CRD VI in Austria: A Sharper Supervisory Architecture – Legislative Draft Published

03. Juni 2026 – need2know

The implementation of CRD VI in Austria started with a Ministerial Draft. It will not be a mere box-ticking exercise; it alters the DNA of bank governance, executive onboarding, transaction engineering, and capital allocation in Austria.

In our need2know, bpv Huegel Finance & Regulatory partner Ingo Braun outlines five main features of the proposed changes in “CRD VI in Austria: A Sharper Supervisory Architecture – Legislative Draft Published”.

How is your institution preparing for the upcoming ex-ante Fit & Proper checks and the integration of ESG transition plans into your SREP framework?

Share your thoughts or reach out directly to discuss the legal implications for your business.

Ministerial Draft 108/ME XXVIII. GP is not a routine transposition exercise. It recalibrates supervision across the Austrian Banking Act (BWG), the Austrian Financial Market Supervisory Authority Act (FMABG), the Austrian Savings Bank Act (SpG), the Austrian Investment Firms Act (WPFG) and the Austrian Credit Servicers and Credit Purchasers Act (KKG).

  • Fit & Proper Redefined: Suitability becomes an ongoing duty through strict pre-checks and continuous tracking.
  • Risk Scope Expanded: Green and digital assets (ESG/crypto) now face mandatory risk management.
  • Global Gates Closed: A unified framework and stronger enforcement tools eliminate regulatory arbitrage for third-country branches.
  • Transaction Gates Tightened: Pre-notification procedures and standardized reviews to enforce stricter prudential screening.
  • Supervisory Guardrails Sharpened: Macro buffers receive precision tuning alongside strict cooling-off rules to ensure FMA integrity.

Fit & proper: more process, more discipline

Suitability is moving from a one-off check to a continuous governance duty. Institutions must clear appointments in advance, keep monitoring them, and act fast when a mandate no longer fits:

  • Pre-appointment assessment becomes mandatory.
  • Ongoing reassessment is required.
  • Key-function holders are generally subject to internal suitability assessment.
  • Governance must reflect skill depth and diversity.
  • Board oversight must cover risk, ESG and supervision.
  • Larger institutions must file suitability application already upon clear intention to appoint.

Risk Governance – ESG becomes prudential

ESG is moved out of the margins and into the supervisory core. Institutions will need to identify, measure and manage ESG risk across short-, medium- and long-term horizons.

  • ESG becomes part of risk governance.
  • Transition planning must be horizon-based.
  • The FMA may reflect ESG in SREP and stress testing.
  • Larger banks face deeper analytical expectations.
  • Direct and indirect crypto-securities positions require appropriate risk-management strategies.

Third-country branches reset

Austria is introducing a clearer regime for branches of third-country credit institutions, with supervision tied to scale, activity profile and systemic relevance. The aim is straightforward: less arbitrage, more control.

  • Branches are placed into a harmonised framework.
  • Qualified branch status depends on supervision and AML factors.
  • The FMA gains stronger enforcement tools.

The strict core banking service prohibitions of Art. 21c CRD VI are already fully reflected in Austria’s existing license regime, meaning the local framework seamlessly absorbs the new EU baseline.

Transactions face tighter gates

Prudentially relevant transactions will move into a more standardised pre-notification and review process. That includes qualifying holdings, major asset transfers, and mergers or demergers.

  • New standardized pre-notification requirements and explicit powers for FMA to intervene.
  • Prudential soundness remains the key test.
  • Reputation and viability stay central.
  • AML and CTF risks remain in scope.

Macroprudential rules shift

The package also sharpens macroprudential calibration, including the systemic risk buffer and the framework for systemically important institutions. At the same time, it strengthens safeguards around the FMA itself.

  • Systemic risk buffer (SyRB) calibration becomes more precise.
  • Global/Other Systemically Important Institutions (G-SII/O-SII) rules align more closely with CRD VI.
  • Cooling-off and term-limit rules are tightened at the FMA.
  • Enforcement powers are reinforced.

What institutions should do

Banks, branches and groups should test their governance, transaction and compliance processes. Particular attention should be given to board appointments, key-function documentation, branch structures and ESG governance.

  • Review fit and proper procedures.
  • Map new notification workflows.
  • Assess branch and group structures.
  • Close ESG governance gaps.

 

Author:
Ingo Braun

Practice group:
Finance & Regulatory

The summary (as a PDF).

© 2026 bpv Hügel Rechtsanwälte