List of Q&As

Tokenised card details as a SCA possession element.

In relation to card tokenisation that can be used for the purposes of various payment solutions, does the token that is created from the card details qualify as a “possession element” according to the strong customer authentication (SCA) requirements?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2019_4827| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 12/07/2019

Treatment of joint credit obligations

Do the requirements established in the Guidelines on the application of the definition of default under Article 178 of Regulation (EU) No 575/2013 regarding joint credit obligations, and in particular the requirements 95, 96, 97, 98, 99, 103, 104 and 105, relate or affect exclusively to retail exposures? In that case, could the treatment of joint credit obligations in which the obligors are classified as Non – Retail differ from the treatment of joint credit obligations in which the obligors are classified as Retail? In addition, and, as per this purpose, what should be the treatment of joint credit obligations shared by retail and non-retail obligors?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2016/07 - Guidelines on the application of the definition of default under Article 178 CRR

ID: 2018_4431| Topic: Credit risk| Date of submission: 21/12/2018

10 % LGD floor for retail exposures secured by residential property

How should an institution, which uses the IRB approach calculate the 10 % LGD floor mentioned in Article 164(4) CRR in the case where a part of the individual exposures are guaranteed by a guarantor (institution) which is treated under the Standardised Approach?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2017_3554| Topic: Credit risk| Date of submission: 11/10/2017

Net cash out-/inflow from cash settled futures (“ICE Brent Crude futures contract”)

How to calculate the expected liquidity net cash outflow/inflow from a future contract with daily variation margin and an expected final cash settlement?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Delegated Regulation (EU) 2015/61 - DR with regard to liquidity coverage requirement

ID: 2019_4705| Topic: Liquidity risk| Date of submission: 13/05/2019

Insurance policy on minimum monetary amount of the professional indemnity insurance of PSD2

If an e-money payment institution (for the purpose of new PSD2 services - Payment Initiation Service Provider (PISP) and Account Information Service Provider (AISP) in line with insurance industry standards signed an insurance policy with insurance company for several thousand/million euros with franchise deductible (e.g. in the amount of 25k EUR), fulfills adequate capital requirements and is being regularly monitored by the regulator (local central bank), does the above mentioned insurance policy violate guidelines rule that the insurance policy should not have any excess, deductible or any threshold that could prejudice repayments or do we understand it correctly that such insurance policy does not in any case prejudice that potential refunds requests will not be refunded and it as such fulfills guideline requirements? We understand that such insurance does not prejudice any repayments.

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2017/08 - Guidelines on the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance

ID: 2019_4542| Topic: Monetary amount of the professional indemnity insurance| Date of submission: 12/02/2019

Calculation of operational risk capital requirements under BIA

Under the Basic Indicator Approach used to compute own funds requirements for operational risk, how should the interest revenues from impaired loans be considered in the calculation of the Relevant Indicator (RI), namely, applying the effective interest rate on the gross carrying amount of the loans (before allowances/impairment) or on the recoverable amount, after deduction of impairment?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2017_3126| Topic: Operational risk| Date of submission: 25/01/2017

Retail exposures of subsidiary / branch of an EU credit institution established outside the EU

Could the subsidiary / branch of an EU credit institution established outside the EU use local criteria (i.e. criteria widely used by credit entities and public bodies in the relevant foreign jurisdiction) to classify an undertaker as a small or medium-sized enterprise in order assign to its exposures a risk weight of 75% according to Article 123?Could the subsidiary / branch of an EU credit institution established outside the EU use local criteria (i.e. criteria widely used by credit entities and public bodies in the relevant foreign jurisdiction) to classify an undertaker as a small or medium-sized enterprise in order assign to its exposures a risk weight of 75% according to Article 123?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2019_4590| Topic: Credit risk| Date of submission: 28/02/2019

Scope of conversion factor estimation and application

Are positions with drawn amount without an underlying credit line (i.e. overdraft without credit line) within the scope of credit conversion factor estimation as per Article 166(8) CRR?

Legal act: Regulation (EU) No 575/2013 (CRR) as amended

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2017_3650| Topic: Credit risk| Date of submission: 29/12/2017

Use of Maturity Mismatch for Exposures arising under Master Netting Agreements

Do the requirements to adjust the value of collateral for maturity mismatch (Article 239) apply when using the supervisory volatility adjustments approach for Master Netting Agreements under Article 220?

Legal act: Regulation (EU) No 575/2013 (CRR) as amended

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2017_3375| Topic: Credit risk| Date of submission: 03/07/2017

Effective LGD

Could effective LGD (LGD*) be used both in AIRB and FIRB if the operation has an eligible financial collateral under Financial Collateral Comprehensive method?

Legal act: Regulation (EU) No 575/2013 (CRR) as amended

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2017_3304| Topic: Accounting and auditing| Date of submission: 25/05/2017

CR IRB template – inclusion of haircut exposure value

In what column of the Credit Risk IRB templates shall the increase of the exposure value by the haircut exposure value be reported (in column 090, in column 110 or just in column 255 and 260)?

Legal act: Regulation (EU) No 575/2013 (CRR) as amended

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2015_1868| Topic: Supervisory reporting - COREP (incl. IP Losses)| Date of submission: 03/03/2015

Reporting of e-commerce card-based payment transactions falling within the scope of EBA Opinion EBA-Op-2019-06 for which no strong customer authentication was applied

Should e-commerce card-based payment transactions – falling within the scope of the EBA Opinion on the elements of strong customer authentication under PSD2 (EBA-Op-2019-06) and for which no strong customer authentication was applied – be reported under the higher-level category “Of which authenticated via non-strong customer authentication”?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/05 - EBA Guidelines on fraud reporting under PSD2 (amended by EBA/GL/2020/01)

ID: 2020_5070| Topic: Fraud reporting| Date of submission: 02/01/2020

Data breakdown on fraud by different card functions for cash withdrawals

Does the breakdown on “card payments by fraud types” in Table E of the EBA Guidelines on fraud reporting under PSD2 refer only to cards with a credit/delayed debit function?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/05 - EBA Guidelines on fraud reporting under PSD2 (amended by EBA/GL/2020/01)

ID: 2019_5056| Topic: Fraud reporting| Date of submission: 19/12/2019

Recording of card payments

If a card has both an e-money and non e-money function, how should a payment be recorded? Should the recording be different based on the type of the reporting institution (for example, depending on whether is an electronic money institution (EMI) or a bank)?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/05 - EBA Guidelines on fraud reporting under PSD2 (amended by EBA/GL/2020/01)

ID: 2019_5046| Topic: Fraud reporting| Date of submission: 13/12/2019

Recording of e-money

If a card issued by an E-money institution has a cash function, how should the cash withdrawal from that card be recorded? Should it be recorded on the debit card withdrawal, as the E-money breakdown section does not include a cash withdrawal category?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/05 - EBA Guidelines on fraud reporting under PSD2 (amended by EBA/GL/2020/01)

ID: 2019_5044| Topic: Fraud reporting| Date of submission: 12/12/2019

Direct debts fraud reporting

In relation to the direct debits fraud, please clarify the reporting criteria for direct debit fraud.

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/05 - EBA Guidelines on fraud reporting under PSD2 (amended by EBA/GL/2020/01)

ID: 2019_5043| Topic: Fraud reporting| Date of submission: 12/12/2019

Reporting of PISP transactions

Should payment initiation service provider (PISP) initiated payments be reported under both Table A (1.1) and Table H (8.x)? More specifically how should these transactions be reported where the customer initiates a payment via a PISP, from their bank account, to one of their payees flagged in the bank’s online channel as “trusted beneficiaries” (Article 13 of the RTS on SCA&CSC).

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/05 - EBA Guidelines on fraud reporting under PSD2 (amended by EBA/GL/2020/01)

ID: 2019_5042| Topic: Fraud reporting| Date of submission: 12/12/2019

Reporting of PISP initiated payments

Is there a requirement to segregate the Payment Initiation Service Provider (PISP) initiated payments which were executed without Strong customer authentication (SCA), by the relevant availed exemption used? Or are PISP initiated payments, only required to be presented in Bulk (Value, Volume, SCA/Non-SCA)?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/05 - EBA Guidelines on fraud reporting under PSD2 (amended by EBA/GL/2020/01)

ID: 2019_5041| Topic: Fraud reporting| Date of submission: 12/12/2019

Reporting of fraud by the acquirers

Regarding the fraud definition, could you please clarify how the following fraud examples should be classified by the acquirers

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/05 - EBA Guidelines on fraud reporting under PSD2 (amended by EBA/GL/2020/01)

ID: 2019_5039| Topic: Fraud reporting| Date of submission: 12/12/2019

Reporting of card transactions that are out-of-scope from the requirement for SCA

In the Fraud Reporting, how should payment service providers (PSPs) report card transactions without Strong Customer Authentication (SCA) that are out of scope of the requirement for SCA, i.e. one-leg transactions and merchant-initiated transaction?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2019_4866| Topic: Fraud reporting| Date of submission: 12/08/2019