Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

List of Q&A's

Secure corporate payment processes and protocols

Are USB drives (containing a certificate) used only by corporate clients compatible with RTS requirements?Can USB drives be considered as payment processes exempted from strong customer authentication ?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Electronic chip transactions authenticated with a hand signature

As a Payment Service Provider (PSP) acquirer, how should we report the German chip + signature transactions in the “EBA fraud report under PSD2” given the fact this kind of transactions are non-Strong Customer Authentication (SCA) and do not fall under any allowed exemption?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/05 - Guidelines on fraud reporting under PSD2 (amended by EBA/GL/2020/01)

IFRS 9 Transitional Arrangements - Business Combination

There is a business combination between banks which decided to apply the static and dynamic phase in the arrangements envisaged by Article 473a CRR.1) How should the static phase-in arrangements envisaged by Article 473a CRR apply on the consolidated basis?2) How should the dynamic phase-in arrangements envisaged by Article 473a CRR apply on the consolidated basis?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Calculation method for materiality ratio to be compared against the 10%/5% threshold for the purpose of application of Article 150(1)(c) for equity exposure class (Permanent Partial Use)

How should a credit institution - with the prior permission to apply the standardised approach permanent partial use (PPU) ex Article 150 CRR for equity exposures - calculate the  threshold as per Article 150(2) CRR?How is the materiality ratio computed? In particular:Should the numerator include only the exposures for which the application for PPU is being sought under Article 150(1)(c) CRR by excluding exposures for which PPU has already been granted pursuant other points of Article 150(1) and exposures not to be included in the calculation of RWA for equity exposure pursuant to Article 155(1) (i.e. Equity exposures risk weighted at 250% in accordance with Article 48(4) of Reg. EU 575/2013 and those deducted from CET1 in accordance with Part Two of Reg. EU 575/2013)?Should the ratio be computed only at solo level or both at solo and consolidated level, in case an application is limited to only one Legal Entity (LE) of a Large Group? 

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Calculation of net positions under Article 327 (1)

Does a short (long) position on an over-the-counter derivative on a bond/ equity (single name/index/basket) underlying (such as a total return swap (TRS), equity swap, asset swap, etc) net off against a long (short) position in its bond/equity underlying as long as the bond/equity (single name/index/basket) underlying of the derivative contract is the same as the bond/equity in which the long (short) position exists?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Exemption of secure corporate payment processes and protocols

Is the exemption of applying strong customer authentication, in respect of legal persons initiating electronic payment transactions through the use of dedicated payment processes or protocols that are only made available to payers who are not consumers applicable to both payment initiation and account information services? Or, is it solely applicable to payment initiation service?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Treatment of CIUs in the standardised approach – Derivatives on CIUs

Title IV Chapter 2 Section 6 and Article 364 (2) b CRR refers to positions in CIUs in general. How shall own funds requirements be calculated for derivative positions with CIUs as underlyings under the standardised approach?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Treatment of CIUs in internal model for market risk – own funds requirement (add-on)

Has the add-on for specific risk for CIUs according to Art. 364 (2) lit. a) in any case to be calculated for CIUs which are included in an internal model for market risk using a different approach than those described in Art. 350 (1) or 350 (2) (e.g. based on the liquid price of the CIU)?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Treatment of CIUs in internal model for market risk – possible restrictions

Is the use of internal models to compute own funds requirement for market risk of positions in CIUs restricted to either of the conditions referred to in paragraphs (1) and (2) of Article 350?  

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Treatment of CIUs in internal model for market risk – partial use

What are the conditions to include a CIU in an internal model with regard to model approval and risk categories for partial use institutions?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Certfication in relation to a Technical Service Provider (TSP)

When performing the role of a Technical Service Provider (TSP) is the TSP required to update the certificate received from the Third Party Payment Service Providers (TPP) (to demonstrate our involvement) to enable the Account Servicing Payment Service Provider (ASPSP) to authorise the certificate and provide the appropriate requested data back through to the TPP and establish the session? Is this same certificate required for every type of transaction request and must it be real time checked by the ASPSP and how does this impact our role as a TSP?Also, by introducing a TSP between a TPP and an ASPSP is the concept of private keys and the transport layer broken, due to the introduction of a TSP between the TPP and the ASPSP? Finally, are there limits to the number of roles involved in the chain in terms of the certification or do we just need to be able to demonstrate the link back to the point of origin for the certificate (the TPP)?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Reverse repos (Reverse Repurchase Agreements) in AE-Assets Encumbrance

RE 680/2014, Annex XVI, § 2.1.1.14 (b) deals with Repos / Matching (or Reverse) Repos in the AE-Assets Encumbrance reporting. Questions : 1)where must be reported in AE-ASS (F32.01) and by impact in AE-ADV1 (F36.01) the cash received by the reporting institution from its Reverse Repos ? because it should be registered among the Encumbered Assets whereas the (iv), taken over below in Background section doesn’t evoke the treatment for the carrying amount, contrary of Repos in the paragraph (iii). 2) the paragraph (iv) of the mentioned article indicates that the fair value of the collateral of reverse repurchase is reported including AE-SOU (F32.04), r050, c030 and 040 : is c030 provided for Reverse Repos and c040 for Reverse Repos regiven in Repos ?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)

Categories of Registration

Is it a requirement that all EU countries include the categories the institution is approved for within their respective registers i.e. in their publicly available data? Also are these categories available in a consistent and standard format across the EU such that anyone inquiring about a firm in more than one country has an easily recognisable and usable response

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2017/09 - Guidelines on authorisation and registration under PSD2

Originator obligations

What are the obligations of an originator who purchases third party's exposures and subsequently securitises them, in order to meet the requirements set out in Article 9 of the Securitisation Regulation?

  • Legal act: Regulation (EU) No 2017/2402 (SecReg)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Showing a password after it has been masked

Article 22, 2(a) states that "personalised security credentials are masked when displayed and are not readable in their full extent when input by the payment service user during the authentication". Is it ok to offer the user a "show password"-button, so the user can verify that correct password has been entered, before fulfilling an authentication?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Exposure amount for unfunded default fund contribution (UDFC)

How should the exposure value of UDFC from an own fund requirement and from a leverage ratio perspective be calculated?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Application of the exemption related to a trusted beneficiary

Has the exemption related to a trusted beneficiary to be applied on an account basis or rather to a list of accounts included in an online banking agreement ? Whose list has to be considered in case of a power of attorney where the initiator is not the account owner ? What happens in case of a shared account where each one holds his own trusted beneficiary lists ?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Does SCA apply to electronically processed SEPA Direct Debits ?

When processing SEPA Direct Debits electronically (assuming that the Direct Debit mandate has been signed digitally), does SCA apply to transactions? If not, what is the legal basis for this exemption?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Validation rule v0853_m - Framework release 2.8

In tables F10.00 and F11.01 should the notional amount of derivatives be reported if the fair value is equal to zero?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)

Is a gradual reduction of the overdraft facility with a current account a forborne measure?

Should an exceeded overdraft facility, which is gradually reduced by the bank as stipulated in terms and conditions, be classified as forborne exposure even if the customer does not meet any criteria for default?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)