The Centralisation of European Financial Regulation and Supervision: Is There a Need for a Single Enforcement Handbook?

The Banking Union is at an important juncture post the period of institution building, with policy pronouncements being published by the ECB about how it will go about undertaking its task of supervision within the eurozone. These attempt to explain how it will address the complex task of supervising banks within a multilayered framework of regional and domestic rule-making and oversight. This paper assesses the ECB’s approach to supervision and enforcement and the extent to which its approach to supervision is clear enough to overcome the challenges of a multilayered structure and whether or not the constituent parts understand the culture of regulation and supervision it espouses to ensure the multilayered model combines together in a coherent manner. This paper suggests that this is without a doubt a challenge due partly to the limited jurisdiction of the ECB as a prudential regulator and supervisor. The paper proposes a single enforcement approach and a single enforcement handbook to complement the regulatory and supervisory processes under the European Single Rulebook and Single Supervisory Handbook. It is argued that this would assist the process of interpreting and understanding how supervision and enforcement will work and reduce the expectations gap between the ECB and the regulated.


Introduction
The financial crisis highlighted the need for reform of the regulation and supervision of banks and other financial institutions. 1 As a response, the European Commission has, since 2010, proposed approximately 40 new sets of rules to improve the regulation and supervision of the financial services sector across the EU. 2 In seeking to address questions such as those regarding financial stability, depositor and investor protection and the recovery and resolution of failing financial institutions, these changes are not only relevant to the EU's sizeable banking and financial services sector, but have wider societal implications. 3 These reforms are also inextricably linked with broader questions of European economic and political integration.
The European agenda is, at this juncture, focused on institution-building and the harmonisation of rules and regulations, to improve the safety and soundness of financial firms and to strengthen the integrity of markets as a whole at the European level. 4 Those reforms do not, however, adequately consider the approach to enforcement as a separate policy consideration to ensure that firms and individuals in the financial services industry comply with those requirements. It is suggested here that the reforms should also include formal consideration of enforcement policy at both Member State and European Central Bank (ECB) level to ensure that both prudential requirements and conduct risk requirements are enforced consistently. It is argued that, given the level of discretion to interpret the provisions provided to EU Member States under CRD IV, 5 further technical guidance is required regarding the approach to those administrative measures and penalties to reduce the risk of enforcement arbitrage. It is suggested here that the European Single Rulebook and Single Supervisory Handbook need to be complemented with a single enforcement handbook to properly govern financial services. The primary aim of the paper is to explore how best to develop a coherent approach to regulatory enforcement in the single regulatory-supervisory and resolution mechanism. The paper critically evaluates the approach to enforcement of regulation and supervision and then to enforcement of administrative sanctions in CRD IV. I would argue that these co-exist, when considering enforcement policy contextually.

The European Regulatory Landscape Pre-Financial Crisis 6
The regulation of financial institutions operating within the EU is complex. In their home EU Member State, financial institutions are subject to both national and European legislation. In addition, financial institutions which operate in multiple states (both within the EU and globally) are subject to the regulatory regimes of those foreign states in which they operate. From the 1980s and early 1990s, European financial services regulation sought to promote cross-border operations by facilitating the establishment of branches in other EU Member States, 'passporting' home EU Member State authorisations and harmonising technical standards. 7 Such initiatives aimed to promote trust between EU Member States by underpinning the process of 'passporting' home state authorisations through minimum administrative prudential regulation and supervision for banks and investment businesses seeking to operate across borders. The EU agenda in the late 1990s shifted attention to securities markets and later to banking, insurance and pensions markets. 8  implicit barriers and achieving a higher level of financial services integration. 9 This mirrored similar concerns in the US and prompted dismantlement of barriers to banking and non-banking activities on both sides of the Atlantic, albeit in the US later than in the EU with the Gramm-Leach-Bliley Act 1999. 10 This deregulatory and reregulatory trend continued until the financial crisis of 2007/2008. Then came the financial crisis. Although termed the 'Global Financial Crisis', it is more accurately described as, at least, two separate but interconnected crises. The first, the 'US sub-prime mortgage crisis' saw the collapse of the US housing market and sent shockwaves across world financial markets through the international trade in financial instruments derived from such mortgages. The second, the 'European sovereign debt crisis', highlighted the potential 'vicious circle' 11 that may exist between states and their domestic banks. Certain EU Member States were exposed materially as lenders of last resort to their domestic banks, whilst those domestic banks, in turn, held considerable amounts of sovereign debt issued by their home EU Member State and were thereby exposed to the creditworthiness of that state. 12 Common to both crises were therefore problems of financial interconnectedness (although arising at different levels of the financial system) and of inherent structural weakness.

Recent Regulatory Reforms of the EU Financial Services Sector
In response, fundamental reforms to the global financial system have been proposed. The G20, in adopting an 'in it together' approach, has been instrumental in establishing the core elements of this new global regulatory framework. 13 Key objectives of these reforms include addressing the structural weaknesses highlighted above, but also promoting a more stable financial system and encouraging better international coordination. To that end, the reforms have targeted the resilience of financial institutions (for example, through tougher prudential requirements), financial institutions which are 'too big to fail' and the regulation of the 'shadow banking' sector and of derivatives trading. 14 In addition, the EU has adopted and so their use seeks to avoid 'gold plating' by EU Member States and to promote greater consistency across EU Member States.

(B) A Safer and Responsible Financial Services Sector
Recent EU legislation has established revised prudential requirements for banks, building societies and investment firms, based on commitments undertaken by the G20. 28 These reforms implement in the EU the recommendations promulgated by the Basel Committee on Banking Supervision in December 2010 (Basel III) through CRD IV. 29 At its core, CRD IV imposes enhanced capital adequacy requirements on banks, including through the increased holding of core tier one capital. CRD IV also imposes additional capital requirements against counter-cyclical risk, lays down new rules for counterparty risk and establishes new tests for liquidity and leverage coverage. There are further enhanced capital buffer requirements for systemically important financial institutions. 30 CRD IV came into effect on 1 January 2014 (although certain provisions will be phased in up to 2019). CRD IV also addresses the remuneration of bank executives. 31 It imposes various requirements on banks, including the adoption of a global remuneration policy, the establishment of independent remuneration committees and special rules on variable remuneration. 32 Whilst variable remuneration structures (for example, bonuses, performance shares and share options) are commonly used to align senior managers' interests with those of shareholders, such structures have also been identified as a potential cause of excessive risk-taking. Similarly, the non-binding nature of a substantial body of corporate governance (based on voluntary codes of conduct) has been criticised as being ineffective in promoting sound corporate governance practices. Significantly, the focus in each case is on the incentives and levers which influence the behaviour of bank executives, not on the actual personal responsibility of those individuals for that conduct. 28 G20, Leaders' Statement, The Pittsburgh Summit, 24-25 September 2009, at pp 11-13. https://g20. org/wp-content/uploads/2014/12/Pittsburgh_Declaration_0.pdf. Accessed 19 October 2015. Recently, following up on G20 commitments, the European Commission also adopted a new delegated regulation on mandatory central clearing, as per Regulation ( In relation to variable remuneration, CRD IV provides that the variable component of a bank executive's remuneration must not exceed 100 % 33 of the fixed component of his or her remuneration. If the EU Member State so provides, that ratio may be increased up to 200 %, provided that certain conditions are fulfilled. EU Member States may also allow banks to apply a discount rate of up to 25 % of the remuneration if it is deferred for at least 5 years. 34 This new regime has applied to remuneration paid from 1 January 2014, irrespective of when the relevant contract was entered into. 35 As to the question of its effectiveness, to the extent that these reforms increase the proportion of remuneration which is fixed, then arguably they do mitigate the structural concern that excessive variable remuneration promotes risk-taking. There is, however, evidence already that major banks are seeking to structure around the new requirements, with HSBC, for instance, adopting 'fixed pay allowances' to reduce the ratio of variable to fixed remuneration. 36 This is an area where economic and political considerations interplay. Public hostility towards what is perceived as excessive pay for bank executives and employees is being balanced against concerns that such measures may prejudice the global competitiveness of EU banks in attracting the most talented employees or may result in employees migrating to less regulated parts such as shadow banking. Whilst the impact of these reforms will only become clear over time, they do demonstrate the importance placed on bank corporate governance and remuneration in promoting financial stability, and hence the need for increased regulation in these areas.

(C) A 'Banking Union' within the European Union
Another key issue faced by EU Member States following the financial crisis was the imbalance in their respective abilities to weather the crisis. The fragmented response of EU Member States to the European sovereign debt crisis highlighted the lack of centralised mechanisms at the EU level to resolve the crisis. This absence of a coordinated approach was seen as particularly damaging to the euro area given its shared single currency. Indeed, arguably, this imbalance has been more destabilising for the governance mechanisms of the EU than the crisis itself. As a result, in addition to the regulatory and supervisory initiatives detailed above, specific measures have been enacted to maintain confidence in the euro area. The establishment of a 'banking union', compulsory within the euro area and open to all other EU Member States, seeks to promote a more centralised and coordinated response to any future financial crisis, as well to break the, potentially dangerous, negative feedback loops between banks and the sovereign debt markets. It also represents part of the European Commission's further efforts towards deeper economic and monetary union. 33 Or a lower percentage, if an EU Member State so provides. 34 CRD IV, Art. 94(g)(iii). 35 Ibid., Art. 162(3). 36 Jamie Robertson, 'Bankers' bonuses: Shareholders wary of making allowances', BBC News, 24 April 2014. http://www.bbc.co.uk/news/business-27145092. Accessed 16 July 2014.
There are two main pillars to the 'banking union'. First, a 'Single Supervisory Mechanism' was formally adopted by the EU in October 2013. 37 The ECB, in its capacity as the single supervisor, now has responsibility for banking supervision within the 'banking union', its objective being to safeguard the financial soundness of individual financial institutions and to protect consumers of financial services. 38 In so doing, responsibility for banking supervision is centralised at the eurozone level, although the ECB only has direct supervision over significant banks (estimated to be around 130 banks, representing approximately 85 % of the total banking assets within the euro area). 39 Macro-prudential supervision is undertaken by another new authority, the European Systemic Risk Board. 40 Second, a 'Single Resolution Mechanism' is being established, so that if a bank gets into difficulty, the resolution process will be managed by a single 'resolution authority' funded by a levy raised from all eurozone banks. 41 Finally, a common deposit guarantee scheme (with a limit of up to €100,000) 42 is being implemented across the euro area and is guaranteed by a single fund. 43 The reforms detailed above concentrate on the structures and institutions of the EU financial services market and have various objectives. They seek to avoid excessive risk-taking, for example, through holding insufficient capital or through remuneration and bonus structures. They aim to avoid moral hazard by improving resolution techniques in order to reduce the exposure of public funds as lenders of last resort. They seek to promote financial stability through the orderly resolution of failing financial institutions. But, noticeably, they do not address questions of responsibility for the financial crisis. Even the reforms to bank executive remuneration are one step removed from the question of individual responsibility by addressing the rewards for behaviour, not the behaviour itself.
In the following part of the paper it is argued that further policy elaboration is required to develop a coherent set of middle-ground administrative penalties and measures, as advocated in CDR IV, in order to reduce the risk of enforcement arbitrage between EU Member States and regulatory authorities taking either an over-accommodative or under-accommodative approach to enforcement. In particular, it is suggested that the European Single Rulebook and Single Supervisory Handbook should be complemented with a single enforcement handbook to promote consistency. Both during and after the financial crisis, there were strong calls that there should be powers to hold those at the helm of the large financial institutions accountable for their part in the crisis. A number of culprits responsible for the financial crisis are evident, including governments, central banks, financial regulators and the firms and individuals that either were rescued with state support or merged during the crisis. However, apportioning responsibility to private actors only addresses one part of the complex picture underpinning the root causes. Indeed, the reasons for the large number of culprits is arguably the 'intellectual capture' that surrounds monetary policy, risk management, financial regulation and prudential supervision. 44 It is beyond the scope of this paper to explore those issues further. The focus here is instead on enforcement sanctions against private actors, namely financial firms and individuals.
The life cycle of financial institutions shows evidence of opportunities to address less material failures and forms of non-compliance that could lead to an overall culture of mismanagement, rather than breaches of prudential requirements. The weakness of the EU single financial services market agenda is its reliance on the EU Member States to determine the sanction (if any) for compliance failures. Whilst it is not suggested that the EU single financial services market agenda has not addressed matters of regulatory sanctions, it has, in many ways, left the administration of the sanctions to the discretion of each EU Member State. I suggest that this leads to an uneven playing field when it comes to enforcement sanctions, and thus to a risk of inconsistent public enforcement. Moreover, such enforcement is more likely to manifest itself in the form of supervisory warnings and threats than as formal publicised penalties or administrative measures.
In this context, this paper assesses the extent to which the reforms proposed by CRD IV will address some of those themes. The next section looks at the wider policy issues surrounding enforcement, with a focus on compliance and deterrencebased models. It suggests that enforcement requires a policy framework to ensure a consistent and proportional approach. The last section will then reflect on these issues in light of the Single Supervisory Mechanism and the extent to which it mitigates the risks of an inconsistent enforcement approach.

The Salient Features of an Enforcement Model
The complexity of financial or banking firms is such that they exist in an interplay between corporate law and banking law and regulation, which ultimately lends itself to a multiplicity of approaches to the duties of care, enforcement and accountability.
The opportunity to lift the veil of incorporation and challenge those at the helm of the banking corporation is the focus of much research and investigation. In this context, different duties arise depending on where in the 'corporate-regulatory space' one resides, either as regulator or regulated. For the purposes of bank regulation: the regulator primarily owes its duty to the third-party depositors and investors as a whole. For the purposes of the regulated, the duty of care in corporate law is to the corporation/shareholder, and in financial services regulation to the interests of depositors/investors. I would argue that both contexts should be viewed with equal importance rather than there being a perception within this public and private law context that one is superior to the other. The autonomy of the bank therefore resides in an interesting context where there is considerable focus on not only operational but also strategic aspects of the business undertaken. This paper focuses on the public-administrative law forms of accountability and enforcement.
The approach to regulation requires consideration of how we go about undertaking the task of regulation and how best to ensure its requirements are complied with by those regulated. 45 The most common approach to regulation is some form of risk-based approach. 46 The limited range of resources to undertake the task of regulation and supervision means decisions need to be worked out in advance about how regulatory resources will be allocated and how the objectives of regulation will be achieved. The need for adequate resources cannot be underestimated as it will determine the ability of the regulator to investigate and assess the extent of a possible breach of the rules. There is also the need to ensure that regulators are able to develop further rules and guidance to capture and oversee new forms of industry innovations which transcend traditional forms of business lines. These matters will have a direct impact on how regulation is enforced. Indeed, the complexity of modern society and those participating in it requires a more sophisticated approach to enforcement that captures the idiosyncratic nature of how individuals and corporations abide by rules. 47 The wider economic and social impacts of the approach to enforcement and enforcement decisions should also be given careful attention. 48 The level of transparency of enforcement decisions needs to be considered with some appreciation that disclosure of all enforcement decisions may be counterproductive. Therefore, the regulator needs to assess whether the range of sanctions are fit for purpose to deal with the different forms of noncompliance that can undermine them. 49 The enforcement model thus has to ensure that it has two essential elements worked into the design, namely a compliance and a deterrence-based approach. 50 45 Baldwin et al. (2012), at p 230. 46 Black (2005); Black and Baldwin (2010); Black (2008); Black and Baldwin (2012); Gray (2009). 47 Reiss Jr (1984), at p 32. 48 Black and Baldwin (2008). 49 A criticism that surfaced during the financial crisis was that the enforcement sanctions at hand could not deal with the types of acts or omissions considered to have contributed to the losses or failures that occurred. 50 See specifically Scholz (1984a, b); Brown (1994); Makki and Braithwaite (1993); Hutter (1988Hutter ( , 1989; May and Burby (1998); Cook (1989), at p 104; Hopkins (1994).

The Centralisation of European Financial Regulation and… 449
Ensuring observance of rules requires both these two forms of approach to regulatory compliance. The two enforcement methods can be interpreted as opposite poles of a compliance continuum. 51 A compliance-based approach is focused on making sure rules and standards are observed through a dialogue between the regulator and the regulated. Key features of a compliance-based approach are cooperation and persuasion. Consultation and education are also important components within this approach, as they enhance communication and provide the regulated with an environment in which they can influence the way regulation is designed to operate in the marketplace. 52 It is therefore considered as the initial approach based on a dialogue between the regulator and the regulated, as action in the first instance. On the other hand, a deterrence-based approach should be seen as ensuring compliance by negative means at the opposite end of the spectrum of a compliance-based approach, through sanctions and punishments. The deterrencebased approach refers to the use of sanctions to punish non-compliance with the requisite rules and standards of behaviour. It is therefore seen as action in the last resort. According to Reiss, a regulatory strategy based on deterrence would consider the imposition of a penalty as a positive sign of success. 53 The decision to either take a compliance or deterrence style of enforcement is dependent on the regulator's view of the regulated. The more sophisticated enforcement style is essentially a combination of a compliance and a deterrencebased approach rather than a single approach which could not capture and ensure compliance by the majority of the regulated. Having at hand a broad enforcement approach allows the regulator to exercise judgment as to the most appropriate course of action. As explained by Bardach and Kagan, 'to reject punitive regulation is naive; to be totally committed to it is to lead a charge of the Light Brigade. The trick of successful regulation is to establish a synergy between punishment and persuasion.' 54 The wider move to a judgment-based approach to regulation and supervision is likely to mean a more inquisitorial approach between the regulator, financial firms and individuals. The move to a judgement-based approach is likely to exert significant pressure on regulatory resources.
An enforcement strategy should appreciate that the industry and individuals working within it are not a homogenous group with the same incentives to comply. In light of that, the enforcement strategy requires a sanctions regime that addresses a spectrum of failures of compliance with regulatory rules and requirements. The enforcement model needs to be designed so that it appropriately captures those forms of behaviour. The categorisation adopted by Kagan and Scholz is a useful starting point before moving on to the types of sanctions. 55 The 'regulated' are placed into three broad categories: the 'amoral calculator', the 'political citizen' and the 'organisational incompetent'. 56 51 Gunningham (1987), at p 70;Cotterell (1992), at p 245. 52 Hawkins and Thomas (1984), at p 82. 53 Reiss (1984), at p 25. 54 Bardach and Kagan, cited in Ayres and Braithwaite (1992), at p 25. 55 Kagan and Scholz (1980), at pp 67-68. 56 Ibid. In the first category, the 'amoral calculator' is likely to only respond to action in the last resort -either an administrative, civil or criminal action against the firm and/or those individuals at the firm personally culpable for the losses or failure. In this category, the firm is essentially motivated by the profit it can secure before it is stopped, which it views could outweigh the economic costs of the sanction, without even possibly considering the broader social and economic consequences of its actions for market confidence and integrity. The recent case of the Portuguese Espírito Santo bank and the wider financial conglomerate of which it was part also shows evidence of fraudulent activities and accounting irregularities. 57 In this case, losing authorisation to undertake regulated businesses is a strong possibility. The difficulty with the label of the 'amoral calculator' is the political use of the label and the expectations gap it can open up when those considered as 'amoral calculators' are not held accountable in the way society expects. Moreover, a dilemma arises when those considered politically 'amoral calculators' can demonstrate compliance with the rules and industry guidance. An example of this is the case of Royal Bank of Scotland (RBS) and the decision to takeover ABN AMRO and the role of Fred Goodwin (CEO), at the early stages of the global financial crisis. 58 The exception is where there is clear evidence of criminal behaviour, as is seen with the successful prosecution of directors of Anglo Irish Bank fortheir involvement in unlawful loans to clients. 59 In Spain, bank directors have been prosecuted for using state support to fund their personal pensions. 60 In contrast, the 'political citizen' is at the other end of the behavioural spectrum to the 'amoral calculator'. In the case of the 'political citizen', the enforcement approach is likely to be at the opposite end of the spectrum since it will be premised on cooperation and negotiation of how regulation could be complied with. The idea of enforcement sanctions is the last thing on the minds of both the regulator and regulated. A clear example of this approach would be the use of internal models to calculate and comply with capital and liquidity levels under the Basel requirements and the regulator's discretion to grant waivers to compliant firms. The regulatory dialogue is likely to form a process of education to ensure compliance is exercised in a way that achieves the ends of the regulated since it will perhaps be innovating in the design of new products offered in the market. In this instance, the dialogue on best practices could possibly be the basis for showcasing to others the approach that needs to be taken to undertake certain businesses and so incentivise improvements in behaviour. The need for dialogue on behalf of the regulator is necessary as it enables the regulator to maintain an understanding of business and industry innovation. But it can pose questions of regulatory or political capture. The third category, the 'organisational incompetent', could manifest itself in a variety of forms within the spectrum of failings from simple to gross negligence. The regulator is likely to respond with perhaps less punitive sanctions in comparison to the amoral calculator but more than that meted out to those considered political citizens. In such cases, a significant proportion of non-compliance arises from internal organisational failures that expose the firm to the risk of losses or fraud. The potential social and economic risks of such acts or omissions can be extremely serious as well and could even bring the firm to the brink of failure. For instance, the circumstances leading to Northern Rock requiring emergency liquidity support from the Bank of England were due primarily to its poor funding model. 61 Moreover, in 2008, Lloyds TSB had its status damaged after the takeover of Halifax Bank of Scotland (HBOS) -which was on the verge of collapse -and needed a massive public bail-out by the UK to stabilise its position. 62 Below are a number of further observations that can be made at this juncture.
The categorisation of firms and individuals is not likely to be static and they might well move between those categories overtime without expecting to. Moreover, the size and complexity of firms operating in various business lines also means that the firm could well be in all three different categories and have its reputation associated with one or the other, depending on which is dominant. The thought of these firms failing during the financial crisis of 2007-2010 would have been unthinkable a few years before. The categorisation of being at one point a 'political citizen' and then an 'organisational incompetent' or, at the extreme end of the spectrum, an 'amoral calculator', is likely to move in that order unless, through restructuring and given time, the firm can re-establish its reputation in the market place.
The regulator requires a range of enforcement sanctions to deal with the different types of regulated firms and individuals explored above. 63 The enforcement sanctions and measures that regulators can use can take a variety of forms but are normally categorised into administrative, civil and criminal sanctions. 64 An attempt to increase the use of non-punitive administrative sanctions could directly increase enforcement activity in the intermediate range of offences without society or the market closing its doors on a participant. It is evident that the regulator needs a number of regulatory enforcement powers to deter the various forms of behaviour  63 For an excellent examination of this issue, see Mann (1992), at p 1863; Shapiro (1985), at p 193. noted above. 65 The wide arsenal of enforcement sanctions means that regulators can address various forms of behaviour through the use of either punitive or nonpunitive means, depending on the firm's or individual's level of culpability and blame for the losses or failure, thus signalling that the behaviour addressed is considered unacceptable. The signalling can take place either in private or in public so that others within the firm or in the industry see that such behaviour is considered unacceptable.
The Ayres and Braithwaite enforcement pyramid provides a succinct reflection of the types of enforcement powers that regulators are likely to have at their disposal. 66 Ayres and Braithwaite have set out the choice of sanctions in a pyramid, with the most serious sanctions at the top. The base of the pyramid advocates negotiation, but further up the ladder the degree of severity of the sanction increases, recognising the need for a variety of enforcement methods to ensure compliance. Further up the pyramid, at the apex,is 'licence revocation', which will literally terminate the right to undertake licensed activities. 67 The pyramid highlights that administrative sanctions such as licence revocation or suspicion may well, in some circumstances, be considered extremely punitive. Within the pyramid of enforcement sanctions, administrative sanctions also exist in the form of powers to restrict or limit regulated activities, to prevent changes of ownership, or to restrict expansion of businesses either domestically or internationally.
The enforcement arsenal that forms part of the responsive regulation discourse provides an extremely useful way to understand how enforcement sanctions sit within a hierarchy of punitive and non-punitive sanctions. A range of administrative, civil and criminal sanctions also addresses the possibility of regulatory underenforcement and over-enforcement since it gives the regulator a number of options to address the problem it has identified. A lack of response is likely to require an explanation. It would also be unrealistic to think of regulators moving up the pyramid from negotiation to licence revocation in some seamless fashion. 68 The reality is more likely to be an assessment of the evidence and determination of which enforcement sanction is best suited to address the problem or minimise the harm being produced. The decision to impose either an administrative or a civil or criminal sanction also requires the regulator to consider the costs and level of resources needed to pursue one of those different routes. 69 Moreover, it is important to take into account the spill-over effects of enforcement decisions to the wider socio-economic system. This section has explored some of the key elements of enforcement policy, namely the approach to enforcement, the different types of behaviour regulated firms and individuals can display, and finally the range of sanctions needed to address those various forms of culpability. There is no real one-size-fits-all approach that can be adopted. The move to some form of single enforcement model has to be 65 Gunningham (2012), at p 126. 66 Ayres and Braithwaite (1992), at p 26. 67 Ibid., at p 35. 68 Haines (1997), at p 220. 69 According to Scholz (1984a, b), at p 392; Ayres and Braithwaite (1992), at p 26. congruent to a separate approach to prudential requirements and those associated with conduct risk failures. What is important is the need to be mindful of conduct risk failures resulting from conduct of business failures that could morph into wholesale poor practices which undermine the prudential soundness of the institution and possibly lead to risks to the financial stability of the market as a whole. This will pose a particular challenge to regulators with a narrow mandate, as in the case of the ECB. From a holistic perspective, the gap in enforcement regarding conduct of business risks at the eurozone level also provides a reason for a Capital Markets Union with a regulator safeguarding market integrity with an appropriate enforcement model to address conduct of business risks. This would complement the ECB's prudential focus. It is important to assess whether the reforms proposed by CRD IV will address some of these themes. It will be suggested that, in light of the above-mentioned gaps, inconsistency of approach will inevitably exist and thus thwart a level playing field.

Is the EU Moving to a Coherent Enforcement Approach?
The EU financial services regulators are not without a range of enforcement powers and sanctions, far from it. 70 Still, the thought of a single overarching approach to enforcement and sanctions poses tremendous challenges for the discrete ways regulation and supervision are undertaken in the members of the European Union. 71 The cultures and traditions of regulation, supervision, accountability and enforcement differ considerably, as do the responsibilities allocated to a single, dual or multiple set of regulators and supervisors. This highlights that there are not only country-specific cultural approaches that need to be appreciated but also, as noted above, different approaches between the various business lines that make up the financial services industry. However, under the EU agenda of more consistency of approach to the oversight of financial services, enforcement must also be tackled in the same way as prudential and conduct risk requirements. Whilst the above may improve compliance with more robust prudential requirements and conduct risk requirements, it is suggested that a coherent deterrence approach is needed to achieve the enforcement objectives. The move to a 'single supervisory regime' will improve EU Member State compliance. Compliance will, however, only be entirely consistent when the deterrence part of the enforcement model is coherently  71 The point here is that the financial services industry is not a single homogenous grouping, let alone a single industry, but a complex set of different industries where a single enforcement approach would need to be broad enough to achieve the objectives of the distinct industries. addressed as well. The evidence provided by the 2009 Review and the 2011 Impact Assessment 72 clearly indicates significant gaps in the enforcement arsenal of EU Member States and a lack of credible deterrence in the enforcement of administrative penalties and measures. It highlights, in particular, gaps and divergences in approach between EU Member States as to what regulators can and cannot do when faced with similar problems at banks. This also depends on whether the relevant bank is, in all intents and purposes, a going concern or a gone concern.
The adoption of CRD IV sets out a number of reforms to the enforcement regime in EU Member States to address the divergence between EU Member States in the way they deal with failures at banks as well as with individuals responsible for those failures. 73 It first provides the basis to develop administrative penalties, but criminal sanctions are not covered. 74 It also requires EU Member States to put in place administrative measures for dealing with non-compliance. EU Member States can rely on existing penalty regimes to build a coherent set of penalties and fill in gaps with new penalties to deal with the different forms of non-compliance likely to arise. Article 65(2) enables EU Member States to apply the penalty in accordance with national law provisions that also apply to members of the management body, such as, for example, those relating to shareholders' powers to dismiss directors. 75 In this respect, the financial regulator will have to be mindful of such procedural rights when exercising those powers.
The forms of administrative measures that EU Member States need to have in place, as a minimum, are listed and the matters to be taken into account in deciding the size of the penalty or extent of the administrative measures are provided. 76 The first set of reforms includes those to deter unauthorised regulated activities or unauthorised acquisition of a qualifying holding in a credit institution. 77 In respect of those administrative measures, EU Member States are required to publish a statement about the matter, exercise a cease-and-desist order, and adopt a procedure to calculate the penalty to be applied to the firm and individuals responsible. 78 In those instances, the regulator may well address such problems using a combination of administrative and civil sanctions. In extreme cases, individuals found to be managing such unregulated businesses could also be criminally prosecuted for fraud or dishonesty.
The Centralisation of European Financial Regulation and… 455 acquire authorisation; 80 failure to report changes to acquired holdings; 81 failure to put in place specific governance arrangements as required by the national competent authorities; 82 misreporting information to the regulator about own funds; 83 misreporting data, 84 large exposure, 85 liquidity 86 or leverage ratio; 87 failure to hold the appropriate liquid assets; 88 exceeding exposure limits; 89 mismanaging securitisation risks; 90 and appointment of members of the management body without the suitable experience, skills and knowledge. 91 In response to such matters, the EU Member State may withdraw authorisation, 92 impose a temporary prohibition on individuals from the industry, 93 or impose pecuniary penalties on the firm or relevant individuals. 94 In respect of these types of failures, the regulator may not address those problems with deterrence options. Instead, it may opt for more of a compliance-based approach and negotiate to ensure adherence, as the threat of sanctions maybe enough to make the regulated respond. When deciding the size of the administrative penalties and/or the severity of the administrative measures, the regulator is specifically required to take into account the following: the gravity of the breach; the level of responsibility of the firm or individual; the level of profit or loss avoided as a result of the breach; losses sustained by investors; the level of cooperation offered; and the risk posed to the stability of the system. 95 EU Member States are required to report administrative penalties to the EBA, which will give the EBA a better understanding of the level of enforcement penalties administered across the EU. 96 The utility of this is, however, called into question since it should also extend to administrative measures so that the EBA can get a better picture of the enforcement of those matters across the EU as a whole. At the same time, some of the administrative measures may not be publicised, and, rightly so in the public interest, since they could, if the timing is not considered suitable, pose external spill-over risks. The risk of enforcement inconsistency remains since some EU Member States may impose more punitive administrative measures in comparison to others when breaches at banks are identified.
CRD IV makes significant changes to the enforcement regime but also confers significant discretion on EU Member States to interpret the provisions, as well as discretion on the regulators to make decisions on a day-to-day basis. Therefore, it will not necessarily improve the level of consistency across the European Union. It is suggested that additional regulatory guidance from the EBA is needed to reduce the divergence of approach and thus reduce the risk of enforcement arbitrage by booking the more risky business in jurisdictions where there is a greater probability of underenforcement compared to a jurisdiction where there is likely to be over-enforcement. The level of enforcement is still partly reliant on the level of resources which the local regulator has to investigate such matters, thus again leading to the risk of enforcement arbitrage by firms that are aware of the differing approaches to the supervision of risk. Moreover, the enforcement sanctions associated with breach of prudential requirements are not likely to be initiated, or even publicised, unless the institution's viability is in doubt and is part of the reason for moving towards resolution.
The administrative penalties and measures focus on the authorisation of regulated activities, prudential requirements and internal management controls, and, in so doing, concentrate on the safety and soundness of institutions. Those measures are necessary and are not called into question, but do require consistency across the EU. Moreover, since mismanagement of conduct risk generally exists before signs of prudential risk emerge, it is argued that the move to reform administrative penalties and measures should be extended to all areas of financial services. The level of public enforcement of prudential requirements is miniscule in comparison to its conduct of business counterpart. With such focus on prudential requirements and internal management controls, the enforcement agenda is not being addressed appropriately to improve consistency and to avoid the risks of 'under' or 'over' enforcement, as described by Mann. 97 The move to formally introduce a criminal sanctions regime to support administrative sanctions and measures across the European Union over recent years 98 is a response to the call from society to ensure that those individuals found culpable are exposed to the risk of imprisonment or criminal financial penalties. Criminal sanctions provide the traditional deterrent against acts which have a sufficiently deleterious, adverse effect and impact on society. The punishment prescribed by the criminal justice system tries to achieve a broad range of goals which are not necessarily attainable with one sanction, such as restraint, retribution, rehabilitation, education, denunciation, compensation or just deserts. 99 Indeed, the introduction of a criminal sanctions regime will not necessarily mean that we will 97 Mann (1992). 98  see those considered culpable put behind bars, for it is incredibly difficult to succeed in securing criminal prosecutions. For similar reasons, it is unlikely to find regulators exercising their powers to revoke a bank's licence or to ban, permanently or temporarily, individuals from working in the financial industry. In the regulatory context, a greater overlap between criminal, administrative and civil sanctions exists under the auspices of administrative powers. 100 The growth in the use of administrative sanctions is nevertheless based on a systematic process of decriminalising regulatory offences, which has curtailed the use of criminal sanctions for all but the most serious offences. 101 It is only in more recent times, in the aftermath of the global financial crisis, that we have seen a re-emergence of criminal sanctions to complement other enforcement sanctions. 102 Given the above, it is argued that the powers provided in CRD IV require the ECB as the single supervisory authority to develop better guidance for EU Member States and to flesh out a more consistent application of enforcement sanctions.

Complementing the European Single Rulebook and the Single Supervisory Handbook with a Single Enforcement Handbook
This paper proposes to create an enforcement handbook to complement the European Single Rulebook and the Single Supervisory Handbook. It is suggested that the latter two are focused on a compliance-orientated and remedial model of enforcement. The remedial approach is interpreted to mean putting in place corrective measures to deal with, inter alia, capital, liquidity, governance and internal control shortcomings. The success of the Banking Union is reliant on the EBA, in terms of rule design, and on the ECB to undertake the work of prudential supervision, working, in part, with national competent authorities to ensure compliance with requirements set out, for instance, in CRD IV and CRR. The process of the EBA assisting with rule convergence and compliance is an example of that model. 103 This process will also identify inconsistencies in approach and put in place mechanisms to iron out those variations through the development of technical standards, guidance and recommendations. 104 The EBA is yet to develop, however, standards, guidance or recommendations on the enforcement sanctions set out in CRD IV. 105 The responsibility conferred on the ECB to fulfil the single supervisory role also lends itself to more of a compliance-based model of enforcement, consisting of a remedial approach to supervisory matters (with the exception of the most punitive of sanctions, withdrawal of authorisation). 106 The above mechanisms -the Single Rulebook and Single Supervisory Handbook -provide a considerable level of support to the ECB and a centralised supervisory agenda. Moreover, the ECB is also expected to work closely with the national regulators of EU Member States not within the eurozone through formal memoranda of understanding. 107 The important element in this process of developing a consistent ground for the regulation and supervision of significant banks is to ensure that the interpretation and application of rules is sufficiently transparent even though the rules themselves are already transparent. The culture and approach will need time to develop so that a consensus can develop around what is considered good supervision. 108 The focus on prudential requirements could result in a time lag between conduct and impact on capital or liquidity levels, so it is important for the ECB to also look at the wider behaviour of banks.
The challenge will be to develop a normative framework that (1) can link, at a high level, the discrete elements of the single supervisory and resolution mechanisms; (2)is sufficiently informative about its approach to supervision; and (3) captures the discretion that resides in the national authorities. The importance of this exercise would be to assist the ECB, significant banks and national authorities in understanding the expectations associated with the 'single' approach. It is quite evident that various approaches to regulation and supervision exist, from traditional command and control, principles-based, light-touch, compliance-based or deterrence-based approaches, to more recent intrusive, judgment-based and forwardlooking approaches. Each approach has its own type of perimeters to control the discretion of the regulator and the regulated, and its own construction of what constitutes risk to regulatory objectives.
The move towards a judgment-based approach by the ECB and Member States could form the basis of an adversarial approach which to other regulators with a more administrative form of regulation and supervision appears extremely intrusive in the affairs of the regulated. The regulated could be of the view that this is a move 105 In this connection, the EBA has only 'very limited direct, binding powers of intervention over NCAs [national competent authorities] and banks'. This is confined to exceptional situations such as, for instance, breaches of EU law, where EBA would direct NCAs or banks to comply in a specific way. Instead, day-to-day supervision has broadly been left at national level notwithstanding the European Financial Stability Facility (EFSF) reforms. See Recital 9, Regulation (EU) No 1093/2010, cited in Moloney (2014), at p 1621. 106 CRD IV, Art. 4(1). 107 Ibid., Art. 3(6 to over-regulation. 109 The primary challenge is the need to provide adequate reasons to give the regulated the right to evaluate a decision and the regulator to avoid allegations of the judgment appearing subjective and disproportionate rather than objective and proportionate. The ECB's overarching role of providing greater consistency in order to bridge different approaches to regulation and supervision implies that it should be able to develop a common approach and understanding. The explanation of the risk-based approach adopted by the ECB implies that it constitutes a single homogenous form. 110 The process of allocating regulatory resources according to a risk-based approach requires a better construction of the risk-based approach so that it is clear how the intensity of supervision and decisionmaking changes according to how risks are expected to be monitored, assessed and then remedied. Based on the risk-based approach to regulation it will be necessary to construct how judgments are likely to be executed within that framework. Again, the judgment-based approach does need to be structured to improve the transparency of how it is expected to be applied.
The ECB is conferred a range of investigatory, information-gathering and enforcement powers to support its supervisory work, which it can exercise directly or indirectly. 111 It is granted responsibilities that amount to it being the competent authority of those banks deemed significant. 112 The ECB directly exercises supervisory, investigatory and enforcement powers, or initiates powers indirectly with the support of national supervisory authorities acting on its behalf. 113 Benefits are gained by the ECB's ability to utilise the national supervisory authorities' knowledge in the ECB's supervisory tasks. In addition, the ECB's ability to share staff of national supervisory authorities through exchanges and secondments enables the ECB to build up its own understanding of the institutions on a day-to-day basis. It will therefore have, for all intents and purposes, the powers of national supervisory authorities at its disposal. The recent ECB decision to assess a number of banks to determine whether they could, in the future, be classified as significant is a good example of it exercising its discretion. 114 It also illustrates how the ECB can ask the national authorities to provide it with the information to make such an assessment and to form its view. The ECB will therefore need to develop its own approach to supervision policy so that it can be judged against that policy in the exercise of its responsibilities. 115 The tools and tasks of supervision and the discrete approaches of national supervisory authorities require policy coherency to bring them together. Part of this exercise is initiated with the guidance on supervision. 116 But this can only be a first step on the road of supervision. A large proportion of its role and approach is argued to be opaque, to say the least. Whilst there is a degree of consistency in the approach to supervision, there is considerable room for enforcement arbitrage with the multiple layers of oversight at regional and EU Member State level and the reality of participating and non-participating EU Member States within the framework of centralisation. This reflects the reliance the ECB will have on national resources and approaches to fulfil part of its mandate. 117 But more significantly, the ECB is required to exercise its responsibilities in accordance with relevant EU law.
The ECB must therefore comply with the interpretation of the provisions of directives adopted by EU Member States. CRD IV also enables national authorities to interpret enforcement sanctions in line with national law, 118 thus exacerbating the risk of enforcement arbitrage. This is the case even despite the decision to take a consistent approach towards the interpretation of CRD IV. The result could be that the ECB may be required to apply different interpretations to similar sets of circumstances, depending on how the relevant EU Member State has exercised its discretion. Indeed, the field of administrative enforcement sanctions is one area that could lend itself very easily to differing interpretations due to the precision with which they are drafted, which could thus lead to different outcomes. 119 In order to partly remedy the gap identified here, the move to creating a single enforcement handbook would start the process of minimising inconsistency.  110. 117 There is also the risk that the ECB relies on the supervisory authority to exercise enforcement decisions rather than taking such decisions itself. However, the risk of such an approach would be that the ECB would show itself to be reluctant to intervene and give the impression that it is under-enforcing and using more carrots than sticks. This is similar to Ayres and Braithwaite's analogy of central banks acting as a 'Benign Big Gun' where they have a considerable arsenal of tools and powers but rarely utilise them. The argument runs that the presence of the powers is enough to ensure compliance. As we have seen, that is not always the case. 118 See Art. 64(2), Section IV, CRD IV.
The supervisory regime articulated in the guide is not sufficient on its own to explain the approach to supervision, as each facet of the supervisory process requires clarification of how best to comply with additional guidance. The lack of specificity would enable the domestic regulators and the regulated to challenge enforcement policy and sanctions. While that may not be the mandate of the ECB but rather that of the EBA, the technical standards provided by the EBA 120 are just as vague and open to interpretation as the rules themselves, thus in many ways lending little assistance to the process of rule interpretation and compliance. In the area of CRD IV and administrative sanctions there is limited assistance. Moreover, the stress-testing of banks provides an understanding of the underlying risks in the banking system but cannot be viewed as the ECB's sole basis for then disclosing enforcement actions or decisions.
The paper therefore advocates moving towards a single enforcement book to improve the interpretation of administrative enforcement powers at the level of the centralised bodies, EU Member States, supervisory bodies and the regulated. The development of a single enforcement handbook would serve several purposes, in line with Diver's work on the precision of administrative rules. 121 The process of articulating standards and guidelines around administrative sanctions enables the centralised bodies to explain the aims, objectives and principles which they would like to associate with this part of their responsibilities. Providing guidance on the use of enforcement sanctions would also support a process of consistency of application of administrative sanctions. Such guidance would need to reflect the interpretation of the enforcement sanctions and thus enable a more centralised approach to what is considered reasonable behaviour. Indeed, the approach taken to address behaviour needs to clarify the opacity surrounding 'what is reasonable and unreasonable' whilst not unnecessarily disabling the use of those sanctions to address individual behaviour. The guidance could also help national authorities and EU Member States gauge which type of enforcement sanction to apply, i.e., administrative, civil or criminal. This would assist the authorities in determining the level of recourses that they will need to deal with a matter. The centralised authorities would also, through a process of transparent practices, be better placed to gauge areas of under-and over-enforcement when relying on national supervisory authorities to execute certain enforcement decisions. The ECB as a supervisor would be able to assess whether it is taking a consistent approach to such matters across the EU and is not simply being influenced by national interests. The move to a single enforcement handbook would also lead to better coordination of enforcement powers between going concern and gone concern, for example, in connection with the powers of early intervention. The whole enforcement lifecycle can then be addressed as a whole rather than incrementally in separate places. Connecting the parts also means better levels of accountability since it enables the 120 See EBA, Guidelines on common procedures and methodologies for the supervisory review and evaluation process (SREP), 19 December 2014. https://www.eba.europa.eu/documents/10180/935249/ EBA-GL-2014-13?(Guidelines?on?SREP?methodologies?and?processes).pdf. Accessed 19 October 2015. 121 There are challenges to articulating the precision of administrative sanctions but this has not prevented financial regulators from formulating a better understanding of this area. central authorities to identify whether national authorities could address problems earlier by applying administrative sanctions prior to the situation snowballing into a risk of the bank being put into resolution. The EBA's process of peer review of rule compliance and frequency of use could equally apply to compliance with, and frequency of use of, administrative sanctions. The review work would offer the centralised bodies the opportunity to better understand the level of resources they need to devote to such areas.

Conclusion
A range of challenges have been identified, and enforcement has certainly been noted as one of them. The ECB's use of national authorities to inform its decisions does require a consistent approach in order to ensure that relationships are not established on the basis of the political bargaining power of respective EU Member States. The ECB will therefore need to develop its own approach to supervision policy, so that it can be judged against that policy in the exercise of its responsibilities. The tools and tasks of supervision and the discrete approaches of national supervisory authorities require policy coherency to bring them together. From a rather critical perspective, the ECB is still to develop a coherent policy framework around its new day-to-day responsibilities: its rather 'bottom-up approach' of lots of tools and levers but little in the way of a coherent regulatory and supervisory framework for how those levers and tools are or may be used, subsequently opens up an expectations gap. The importance of this area of policy is that it addresses the day-to-day dilemmas and challenges of supervision associated with intensive supervision, investigations and enforcement, and the reasons why a coherent enforcement policy is needed. Eventually, enforcement of prudential risks, conduct risk and conduct of business risks should be complemented and strengthened by an EU Capital Markets Union with an actual focus on regulation and supervision of market integrity and investor protection, since these issues tend to give rise to more enforcement activity.
The move towards greater levels of consistency in rule compliance, through the adoption of a single regulatory regime and centralisation of regulatory and supervisory policy and oversight regarding significantly important banks, makes a more consistent approach to enforcement policy necessary to be able to deal with 'middle ground' failures that can arise when a bank is a going concern but not at the point of resolution. Developing a coherent enforcement strategy is imperative to improving the consistency of approach and to achieving consistent supervisory objectives. This task is, nevertheless, onerous due to the complex way enforcement can be exercised in each EU Member State. However, neither that hurdle nor the complexity of the financial services industry should stand in the way of taking the opportunity to address enforcement in the financial services industry and to consider the feasibility of forming a single enforcement approach.
Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, The Centralisation of European Financial Regulation and… 463 distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.