Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

List of Q&A's

Relying on vendor mechanisms processing the biometric data for strong customer authentication; Multiple fingerprint samples stored on a mobile device and used for purpose of user authentication.

Are the obligations of a payment service provider (PSP) laid down in the Article 8 of RTS on strong customer authentication and secure communication fulfilled in case the biometric credentials of customer are stored at the device level and the strong customer authentication itself is processed by the mobile device? In this context, are the obligations of the PSP laid down in Article 8 and 24 of RTS on Strong Customer Authentication fulfilled in case the mobile device stores multiple fingerprint samples for user authentication?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

EBA register providing a list of third party providers (TPPs)

1° Does the EBA register under PSD2 provide a list of third party providers (TPPs)?2° If yes :2.1 Could you provide a procedure to get a TPP list?2.2 Should we filter on services 5 (Payment Initiation Service Provider (PISP) / Card Based Payment Instrument Issuer (CBPII) use case), 7 Account Information Service Provider (AISP) and 8 Payment Initiation Service Provider (PISP) to get the complete list of TPP?2.3 Agents can also provide services 5a, 7 and 8: In the downloadable JSON file, it is possible to find agents who are mandated by PSPs; however, the services offered by these agents are not indicated. Are the agents mandated by a PSP providing services 5A, 7 and 8 to be included in the TPP list?2.4 is the registry downloadable automatically? If yes, how?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2019/411 - RTS on EBA register under PSD2

Resolution plans for subsidiaries where no resolution college has been established yet

Is the national resolution authority empowered to draft an individual resolution plan, referred to in Article 10 BRRD, for an institution which is part of a (third country) group subject to consolidated supervision, where the European group-level resolution authority (GLRA) has not established the European resolution college?

  • Legal act: Directive 2014/59/EU (BRRD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

EBA_v6217-6222 and EBA_v6224-622; EBA_v6230 validation rules (warnings) implementation

Does EBA_v6217-6222 and EBA_v6224-622; EBA_v6230 validation rules (warnings) are correctly implemented and should be applicable for all institutions?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)

Wide usage portability between Member States

Could three months’ data, showing wide usage of the dedicated interface, produced in one Member State by a regulated entity (ASPSP) belonging to an ASPSP Group, be used as evidence to support the ‘widely used’ condition in a further Member State for a separate regulated entity (ASPSP) belonging to the same ASPSP Group, on the condition that both entities employ the same dedicated interface?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/07 - Guidelines on the exemption from the contingency mechanism under Regulation (EU) 2018/389

Separation of factors for strong customer authentication

If a mobile phone has two different e-banking apps on it, one for the banking agendas (a banking app where payments are initiated by entering password, possibly in combination with OTPs) and one for receiving the SMS OTPs (authorization app),would this scenario fulfill the PSD2 requirements of sufficient separation of both factors (since both factors reside on the same smartphone, but in different apps)?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

TPP access only with PSU involvement

Can a Payment Service User (PSU) allow a Third party provider (TPP) the access to his account only if he is involved?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Applicability of Article 34 (eIDAS certificates) prior to application date of Regulation (EU) 2018/389

Is the use of eIDAS certificates mandatory for accessing payment accounts via dedicated interfaces (APIs) already prior to the application date of the Commission Delegated Regulation (EU) 2018/389, i.e. 14 September 2019?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Upside uncertainty and OPR AVA

How shall OPR AVA be treated in relation to Upside uncertainty?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)

Diversification benefits of upside uncertainty in column 0120 C 32.02

Where should diversification benefits of the upside uncertainty shall be included?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)

Reporting of gains/losses other than dividends for investments in subsidiaries, associates and joint ventures (F 02.00).

Could you please provide further instructions about the reporting of gains/losses other than dividends for investments in unconsolidated (with respect to the regulatory scope of consolidation) subsidiaries, associates and joint ventures in the statement of profit or loss (F 02.00)?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)

Benchmark Rates of other currencies than EUR, USD, GBP

Can you kindly confirm: - Currencies other than the three currencies mentioned in Point 3(b) namely EUR, USD and GBP must be compared to the benchmark in the same currency - For currencies that are not captured by LIBOR (e.g. CAD, RON), we should apply the benchmark rates set by the respective organisation (e.g. Romania Three Month Interbank Rate for RON).

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)

Definition of "external customers" mentioned in iii) of b) of Paragraph 1 of Article 96

Could it be possible to give a definition of "external customers" mentioned in iii) of b) of Paragraph 1 of Article 96? Would an entity from the same banking group (in the case of an investment firm belonging to a banking group) be considered as an external customer?

  • Legal act: Directive 2014/59/EU (BRRD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Delegated Regulation (EU) 2015/63 - DR on ex ante contributions to resolution financing arrangements

FINREP F01.03, F02 and F46 checks (V1226_m and V0786_m)

The non-xbrl check V1226_m is in contradiction with v0786_m

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)

FINREP Validation rule v2822_m

V2822_m: sum({F 32.01, r110, (c010, c060)}) = sum({F 05.01, r090, (c020-060)}) - Economic agents inconsistency : F 32.01, r110, (c010, c060) = non-financial corporation and households; F 05.01, r090, (c020-060) = all agents

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)

Identification and access for testing purposes of entities that are not authorised third party providers (TPPs)

How would account servicing payment service providers (ASPSPs) identify entities that have applied for authorisation as a TPP?Should ASPSPs offer access to their testing facility to entities that are not (i) authorised payment service providers or (ii) entities that have applied for authorisation as a TPP (e.g. technical service providers)? If the answer is ‘yes’, should ASPSPs offer the same level of service to the referred entities?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Scope - Limited network exclusion

Is there a geographical limitation with regard to a limited network of service providers?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ASPSP providing updated payment status to PISP

Are account servicing payment service providers (ASPSPs) required to provide information on the initiation and execution of the payment transaction, including updates, in order for a payment initiation service provider (PISP) to comply with Article 46(a) PSD2 and pursuant to Article 36(1)(b) RTS?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Application of national decisions pursuant to Article 124(2) CRR

Is it mandatory pursuant to Article 124(5) CRR for an institution in another member state to apply national decisions, which purport to be released pursuant to Article 124(2) CRR, but are not published on the EBA website under Rules and Guidance?Furthermore, if such national decisions are not published under Rules and Guidance, but e.g. under Options and national discretions only, is it mandatory that institutions from other member states apply such decision pursuant to Article 124(5) CRR?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Calculation of the number of obligors

In EBA/GL/2017/16 paragraph 73 it is explained that in the calculation of the one-year default rates the number of obligors is used. Is it always mandatory to count one legal entity as one obligor, or can a group of legal entities for which there is no difference in risk due to an appropriate guarantee (i.e. those will default together) be counted as one obligor?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2017/16 - Guidelines on PD estimation, LGD estimation and the treatment of defaulted exposures