Article 5
Information about the programme of operations, the structural organisation, internal control systems and the auditors of the applicant credit institution
An application for authorisation as a credit institution shall contain the following information about the programme of operations (the business plan), the structural organisation, the internal control systems, and the auditors of the applicant credit institution:
the programme of operations for at least the first three years following authorisation as a credit institution or, depending on national law, the commencement of activities which shall contain, on a base case and stress scenario basis, information on planned business and on the structure and organisation of the applicant credit institution, including the following items:
an overview of the geographical distribution of the activities intended to be carried out by the applicant credit institution in the home Member State and in any other Member State or third country, including through branches or subsidiaries or by direct provision of services, and future expansion plans;
an explanation of the initial and on-going viability of the business model;
an overview of target markets, customer segmentation, products and services and delivery channels such as branches, internet, post, agencies and subsidiaries;
an overview of the organisation and structure of the group of which the applicant credit institution is part, describing the activities of the entities in the group and indicating the parent undertakings, financial holding companies and mixed financial holding companies within the group;
an overview of all the likely business and regulatory risk factors, including money laundering and terrorist financing risks, and an explanation of how these will be monitored and controlled;
an indication of whether an implementation plan covering the period until the applicant credit institution is fully operational is needed and, where available, the overview of any such plan;
an overview of the applicant credit institution’s overall strategy, including strategic goals and any identified competitive advantages, and of the reasons for its establishment and why it has decided to carry on the business for which it seeks authorisation;
information on the organisation, structure and governance arrangements of the applicant credit institution, including the organisational chart and each of the following items:
a description of the applicant credit institution’s arrangements, processes and mechanisms referred to in Article 74(1) of Directive 2013/36/EU;
the terms of reference of the management body;
a description of the human, technical and legal resources allocated to the various planned activities, including IT, commercial, legal, internal control and compliance functions;
a description of the interactions between the applicant credit institution’s various functions;
the name of each payment, clearing or settlement system of which the applicant credit institution intends to be, directly or indirectly, a member during the first year of operation;
the following information on the internal control framework:
an overview of the internal organisation, including devoted budgetary and human resources, of the compliance function, risk management function, internal audit function, including an explanation of how the applicant credit institution will satisfy its legal and prudential requirements, including anti-money laundering and counter-terrorist financing requirements, the identity of the persons responsible for the internal control functions and a description of the institution’s compliance, internal control and risk management systems and procedures and of the reporting lines to the management body;
an outline of the following policies and procedures dealing with matters relevant to activities identified pursuant to Article 3:
whistleblowing policy;
conflicts of interest policy;
complaints handling policy;
market abuse policy;
policy promoting diversity of the management body;
remuneration policy for staff members whose professional activities have a material impact on the applicant credit institution’s risk profile;
an outline of the systems and policies for assessing and managing the risks of money laundering and terrorist financing as identified in the high-level strategy referred to in Article 4, point (g)(i), including an overview of the key procedures that have been put in place to counter the risk that the applicant credit institution might be used to further financial crime;
a description of the internal audit resources and an outline of the methodology and internal audit plan for the three years following authorisation as a credit institution;
an outline of the following policies and plans of the applicant credit institution:
the internal audit policy;
the product governance policy;
the consumer protection policy;
the business continuity plan and policy, including an overview of available back-up and recovery systems and of plans ensuring the availability of key staff in business continuity situations;
the following information on the organisation of operations and activities of the applicant credit institution:
an outline of external and intra-group outsourcing to support the applicant credit institution’s operations or internal control activities, including information about all of the following:
the outsource supplier;
any link of the outsource supplier with the applicant credit institution;
the location of the outsource supplier;
the rationale for outsourcing;
the human resources of the outsource supplier;
the applicant credit institution’s internal control system for managing the outsourcing;
any contingency plans in the event that the outsource supplier cannot provide continuity of service;
any retained functions regarding outsourced activities;
an outline of oversight responsibilities and arrangements, systems and controls for each outsourced function that is critical or important to the applicant credit institution’s management and operations;
an outline of the service level agreements and arrangements for each outsourcing function that is critical or important to the applicant credit institution’s management and operations;
a description of the applicant credit institution’s IT infrastructure, including the systems in use or to be used, its hosting arrangements, the organisation of its IT function, IT structure, IT strategy and IT governance, IT security policies and procedures, and any systems and controls in place or to be put in place for the provision of online banking facilities.