contain some significantly tighter rules and include requirements, such as the obligation to submit information on potential changes to the resolution plan, which are likely to be difficult to implement in practice. It remains to be seen which of these requirements will make it into the final version.
The EBA’s consultation closes on 18 September 2025. If you have any questions, please contact our regulatory specialists.