List of Q&As

Strong Customer Authentication (SCA) possession element requirement for cryptographic validation

For a device to be considered possession:-a) should the device perform "cryptographically underpinned validity assertions using keys or cryptographic material stored in" the device?b) should the device be in the physical possession of the  Payment Service User (PSU)? I.e. it cannot be held and operated remotely.

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2019_4532| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 11/02/2019

Electronic chip transactions authenticated with a hand signature

As a Payment Service Provider (PSP) acquirer, how should we report the German chip + signature transactions in the “EBA fraud report under PSD2” given the fact this kind of transactions are non-Strong Customer Authentication (SCA) and do not fall under any allowed exemption?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/05 - EBA Guidelines on fraud reporting under PSD2 (amended by EBA/GL/2020/01)

ID: 2018_4399| Topic: Fraud reporting| Date of submission: 03/12/2018

Exposures towards QCCPs under CRR Art. 306 (2) under standardised method (C 07.00) - validation rules v0010_h, v0306_m, v0307_m, v0308_m and v0312_m

"Under Article 306 (2)of the CRR, where assets posted as collateral to a CCP or a clearing member are bankruptcy remote, should have Exposure Value (C 07.00, column {200}, rows {100}, {120}) of zero. Our understanding of the ITS on Supervisory Reporting is that the Original exposure pre conversion factors (C07.00, column {010}, rows {100}, {120}) of the transactions in question should hence also be zeroed out. The institution is currently reporting the Original exposure pre conversion factors as non-zero to avoid the blocking errors mentionned in the background, which is contrary to Article 306 (2) of the CRR. Could you please confirm if our understanding of the ITS is correct?"

Legal act: Regulation (EU) No 575/2013 (CRR) as amended

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2019_4749| Topic: Supervisory reporting - COREP (incl. IP Losses)| Date of submission: 28/05/2019

FINREP Validation rule v2822_m

V2822_m: sum({F 32.01, r110, (c010, c060)}) = sum({F 05.01, r090, (c020-060)}) - Economic agents inconsistency : F 32.01, r110, (c010, c060) = non-financial corporation and households; F 05.01, r090, (c020-060) = all agents

Legal act: Regulation (EU) No 575/2013 (CRR) as amended

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2019_4611| Topic: Supervisory reporting - FINREP (incl. FB&NPE)| Date of submission: 14/03/2019

Clarification on the reporting of "maturing" columns in COREP ALMM C 70.00 "Roll-over of funding"

In the "Maturing" columns of C 70 .00, do we have the option of reporting in two different ways? We can either report "Maturing" amounts according to all liabilities contractually withdrawable by the providers of funding for each day of the month. Or we can report only the amounts "Maturing" which are due on the relevant day.

Legal act: Regulation (EU) No 575/2013 (CRR) as amended

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2019_4581| Topic: Supervisory reporting - Liquidity (LCR, NSFR, AMM)| Date of submission: 27/02/2019

Traitement des REPOs assortis d'une option "d'early termination" glissante dans le C70.00 - Handling of REPOs with a rolling ‘early termination’ option in C70.00

Comment matérialiser les REPO EVERGREEN & OPEN REPO dans le C70.00 ?How can EVERGREEN REPOs & OPEN REPOs be reported in the C70.00 template?

Legal act: Regulation (EU) No 575/2013 (CRR) as amended

COM Delegated or Implementing Acts/RTS/ITS/GLs: Draft ITS on Supervisory Reporting of Institutions

ID: 2019_4574| Topic: Supervisory reporting - COREP (incl. IP Losses)| Date of submission: 26/02/2019

COREP C 14.00 template - Consistency of the EBA taxonomy control v4801_m

Is the control v4801_m consistent with the COREP ITS?

Legal act: Regulation (EU) No 575/2013 (CRR) as amended

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2019_4535| Topic: Supervisory reporting - COREP (incl. IP Losses)| Date of submission: 11/02/2019

Calculating the threshold of 1% of total liabilities in significative currencies.

Should the institution report the section 2 of C 67.00 the total liabilities considering the complete scope of currencies in the bank or should be restricted to the total of the relevant significative currency. Moreover, this would have impact in the 1% threshold calculation.

Legal act: Regulation (EU) No 575/2013 (CRR) as amended

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2018_4209| Topic: Supervisory reporting - Liquidity (LCR, NSFR, AMM)| Date of submission: 21/08/2018

Reporting of gains/losses other than dividends for investments in subsidiaries, associates and joint ventures (F 02.00).

Could you please provide further instructions about the reporting of gains/losses other than dividends for investments in unconsolidated (with respect to the regulatory scope of consolidation) subsidiaries, associates and joint ventures in the statement of profit or loss (F 02.00)?

Legal act: Regulation (EU) No 575/2013 (CRR) as amended

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2019_4621| Topic: Supervisory reporting - FINREP (incl. FB&NPE)| Date of submission: 27/03/2019

Profit or loss on de-recognition of investment in subsidiaries, joint ventures and associates

Under IFRS, where in table F02 should “the gains or losses on de-recognition of investment in subsidiaries, joint ventures and associates” be recorded when they are neither classified (prior to the selling ) as “non-current assets and disposal groups classified as held for sale” nor their sale is considered a “discontinued operation” under IFRS5?

Legal act: Regulation (EU) No 575/2013 (CRR) as amended

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2018_4156| Topic: Supervisory reporting - FINREP (incl. FB&NPE)| Date of submission: 24/07/2018

Pre IFRS 9 Finrep - Template F07.00 reporting values as net or gross

Should the values reported in (pre IFRS9) Finrep template F07.00 columns 010-070, be on a gross or on a net basis?

Legal act: Regulation (EU) No 575/2013 (CRR) as amended

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2018_4015| Topic: Supervisory reporting - FINREP (incl. FB&NPE)| Date of submission: 25/06/2018

Separation of factors for strong customer authentication

If a mobile phone has two different e-banking apps on it, one for the banking agendas (a banking app where payments are initiated by entering password, possibly in combination with OTPs) and one for receiving the SMS OTPs (authorization app),would this scenario fulfill the PSD2 requirements of sufficient separation of both factors (since both factors reside on the same smartphone, but in different apps)?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2019_4637| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 28/03/2019

Exemptions from Strong Customer Authentication (SCA): credit transfers

Can the exemption under Article 15 of the RTS on SCA be applied to credit transfers between a personal account and a business account held by the same person.

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2019_4564| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 21/02/2019

Unattended terminals and Transaction Risk Analysis (TRA) exemption and related Payment Service Providers (PSP)’s liabilities rules

Provided that both the payer’s Payment Service Provider (PSP) and the payee’s PSP can apply the strong customer authentication (SCA) exemption, without prejudice to the last say of the payer’s PSP, can a payment made at highway toll booths be treated as the one performed at the unattended terminals for transport fares?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2019_4480| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 23/01/2019

Scope of contingency mechanism

Should the interfaces – referred to in Article 33(4) of the RTS - be interpreted to include not only the internet banking interface of the account servicing payment service provider (ASPSP) but also its proprietary mobile banking interface?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2019_4826| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 12/07/2019

Define what is “given period of time”

What constitutes a “given period of time” as expressed in Article 4.3 (b) of the RTS on strong customer authentication and secure communication?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2019_4662| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 09/04/2019

EBA register providing a list of third party providers (TPPs)

1° Does the EBA register under PSD2 provide a list of third party providers (TPPs)?2° If yes :2.1 Could you provide a procedure to get a TPP list?2.2 Should we filter on services 5 (Payment Initiation Service Provider (PISP) / Card Based Payment Instrument Issuer (CBPII) use case), 7 Account Information Service Provider (AISP) and 8 Payment Initiation Service Provider (PISP) to get the complete list of TPP?2.3 Agents can also provide services 5a, 7 and 8: In the downloadable JSON file, it is possible to find agents who are mandated by PSPs; however, the services offered by these agents are not indicated. Are the agents mandated by a PSP providing services 5A, 7 and 8 to be included in the TPP list?2.4 is the registry downloadable automatically? If yes, how?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2019/411 - RTS on EBA register under PSD2

ID: 2019_4650| Topic: Central register of the EBA| Date of submission: 01/04/2019

Categories of Registration

Is it a requirement that all EU countries include the categories the institution is approved for within their respective registers i.e. in their publicly available data? Also are these categories available in a consistent and standard format across the EU such that anyone inquiring about a firm in more than one country has an easily recognisable and usable response

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2017/09 - Guidelines on authorisation and registration under PSD2

ID: 2018_4371| Topic: Authorisation and registration| Date of submission: 13/11/2018

Dynamic linking: transactions for which the final amount is unknown and may be lower or higher than authenticated amount

For remote card transactions, is it acceptable that there are legitimate cases where the final amount may be lower or higher than the amount authenticated by the cardholder?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5133| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 17/02/2020

Calculation of foreseeable dividend to be deducted from interim profits when interim dividend has been paid

How exactly is the amount of interim profit to be included in Common Equity Tier 1 calculated according to Article 2(2) to (4) of the Regulation (EU) 241/2014 when the interim dividend has already been paid out and yet no final divided has been formally decided or proposed to the institution’s relevant body?

Legal act: Regulation (EU) No 575/2013 (CRR) as amended

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2019_4477| Topic: Own funds| Date of submission: 23/01/2019