Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

Final Q&As Q&As under review Rejected Q&As Archived Q&As All Q&As

List of Q&A's

Resolution planning for an established subsidiary part of a cross-border group with no Resolution College established

Please specify how the tasks referred in Article 88(1) of the Directive 2014/59/EU (BRRD) should be carried out in practice in case the group-level resolution authority has not set up a Resolution College? Should the resolution authority prepare and maintain resolution plan on an individual basis in respect of a subsidiary failing under its jurisdiction, which is part of a cross-border group, in case the Resolution College for the group has not been set up yet?

  • Legal act: Directive 2014/59/EU (BRRD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2020_5403
  • Topic: Cross-border resolution
  • Date of submission:
  • Published as Rejected Q&A: 16/12/2022

EBA validation rule v7365_m

Is v7365_m stating that for the C14.00 if ({c040} = [eba_RT:x10] or {c040} = [eba_RT:x11]) then {c140} <= {c130} correct?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)
  • ID: 2020_5402
  • Topic: Supervisory reporting - COREP (incl. IP Losses)
  • Date of submission:
  • Published as final Q&A: 19/03/2021

Credit risk framework applicable to investments in repack Notes issued by SPEs

What is the applicable credit risk framework in the non-trading book applicable to investments in repack Notes issued by Special Purpose Entities (SPEs)? How should an institution calculate the risk weight of an investment in a Repack Note if it does not consolidate the SPE but is able to look through to the underlying assets at all times?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2020_5400
  • Topic: Credit risk
  • Date of submission:
  • Published as Rejected Q&A: 21/03/2023

FINREP Payment services Template 22.2

The definition of Payment services has been updated in the FINREP DPM 2.9.2. Can the information asked in template 22.2 row 120 Payment services be removed?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)
  • ID: 2020_5399
  • Topic: Supervisory reporting - FINREP (incl. FB&NPE)
  • Date of submission:
  • Published as final Q&A: 19/03/2021

Mapping to exposure classes

Are Greenland, Faroer, Guernsey, Isle of Man and Jersey to be treated as "central goverments" under Article 112(a) CRR or are they to be treated as "regional governments" under Article 112(b) CRR?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2020_5392
  • Topic: Credit risk
  • Date of submission:

Obligor level

When applying the default at obligor level for retail, should a credit institution always consider a specific set of individual obligors that have a joint obligation towards an institution as a different obligor (the unit of default takes into consideration the JCO)? Or is this to be applied only for the materiality threshold?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2016/07 - Guidelines on the application of the definition of default under Article 178 CRR
  • ID: 2020_5380
  • Topic: Credit risk
  • Date of submission:
  • Published as final Q&A: 30/07/2021

Weighted average of the CCF

Internal authorized EAD models may calculate the EAD by means of several parameters, since the exposure behavior could be explained by different factors. Considering that this type of EAD internal model does not estimate a unique CCF, but rather several factors that are applied to different exposure components, the consequent approach implemented to report the CCF in Template C.101 ,C102 and C.103 has been the following: include in the field as per C.100 in Annex IV the parameter that, in the internal EAD formula, is applied to the undrawn amount, in line with the weights that shall be used to compute the average of the CCF at counterparty/portfolio level, according to the provision reported in Annex IV which make reference to art. 166, par 8 of CRR. Please confirm that this approach is in line with the provision set in ITS as for Annex IV C.100.

  • Legal act: Directive 2013/36/EU (CRD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Draft ITS on Supervisory Reporting of Institutions (for benchmarking the internal approaches)
  • ID: 2020_5368
  • Topic: Supervisory reporting - Supervisory Benchmarking
  • Date of submission:
  • Published as final Q&A: 27/11/2020

SCA requirements with dynamic linking for mobile initiated credit transfers (MSCTs)

Can mobile initiated credit transfers (MSCT) solutions whereby a proximity technology (e.g. NFC, QR-code, BLE, etc.) is used for the exchange of payer identification data between the payer’s mobile device and the payee’s payment terminal but a mobile network is used (e.g. by a dedicated app) on the payer’s mobile device for the payer authentication, be considered as a proximity payment whereby strong customer authentication (SCA) may apply without requiring dynamic linking?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2020_5367
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 13/04/2022

Clarification on where the creation of the authentication code with dynamic linking for strong customer authentication (SCA) for electronic remote payment needs to be done

Should the authentication code be computed and dynamically linked to the transaction data in a unique processing step prior or together with the payer’s authentication on the payer’s device, or can the authentication code be computed and dynamically linked in one or several subsequent steps in the payment process, possibly not on the payer’s device?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2020_5366
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 30/07/2021

Clarification on the determination of the relevant currencies

1. How should CSD-banking service providers determine the negative net cumulative positions, which are needed to determine the relevant currencies as referred to in point (c) of Article 59(4) of Regulation 909/2014? 2. In addition, which values should be used to rank the currencies from highest to lowest? 3. Finally, how should the average for currencies without three negative net cumulative positions be calculated?

  • Legal act: Regulation (EU) No 909/2014 (CSDR) - only RTS 2017/390
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2017/390 - RTS on prudential requirements of CSDs (CSDR-related)
  • ID: 2020_5364
  • Topic: Market infrastructures
  • Date of submission:
  • Published as Rejected Q&A: 04/08/2022

Record Retention - Struck Off Obliged Entities

Who is responsible to retain the records referred to in Article 40 of Directive (EU) 2015/849 once an obliged entity goes into liquidation and eventually ceases to exist?

  • Legal act: Directive (EU) 2015/849 (AMLD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2020_5362
  • Topic: Other topics
  • Date of submission:

Contingent encumbrance

For Scenario A of Contingent Encumbrance reporting template F34.00, should the 30% decrease in value be assumed for the instrument that is encumbered, or should it be considered whether such an instrument itself has underlying values for which the 30% decrease in value should be assumed?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)
  • ID: 2020_5359
  • Topic: Supervisory reporting - Asset Encumbrance
  • Date of submission:
  • Published as final Q&A: 19/03/2021

Leasing - Contagion du défaut aux paiements minimaux - Default contagion for minimum payments

En méthode standard, dans le cadre de contrat de crédit-bail mobilier (leasing véhicule), si plus de trois mois de loyers sont impayés, le déclassement "en défaut" doit-il s'appliquer à ces seuls loyers échus impayés ou une contagion du défaut doit-elle impérativement s'appliquer à l'ensemble des loyers prévisionnels non encore échus (paiements minimaux prévus au contrat de crédit-bail : cf. article 134-7 CRR) ? Under the standardised method, in the context of equipment leasing (vehicle lease), if more than three months of the lease are unpaid, must the default definition be applied to these due and unpaid payments of the lease only, or is it essential that a default contagion be applied to all projected lease payments which are not yet due (minimum payments provided for in the lease: see Article 134(7) CRR?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2016/07 - Guidelines on the application of the definition of default under Article 178 CRR
  • ID: 2020_5357
  • Topic: Credit risk
  • Date of submission:
  • Published as final Q&A: 01/10/2021

The implementation of commercial agent exclusion for B2C e-commerce platforms

In what situation a business-to-consumer (B2C) e-commerce platform can be subjected to the exclusion foreseen in Article 3 (b) from PSD2?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2020_5355
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 06/12/2021

The implementation of commercial agent exclusion for e-commerce platforms

Should the settlement of the debt by an e-commerce platform be considered a sufficient reason to exclude the e-commerce platform from the scope of PSD2 or an indispensable requirement for a commercial agent mandate?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2020_5354
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 03/12/2021

On the requirements for 'inherence' in strong customer authentication (SCA)

Do the elements required for ‘inherence’ in strong customer authentication (SCA) provide the complete authentication or can they form a part of an authentication decision with some non-biometric elements and still satisfy the inherence condition, for example, as one element of a user profile of several elements. For example, if the biometric, say keystroke dynamics, provides 50% of the decision and other characteristics (e.g. device data, location data) provide the other 50%, does this satisfy the requirement for inherence assuming the condition for 'very low probability of unauthorised access' is also satisfied and that another SCA condition, 'knowledge' or 'possession' is also satisfied? if so, is there a threshold, say 50%, below which it ceases to qualify as 'inherence'?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2020_5353
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 23/04/2021

Customer data transfer to Member States for the purpose of supervision

Does the phrase “data related to their customers” under Article 6 of the Delegated Regulation refer to personal customer data (as defined by EU Regulation 2016/679) or general data for management purposes (e.g. descriptive statistics on the number of customers, customer risk distribution, etc.)?

  • Legal act: Directive (EU) 2015/849 (AMLD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2019/758 – RTS on implementation of group wide AML/CFT policies in third countries
  • ID: 2020_5350
  • Topic: Third country policy
  • Date of submission:
  • Published as final Q&A: 23/10/2020

Disclosure of information within the group related to suspicious activity reports (SARs) to the competent authorities

Does the requirment under Article 5 of the Delegated Regulation refer to the sharing of information on the underlying data of the Suspicious Activity report (SAR) (e.g. transactions, customer data) without disclosing whether the SAR was filed and sent to the local authorities of the third country?

  • Legal act: Directive (EU) 2015/849 (AMLD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2019/758 – RTS on implementation of group wide AML/CFT policies in third countries
  • ID: 2020_5349
  • Topic: Third country policy
  • Date of submission:
  • Published as final Q&A: 23/10/2020

Retroactivity concerning customer consent for data sharing and processing

Is there the expectation that such consent clauses, under Article 4 of the Delegated Regulation, be incorporated into contracts on a go-forward basis from the date the Regulation entered into force (i.e. with new customers and existing customer contract renewals) or is there the expectation that all existing customer contracts will be remediated to meet this requirement? What approach should be used with former customers?

  • Legal act: Directive (EU) 2015/849 (AMLD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2019/758 – RTS on implementation of group wide AML/CFT policies in third countries
  • ID: 2020_5348
  • Topic: Third country policy
  • Date of submission:
  • Published as final Q&A: 23/10/2020