Contributed by Gecic Law.
I. LEGAL FRAMEWORK
1.1. Which main legislative and regulatory provisions govern the banking sector in your jurisdiction?
The primary law governing the banking sector is the Banks Act. It addresses core issues such as incorporation, corporate structure, bank operations, restructuring, and termination. Additionally, the Banks Act sets forth the competencies of the National Bank of Serbia in exercising its control function.
Legislation concerning bank operations is comprehensive, but the emphasis should be on the following acts: the Act on National Bank of Serbia, Act on Payment Services, Act on Payment Transactions, Act on Foreign Exchange Operations, Act on the Protection of Financial Service Consumers, Capital Market Act, Act on the Prevention of Money Laundering and the Financing of Terrorism, Digital Assets Act, and Act on Bankruptcy and Liquidation of Banks and Insurance Companies.
In addition to the legislative acts, banks comply with the Regulator’s decisions, recommendations, and mitigating measures, which tackle a series of critical matters: risk management in bank operations, capital adequacy, reporting, accounting, disclosure of data and information by banks, and many more.
1.2. Which bodies are responsible for enforcing the applicable laws and regulations? What are their main competencies?
The lead authority for the banking sector is the National Bank of Serbia (Regulator), which exercises the competencies stipulated by the Act on the National Bank of Serbia and the Banks Act and serves as a bank resolution authority. The Regulator is established as an independent and autonomous authority, subject to the oversight of the National Assembly of Serbia. The scope of the Regulator’s competencies includes but is not limited to monitoring the achievement and maintenance of price stability along with overall financial strength, controlling the stability of foreign exchange operations, implementing monetary and foreign exchange policies measures, and issuing fiat and digital currency.
Concerning banking operations, the Regulator, among other things, decides on issuing and revoking the operating licenses, controls bank creditworthiness and supervises the operational legality, and is involved in protecting consumers’ rights and interests, as well as in the restructuring process. The Regulator gives consent for the acquisition of direct or indirect ownership in the bank and provides approval on the appointment of the members of the bank’s management bodies.
Aside from the Regulator, other critical authorities in the banking sector are the Securities Commission (in charge of the prudential functioning of capital markets), the Administration for the Prevention of Money Laundering (responsible for the application of the Act on the Prevention of Money Laundering and the Financing of Terrorism) and Association of Serbian Banks (in charge of developing and harmonizing the activities of the banks and represent their common interest).
1.3. What are the current priorities of regulators, and how does the Regulator engage with the banking sector?
Current priorities of the Regulator include monitoring the overall financial stability by preserving the value of the domestic currency (dinar/RSD), implementation of measures of macroeconomic (monetary, fiscal, and monetary policy to mitigate inflation risks), promotion of long-term domestic savings, as well as motoring of banks’ exposure to non-performing loans.
Moreover, as Serbia is a candidate for European Union accession, the priority for the Regulator remains to be the harmonization of legislation governing the banking sector in Serbia with the EU. Serbia follows the EU recommendations and continues the implementation of Basel III standards in line with their finalization and introduction at the EU level (see Section 3.3.) as well as to work towards complete alignment with the Solvency II directive in the area of insurance.
2.1. What licenses are required to provide banking services in your jurisdiction? What activities do they cover?
Generally, there are following three types of licenses for providing banking services, all issued by the Regulator:
(i) In case of establishing a new bank, the Regulator issues a preliminary founding permit, bank operating license, and consent to the incorporation acts.
(ii) In case of an acquisition of an existing and operating bank, the Regulator issues prior consent (“purchase” license).
(iii) In both cases, the Regulator issues prior consent to appoint management body members (supervisory and executive boards).
Once acquired, the operating license entitles the bank to provide the following services:
1) depositing operations;
2) lending operations;
3) foreign exchange operations;
4) payment transactions;
5) issuance of payment cards;
6) activities regarding the securities;
7) brokerage-dealership services;
8) guarantee operations;
9) purchase, sale, and collection of receivables (including factoring and forfeiting);
10) insurance agency activities;
11) other activities banks are entitled to per the applicable legislation or related activities.
2.2. What is the procedure for obtaining a banking license? How long does this typically take?
The process of obtaining a banking license comprises two steps: obtaining the preliminary approval to establish the bank (Preliminary Permit) and ii) obtaining the right to operate (Operating License), both issued by the Regulator.
i) Preliminary Permit
To obtain the Preliminary Permit, the bank founders shall submit to the Regulator (i) a request for Preliminary approval, (ii) all necessary documentation (which includes: information on the bank founders, their contributions, and information of the shares they acquire; memorandum of association; bank’s articles of association; a statement that the founder will pay the monetary portion of the initial capital to the temporary bank account of the Regulator; a statement that will transfer non-monetary assets to the bank’s initial capital; information on all persons who will obtain the bank’s shares and the legal grounds for such; list and information of proposed members of the bank’s management and executive board; a three-year business policy and strategy and program of activities for the initial business year; risk management and proposed capital management strategy).
The Regulator decides upon the duly submitted request within 90 days of request submission.
ii) Operating License
Once they obtain the Preliminary Permit, the bank founders are obliged to apply for the issuance of the Operating license within 60 days from the date of granting the Preliminary Permit. Along with the request for issuing the Operating license, the founders will submit the following documents: (i) proof of payment of initial capital; (ii) evidence of ensuring the adequate premises and other technical and operational requirements for bank establishment; (iii) evidence on the engagement of external auditor; (iv) information on the organizational structure and HR capacities.
The Regulator decides upon the duly submitted request within 30 days of the request submission. The completed process of obtaining the Operational license ends with publication in the Official Gazette of the Republic of Serbia.
iii) Founding Assembly and Registration
The Founding Assembly must take place within 30 days from receipt of the Operational license, and the acts passed at the Assembly are subject to the Regulator’s approval (60 days from the receipt of the acts).
The last step in the process is registering a bank in the business register, which the founders should undertake within 30 days of receipt of the Regulator’s consent to the incorporation acts.
2.3. Can a foreign bank operate in your jurisdiction on the basis of its domestic license?
Foreign banks can operate in Serbia based on a domestic license issued to a subsidiary in Serbia, which is the case with most currently active banks in the Serbian market. The procedure to establish a subsidiary of a foreign bank is the same as for domestic founders, except for the additional two requirements.
When submitting a request for a Preliminary Permit, the foreign entity is obliged to provide the Regulator with: (i) proof of approval to the foreign entity by a regulator in its country of origin that it may participate in the establishment of a bank in the Republic of Serbia or confirmation that no such approval is required, and (ii) the regulatory authority of founder performs supervision on a consolidated basis which meets the Regulator’s requirements, and there is adequate cooperation between the Regulator and of founder’s regulatory authority, and potentially other requirement set forth by the Regulator.
Furthermore, the foreign bank can register its representative office in Serbia. Establishing and operating a representative office of a foreign bank in Serbia also requires Regulator’s approval. Its activities are limited to market research and representation.
2.4. What are the restrictions on ownership, including foreign ownership of banks?
There are no limitations when acquiring ownership in the bank’s capital, with the ability to exercise up to 5% of voting rights, which is the first threshold for qualified ownership. Obtaining qualified ownership, as described below, is conditioned by obtaining prior approval from the Regulator.
Regardless of whether the acquired ownership is qualified, there are no limitations to acquiring ownership by inheritance, legal succession, or another acquisition source independent of the acquirer’s will. However, if such ownership should be considered qualified, the acquirer must obtain approval of the Regulator or otherwise disburse the acquired share. The acquirer may not influence the bank’s management or business policies, nor can they exercise voting rights before the Regulator grants approval.
2.5. What are the requirements for a proposed acquisition and acquirer of a qualified holding in a bank? Would the same requirements apply in the case of an increase of a qualifying holding?
The Banks Act stipulates different categories of preferred ownership as follows:
(i) qualified ownership – direct or indirect ownership of 5% capital and voting rights, or ability to exercise the influence over the management or business policy;
(ii) significant ownership - direct or indirect ownership of 20% capital and voting rights, or ability to exercise significant influence over the management or business policy;
(iii) controlling ownership - direct or indirect ownership of 50% capital and voting rights, or ability to exercise the dominant influence over the management or business policy, or ability to elect at least half of the management body’s members.
Acquiring each type of preferred ownership is conditioned by obtaining the approval of the Regulator. Such consent is required for the existing holder when acquiring the next level of preferred ownership.
The Regulator will reject the request for issuing the approval in cases prescribed by Article 96 of the Act on Banks. As part of its decision-making process, the Regulator considers a variety of factors, including the financial status of the prospective owner, the reputation of the business and the reputation of the beneficial owners and management, the completeness and verifiability of the provided data, a risk assessment based on the owner’s current business activities, and transparency about financing sources.
The same rules apply to foreign banks acquiring ownership in the domestic bank, alongside additional conditions referred to in Section 2.3.
The Regulator also sets a deadline for the applicant to acquire ownership for which it issued the approval. Private individuals are entitled to execute the acquisition within one year of approval. Legal entities may complete the approved acquisition by the date of adoption of the first subsequent annual financial statements, i.e., audited financial statements of those legal entities.
Acquiring the qualified ownership in the bank without prior approval of the Regulator is sanctioned by the nullity of such acquisition and lack of authorization to exercise such ownership by voting rights and deciding upon the bank’s management and policy designing.
III. REGULATORY CAPITAL AND LIQUIDITY
3.1. How are banks typically funded in your jurisdiction?
Banks’ main sources of financing include financing from own or founder’s funds, deposits from customers, issuing debt securities, borrowing from other financial institutions, and lending from the Regulator via repos. Banks may also generate financing from the sale of assets or by issuing shares of stock.
Additionally, the government may fund banks through various programs and initiatives, such as deposit insurance schemes or activities of the Deposit Insurance Agency, which aim to help the banks attract additional deposits.
3.2. What capital and own funds requirements apply to banks in your jurisdiction?
The bank’s capital consists of Tier 1 capital comprising Common Equity Tier 1 capital, Additional Tier 1 capital, and Tier 2 capital, per the Regulator’s Decision on the Capital Adequacy of Banks.
The initial share capital can consist of monetary and non-monetary contributions. The monetary contribution to the bank’s capital may not be less than EUR 10 million in dinars calculated by Regulator’s official middle exchange rate. Banks are obliged to maintain their capital above initial levels, in addition to the amount required for covering the risks that the bank may be exposed to in its operations, to maintain the ratio of foreign currency assets and liabilities (FX risk ratio), liquidity coverage ratio, and comply with other existing rules in terms of exposure.
The total amount of the capital the bank is obliged to maintain should be calculated per the Decision on Capital Adequacy of Banks, Decision on Risk Management by Banks, and Decision on Liquidity Risk Management by Banks and is subject to the Regulator’s approval.
3.3. Has your jurisdiction implemented the Basel III framework? Are there any major deviations?
To harmonize the legal framework in Serbia with EU regulations, the Regulator has introduced six new decisions based on Basel III standards. Those decisions are:
- Decision on Capital Adequacy of Banks;
- Decision on Disclosure of Data and Information by Banks;
- Decision on Reporting on Capital Adequacy of Banks;
- Decision Amending the Decision on Reporting Requirements for Banks;
- Decision on Liquidity Risk Management by Banks;
- Decision Amending the Decision on Risk Management by Banks.
Desired effects of the decisions mentioned above refer to the banking sector in its entirety, especially on capital quality, monitoring and controlling of the bank’s exposure to liquidity risk, setting up a new and more efficient reporting system, as well as straightening of market discipline and transparency of bank’s operations.
As per deviations, the Regulator has detected discrepancies while implementing Basel III, mainly in the capital and capital requirements against market risks and liquidity ratios. Additionally, minor differences have been determined in capital requirements against credit and operational risks. Moreover, the Regulator stressed the need for further harmonization, securitization, leverage ratios, and capital buffers since such concepts were introduced with Basel III.
IV. REPORTING, ORGANISATIONAL REQUIREMENTS, INTERNAL GOVERNANCE, AND RISK MANAGEMENT
4.1. What key reporting and disclosure requirements apply to banks in your jurisdiction?
The main reporting obligations of the banks embody in reporting to the Regulator. To adequately assess and monitor the banks’ operations regarding risk management and overall business activity, the Regulator collects a series of reports from the banks. The reports include information on the bank’s management, organizational units’ operations, planned business activities, profitability, liquidity, and solvency on an individual and consolidated basis.
Types of reports, forms, and timeframe for the delivery are stipulated in detail in the Decision on Banks Reporting. The decision determines daily, monthly, and annual reports, depending on the report type.
In addition to reporting to the Regulator, banks are obliged to publish information on their strategy and policies on risk management, the bank’s capital, and its adequacy. However, banks are not obliged to publish data and information that are not materially significant, data and information that could negatively affect the competitive position of a bank on the market if published, or data and information that constitute a banking secret (see Section 4.6.).
4.2. What are the organizational requirements for banks, including concerning corporate governance? Please briefly describe the requirements and the procedure for assessing the suitability of the members of the management body and key function holders.
In Serbia, banks may exclusively be established as joint stock companies. Corporate bodies of the banks are (i) Bank’s Assembly, (ii) Managing Board, and (iii) Executive Board.
The Bank’s Assembly consists of all its shareholders and is held via ordinary and extraordinary meetings. Its main competencies are adopting the bank’s policies and strategies, drafting and amending the articles of association, and preparing financial reports. The Assembly appoints the Managing Board members, decides on their remuneration and termination, and appoints external auditors. Besides deciding on capital increases and investments, it also determines the appointment of the bank’s Managing Board members.
The Managing Board consists of at least five members, including the chairpersons. The main competencies of the Managing Board include supervising the activities of the Executive Board, establishing an internal control system and monitoring its efficiency, adopting the bank’s recovery plan, adopting business policies and strategy and its risk management and capital management strategies, determining general terms of business of the bank, and establishing the bank’s internal organization.
The Executive Board consists of at least two members, including the chairperson. The principal competencies include implementing the Bank’s Assembly and Managing Board’s decisions, implementing the bank’s business policies and strategies, ensuring the security of the bank’s IT and treasury operation system, presenting the overview of business activities, informing the Managing Board of any actions non-compliant with regulations and other acts of the bank.
The Act on Banks prescribes the prohibition of conflict of interest for management members.
Aside from fundamental corporate bodies, the banks must establish an audit committee, credit committee, and assets and liabilities management committee. Although not mandatory, the banks may introduce other committees according to their internal governance or to improve specific segments of their business, such as a risk committee, nomination committee, and remuneration committee, modeled by the EU bank governance principles.
The Act on Banks prescribes the obligation for the bank to obtain prior consent to appoint members of the management body (Managing Board and Executive Board). Such a duty does not apply when selecting key position holders.
The Regulator has provided a list of documents that a bank should submit to enable it to assess the suitability of the appointment of a member of a management body (which resembles the EU’s Fit & Proper procedure). The criteria for selection include professional experience and background, criminal history, tax liabilities, reputation, integrity, political history, potential involvement in the management of other banks and conflict of interest, and overall personal skills and competencies.
4.3. What are the local rules for loans to the management body and their related parties?
As other pieces of legislation define them differently, it is essential to mention that the Banks Act stipulates its definition of related parties (Article 2). Banks may not offer loans to related parties or employees on terms more favorable than those generally provided in the market for persons not affiliated with or employed by a bank.
The conclusion of any legal transaction, including loans, with a related party or person related to a related party, is conditioned by prior approval of the Managing Board, except in cases of (i) deposit placement, (ii) granting loans collateralized by a linked deposit of related person, (iii) granting loans collateralized by debt securities of the Republic of Serbia or the Regulator, and debt securities of persons rated by recognized international credit rating agencies not lower than “A.”
As for the members of the Executive Board, they are, as bank employees, subsumed under the rule of loans to related parties.
Additionally, the bank may only grant loans to its shareholders after the expiration of one year from the day it started operating.
4.4. What are the main legal provisions governing risk management in the banking sector in your jurisdiction?
The bank must identify, measure, assess, and manage its exposure to risks from its operations. Notably, it is also obliged to form a special organizational unit whose scope is risk management. Banks provide strategies and policies for risk management, capital management strategy, procedures for identifying, measuring, and assessing risks, adequate internal control systems, and appropriate information systems. The main risks that banks must identify and manage include: (i) liquidity risk, (ii) credit risk (including residual risk, dilution risk, settlement/delivery risk, and counterparty risk), (iii) interest rate, foreign exchange, and other market risks, (iv) risk exposure to a single person or group of related persons, (v) risks of an investment in other legal persons and fixed assets and investment property, (vi) risks related to the home country of a person the bank, (vii) operational risk including legal and IT risk. Additionally, there are additional risks to which the bank is exposed, including compliance risk, AML/CFT risk, and strategic risk.
The banks are obliged to report to the Regulator on the activities performed under risk management. Moreover, the banks are obliged to prepare and submit to the Regulator a document called “a recovery plan.” It foresees the measures that the bank will apply in the event of a significant deterioration of its financial condition, especially when it is undercapitalized, to re-establish its sustainable operations and appropriate financial position. This plan is updated yearly.
4.5. What are the legal requirements applicable to banks in combating money laundering and terrorist financing area?
The Money Laundering and Terrorist Financing Prevention Act, as well as the Strategy against Money Laundering and Terrorist Financing 2020-2024 and AML/CFT Strategy Action Plan 2022-2024, regulate AML/CFT risks. The act established the competent authority for supervision of the act within the Ministry of Finance - Administration for the Prevention of Money Laundering (APML).
The following actions and measures must be undertaken by banks before, during, and after a transaction or the establishment of a business relationship under the applicable legislation:
1) KYC and monitoring of their business transactions (customer due diligence);
2) sending information, data, and documentation to the APML;
3) designating persons responsible for applying the obligations laid down by the act;
4) regular professional education, training, and development of employees;
5) providing regular internal control of the implementation of the obligations, as well as an internal audit;
6) developing the list of indicators for identifying persons and transactions suspicious of ML/FT;
7) record-keeping, protection, and storing of data from such records;
8) implementing the measures by branches and subsidiaries located in foreign countries;
9) implementing other actions and measures based on the act.
Moreover, banks are also required to report and disclose any information it considers a possible threat to ML/FT before the execution of that transaction. Additionally, the bank must report to the APML all the transactions whose value exceeds EUR 15,000.
4.6. Are there any legal provisions regulating banking secrecy in your jurisdiction?
Yes. The applicable legislation defines a banking secret as a business secret and provides rules on information that should be considered a banking secret, its treatment, and exempting disclosure. The following information is considered a banking secret:
- data are known to the bank related to personal data, financial status, and transactions, as well as ownership or business relations of clients with the banks;
- data on balance and transactions on individual deposit accounts;
- any other data obtained by the bank in operations with clients.
A bank and members of its bodies, shareholders, and employees, including a bank’s external auditor and other persons who have access to the data above, may not communicate this data to third parties or use it contrary to the interest of the bank and its clients, nor may they allow third-party access to this data.
There are exemptions to this rule duly prescribed by the law and are most often related to disclosing the date to the public authorities in relevant procedures and to protect the bank’s rights.
Otherwise, a bank may disclose a banking secret solely upon the written consent of the client to whom the data refers.
5.1. What are the main trends in the banking sector in your jurisdiction?
One of the trends that continues to shape the banking market is its consolidation. Serbia has a relatively high number of banks compared to its market size. The trend is likely to continue, although there are no public announcements of further acquisitions.
Another ongoing trend that improves customer experience is the further digitalization of banking services. The current focus of digitalization is the Regulator’s introduction of QR code payments, online services of e-banking and m-banking (currently, there are three million users of m-banking), and the remote conclusion of agreements. Banks will likely continue to offer an even broader range of digital products.
As in other markets, the banking sector is at the forefront of applying ESG standards, encouraging further harmonization with EU legislation. With most of the banks in Serbia being EU-based, the banking market is naturally the most progressive in recognizing new EU standards. Application of these standards impacts both banks’ internal operations and shaping the banking products due to different ESG factors. They must therefore include a new type of risk in the assessment process – ESG risk. The scale of application of ESG risk is yet to increase, reflected in the amendments proposed by the ECB to the European Commission’s proposal for a directive on the energy performance of buildings on January 16, 2023.
5.2. What are the biggest challenges in the banking sector at the moment?
Being part of a global market, Serbian banks are experiencing the same effects. Their most significant challenge is the inflation hike and the waterfall of consequences that follow it.
The interest rate hike created two streams working in opposite directions in credit activity, both unfavorable for banks. One is that there has been a decline in the level of credit activity due to lower demand. The second is that banks must tighten credit conditions resulting in increased prices of the loans, further decreasing loan activity.
To secure liquidity, the banks are taking measures to increase the number of deposits. Challenged by a lack of customer savings habits, banks face a significant task and are slowly hiking the interest rates, mainly on dinar-denominated deposits.
Lastly, although the level of NPLs dropped to a historical minimum in 2022, the latest data shows that problematic loans are again growing. Although not unexpected in times of crisis, this trend serves as a red flag and may trigger additional state-imposed measures as such were imposed within the COVID-19 pandemic.
5.3. What’s new in fintech?
Among the first countries in the region to pass an Act on Digital Assets, Serbia enabled the use of cryptocurrencies and NFTs as a source of financing. This segment is under the supervision and licensing of the Regulator for issuing cryptocurrency and the Securities Commission for NFTs. Banks are not permitted to issue NFTs.
The market is still developing, and the first licenses have been issued. For now, the Securities Commission has published only two “white papers” and two decisions on granting licenses for the provision of virtual currency services issued in December 2022 by the Regulator. The biggest obstacle to overcome in this area will be enabling cross-border NFTs purchase while the Regulator remains reserved towards foreign exchange loan activity.
With all the obstacles that the banks are currently facing, more extensive application of fintech solutions, especially NFTs, is beneficial for an additional increase of sources of financing to SMEs.