Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

Final Q&As Q&As under review Rejected Q&As Archived Q&As All Q&As

List of Q&A's

Clarification of Z02.00, row 0200 (DGS liabilities)

What is expected to be reported in Z 02.00, row 0200 (DGS liabilities) as the instructions only refer to Article 44 (2) point g (iv) of Directive 2014/59/EU and liabilities to deposit guarantee schemes arising from contributions due in accordance with Directive 2014/49/EU?

  • Legal act: Directive 2014/59/EU (BRRD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Draft ITS on the provision of information for the purpose of resolution plans
  • ID: 2018_4213
  • Topic: BRRD Reporting
  • Date of submission:
  • Published as final Q&A: 15/11/2019

Access by AISPs when customer not present up to 4 times in a 24 hour period

Is the intention that the '4 times in 24 hour period' is implemented based on 4 sessions for access for account information per consented customer account, or 4 Application Programming Interface (API) calls (where APIs are used for the decicated interface) for account information, or another basis?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2018_4210
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 21/12/2018

Calculating the threshold of 1% of total liabilities in significative currencies.

Should the institution report the section 2 of C 67.00 the total liabilities considering the complete scope of currencies in the bank or should be restricted to the total of the relevant significative currency. Moreover, this would have impact in the 1% threshold calculation.

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)
  • ID: 2018_4209
  • Topic: Supervisory reporting - Liquidity (LCR, NSFR, AMM)
  • Date of submission:
  • Published as final Q&A: 17/07/2020

C 17 template

Is it possible to include the positive impacts of operational risk errors in template C 17.00?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)
  • ID: 2018_4208
  • Topic: Supervisory reporting - COREP (incl. IP Losses)
  • Date of submission:
  • Published as final Q&A: 12/07/2019

Treatment of failed SRT under Traditional Securitisation

In case the significant credit risk cannot be considered to have been transferred according to 244 of Regulation (EU) No 575/2013 as amended by Regulation (EU) 2017/2401, but the exposures had been already derecognised from the bank's balance sheet, shall the bank continue to calculate the RWA for the securitised exposures as if they were never securitised? Does it mean that no RWA will be calculated for the securitisation position?  Additionally, if the exposures have been securitised against cash, and the cash invested in new loan, would RWA be calculated for these new loans

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2018_4207
  • Topic: Credit risk
  • Date of submission:
  • Published as final Q&A: 26/07/2019

C 66.00, validation rule v5903_s

In an environment of negative (money market indexing) interest rates this rule may not be applicable.

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)
  • ID: 2018_4193
  • Topic: Supervisory reporting - COREP (incl. IP Losses)
  • Date of submission:
  • Published as final Q&A: 06/09/2019

Template C32.01. Guidance required for which row to submit commodity assets and liabilities on template C32.01,

When following guidance found in AnnexII (page 185-190) there is no guidance as to where to include Commodity Assets (or liabilities) that are not derivatives (even though they are in scope for PVA threshold assessment). These are not Financial Assets or Liabilities even if fair valued and as such do not fit in any of the rows on the template. The equivalent row for assets in Finrep template 01.01 is row 360 'Other assets' but this has no equivalent in template C32.01.

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)
  • ID: 2018_4190
  • Topic: Supervisory reporting - COREP (incl. IP Losses)
  • Date of submission:
  • Published as final Q&A: 25/06/2021

Adjustments due to IFRS 9 transitional arrangements included in RWAs and interaction with validation rule v3689_s in template C5.01.

In template C5.01 validation rule v3689_s states that R010 C040 cannot be negative, should R010 C040 be excluded from this validation rule?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)
  • ID: 2018_4189
  • Topic: Supervisory reporting - COREP (incl. IP Losses)
  • Date of submission:
  • Published as final Q&A: 12/07/2019

Information to be provided / made available by ASPSP to payment initiation service provider (PISP)

In the context of PIS:(a) shall the ASPSP, upon initiation of the payment session, provide or make available to the PISP the IBANs/account numbers for all payment accounts from which the user can transfer funds, and the associated currencies; and(b) shall the ASPSP, in each communication session, provide or make available to the PISP/AISP the name of the payment service user that is accessing the accounts.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2018_4188
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 10/05/2019

Aggregated first loss under credit insurance

Is the requirement in Article 213(1)(b) CRR met in case of a credit insurance whose contractual terms provide that the institution shall bear a first loss, which is calculated at aggregate level with regard to several different exposures?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2018_4184
  • Topic: Credit risk
  • Date of submission:
  • Published as final Q&A: 26/02/2021

Application of limits for Strong customer authentication (SCA) exemption

How should payment service providers (PSPs) apply the cumulative limits set in Articles 11 and 16 of the RTS on strong customer authentication and secure communication?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2018_4182
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 11/10/2019

The Implementation of the electronic communications exclusion in the voiced-based premium rate services market

Considering the organisation of the voiced-based premium rate services market, and considering the interpretations proposed for the electronic communications exclusion (ECE) in the different countries, as far as a payment transaction complies with the conditions imposed by the ECE, does the ECE apply to the whole value chain, and therefore, all the providers of electronic communications networks or services involved in payment transactions covered by the ECE should not have to register as payment institutions or agents for these operations?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2018_4181
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 06/09/2019

Application of SCA when a PSU accesses payment transactions data older than on the last 90 days, without having access to sensitive payment data and for a period of 90 days after the last access using SCA

Could Payment Service Providers (PSPs) be allowed to choose between applying SCA(Strong Customer Authentication) or not when a PSU (Payment Service User) accesses payment transactions data older than on the last 90 days without having access to sensitive payment data and for a period of 90 days after its last access using SCA?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2018_4177
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 09/11/2018

Operation and security risk assessment of a branch of a credit institution

Does a branch of an EU credit institution operating in another Member State have to prepare separate assessment for its payment related activity and if yes which competent authority shall be responsible for receiving the assessment - is it the competent authority of the host or the home Member State?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2019/04 – Guidelines on ICT and security risk management - repealing EBA/GL/2017/17
  • ID: 2018_4176
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 14/12/2018

Interpretation of 'Active request for account information'

How should 'active request for account information' by a Payment Service User (PSU) be interpreted the wording of article 36(5)(a)(b) of the RTS SCA?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2018_4172
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 14/12/2018

Home / host cooperation

Should banks notify only National Competent Authorities (NCAs) of the home Member State when they use Strong customer authentication (SCA) exemptions on Secure corporate payment processes and protocols  (Article 17 of Regulation (EU) 2018/389 – RTS on strong customer authentication and secure communication) and Transaction risk analysis (Article 18 of the Delegated Regulation)?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2018_4170
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 17/12/2021

Breakdown of exposures by residual maturity

In the template C 33.00 breakdown of total exposures by residual maturity is required (rows 170 - 230). However from instructions it is not clear into which time bucket following exposures should be classified: - exposures at default - exposures without residual maturity - past due exposures.

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)
  • ID: 2018_4164
  • Topic: Supervisory reporting - COREP (incl. IP Losses)
  • Date of submission:
  • Published as final Q&A: 10/05/2019

Fall back exemption

Article 33, § 6 of the RTS for strong customer authentication and common and secure open standards of communication (the “RTS”) provides that “Competent authorities, after consulting EBA to ensure a consistent application of the following conditions, shall exempt the account servicing payment service providers that have opted for a dedicated interface from the obligation to set up the contingency mechanism […]” (the “fall back exemption”). a) Which authority - the home authority or the host authority ?- is the compentent authority under article 33, § 6 of the RTS, when the “fall back exemption request” concerns the dedicated interface used in a Member state where a branch of the ASPSP is located? b) Does the answer differ if the same dedicated interface is used in the home member state and in the host member state where a branch is located?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2018_4163
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 12/04/2019

Treatment of purchase price discount or specific credit risk adjustment in the determination of the maximum risk weight for senior securitisation positions using the look through approach where the SEC-IRBA method is used to determine the risk weight of the securitisation position.

How should the purchase price discount or specific credit risk adjustment be taken into account to allow institutions to assign the senior securitisation position a maximum risk weight equal to the exposure weighted-average risk weight that would be applicable to the exposures as if the underlying exposures had not been securitised when an institution uses the SEC-IRBA method to risk weight the securitisation position (Article 267(1) and (2) as amended by Regulation (EU) 2017/2401).

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2018_4161
  • Topic: Securitisation and Covered Bonds
  • Date of submission:
  • Published as Rejected Q&A: 11/02/2022