Modern investment banking groups are increasingly complex, interconnected, and globally integrated. Within many structures, the licensed investment bank or securities firm operates as part of a broader corporate group where strategic influence, expertise, technology infrastructure, and commercial relationships may reside outside the regulated entity itself. While group integration is commercially efficient, it also creates an important supervisory concern: whether the licensed institution genuinely exercises independent control over regulated activities or has gradually become a hollow subsidiary dominated by an unregulated parent.
This issue has become increasingly relevant in cross-border financial centres and group-based investment banking models where parents, affiliates, or holding companies exercise substantial influence over business generation, transaction structuring, client relationships, and strategic decisions. Regulators are therefore focusing less on legal form and increasingly on operational and economic reality.
The central question is straightforward but significant:
Is the licensed investment bank truly conducting the regulated activity, or is the unregulated parent effectively acting as the real investment bank behind the structure?
This distinction carries major implications for regulatory authorization, governance, conduct supervision, operational resilience, and financial stability.
Under most regulatory systems, investment banking activities such as arranging deals in investments, securities placement, investment advisory, underwriting, and capital raising are regulated activities requiring authorization. The rationale is clear: these activities directly influence investor outcomes, market integrity, and systemic confidence.
At the same time, regulators generally permit outsourcing and intragroup service arrangements. Investment banks commonly rely on parents or affiliates for technology support, research, legal assistance, shared services, branding, treasury support, or administrative infrastructure. However, outsourcing does not transfer regulatory accountability. The licensed institution remains responsible for compliance, governance, customer protection, and operational resilience.
The problem emerges when operational support evolves into substantive control.
In many questionable structures, the unregulated parent may:
- originate investment opportunities,
- negotiate transaction economics,
- source and manage investors,
- influence strategic approvals,
- coordinate structuring activities,
- dominate staffing and expertise,
- direct commercial decisions,
- exercise de facto control over the regulated business model.
Meanwhile, the licensed investment bank may perform only limited formal functions such as documentation, booking, or regulatory interfacing. In such circumstances, regulators may begin to question whether the licensed entity possesses sufficient operational substance to justify its authorization.
This creates what may be described as the “hollow subsidiary” problem: the regulated entity retains legal form, but substantive influence and decision-making sit elsewhere.
The issue becomes particularly acute in relation to arranging deals in investments. Across many jurisdictions, this activity is interpreted broadly and may include:
- introducing counterparties,
- facilitating negotiations,
- marketing securities,
- coordinating issuances,
- structuring investment opportunities,
- bringing investors and issuers together.
If these substantive activities are materially performed by an unregulated parent, supervisors may question whether unauthorized regulated activity is occurring outside the regulatory perimeter.
This is not merely a legal technicality. It strikes at the integrity of the licensing framework itself. Financial regulation depends on the principle that entities performing regulated activities remain subject to prudential oversight, conduct supervision, governance requirements, and enforcement authority. Where commercial influence migrates outside the regulated perimeter, accountability weakens.
A major supervisory concern relates to governance independence. Licensed investment banks are expected to maintain effective boards, competent senior management, independent control functions, and meaningful challenge capability. However, excessive parent dominance may erode governance effectiveness. Senior management may defer commercially important decisions upward to the parent organization. Risk and compliance functions may struggle to challenge activities effectively where business authority resides externally.
The concern also extends to conflicts of interest. An unregulated parent may prioritize broader group profitability, affiliate transactions, or strategic interests that are not always aligned with fiduciary obligations or customer protection expectations applicable to the licensed entity. The regulated subsidiary may therefore become exposed to conduct and reputational risks generated outside its effective control.
Operational resilience creates another important dimension. Excessive dependency on parent entities can undermine continuity during stress situations. Key systems, personnel, data access, or transaction authority may reside externally. In periods of financial stress, sanctions exposure, cyber incidents, litigation, or geopolitical disruption, the licensed institution may find itself unable to operate independently.
Global regulators increasingly recognize that intragroup outsourcing can create risks comparable to third-party outsourcing. Historically, institutions often treated parent-related arrangements as inherently safer because they occurred within the same corporate group. Supervisory thinking has shifted considerably. Regulators now focus on concentration risk, dependency risk, and governance risk regardless of whether the service provider is external or intragroup.
The Basel Committee on Banking Supervision has emphasized that banks remain fully accountable for outsourced functions and third-party arrangements, including intragroup structures. Similarly, European and UK regulators increasingly require firms to demonstrate operational resilience, effective oversight, and independent governance even where critical services are provided by affiliates.
The practical supervisory assessment therefore extends beyond contractual outsourcing language. Regulators increasingly examine:
- who originates the transaction,
- who controls the client relationship,
- who negotiates commercial terms,
- who exercises judgment,
- who performs suitability assessments,
- who approves transactions,
- who truly controls the business model.
If the answers consistently point toward an unregulated parent rather than the licensed institution, regulators may conclude that the entity lacks sufficient “mind and management” or operational substance.
Importantly, parent involvement itself is not inherently problematic. Group expertise, capital support, international connectivity, and strategic guidance can significantly strengthen smaller investment banking entities. The supervisory concern arises when support becomes substitution.
A sustainable structure therefore requires clear governance boundaries. The licensed investment bank should independently:
- maintain effective board oversight,
- exercise autonomous decision-making,
- retain qualified staffing,
- conduct compliance and surveillance activities,
- approve regulated transactions,
- own risk management processes,
- preserve operational continuity capability,
- maintain accountability for customer outcomes and regulatory obligations.
Parent entities may support the business, but they should not effectively become unregulated investment banks operating behind a licensed shell.
As financial groups become increasingly platform-based, cross-border, and centralized, the hollow subsidiary problem is likely to attract greater supervisory scrutiny globally. Regulators are no longer satisfied merely with legal licensing structures. They increasingly seek evidence that regulated institutions possess genuine operational substance, independent governance, and effective control over the activities they are authorized to perform.
Basel Committee on Banking Supervision. (2025). Principles for the sound management of third-party risk. Bank for International Settlements. https://www.bis.org/bcbs/publ/d605.htm
European Banking Authority. (2019). Guidelines on outsourcing arrangements. https://www.eba.europa.eu/sites/default/files/documents/10180/2551996/38c80601-f5d7-4855-8ba3-702423665479/EBA%20revised%20Guidelines%20on%20outsourcing%20arrangements.pdf
Financial Conduct Authority. (2021). Building operational resilience: Final rules and guidance. https://www.fca.org.uk/publications/policy-statements/ps21-3-building-operational-resilience
Central Bank of Bahrain. (2024). Operational Risk Management Module (OM Module), CBB Rulebook Volume 1. https://www.cbb.gov.bh/rulebook/volume-1-conventional-banks/operational-risk-management-module/
Leave a Reply