EIOPA Guidelines and other Convergence Instruments

The guidelines establish an information system by the ESAs for the exchange of information relevant for the assessment by competent authorities of the suitability and reliability of holders of qualifying holdings, directors and key function holders of financial institutions and financial market participants. The information system is a digital platform jointly established by EBA, EIOPA and ESMA in accordance with Article 31a of Regulation (EU) No 1093/2010, Regulation (EU) No 1094/2010 and Regulation (EU) No 1095/2010.

The ESAs' common guidelines aim to establish consistent, efficient and effective supervisory practices within the ESFS and to ensure the common, uniform and consistent application of Union law in relation to the use by competent authorities of the system for exchange of information established by the ESAs.

The fit and proper assessments of members of the management body, key function holders, and owners of qualifying holdings contribute significantly to the sound and prudent management of supervised institutions. They are therefore essential to ensuring consumer and investor protection, as well as maintaining confidence in the EU financial sector. These assessments serve as an important supervisory tool for the ongoing monitoring of the authorisation and governance processes of institutions and financial market participants.

The guidelines also specify the information to be provided in relation to:

• Natural persons: first name, surname/family name, date and place of birth, and, where available, other names used by the person (including maiden names and aliases).

• Legal persons: the legal name of the entity (including any abbreviations of the legal form), aliases, the Legal Entity Identifier (LEI), or, if the LEI is not available, the registration number and the head office address.

The guidelines also define the duration for which this information is to be stored in the system.

These guidelines are aimed at fulfilling the mandate given to the ESAs under Article 11(11) of Regulation (EU) 2022/2554, to develop common guidelines on the estimation of aggregated annual costs and losses of major ICT-related incidents referred to Article 11(10) of that Regulation. These guidelines also specify a common template for the submission of the aggregated annual costs and losses.

These guidelines are addressed to competent authorities as defined in Article 46 of Regulation 2022/2554 and to financial institutions as defined in Article 4(1) of Regulation (EU) 1093/2010, Article 4(1) of Regulation (EU) 1094/2010 and Article 4(1) of Regulation (EU) 1095/2010.

These Guidelines constitute consistent, efficient and effective practices on the oversight cooperation and information exchange between ESAs and competent authorities regarding the DORA oversight framework of critical ICT third-party service providers.

The revised Guidelines contain information about the consideration of future management measures and expert judgements, the modelling of costs and the pricing of options and guarantees using scenario generators as well as the behaviour of insurance policyholders. In addition, the Guidelines have been extended with regard to the calculation of expected profits included in future premiums.

The Revised Guidelines on Contract Boundaries has in particular been extended regarding the assessment of the discernible effect of a cover or financial guarantee on the economics of the contract and Guidelines added about the issue of contract boundaries.

The Opinion sets out expectations on the supervisory reporting of costs and charges of IORPs.

The supervisory approach to DC products needs to ensure that risks borne by DC IORPs are appropriately monitored and managed. The Opinion fosters consistent supervisory practices by providing guidance on two aspects of risk management by DC IORPs. Firstly, the Opinion calls for a greater use of quantitative elements when managing operational risks, supplementing EIOPA’s existing opinion. Secondly, it expects DC IORPs to conduct long-term risk assessments by using projections of members’ future retirement income, comparing the results with the established risk tolerance of the members and beneficiaries, and as appropriate considering the IORP’s investment strategies.

The Guidelines on the supervisory reporting regarding the Pan-European Personal Pension Product (PEPP) are to ensure the common, uniform and consistent application of the PEPP Regulation’s reporting requirements.

They define the requirements of a ‘PEPP supervisory report’, including the content of the narrative reporting on the PEPP business.

The objective of these Guidelines is to:

• provide clarification and transparency to market participants on the minimum expected information and cyber security capabilities, i.e. security baseline;
• avoid potential regulatory arbitrage;
• foster supervisory convergence regarding the expectations and processes applicable in relation to ICT security and governance as a key to proper ICT and security risk management.

The Opinion addresses how to ensure consistent practices in the application of the remuneration principles included in Solvency II. While the Solvency II framework provides for provisions of remuneration for sound and prudent management, the remuneration principles defined in the Delegated Regulation are high-level and leave considerable discretion to undertakings and supervisory authorities.

These guidelines establish a framework for cooperation and information exchange between competent authorities through either bilateral engagements or anti-money laundering/combatting the financing of terrorism (AML/CFT) colleges and govern the establishment and functioning of AML/CFT colleges.

In this opinion EIOPA sets out its expectation about how institutions for occupational retirement provision (IORPs) should conduct their Own Risk Assessment (ORA), as well as the minimum content of the ORA report. In so doing EIOPA also states how the documentation in question should flow in the supervision of investment policies (incl. the principles of the investment policy).

The Common Framework (CF) is a useful risk management tool from EIOPA’s perspective and therefore should be deployed accordingly in the supervised entities. This is particularly the case where risks that are split between employers, beneficiaries and the IORP itself. IORPs, which offer “pure DC schemes” (where all risks are borne by the beneficiaries) are not captured by this opinion.
The CF contains comprehensive principles and technical specifications, which may be used by the supervisory authorities and by the IORPs on a voluntary basis.

EIOPA wishes to contribute towards ensuring harmonised supervisory practices in relation to operational risk. This opinion therefore also covers outsourcing and cyberrisks. The assessment of operation is also part of the ORA and should therefore in any case also contain forward-looking information.
EIOPA orients itself towards Solvency II in terms of definitions. Operational risk is defined as the risk of loss arising from inadequate or failed internal processes, personnel or systems, or from external events. Operational risks include compliance/legal risks, but exclude risks arising from strategic decisions as well as from reputational risks.

From EIOPA’s perspective, IORPs have a social purpose and should therefore adopt a pioneering role in taking into account ESG factors. In so doing the impact of long-term investment decisions and activities are to be taken into account. The opinion clearly shows the relationship between ESG risks and traditional ones.

These guidelines set out the characteristics of a risk-based approach to anti-money laundering and countering the financing of terrorism (AML/CFT) supervision and the steps competent authorities should take when conducting supervision on a risk-sensitive basis as required by Article 48(10) of Directive (EU) 2015/849.

These Guidelines are aimed at clarifying the procedural rules and the assessment criteria to be applied by competent authorities for the prudential assessment of acquisitions and increases of qualifying holdings in the financial sector. These Guidelines apply to competent authorities in the prudential assessment of acquisitions or increases of qualifying holdings in target undertakings.