Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

Final Q&As Q&As under review Rejected Q&As Archived Q&As All Q&As

List of Q&A's

Effect of bail-in tool: clarification on Article 53(3)

How should the phrase “and any obligations or claims arising in relation to it that are not accrued at the time when the power is exercised” in Article 53(3) be interpreted?

  • Legal act: Directive 2014/59/EU (BRRD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2019_4677
  • Topic: Resolution tools and powers
  • Date of submission:
  • Published as Rejected Q&A: 11/02/2022

Definition of short position

1. Can a put option which is subject to certain conditions qualify as a short position for the purposes of Article 45 CRR provided that (i) the fulfilment of the conditions depends only on the holder of the put and (ii) all the other conditions mentioned in Article 45 are met?2. In case a bank has on its banking book a holding of CET1 instruments in a financial sector entity and it buys an unconditional put option with the same underlying, which amount should be netted, either the notional value (strike price multiplied by the number of underlying instruments of the option) or the market value of the put, provided that all the other conditions mentioned in Article 45 CRR are met?3. In case the answer to question 2 is the notional value, if a put option does qualify as short position for the purposes of Article 45 CRR, how should this short position be treated for the purposes of credit risk requirements?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2019_4675
  • Topic: Own funds
  • Date of submission:
  • Published as final Q&A: 01/04/2022

Specialised Lending - Interpretation of contractual arrangements that give the lender a substantial degree of control

How shall Article 147 (8)(b) CRR be interpreted when identifying ‘contractual arrangements that give the lender a substantial degree of control over the assets and the income that they generate’ in the context of real estate financing?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2019_4672
  • Topic: Credit risk
  • Date of submission:
  • Published as Rejected Q&A: 11/02/2022

Compliance of (1) card data (2) SMS OTP and (3) EMV 3DS behaviour-based inherence as an authentication information with the requirements of PSD2 and RTS on SCA

Could the use of (1) card data (2) SMS One Time Password (OTP) and (3) Europay, MasterCard, Visa (EMV) 3-D secure (3DS) behaviour-based inherence information as an authentication solution be considered compliant with the PSD2 and RTS on strong customer authentication and secure communication requirements?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2019_4671
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 05/03/2021

Use of credit insurance as credit risk mitigation under the standardised approach for credit risk and application of the CRM eligibility requirements to certain clauses which are typical for credit insurance contracts

Does the inclusion of a general exclusions clause (including for example, an exclusion for losses caused by a so-called nuclear event, war or a loss as a result of a fraud or dispute) in a credit insurance contract render the contract non-compliant with the credit risk mitigation (CRM) eligibility requirements for guarantees in CRR, in particular Article 213(1)(c)(iii) CRR, assuming all other conditions have been fulfilled?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2019_4669
  • Topic: Credit risk
  • Date of submission:
  • Published as Rejected Q&A: 28/02/2023

Default Rate calculation

As part of the implementation of IFRS9 on the 1st of Jan 2018 banks may have also implemented a new Definition of Default. A new definition could result in a large uplift in default stock. However, by virtue of the way that new defaults are captured in COREP, the impact of this is that ‘New Defaults’ for the year could be artifically inflated by this stock adjustment due to the newly implemented definition. This inflated default rate is not representative of real ‘New Defaults’ in the year. Should default rate be reported in the data submission as reported in COREP or should the default rate by adjusted to mitigate the effects of the implementation of the new definition of default (i.e. by removing the stock adjustment facilities from the ‘New Defaults’ population and from the start of year performing population and calculate what we believe is the real 1 year default rate)? If no adjustment is made, this will distort default rate values.

  • Legal act: Directive 2013/36/EU (CRD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Draft ITS on Supervisory Reporting of Institutions (for benchmarking the internal approaches)
  • ID: 2019_4668
  • Topic: Supervisory reporting - Supervisory Benchmarking
  • Date of submission:
  • Published as Rejected Q&A: 11/02/2022

Absolute materiality threshold for Retail based on the new RTS

How to apply Article 123(c) CRR to set the absolute component of the materiality threshold in the case of transition of exposures to or from Retail.

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2016/07 - Guidelines on the application of the definition of default under Article 178 CRR
  • ID: 2019_4666
  • Topic: Credit risk
  • Date of submission:
  • Published as final Q&A: 09/10/2020

Applicability of SCA to electronically processed SEPA Direct Debits / Interpretation of EBA Q&A 2018_4359

Are mandates for direct debits which are set up without direct involvement of the payer’s PSP subject to SCA requirements?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2019_4664
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 07/06/2019

Define what is “given period of time”

What constitutes a “given period of time” as expressed in Article 4.3 (b) of the RTS on strong customer authentication and secure communication?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2019_4662
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 19/06/2020

Inclusion of time taken for SCA in the performance KPI

Does the Key Performance Indicator (KPI) for the performance of the dedicated interface include the time taken for conducting Strong Customer Authentication (SCA)? 

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2019_4661
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 09/08/2019

Relying on vendor mechanisms processing the biometric data for strong customer authentication; Multiple fingerprint samples stored on a mobile device and used for purpose of user authentication.

Are the obligations of a payment service provider (PSP) laid down in the Article 8 of RTS on strong customer authentication and secure communication fulfilled in case the biometric credentials of customer are stored at the device level and the strong customer authentication itself is processed by the mobile device? In this context, are the obligations of the PSP laid down in Article 8 and 24 of RTS on Strong Customer Authentication fulfilled in case the mobile device stores multiple fingerprint samples for user authentication?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2019_4651
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 25/09/2020

EBA register providing a list of third party providers (TPPs)

1° Does the EBA register under PSD2 provide a list of third party providers (TPPs)?2° If yes :2.1 Could you provide a procedure to get a TPP list?2.2 Should we filter on services 5 (Payment Initiation Service Provider (PISP) / Card Based Payment Instrument Issuer (CBPII) use case), 7 Account Information Service Provider (AISP) and 8 Payment Initiation Service Provider (PISP) to get the complete list of TPP?2.3 Agents can also provide services 5a, 7 and 8: In the downloadable JSON file, it is possible to find agents who are mandated by PSPs; however, the services offered by these agents are not indicated. Are the agents mandated by a PSP providing services 5A, 7 and 8 to be included in the TPP list?2.4 is the registry downloadable automatically? If yes, how?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2019/411 - RTS on EBA register under PSD2
  • ID: 2019_4650
  • Topic: Central register of the EBA
  • Date of submission:
  • Published as final Q&A: 19/06/2020

Resolution plans for subsidiaries where no resolution college has been established yet

Is the national resolution authority empowered to draft an individual resolution plan, referred to in Article 10 BRRD, for an institution which is part of a (third country) group subject to consolidated supervision, where the European group-level resolution authority (GLRA) has not established the European resolution college?

  • Legal act: Directive 2014/59/EU (BRRD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2019_4642
  • Topic: Resolution plans
  • Date of submission:
  • Published as Rejected Q&A: 11/02/2022

EBA_v6217-6222 and EBA_v6224-622; EBA_v6230 validation rules (warnings) implementation

Does EBA_v6217-6222 and EBA_v6224-622; EBA_v6230 validation rules (warnings) are correctly implemented and should be applicable for all institutions?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)
  • ID: 2019_4640
  • Topic: Supervisory reporting - Funding Plans
  • Date of submission:
  • Published as final Q&A: 08/05/2020

Wide usage portability between Member States

Could three months’ data, showing wide usage of the dedicated interface, produced in one Member State by a regulated entity (ASPSP) belonging to an ASPSP Group, be used as evidence to support the ‘widely used’ condition in a further Member State for a separate regulated entity (ASPSP) belonging to the same ASPSP Group, on the condition that both entities employ the same dedicated interface?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/07 - Guidelines on the exemption from the contingency mechanism under Regulation (EU) 2018/389
  • ID: 2019_4638
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 26/04/2019

Separation of factors for strong customer authentication

If a mobile phone has two different e-banking apps on it, one for the banking agendas (a banking app where payments are initiated by entering password, possibly in combination with OTPs) and one for receiving the SMS OTPs (authorization app),would this scenario fulfill the PSD2 requirements of sufficient separation of both factors (since both factors reside on the same smartphone, but in different apps)?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2019_4637
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 19/06/2020

TPP access only with PSU involvement

Can a Payment Service User (PSU) allow a Third party provider (TPP) the access to his account only if he is involved?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2019_4631
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 05/03/2021

Applicability of Article 34 (eIDAS certificates) prior to application date of Regulation (EU) 2018/389

Is the use of eIDAS certificates mandatory for accessing payment accounts via dedicated interfaces (APIs) already prior to the application date of the Commission Delegated Regulation (EU) 2018/389, i.e. 14 September 2019?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2019_4630
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 26/04/2019

Upside uncertainty and OPR AVA

How shall OPR AVA be treated in relation to Upside uncertainty?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)
  • ID: 2019_4628
  • Topic: Supervisory reporting - COREP (incl. IP Losses)
  • Date of submission:
  • Published as Rejected Q&A: 20/01/2022

Diversification benefits of upside uncertainty in column 0120 C 32.02

Where should diversification benefits of the upside uncertainty shall be included?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)
  • ID: 2019_4626
  • Topic: Supervisory reporting - COREP (incl. IP Losses)
  • Date of submission:
  • Published as final Q&A: 30/04/2021