New Report on non-bank lending

This week, the European Banking Authority (EBA) published its Report on non-bank lending in response to the European Commission’s February 2021 Call for Advice.

I have summarized the most important takeaways for you:

The EBA is notably putting forward proposals aiming at addressing risks arising from the provision of lending by non-bank entities in the areas of supervision, consumer protection, anti-money laundering and countering the financing of terrorism (AML/CFT), macro and microprudential risks.

Key takeaways

• ?The EBA stressed the analysis of the regulatory regimes currently in place shows that non-bank lending remains largely unharmonised across the EU. In some cases, a specific authorisation or registration is needed to carry out lending activities, and entity-based requirements are applied; in other cases, there are no entity-based requirements but only activity-based ones, while in some other cases the activities may be unregulated and there may not be prudential or business conduct requirements applicable.

Key EBA proposals:

Regarding the prudential perimeter and supervision of non-bank lenders

• Harmonising and strengthening authorisation and supervision requirements in the CCD and MCD as these may be the only requirements that will enable authorities to conduct supervision on non-banking firms.
• Revising the definitions of ‘financial holding company’, ‘ancillary services undertaking’ and ‘financial institution’ to close existing loopholes with regard to prudential consolidation.
• Considering the extension of consolidation rules (through adapting the existing CRR/CRD or new bespoke rules) to ensure that non-bank entities adequately capture the specific nature and inherent risks of non-bank groups carrying out financial services, including lending.
• Improving rules on reporting on credit activity carried out by non-bank lenders.
• Providing more clarity in the identification and respective responsibilities of home and host supervisory authorities regarding the provision of cross-border non-bank lending.

Regarding the consumer protection framework

• Retaining the current Commission proposal amending the CCD so as to cover those entities currently outside its scope as well as business models that have become progressively more relevant for non-bank lending (e.g. Buy-Now-Pay-Later).
• Enhancing the requirements for disclosure of information, credit advertising, commercial practices and out-of-court complaint handling and ensure that they are fair, effective and well suited for lending via digital means.
• Strengthening the requirements for creditworthiness assessment and ensure that it is conducted also in the interest of consumers, in particular when innovatory artificial intelligence (AI) tools are used.

Regarding AML/CFT risks

• Covering all non-bank lenders in a more comprehensive way in the EU-wide AML/CTF framework, to ensure greater harmonisation and that such entities are captured as “obliged entities”.

Regarding macro prudential risks

• Considering the set-up of a standardised reporting infrastructure at EU level (possibly leveraging on, and avoiding overlaps with, existing monitoring tools), to enable an appropriate mapping and obtain one integrated overview of macroprudential risks and vulnerabilities.
• Developing the EU-wide activity-based minimum rules, based on a minimum and proportionate harmonisation of the main elements of already widely applied activity based instruments, allowing for the possibility to introduce activity-based macroprudential measures to cover all credit providers.

Regarding micro prudential risks

• Considering the benefits and costs of minimum common requirements for non-bank lenders to enhance the resilience of the nonbanking sector.

In more detail

?The Report is structured along six key parts:

1. Market developments and trends
2. Legislative framework applicable to bank and non-bank lending
3. Non-bank lending at national level
4. Business models and regulatory regimes for non-bank lending
5. Key risks and regulatory/supervisory issues
6. Policy proposals (see above)

?Predictably, the most important aspects of the EBA’s work and thinking could be found in the last two parts.

?Key risks and regulatory/supervisory issues

?The EBA notes that even though non-bank lenders typically operate in a relatively risky credit segment, most of the competent authorities did not raise immediate major prudential or supervisory concerns. However, some Member States and/or NCAs already consider non-bank lenders important enough for the financing of their economy or for the risks they may entail to financial stability, and have decided to regulate them at a national level. While the volume of FinTech and BigTech lending at the moment remains limited compared to traditional bank lending, many authorities are of the view that its trends must be monitored closely, due to the fast-paced growth experienced by these companies over recent years and their potential to increase their activities rapidly.

?The EBA also stresses some concerns related to the limited visibility over cross-border activities of firms providing their services via digital means:

• Regulatory arbitrage: In the absence of a common framework, a financial institution that markets and sells products in a host member state might not be subject to the same conditions and/or restrictions as a local financial institution. As these activities are not licensed under a European-wide regulation including common definitions, host authorities may face challenges to enforce effectively the applicable prudential requirements.
• Home-host issues: The allocation of responsibilities between home and host supervisors remains unclear in many instances partly due to the different approaches that the various EU directives and regulations have taken in assigning responsibilities. Moreover, when lending is carried out almost exclusively by digital means, it may be difficult to determine whether these activities are conducted via the Freedom to Provide Services (FoS) or Right of Establishment (RoE), and therefore to identify which competent authority is responsible for supervising how the service is provided.
• Reporting: Due to a lack of reporting obligations for cross-border lenders, both home and host CAs may not have access to information relating to their lending activities and the performance of such entities.
• Functioning of the single market: a few authorities expressed their concerns at the fact that a lack of harmonisation of regulatory requirements (e.g. in customer onboarding and consumer protection) hinders greater cross-border activity and scaling up of nonbank lending activities across the EU.

?As regards prudential consolidation, the EBA is particularly concerned about the definitions of financial institution and ancillary services undertaking since the progressive entry into the traditional lending market of new players and the digitalisation of services are blurring the frontier between categories and definitions, so that they may not be completely clear or even outdated. This might give rise to some loopholes taking account of market developments. The EBA also points at the current sectoral prudential consolidation rules may not capture the specific nature and the inherent risks of new combinations of activities carried out by new mixed activity groups, including BigTechs.

?As regards consumer protection and conduct of business rules, the EBA regrets that in some jurisdictions non-bank lenders are not subject to any specific entity-based prudential regime, while in some instances they must comply only with activity-based requirements as set out in the CCD and MCD, and in other cases they are left unregulated. When it comes to disclosure and transparency, the EBA expressed some concerns in terms of adequate and timely information provided to consumers, especially if the growing use of distance marketing/selling negatively affects the understanding of credit products and limits the awareness of the key elements and costs of the credit product, because the information requirements are not adapted to digital tools. Looking at mis-selling practices, the EBA warns there is a risk that it may accelerate in a digitalisation context, given the expedited way in which consumers are enabled to make financial decisions. The EBA also warns the difficulties for consumers to address their complaints may be exacerbated.

In parallel, the EBA also points more specifically at issues stemming from

• the affordability of credit?and the risk of over indebtedness: fast credit granting decision-making processes may nudge consumers into loans that may not be in line with their affordability and risk profile. Moreover, some consumers may borrow from non-bank lenders because of their inability to meet the stricter criteria used by banks to assess their creditworthiness.
• the uses of consumers’ data: there are concerns that the extensive use of automated models and AI algorithm, while increasing the speed and the overall effectiveness of the credit granting process, in the absence of provisions defining boundaries and processes may increase the risk model bias and unlawful discrimination, to the detriment of consumers

?As regards ML/TF risks, the EBA assessed that non-bank lenders are exposed to a significant or moderate ML/TF risk, regardless of their regulated status. However, in those instances where the lending is provided by an unauthorised or unlicensed provider, there is a higher possibility that that the provider will not implement controls to mitigate ML/TF risks because they are unlikely to be obliged entities and therefore will not be required to apply such controls. Respondents to the EBA survey have also identified the new distribution channels for lending products and products that allow anonymity as the key risk areas.

?As regards macroprudential risks, the EBA stresses that despite its limited volumes, since FinTech credit, including P2P platforms, has been increasing quite steadily over recent years, consideration must be given to some potential risks, in particular

• Over-indebtedness risk and creditworthiness: lower credit underwriting standards and unsecured loans granted to vulnerable borrowers may increase their over-indebtedness and financial fragility. Moreover, since not all non-bank lenders are required to report data to the credit registers, the informative value of these databases may become less valuable as an instrument to assess creditworthiness.
• Contagion and step-in risk: this risk may become relevant when non-bank lenders, as part of a financial group, become exposed to credit institutions and financial institutions.
• Regulatory arbitrage: while some Member States apply the same macroprudential tools for non-bank lenders as for banks (e.g. loan-to-value (LTV) or loan-to-income (LTI) limits, debt-service-to-income (DSTI) ratios, maturity limits), regulatory arbitrage risks may arise if borrower-based measures are only applied to banks and not extended to non-bank lenders. Also, most macroprudential measures applied to banks are capital-based (e.g. buffers), while only in a few jurisdictions are non-bank lenders requested to own capital (and thus be possibly subject to capital-based measures), thus increasing further the risk of regulatory arbitrage.

?As regards microprudential risks, the EBA specifies that non-bank lenders and banks are subject to microprudential risks (e.g. credit risk, liquidity risk, leverage risk) to a slightly different extent, as non-bank lenders are not allowed to take deposits and do not have access to central bank liquidity facilities.

When it comes to credit risk, the EBA points at

• Unsecured consumer credit: is often offered by non-bank lenders to borrowers who may not meet the creditworthiness assessments of banks, and this may lead to higher default rates. The same issue applies also for certain types of business lending, when companies would not be eligible for bank credit.
• Microcredit: is provided to consumers, micro and small enterprises that may be characterised by a lower creditworthiness and thus by a higher credit risk. However, the small or moderate amounts of loans by microcredit lenders may mitigate the exposure at default to a certain degree, and therefore the overall loss.
• Pawnshops: grant small-amount loans to multiple borrowers, and the amount of the loan is lower than the value of pledged items (which are also easily marketable in the event of the borrower’s default). This may limit the potential loss, although they tend to grant loans to borrowers that have a lower rating and may not have access to other forms of credit.
• Leasing companies: bear the same risk as institutions that have developed leasing activities; however, the ownership of the leased goods can mitigate the risk, but their valuation must be carefully calibrated and monitored, as the residual value of goods may prove volatile.

?When it comes to liquidity risk, the EBA is mostly concerned about the fact that non-bank lenders belonging to banking groups often rely on parent companies to provide funding in case of a liquidity shortfall. In turn, this may create step-in and contagion risk towards the banking systems, although this has not been flagged as a prominent one at the moment. The risk for the continuity of the provision of lending to the EU economy by non-bank lenders should also be considered.

?When it comes to operational risk, the EBA stresses many non-bank lenders do not have internal systems as advanced as credit institutions, thus making them less operationally advanced and potentially more open to operational risks. The operational resilience issues are also growing because of an increasing use of third-party providers by non-bank lenders. Indeed, from that point of view, it has been noted that when non-bank lenders outsource part of their activities to external providers, they may be exposed to the risk of non-compliance with the provisions of the prudential framework (e.g. contractual risk, breakdown of service, non-compliance with service level agreements) and with the vendor lock-in risk (i.e. dependence on the vendor to which the service is outsourced).

?Background

?The?Digital Finance Strategy?sets out the European Commission’s intention to review the existing financial services legislative frameworks in order to protect consumers, safeguard financial stability, protect the integrity of the EU financial sectors and ensure a level playing field. As part of this review, in February 2021, the European Commission sent a Call for Advice to the EBA on how to address the prudential risks related to non-bank lending.

?The EBA has carried out an analysis of market developments as well as of the risks and challenges posed by the increased provisions of lending by non-bank entities, and included its findings and proposals in the Report addressed to the European Commission. To inform this work, the EBA launched a survey among competent authorities to gather relevant information about entities carrying out non-bank lending in their jurisdictions. In particular, the survey collected information on the presence of certain business models whereby lending activities were carried out by non-bank entities, and any regulatory requirements that are applicable at local level. Furthermore, the survey collected the views of supervisors on the risks currently posed by non-bank lending activities in the EU.