Pomegra Wiki

Passporting Rights in EU Financial Services

A passporting right is the legal permission for a financial firm licensed in one EU member state to operate and sell regulated services across all other member states without obtaining separate authorisation in each country. This single-market framework eliminated the need for duplicative licensing, drastically lowering entry barriers for cross-border finance — until Brexit severed the United Kingdom’s access.

The single-market principle

The EU’s passporting framework rests on a fundamental bet: regulatory harmonisation across member states makes a single point of authorisation sufficient. A bank or asset manager licensed in Germany, for instance, can legally advertise, operate, and take client orders in France, Spain, Poland, and every other member without filing separate applications or paying multiple licensing fees. The home state regulator — the one that granted the initial licence — remains the primary supervisor for prudential matters (capital, solvency, credit risk). The host state where clients reside focuses mainly on conduct rules (fair dealing, conflict-of-interest disclosures, complaints handling).

This model proved transformative for market integration. A mid-sized fund manager in Luxembourg could build pan-European distribution overnight without hiring local legal teams or waiting months for country-by-country approvals. A Spanish savings bank could accept deposits from Italy without dual licensing. The cost savings, and speed, fuelled genuine competition across borders.

How passporting actually works

A firm seeking to passport starts at home. It applies for authorisation from its national regulator — the Financial Conduct Authority in the UK (pre-Brexit), BaFin in Germany, the AMF in France. Once approved, the firm notifies its home regulator of which EU member states it intends to serve. The home regulator then formally notifies the host-state regulator of the firm’s name, the services it will provide, and its point of contact.

Critically, the host state cannot refuse this notification. There is no discretionary gatekeeping. Once notification lands, the firm is legally entitled to conduct business. The host regulator can impose conduct rules — rules governing interactions with clients — but cannot demand re-authorisation or impose a separate prudential regime.

Some rules do vary by host state: employment law, data protection, anti-money-laundering compliance officers must be physically present in some jurisdictions. But the core financial licensing is one-and-done.

Which services passport and which don’t

Not all financial activity qualifies. Core investment and banking services passport straightforwardly: taking deposits, lending, brokerage, portfolio management, investment advice, derivative trading. Insurance underwriting passports under a parallel regime (the Insurance Distribution Directive). Pension scheme administration and operation of a registered scheme can passport under certain conditions.

Services tied to local infrastructure — running a local stock exchange, operating a payment system, managing a local real-estate registry — do not passport; they require local setup. Currency exchange, certain commodities trading, and consumer lending sometimes face host-state carve-outs or additional rules. But the breadth is considerable: a London-based investment bank could passport its entire institutional client franchise across the EU, provided it maintained conduct-of-business compliance in each jurisdiction.

The supervisory split

The home state regulator (the one that granted the licence) oversees the firm’s capital adequacy, risk controls, management quality, and Group-wide consolidation. It can demand higher capital ratios, restrict trading, or withdraw the licence if the firm breaches prudential rules.

The host state regulator enforces conduct rules: fair advertising, suitability of advice, timely transaction reporting, handling of client complaints. If a Frankfurt investment bank is found to have misled Spanish retail clients about product risks, the Spanish regulator can impose conduct fines and require corrective measures — but it cannot demand that the firm close.

In practice, the split sometimes blurs. A prudential failure in one member state can trigger conduct consequences in others, and both regulators often co-ordinate. But the legal architecture gives home-state regulators primary prudential power and host-state regulators primary conduct enforcement.

Brexit and the loss of passporting

When the United Kingdom left the EU in January 2020, UK-regulated firms lost passporting rights. A London-based fund manager with a decades-old licence from the FCA suddenly could not legally operate in Frankfurt, Paris, or Amsterdam without applying for local authorisation in each country.

The regulatory response split into two channels. The EU granted a temporary equivalence to certain UK firms, meaning they could operate during a transition period under modified rules — the “equivalence” regime. But equivalence is far narrower than passporting: it applies mainly to wholesale market participants, is subject to annual review, and gives host-state regulators more control than passporting does. Meanwhile, UK authorities did not grant reciprocal passporting to EU firms; they applied UK-specific authorisation rules.

UK firms adapted by establishing holding companies or subsidiary operations in EU member states — often Luxembourg, Ireland, or the Netherlands — to re-passport into the EU under local licences. The cost was real: duplicated compliance teams, local board members, and separation of operations.

Why it matters

Passporting reduced the cost of cross-border financial services dramatically. Without it, a small fintech that wanted to serve customers across Europe would need lawyers, compliance officers, and local directors in each of 27 member states — a barrier many startups cannot afford. Passporting enabled competition: UK asset managers competed directly with German and French peers without regulatory penalty.

Post-Brexit, that integration splintered. UK and EU firms now face a fragmented regulatory landscape. Some EU member states have introduced frameworks to attract UK financial businesses, but none replicate the frictionless access passporting provided. The result is less cross-border competition, higher costs for multinational firms, and reduced financial integration.

Ongoing evolution

The EU continues to refine passporting rules. The 2020 Markets in Financial Instruments Directive II (MiFID II) tightened conduct rules and expanded best-execution obligations. The Capital Requirements Directive V raised capital buffers for certain institutions. The Digital Finance Package (adopted 2023) introduced rules for cryptocurrency service providers, many of which now must passport separately or face host-state restrictions.

Some proposed regulations threaten to narrow passporting further: stricter country-of-origin rules, enhanced host-state discretion over certain services, and higher capital minimums for certain activities. The direction is evolutionary, not revolutionary, but passporting’s frictionless era may be narrowing.

See also

Wider context