The EBA calls for communication to credit institutions about the relevance of AML/CFT concerns from a prudential perspective

24 July 2019

The EBA published today an Opinion on the link between money laundering and terrorist financing concerns and prudential objectives. This Opinion forms part of the EBA's ongoing work to strengthen the fight against money laundering and terrorist financing in Europe and responds to a request in the Council Anti Money Laundering Action Plan of 2018.

With this Opinion, the EBA invites prudential supervisors to send a common message to institutions that prudential supervisors factor AML/CFT issues into the prudential supervisory process and cooperate closely with AML/CFT supervisors for this purpose.

Money laundering and terrorist financing (ML/TF) can have a significant, adverse impact on an institution's safety and soundness. This is why prudential supervisors need to be aware of, and act upon, ML/TF risks, which may pose prudential risks to the institutions they supervise and in particular:

  • When considering whether to authorise an institution or when assessing proposed acquisitions of qualifying holdings;
  • As part of their ongoing supervision of institutions, for example when assessing the adequacy of an institution's governance and risk management systems; and
  • When taking corrective measures to address potential weaknesses from a prudential perspective.

The EU Council made clear in its action plan of 2018 that the link between ML/TF risk and prudential objectives means that prudential and AML/CFT supervisors must cooperate closely and share information in the discharge of their respective functions. Where institutions operate across borders, the EBA expects supervisors to cooperate with their international counterparts.

Note to the editors

  1. This Opinion forms part of the EBA's wider work to strengthen the link between prudential and AML/CFT supervision. Examples of this work include draft guidelines on supervisory cooperation for AML/CFT purposes and a multilateral agreement between the European Central Bank in its capacity as prudential supervisor and national AML/CFT supervisors. See It reflects a specific request in the Council Anti Money Laundering Action Plan of 2018
  1.  EU legislators have also taken a number of steps to clarify and strengthen the link between AML/CFT and prudential supervision. These steps include, for example,
  • Amendments to the Capital Requirements Directive, which clarify the link between prudential supervision and AML/CFT supervision and require prudential supervisors to act on AML/CFT information; and
  • An Anti-Money Laundering Action Plan, which the Council of the European Union adopted in December 2018. In this Action Plan, the Council asks supervisors to ‘send a clear signal to the industry that money laundering / terrorist financing risks communicated to prudential supervisors by AML/CFT supervisors are also factored into the prudential supervisory process and that prudential supervisors cooperate closely with AML/CFT supervisors for this purpose, while respecting the specific tasks of both supervisors.'

Legal basis

  1. The competence of the EBA to deliver this Opinion is based on Article 29(1)(a) of Regulation (EU) No 1093/2010, as part of the EBA's objective of playing ‘an active role in building a common Union supervisory culture and consistent supervisory practices, as well as in ensuring uniform procedures and consistent approaches throughout the Union'
EBA welcomes publication by the European Court of Auditors of special report on the EU-wide stress test

10 July 2019

The European Banking Authority welcomed today's publication by the European Court of Auditors (ECA) of a special Report on the EU-wide stress test titled "EU-wide stress tests for banks: unparalleled amount of information on banks provided but greater coordination and focus on risks needed". The EBA acknowledged the efforts made by the ECA in providing valuable insights to improve the efficiency of the EU-wide stress test in the future.

The report is the result of an audit conducted by the ECA on the 2018 EU-wide stress test, while also considering aspects of the 2016 exercise. The findings of the independent review highlight the EBA's leading role in providing transparency of information on EU banks' data and acknowledge the great effort made by the staff in coordinating the exercise, especially considering the limited resources available.

The EBA takes note of the recommendations made by the ECA and welcomes the constructive challenges that the ECA's independent review provides, being cognisant that the EU-wide stress test can be improved further. Among the recommendations listed, the ECA prescribes to develop a top-down approach for stress tests to complement the current bottom-up approach, to expand the criteria to assess the sample of the exercise and to publish all banks' minimum requirements.

The EBA is committed to considering the ECA's recommendations in its ongoing discussion on possible longer-term changes to the EU-wide stress test. In addition, the EBA has already introduced greater transparency on additional own funds requirements (Pillar 2 requirements) in the 2020 EU-wide stress test draft methodology in line with the ECA's recommendation.

The EU-wide stress test has contributed to a significant strengthening of EU banks' capital positions, thus restoring confidence in the banking sector and increasing transparency on banks' exposures. The EBA will keep the ECA informed on the progress made in implementing the recommendations.

ESAs launch consultation on technical standards on the reporting of intra-group transactions and risk concentration for Financial Conglomerates

22 May 2019

The three European Supervisory Authorities, the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA) and the European Securities Markets Supervisory Authority (ESMA) launched today a consultation on draft Implementing Technical Standards (ITSs) on the reporting of intra-group transactions and risk concentration for Financial Conglomerates. The draft technical standards were developed based on the mandate included in Financial Conglomerates Directive (FICOD). The consultation runs until 15 August 2019.

The draft technical standards aim at offering a single framework of requirements for the reporting of intra-group transactions and risk concentration by financial conglomerates subject to supplementary supervision in the European Union.

The ITSs provide the foundation for the harmonisation of reporting, with one single set of templates and a single embedded dictionary using common definitions and a single set of instructions to fill in the templates. The ITSs will help the coordinators and other relevant competent authorities to identify relevant issues and exchange information more efficiently, thereby reducing costs and fostering a level playing field across financial conglomerates in the European Union.

Consultation process

For responding to this consultation please use the following link.

Please note that the deadline for the submission of comments is Thursday, 15 August 2019 at 23.59 hrs CET.

All contributions received will be published following the close of the consultation, unless requested otherwise.

Legal basis

These draft ITS have been developed according to the mandate provided in Article 21 a (2b) and (2c) of Directive 2002/87/EC.

EBA updates on its work in response to the Commission's call for advice on Basel III implementation

16 May 2019

The European Banking Authority (EBA) is currently finalising its impact assessment on the implementation of Basel III, in response to the European Commission's call for advice it received on 4 May 2018. The findings of the assessment in the areas of credit risk, operational risk, output floor and securities financing transactions will be published in a report by the end of July 2019. The findings in the area of market risk and CVA will be published at a later stage, owing to the later completion of these parts of the Basel III framework.

The assessment is based on a comprehensive data collection and supplemented with evidence provided by the banking industry in the form of a qualitative questionnaire.

Before the publication of its advice to the European Commission, the EBA will present the quantitative findings and its main policy recommendations at a public hearing, which will be held at the EBA premises in Paris on 2 July 2019, from 15:00 to 18:00 CET. The deadline for registration is 11 June 2019 at 17:00 (CET).

Click here to register.

EBA publishes clarifications to a third set of issues raised by its Working Group on APIs under PSD2

26 April 2019

The European Banking Authority (EBA) published today clarifications to a third set of issues that had been raised and discussed by participants of its Working Group (WG) on APIs under PSD2. The clarifications respond to issues raised on the portability of ‘wide usage' data between EU Member States and on eIDAS certificates, in particular with regards to passporting, their use during the ‘wide usage' period, and the reliance on the certificates by account servicing payment service providers (ASPSPs). The clarifications also respond to questions on the use by Third Party Providers (TPPs) of agents and outsourcees for accessing payment accounts data and on the interpretation of the conditions of "widely used" and "design to the satisfaction of the TPPs".

Background and next steps

In January 2019, the EBA established a Working Group (WG) on APIs under PSD2, consisting of 30 individuals representing account servicing payment service providers (ASPSPs), third party providers (TPPs), API schemes, and others market participants. The aim of the group is to facilitate industry preparedness for the Regulatory Technical Standard (RTS) on Strong Customer Authentication and Common and Secure Communication and to support the development of high-performing and customer-focused APIs under PSD2.

The group is tasked with identifying issues and challenges that market participants face during the testing and use of API interfaces in the period leading up to the application date of the RTS on 14 September 2019. The group is also asked to propose solutions on how the identified issues could addressed, which the EBA and national authorities will then consider when providing clarifications in response to the issues raised.

On 11 March and 1 April 2019, the EBA published clarifications to the first and second set of issues respectively that had been raised by the working group. Today's publication is the response to the third set of issues that the group had raised. Four of the issues required the EBA to interpret legal instruments it had previously published and have, therefore, been clarified via the Q&As, which are cross referenced in today's publication. In the weeks and months to come, the EBA will add further clarifications.

EBA adds MCD to its online Interactive Single Rulebook and QA tools

25 April 2019

The European Banking Authority (EBA) has updated its online Interactive Single Rulebook and Q&A tool with the inclusion of the Mortgage Credit Directive (MCD).

Users will now be able to review on the EBA website all the EBA's final Technical Standards and Guidelines associated with the MCD by navigating through the Directive on an article by article basis. The inclusion of the MCD into the Q&A tool will also allow users to submit any questions they may have on the application of this Directive and the EBA's work related to it.

The purpose of the Q&A tool is to support the consistent and effective application of the EU regulatory framework for the banking sector, the Single Rulebook. The Q&A tool also contributes to the completion of the legislative framework by ensuring any remaining regulatory loopholes are addressed. The process is based on close and on-going interaction with the European Commission so that responses in the Q&A tool are fully consistent with EU legislative texts.

EBA updates list of diversified indices

11 April 2019

The European Banking Authority (EBA) updated today the list of diversified indices, which was originally published in December 2013. The list is part of the implementing technical standards (ITS) drafted to calculate the capital requirements for position risk in equities according to the standardised rules. The list was updated according to the procedure and methodology laid down in the ITS and submitted to the European Commission for endorsement.


ESAs publish Joint Advice on Information and Communication Technology risk management and cybersecurity

10 April 2019

The European Supervisory Authorities (ESAs) today published two pieces of Joint Advice in response to requests made by the European Commission in its March 2018 FinTech Action Plan:

  • Joint Advice on the need for legislative improvements relating to Information and Communication Technology (ICT) risk management requirements in the European Union (EU) financial sector [Link]
  • Joint Advice on the costs and benefits of a coherent cyber resilience testing framework for significant market participants and infrastructures within the EU financial sector [Link]

Regarding the need for legislative improvements, in developing the Joint Advice the ESAs' objective was that every relevant entity should be subject to clear general requirements on governance of ICT, including cybersecurity, to ensure the safe provision of regulated services. Guided by this objective, the proposals presented in the Advice aim at promoting stronger operational resilience and harmonisation in the EU financial sector by applying changes to their respective sectoral legislation. Incident reporting is highly relevant to ICT risk management and allows relevant entities and authorities to log, monitor, analyse and respond to ICT operational, ICT security and fraud incidents. Therefore, the ESAs call for streamlining aspects of the incident reporting frameworks across the financial sector. Furthermore, the ESAs suggest that a legislative solution for an appropriate oversight framework to monitor the activities of critical third party service providers should be considered.

Regarding the costs and benefits of a coherent cyber resilience testing framework, the ESAs see clear benefits of such a framework. However, at present there are significant differences across and within financial sectors as regards the maturity level of cybersecurity. In the short-term, the ESAs advise to focus on achieving a minimum level of cyber-resilience across the sectors, proportionate to the needs and characteristics of the relevant entities. Furthermore, the ESAs propose to establish on a voluntary basis an EU wide coherent testing framework together with other relevant authorities taking into account existing initiatives, and with a focus on Threat Lead Penetration Testing (TLPT). In the long-term, the ESAs aim to ensure a sufficient cyber maturity level of identified cross-sector entities.

To implement the proposed actions, the ESAs highlight the required legal basis and explicit mandate, which is necessary for the development and implementation of a coherent resilience testing framework across all financial sectors by the ESAs in cooperation with other relevant authorities.


The European Commission's March 2018 FinTech Action Plan specifically requests the ESAs:

  • To map, by Q1 2019, the existing supervisory practices across financial sectors around ICT security and governance requirements, and where appropriate a) to consider issuing guidelines aimed at supervisory convergence and enforcement of ICT risk management and mitigation requirements in the EU financial sector and, b) if necessary, provide the Commission with technical advice on the need for legislative improvements.
  • To evaluate, by Q4 2018 (now Q1 2019), the costs and benefits of developing a coherent cyber resilience testing framework for significant market participants and infrastructures within the whole EU financial sector.

Joint Committee website

EBA centralises information on administrative sanctions or measures under AMLD4

03 April 2019

The European Banking Authority (EBA) brought together, on its website, links to national competent authorities' websites where users will be able to access information on sanctions and administrative measures competent authorities have imposed for breaches of applicable anti-money laundering and counter-terrorist financing (AML/CFT) obligations.

The Fourth anti-money laundering Directive (AMLD4) sets out a broad range of administrative sanctions and measures all Member States must be able to impose for breaches of the applicable AML/CFT framework. It also requires that competent authorities publish information on the sanctions and measures they have imposed. The publication shall include at least information on the type and nature of the breach and the identity of the persons responsible.

The EBA is not responsible for the content of competent authorities' websites.

Click here to access the EBA page

EBA acknowledges notification from the Austrian Financial Market Authority

03 April 2019

The EBA has received a notification from the Austrian Financial Market Authority (Finanzmarktaufsicht, FMA), in its capacity as Resolution Authority, in relation to the application of resolution measures to Heta Asset Resolution AG.