CRD6 Third-Country Branch Authorisation: The 11 January 2027 Deadline
A non-EU bank that wants to keep taking deposits, lending, or issuing guarantees in an EU Member State through a branch now has a hard date to work toward: 11 January 2027. On 7 July 2026 the European Banking Authority published its final Guidelines on the authorisation of third-country branches (EBA/GL/2026/08), and they settle the question every affected head-office compliance team has been asking, which is what a third-country branch authorisation application actually has to contain, how the competent authority will assess it, and which parts of the file the branch itself cannot produce.
These Guidelines are a major implementation piece of the framework that CRD6, Directive (EU) 2024/1619, added to the Capital Requirements Directive. Until CRD6, a branch of a third-country credit institution answered to whatever prudential rules its host Member State happened to impose, and those rules varied widely in scope and severity. The new regime replaces that patchwork with a minimum harmonisation floor covering authorisation, capital endowment, liquidity, internal governance, booking arrangements, common reporting, and supervisory practices. The EBA Guidelines translate the authorisation limb of that floor into a concrete list of documents, standard forms, and an assessment method.
This is a change note for the people who will build and file the application: prudential reporting, regulatory affairs, and legal teams inside third-country head undertakings and their prospective EU branches. The window between the 7 July 2026 publication and the 11 January 2027 application date is short for a project that reaches back into the group and requires sign-off from a home supervisor. The sections below walk through the operative dates, the contents of the file, the class 1 or class 2 split that sets your obligations, and the traps that turn a routine market-access exercise into a subsidiarisation problem.
Related reading: our guide to Luxembourg’s CRD VI transposition law, which shows how one Member State is turning the Directive into national requirements.
The dates that drive the branch-authorisation project
CRD6 sets a phased calendar, and the reporting-related provisions came into effect ahead of the rest. Reading the dates in the wrong order is the fastest way to misjudge how much runway a group actually has. The operative dates are:
- 11 January 2026: the amendments concerning Articles 48k and 48l of the CRD, the reporting-linked provisions, became applicable.
- 11 July 2026: the amendment concerning Article 21c(5) of the CRD became applicable.
- 7 July 2026: the EBA published the final Guidelines on the authorisation of third-country branches (EBA/GL/2026/08), three days inside the 10 July 2026 delivery deadline set by Article 48c(8) of the CRD.
- 11 January 2027: the new third-country branch regime applies, and the EBA authorisation Guidelines apply from the same date.
- Two months after the EBA publishes the official-language translations: the deadline for competent authorities to notify whether they comply with the Guidelines under the standard comply-or-explain mechanism.
- 10 January 2027: the outer date by which the EBA is mandated, under Article 48g(9), to issue guidelines on how the internal-governance requirements apply to branches. CRD6 requires the EBA to issue those internal-governance Guidelines by 10 January 2027.
- 10 July 2028: the date by which the EBA must report to the Commission on operations between branches of the same head undertaking authorised in different Member States, under Article 48c(7).
Two of those dates matter more than the others for the application project. The 11 January 2027 date is when an unauthorised branch can no longer carry on the core banking activities, and it is also the point from which existing branches must meet the new minimum requirements. Competent authorities may decide that authorisations granted by 10 January 2027 remain valid, but only where the branch complies with the minimum requirements of the new Title. Grandfathering is conditional, so an existing branch’s old licence does not simply roll over under Article 48c(6), which conditions continuity on meeting the new minimum requirements.
What the CRD6 third-country branch regime actually changes
The trigger for the whole regime sits in Article 21c of the CRD. A third-country undertaking that intends to provide core banking services in a Member State has to establish an authorised branch there first, unless a specific carve-out applies. Core banking services are the ones listed in Article 47(1) and drawn from points 1, 2 and 6 of Annex I to the CRD: taking deposits or other repayable funds, lending, and issuing guarantees and commitments. A firm that only provides MiFID investment services under Annex I, Section A of Directive 2014/65/EU stays outside this regime, and so do the ancillary services attached to them.
The establishment requirement has real exceptions, and they define the edge cases that reporting and legal teams argue about. A branch is not required where the core banking services are provided to EU credit institutions, or to members of the same group established in the Union, or where the service is supplied on the basis of reverse solicitation within the meaning of Article 21c. A contract-grandfathering provision softens the transition for arrangements already in place. These carve-outs are narrow, and the Guidelines are explicit that they cannot be used to disguise ongoing cross-border business.
One point catches teams that come from an investment-firm background. The entities caught include any head undertaking in a third country that would meet the CRR definition of a credit institution if it were established in the Union, which sweeps in investment firms that ought to be re-authorised as credit institutions, for lending and for guarantees and commitments. For deposit-taking, the net is wider still: any third-country undertaking that takes deposits or other repayable funds is caught. A group that has always treated its EU footprint as a securities business should test each entity against Article 47(1) rather than assume the branch regime does not reach it.
What the EBA Guidelines put in the third-country branch authorisation file
Article 48c(8) of the CRD gave the EBA a four-part mandate, and the Guidelines answer it directly. They lay down the list of information to be included in the application submitted by the direct head undertaking, the procedure for authorisation together with the standard forms and templates, the way the competent authority assesses the conditions for granting authorisation, and the conditions under which an authority may rely on information already provided in a prior branch-authorisation process.
The heart of the file is the programme of operations required by Article 48c(3): the envisaged business, the specific activities from Article 47(1) that the branch will carry out, and its organisational structure and risk management as shaped by the internal-governance requirements of Article 48g. Around that core, the application gathers evidence on capital endowment, liquidity, booking arrangements, and reporting, plus information about the head undertaking itself, in particular its compliance with the prudential requirements that apply to it at home. Because a branch has no legal personality separate from its head undertaking, the EBA treats prudential weakness at group level as a direct risk to the branch, which is why so much of the file looks upward into the group rather than only at the local establishment.
Here is the detail that decides who owns the project internally. The Guidelines are addressed to both the competent authorities that receive and assess applications and the third-country head undertakings that submit them. The application is submitted by the direct head undertaking, and a good deal of the required information also concerns the ultimate and intermediary head undertakings. A branch-level compliance function that expects to complete the file on its own will stall, because the reliable version of the group-prudential and home-supervisory information lives at head office and, in part, with the home authority.
The EBA also built in a reliance mechanism that can shorten the file. The mandate to specify when authorities may rely on information provided in a prior branch authorisation has been operationalised as an exemption from re-submitting information that the competent authority already considers reliable against the criteria in the Guidelines. A group opening its second or third EU branch should map what it has already lodged, because the standard forms are designed to let an authority carry forward what it can trust rather than demand the same pack twice.
The application also has to carry a non-opposition statement from the competent authority of the third-country head undertaking. This is separate from the Article 48c(4)(c) condition that the home supervisor be notified of and provided with the application. The home authority has to be looped in and has to signal that it does not object, which means the timeline depends on a party the applicant does not control. Standard letters for requesting information from the third-country authority, a standard submission letter, and a submission template round out the Guidelines, so the mechanics of that exchange are prescribed rather than improvised.
Class 1 or class 2: the classification that sets your obligations
CRD6 sorts every branch into one of two classes, and the class decides how heavy the capital, liquidity, governance, and reporting requirements are. Upon receiving an application under Article 48c, the competent authority assesses the qualifying conditions and classifies the branch as class 1 or class 2 before authorisation, so the authority fixes the class from the application file itself, before any downstream reporting cycle begins.
Article 48a classifies a branch as class 1 where it meets any of three conditions: booked or originated assets in the Member State of at least EUR 5 billion; retail deposits or repayable funds equal to at least 5 percent of total liabilities or exceeding EUR 50 million; or the branch is not a qualifying third-country branch under Article 48b. Class 2 applies only where none of those Article 48a conditions is met.
The equivalence limb is where a well-run branch can still land in class 1 through no fault of its own. The EBA keeps a public register of third countries and third-country authorities that meet the qualifying conditions. If your home country is not on that register, the competent authority classifies the branch as class 1 pending a Commission decision on the equivalence of the home banking framework. The register check, not branch size, decides class 2 status, and the difference in obligations between the two classes is large enough to make that check worth doing early.
Capital endowment and liquidity: the numbers to evidence
The capital endowment requirement in Article 48e is one of the most concrete parts of the file, and the figures differ by class. A class 1 branch has to maintain a minimum capital endowment of at least 2.5 percent of its average liabilities over the three immediately preceding annual reporting periods, subject to a floor of EUR 10 million. A class 2 branch faces 0.5 percent on the same basis, subject to a floor of EUR 5 million. For a newly authorised branch the percentage runs off the liabilities at the time of authorisation. The averaging periods and the floors are why the endowment sits inside the reporting workstream rather than beside it: the number you certify at authorisation is a function of reported liabilities.
The instruments that satisfy the requirement are limited to cash and cash-assimilated instruments as defined in the CRR, debt securities issued by central governments or central banks of Member States, and any other instrument available for unrestricted and immediate use to cover losses as they occur. The EBA has issued separate guidelines specifying that third category of instrument, published earlier in 2026 under the Article 48e(4) mandate. The operational sting is the custody condition: the endowment instruments have to sit in an escrow account in the Member State of authorisation, held with a credit institution outside the head undertaking’s group or, where national law allows, with the central bank. Those assets are earmarked for use under Article 96 of the Bank Recovery and Resolution Directive in resolution and for winding-up, so this is ring-fenced capital, not a line the group can sweep.
Liquidity under Article 48f follows the same class logic. Every branch has to hold, at all times, enough unencumbered and liquid assets to cover its net outflows over a minimum 30-day horizon. A class 1 branch also has to comply with the liquidity coverage requirement in Part Six, Title I of the CRR and Commission Delegated Regulation (EU) 2015/61, which is the full LCR that EU institutions already run. Competent authorities may waive the branch liquidity requirement for qualifying branches, so a branch whose home framework is recognised as equivalent has a route to relief that a non-qualifying branch does not. The liquid assets carry their own custody condition, mirroring the endowment. Teams that already produce LCR and ALMM returns will recognise the shape of this obligation, and it is worth mapping it against our guide to LCR, NSFR and ALMM liquidity reporting before deciding what the branch can lean on from group systems.
Booking arrangements and the registry book
Article 48h introduces a requirement that has no direct equivalent in the ordinary credit-institution rulebook, and it is the one most likely to be underestimated because it looks like a documentation task. A branch has to maintain a registry book that tracks and records all the assets and liabilities it books or originates in the Member State, and it has to be able to manage those assets and liabilities autonomously. The registry book has to carry enough information on the risks the branch generates and on how they are managed. On top of the book, the branch needs a documented booking-arrangements policy that the head undertaking’s governing body approves, with a clear rationale for the arrangements and a demonstration that they align with the branch’s business strategy. An independent written and reasoned opinion on compliance has to be prepared regularly and sent to the competent authority.
The booking detail also survives the subsidiary-like route, which is a trap the EBA flags in the Guidelines. A Member State can choose to apply the same requirements to a branch that it applies to credit institutions, treating the branch like a subsidiary. Even then, the branch-specific obligations that credit institutions do not face, such as booking arrangements for originated business, still apply. So a group that expects a subsidiary-like Member State to spare it the booking work has misread the interaction: the parts of the EBA Guidelines covering these branch-specific requirements apply to those applications too. The methodology for tracking booked and originated positions, including off-balance-sheet items and positions booked remotely in other group entities, is covered by the EBA final draft RTS on booking arrangements, published on 9 January 2026 for submission to the Commission.
Territorial scope, reverse solicitation, and the subsidiarisation trigger
A branch authorisation is territorial, and this is the single most consequential thing to get right about the regime. The authorisation lets the branch conduct its activities only within the Member State that granted it. Branches do not get passporting rights, so a branch cannot use one authorisation to service clients across the Union. The authorisation itself has to prohibit the branch from offering the activities in other Member States on a cross-border basis, with two exceptions: intragroup funding transactions with other branches of the same head undertaking, and transactions arising from reverse solicitation under Article 21c.
Reverse solicitation is new to banking supervision, though the capital-markets world has lived with it for years, and the EBA reads the concept consistently with established reverse-solicitation practice under other EU financial-services regimes. That continuity tells you how strictly it will be read. At the authorisation stage the Guidelines take the point further. Because a branch only comes into existence once it is authorised, it can have received nothing on a client’s exclusive initiative beforehand, so the financial forecasts in the business plan have to exclude any activity assumed to arrive through reverse solicitation. A business plan that pencils in cross-border revenue on a reverse-solicitation theory hands the assessing authority exactly the red flag it is told to look for.
Cross the territorial line and the consequence lands at the level of legal form, well beyond a fine. Under Article 48i, competent authorities have the power to require a branch to apply for authorisation as a subsidiary under Title III where it has serviced clients or counterparties in other Member States in breach of the territorial scope. The same subsidiarisation power applies where the branch meets the Article 131(3) indicators or is assessed under Article 48j as systemically important and poses significant financial-stability risk, or where the aggregate assets of all third-country branches in the Union belonging to the same third-country group are at least EUR 40 billion, or the branch’s assets on its book in the Member State are at least EUR 10 billion. Article 48j sets out the systemic-importance assessment that sits behind those thresholds, measured on reported assets and excluding assets tied to central-bank market operations with ESCB central banks. For a large third-country group, the branch route has a ceiling, and the reporting that measures the group against it is not optional.
The reporting dimension that feeds the thresholds
Every number that matters in this regime, the endowment percentage, the class-1 asset test, the EUR 40 billion group threshold, is a reported figure. CRD6 places the reporting obligations in a dedicated sub-section of the new Title, and the EBA has published its final Report on the draft ITS for TCB supervisory reporting, setting out uniform formats, definitions and reporting frequencies for submission to the Commission. The CRD6 amendments concerning Articles 48k and 48l apply from 11 January 2026, but the EBA final draft ITS states that the TCB reporting requirements apply from the 31 March 2027 reporting reference date. Treat 2026 as the legal and technical build window, not as the first live branch-reporting cycle.
For a reporting team, the practical work is deciding what can be reused from existing prudential returns and what is genuinely new. The classification tests and the systemic-importance thresholds draw on figures that overlap with the balance-sheet and exposure data already flowing through our COREP reporting guide, but the branch returns are their own schema and their own scope. The reporting side of the framework deserves its own read, and it is covered in the EBA’s harmonised third-country branch reporting standards. Building the authorisation file without a view of the reporting obligations is how a group ends up certifying an endowment figure it cannot subsequently reproduce in a supervisory return.
How competent authorities will assess the file
The EBA adapted its existing licensing products to the specifics of a branch, drawing on its established methodology for the authorisation of credit institutions. That lineage is useful for anyone who has run a credit-institution licensing project, because the assessment logic will feel familiar even though the object is a branch with no separate legal personality.
Three parts of the assessment involve a party outside the applicant, and each adds calendar time. The competent authority has to consult the national anti-money-laundering and counter-terrorist-financing supervisor and obtain written confirmation that the money-laundering condition is met before it authorises the branch, under Article 48c(5). The authority should also endeavour to conclude an administrative agreement with the home supervisor, based on the model administrative arrangements the EBA develops under Article 33(5) of Regulation (EU) No 1093/2010, before the branch starts up, and it reports any such agreement to the EBA; where a formal agreement is not possible, an exchange of letters can serve instead. And the home authority has to have received the application and, per the press release, provided its non-opposition statement. In authorisation builds, third-party sign-offs are usually the items most likely to slip, not the branch’s own documents, so those three dependencies belong at the front of the plan, not the back.
The grounds on which an authority can refuse or withdraw an authorisation are set out in Article 48d, and two of them look through the branch to the group. An authorisation can be refused or withdrawn where the branch does not meet the Article 48c requirements or national law, and, importantly, where the head undertaking or its group does not meet the prudential requirements that apply to it under third-country law, or there are reasonable grounds to suspect it will breach them within the following twelve months. The branch even has to notify its competent authority promptly if that group-level concern arises. Because the assessment reaches into SREP as well, groups will want to read the branch section against the EBA’s revised SREP guidelines, which now carry a dedicated treatment of branches.
Frequently Asked Questions
Do the EBA authorisation Guidelines apply to my branch directly, or only to my supervisor?
The Guidelines are formally addressed to both the competent authorities that receive and assess applications and the third-country head undertakings that submit them. Because the standard forms and the list of information define exactly what the authority will ask for, treat them as the specification for your application file: your head undertaking is a named addressee, not merely an onlooker.
We already run an EU branch under national rules. Are we grandfathered?
Only conditionally. Article 48c(6) lets competent authorities decide that authorisations granted by 10 January 2027 remain valid, but the branch still has to comply with the minimum requirements of the new Title from 11 January 2027. Existing branches should run a gap analysis against the capital-endowment, liquidity, booking, governance, and reporting requirements rather than assume continuity.
How do we know whether we are class 1 or class 2 before we apply?
The competent authority assigns the class when it assesses the application, but you can predict the outcome. Test yourself against the three class-1 conditions in Article 48a: EUR 5 billion or more in booked or originated assets; retail deposits or other repayable funds at 5 percent of total liabilities or above EUR 50 million; or the branch failing to meet the Article 48b conditions for a qualifying third-country branch, which cover home-country equivalence, supervisory confidentiality, and AML/CFT high-risk-country listing. Check the EBA public register for your home country, because absence from it means the equivalence limb of Article 48b is not met, which puts the branch into class 1 by default pending a Commission equivalence decision.
What exactly is the capital endowment, and can the group fund it from home?
It is a minimum pool of loss-absorbing assets: 2.5 percent of average liabilities for class 1 with a EUR 10 million floor, or 0.5 percent with a EUR 5 million floor for class 2. It has to be held in an escrow account in the Member State of authorisation with a credit institution outside your group, or with the central bank where national law allows, and it is reserved for resolution and winding-up under Article 96 of the Bank Recovery and Resolution Directive. The group provides the assets, but it cannot keep control of them once they are lodged.
Can one branch authorisation cover several Member States if we passport it?
No. A branch authorisation is territorial and carries no passporting rights. The only cross-border activity permitted is intragroup funding between branches of the same head undertaking and business arising from genuine reverse solicitation. Servicing clients in another Member State can trigger the Article 48i power to require you to subsidiarise.
The booking-arrangements requirement looks like paperwork. Is it?
The requirement runs deeper than documentation. Article 48h requires an operational registry book that tracks every asset and liability the branch books or originates, a booking policy approved by the head undertaking’s governing body, and a regular independent written opinion sent to the supervisor. The branch also has to be able to manage those positions autonomously, which is a systems and governance requirement that a written procedure alone cannot satisfy.
When does the home supervisor come into the process?
Early and more than once. The home authority has to be notified of and provided with the application, it provides a non-opposition statement that the application must carry, and your host authority will try to conclude an administrative agreement with it before the branch commences. These are dependencies on a party you do not control, so start the home-supervisor engagement as soon as the file’s shape is clear.
Related Articles
- CRD VI Luxembourg Transposition Law 2026 – How one Member State is turning Directive (EU) 2024/1619 into national requirements, including the branch regime.
- EBA Third-Country Branch Reporting – The harmonised common reporting standards that feed the classification and systemic-importance thresholds.
- Liquidity Reporting: LCR, NSFR and ALMM – The liquidity returns a class 1 branch will recognise in the Article 48f coverage requirement.
- COREP Reporting Explained – The prudential reporting backbone that overlaps with the data behind the branch tests.
- EBA Revised SREP Guidelines: ICAAP, ILAAP, Pillar 2 Capital – The supervisory review framework whose branch section shapes ongoing supervision after authorisation.
- EBA Capital Framework Simplification and Stacking Orders – Wider context on how the EBA is arranging prudential capital requirements.
Key Takeaways
- From 11 January 2027 a third-country undertaking must hold a CRD6 branch authorisation to take deposits, lend, or issue guarantees in a Member State, and the EBA’s 7 July 2026 Guidelines (EBA/GL/2026/08) define the application.
- The application centres on the Article 48c(3) programme of operations, plus capital-endowment, liquidity, booking, and reporting evidence, and head-undertaking prudential information that the branch cannot produce alone.
- Classification into class 1 or class 2 is set by the competent authority at application and drives the capital, liquidity, governance, and reporting load; a home country absent from the EBA register defaults to class 1.
- Capital endowment is 2.5 percent of average liabilities with a EUR 10 million floor for class 1, or 0.5 percent with a EUR 5 million floor for class 2, held in a ring-fenced escrow account in the Member State.
- Branch authorisations are territorial with no passporting; breaching the territorial scope, or hitting the EUR 40 billion group or EUR 10 billion branch asset thresholds, can trigger forced subsidiarisation under Article 48i.
- Reverse solicitation cannot be forecast in the authorisation business plan, and the EBA reads the concept as strictly as other EU financial-services regimes read their own reverse-solicitation carve-outs.
- Third-party sign-offs, the AML/CFT written confirmation, the home-supervisor administrative agreement, and the non-opposition statement, are the dependencies most likely to slip, so they belong at the front of the plan.
- Existing branches are only conditionally grandfathered under Article 48c(6): they must meet the new minimum requirements from 11 January 2027.
Sources and References
- EBA press release, “The EBA publishes final Guidelines on the authorisation of third-country branches under the Capital Requirements Directive”, 7 July 2026: eba.europa.eu
- EBA, Final Report, “Guidelines on the authorisation of third-country branches” (EBA/GL/2026/08), 7 July 2026: Final Report (PDF)
- Directive (EU) 2024/1619 amending Directive 2013/36/EU (CRD6), Articles 21c, 47, 48a to 48j: eur-lex.europa.eu/eli/dir/2024/1619
- Directive 2013/36/EU (Capital Requirements Directive), consolidated text as amended by CRD6 (applicable version 11 January 2026): eur-lex.europa.eu/eli/dir/2013/36
- EBA press release, “EBA sets out harmonised reporting standards to enhance the oversight of third-country branches” (final Report on draft ITS on TCB supervisory reporting, first reference date 31 March 2027), 5 March 2026: eba.europa.eu
- EBA press release, “The EBA publishes final draft technical standards on booking arrangements” (final Report on draft RTS on booking arrangements, EBA/RTS/2026/01), 9 January 2026: eba.europa.eu
- Commission Delegated Regulation (EU) 2015/61 (liquidity coverage requirement), referenced by Article 48f; Directive 2014/59/EU (Bank Recovery and Resolution Directive), Article 96, referenced by Articles 48e and 48f.
What to put on the critical path before January 2027
The branch-authorisation project is a group-level build with external dependencies, and it outgrows what a local team can finish in the last quarter of 2026. It reaches into the group for prudential information, it depends on two supervisors outside the applicant, and it certifies capital and liquidity numbers that have to reconcile with reported returns. The order of work follows the dependencies. Confirm the class by running the Article 48a triggers and the register check, because the class sets the size of everything downstream. Open the home-supervisor and AML/CFT engagements early, since their sign-offs gate authorisation. Then build the programme of operations, the endowment and liquidity evidence, and the booking policy against the standard forms, using the reliance exemption to avoid re-lodging what a supervisor already trusts. A group that starts from the deadline and works backward through those dependencies has enough runway. A group that starts from its own documents and treats the supervisors as a formality does not.
Last updated: July 2026
Disclaimer: The information on RegReportingDesk.com is for educational and informational purposes only. It does not constitute legal, regulatory, tax, or compliance advice. Always consult your compliance officer, legal counsel, or the relevant supervisory authority for guidance specific to your institution.