EU watchdog sets out software capital relief for banks

LONDON (Reuters) – The safety buffers of banks in the European Union would swell by billions of euros under proposed rules that allow lenders to include the value of software investments like cybersecurity in capital calculations.

Currently a bank must deduct the value of software from its capital buffer upfront, adding 36 basis points to its core ratio or mandatory measure of stability.

The European Banking Authority (EBA) said banks will be allowed to “amortise” or taper the value of software for capital purposes over three years.

That would boost capital by about 20.2 billion euros in 2020 across a sample of 64 banks, and by 20 billion euros in 2021, it said.

“The proposed approach is designed to be simple to implement and applicable to all institutions in a standardised manner, as is the case today with the deduction treatment,” the EBA said in a statement on Wednesday.

EU policymakers had already agreed to soften the rule to help banks keep lending to pandemic-hit businesses, and the European Commission is expected to rubberstamp the EBA’s proposals for introduction this year.

It marks a big win for banks who have long argued that current rules put them off updating cybersecurity systems and innovating in digital services for customers.

“The existing approach also distorts the global playing field, particularly when compared to the U.S., where banks can treat software investments as tangible assets that do not have to be deducted from a bank’s capital ratio,” the European Banking Federation said in a statement.

The EBA told EU lawmakers last year to avoid hasty changes, saying software was likely to be worthless when a bank goes bust as it could not be sold separately.

UK regulators have spoken against including the value of software investments in capital ratios, noting numerous high profile

Belgian privacy watchdog bid’s to police Facebook at EU court on October 5

BRUSSELS (Reuters) – Facebook’s run-ins with EU privacy regulators may escalate as Europe’s top court next week weighs arguments from the Belgian data protection watchdog that it should have the power to go after the U.S. social media giant for breaches in Belgium.

FILE PHOTO: Silhouettes of mobile users are seen next to a screen projection of Facebook logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/File Photo

If the Luxembourg-based Court of Justice of the European Union (CJEU) backs the Belgian authority (DPA), it could embolden national agencies in the 27-country bloc to take action against companies such as Alphabet’s Google, Twitter and Apple.

Under landmark EU privacy rules known as the General Data Protection Regulation (GDPR) and its one-stop-shop mechanism, the Irish privacy authority is the lead authority for Facebook as the company’s European head office is based in Ireland.

Google, Twitter and Apple also have their European headquarters in Ireland. GDPR however allows some leeway for other national privacy regulators to rule on violations limited to a specific country, which France and Germany have done.

The case before the CJEU on Oct. 5 came after a Belgian court sought guidance on Facebook’s challenge against the territorial competence of the Belgian regulator’s bid to stop the company from tracking users in Belgium through cookies stored in Facebook’s social plug-ins, regardless of whether they have an account or not.

Facebook said there are merits to EU’s rules in designating a lead supervisory authority for cross-border privacy issues.

“All businesses that operate across the EU who are subject to GDPR can benefit from this one-stop-shop mechanism; it allows companies of all sizes to understand their legal responsibilities and respond quickly to regulators,” Jack Gilbert, Facebook associate general counsel, said in an email.

The Belgian data authority said the